[20118] in bugtraq
Re: AudioGalaxy Satellite - SPYware
daemon@ATHENA.MIT.EDU (Juan Jose Sanchez Mesa)
Mon Apr 9 21:29:40 2001
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Message-ID: <5.1.0.12.2.20010409092114.00b23230@mail.doblej.net>
Date: Mon, 9 Apr 2001 09:28:01 +0200
Reply-To: Juan Jose Sanchez Mesa <juanjo.listas@DOBLEJ.NET>
From: Juan Jose Sanchez Mesa <juanjo.listas@DOBLEJ.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <1722020018.20010408133634@columbus.rr.com>
webHancer and Gator is announced in a disclaimer after you install Satellite:
---
*webHancer is installed on everyone's machine - it can be uninstalled by
going to control-panel add/remove programs (webHancer reports network
latency about websites you visit - they throw away your IP address BTW
so its anonymous)
---
You can uninstall it with 'Add/Remove programs' in Control Panel. It has
the name 'webHancer Agent'.
You can also kill the process with the name whagent.exe.
Regards,
Juanjo.
At 13:36 08/04/2001, you wrote:
>Wasn't sure if this topic has already come up.
>
>Installing Audiogalaxy automatically installs a small tracking or "spy"
>program called Webhancer. This program not only tracks where you go on the
>Internet
>but also reads files on your hard drives and sends info to some company. Even
>after completing Audiogalaxy Satellite's rudimentary recommended uninstall
>method
>which involves manually deleting it's file folder, Webhancer was still on up
>and running in the background. I would have never known it were there were it
>not for my router logs showing outbound TCP connections to
>a1.webhancer.com to port 80 (web).
>
>Looking at download.coms download stats, AudioGalaxy Satellite was the
>3rd ranked most downloaded application last week. (341,129 downloads last
>week and 4,238,587 downloads to date).
>
>Also, there is no disclaimer regarding this spyware on
>www.audiogalaxy.com.
>
>Don't get me wrong, AudioGalaxy satellite is a great application.
>They just need to remove the spyware.
>
>
>--
>Best regards,
>-Derek Reynolds mailto:dreynol@columbus.rr.com
