|
Donations |
|
 |
|
|
|
If you found this site helpful, please donate to help keep it online.
|
|
|
Survey |
|
|
|
|
|
|
|
|
Translate |
|
|
|
|
|
|
|
|
|
|
| View previous topic :: View next topic |
| Author |
Message |
Paul
Admin
Joined: Feb 22, 2002
Posts: 5103
Location: USA
|
 Posted: Sat Mar 27, 2004 6:14 pm Post subject: |
|
|
A quick jump over to ceoexpress dropped two cookies on my laptop:
www.ceoexpress
zedo
Connections were being made to tribalfusion and zedo when trying to bring up ceoexpress. Popups were supressed.
Not nice.
_________________
http://computercops.biz/ |
|
| Back to top |
|
 |
QuietOne
Lieutenant
Joined: Dec 28, 2003
Posts: 227
Location: USA
|
| Posted: Sat Mar 27, 2004 6:46 pm Post subject: |
|
|
| Paul wrote: |
A quick jump over to ceoexpress dropped two cookies on my laptop:
www.ceoexpress
zedo
Connections were being made to tribalfusion and zedo when trying to bring up ceoexpress. Popups were supressed.
Not nice. |
OK Paul,
Maybe I'm a little thick here so you'll have to help me out here please because I just got through:
- Scanning my computer with Norton Clean Sweep (1 ceoexpress cookie, not 2) and no references to either Tribalfusion or zedo inside the 1 cookie because I edited it and looked;
- Then I ran Ad-aware Pro 6 (no Tribalfusion OR Zedo cookies) and no report of a ceoexpress cookie either even though there is 1. But that just means Ad-aware doesn't consider ceoexpress a threat; then,
- Norton Personal Firewall 4 - no alarms;
- Lavasoft Ad-watch - no alarms;
- Opera Browser cookie setting - no 3rd party cookies - no alarms;
What am I missing here? If ceoexpress drops cookies on your computer why doesn't it drop them on mine? Please help me understand why I should be so afraid/leary of something that DOESN'T drop cookies on my computer. At least as far as I can see or find. 
_________________
Stealth is the best weapon
|
|
| Back to top |
|
|
Paul
Admin
Joined: Feb 22, 2002
Posts: 5103
Location: USA
|
| Posted: Sat Mar 27, 2004 11:28 pm Post subject: |
|
|
If you try disabling everything and opening up your privacy settings for testing only, go to ceoexpress (the same way I did), and you'll notice the cookies placed. And zedo would not be inside the ceoexpress cookie, its a cookie on its own. I replicated this on multiple machines simply by visiting ceoexpress.
_________________
http://computercops.biz/ |
|
| Back to top |
|
|
IACOJ
Site Admin
Joined: Oct 15, 2003
Posts: 246
Location: USA
|
| Posted: Sun Mar 28, 2004 12:09 am Post subject: |
|
|
Hi QuietOne,
Opera "may" block the cookies I don't know. As Paul said we can and have replicated this on multiple machines using different OS. I haven't tested it on Opera.
I'll take a look at your new log in the morning, and pull out the things which don't need to run at startup. Some of them are user choice, and some don't need to be there at all, but I'd like to confirm what is what after a full nights sleep.
| Quote: |
I'd like to get rid of the two entries immediately below, but don't see any entries in either Add/Remove Programs for related apps or in any of the registry keys to identify what apps they are related to. Both are web page entries but I'm unsure when/where they came from and whether they can be safely removed.
O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) - http://download.akamaitools.com.edgesui...anager.ocx
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://content.kontiki.com/kdx/v2.11/ko...nt/kdx.cab |
Those are activeX controls, you can safely have hijackthis fix them. If you need them again you'll be prompted to download them again.
|
|
| Back to top |
|
|
QuietOne
Lieutenant
Joined: Dec 28, 2003
Posts: 227
Location: USA
|
| Posted: Sun Mar 28, 2004 10:41 am Post subject: |
|
|
Hi IACOJ,
Don't worry and I sure don't mind if you get a good nights sleep.  I'll be here when you get done analyzing things.
OK I just got the definitive answer from CeoExpress on the cookie deal. I'll quote the reply, emphasis added.
| Quote: |
One of the benefits of CEOExpressSelect membership is that, while on CEOExpress and signed into your Select account, you will not receive pop-ups, pop-unders, or banner advertising. We do have pop-unders and banner advertising on the public CEOExpress in order to help defray the costs of providing our public site to the general public without charge. Our advertisers are using Tribal Fusion and Zedo cookies on visitors to the public CEOExpress to limit pop-unders (we don't allow pop-ups) to a maximum of 2 per day and to limit the number of paid banner ads any one computer is shown during any one day. There is nothing nefarious about these cookies, but these cookies and/or the ads themselves can be blocked fairly easily. I am sure that your computer security consultant know how to do this.
If I can be of any further assistance, please do not hesitate to contact me. I would appreciate your spreading the word about CEOExpress if you are so inclined.
Best regards,
| QuietOne wrote: |
Replied to by the
Vice President of Technical Operations at CeoExpress |
|
As the reply states, I'd be happy to forward his actual reply to my inquiry so you can verify it's contents, routing etc yourselves. If you want me to, just send me a PM with the appropriate email address. Or better yet since I supplied my email address when I signed up, just send me an email with the correct return address and I'll reply with the actual email I received.
Also as the reply indicates, I log into the paid site while you and Paul access the public site; so I'm sure the results you are getting and the results I'm getting are both accurate. However given the difference in the sites we access that says a lot about whether I should worry or not. Don't you agree? Again, I'll be happy to forward the reply if you want.
On the two ActiveX controls, I'll dump them today as soon as I get done with this reply.
I look forward to hearing back from you.
_________________
Stealth is the best weapon
|
|
| Back to top |
|
|
IACOJ
Site Admin
Joined: Oct 15, 2003
Posts: 246
Location: USA
|
| Posted: Sun Mar 28, 2004 11:10 am Post subject: |
|
|
Hey QuietOne,
I was just going to grab your hijackthis log, but since you are going to dump those activeX anyway, would you mind closing all your browser windows etc, and running hijackthis one more time. That way I'll have the newest one to work with.
Thanks |
|
| Back to top |
|
|
QuietOne
Lieutenant
Joined: Dec 28, 2003
Posts: 227
Location: USA
|
| Posted: Sun Mar 28, 2004 12:02 pm Post subject: |
|
|
OK IACOJ,
Here's the latest with NO processes running EXCEPT the bootup stuff.
BTW, did you read the reply from CeoExpress and if so, what did/do you think?
Also, do you want me to forward the email for your records? If so, where to?
| Description: |
|
Download |
| Filename: |
HiJackThis3-28-2004.log.txt |
| Filesize: |
9.15 KB |
| Downloaded: |
3 Time(s) |
_________________
Stealth is the best weapon
|
|
| Back to top |
|
|
Paul
Admin
Joined: Feb 22, 2002
Posts: 5103
Location: USA
|
| Posted: Sun Mar 28, 2004 1:08 pm Post subject: |
|
|
I read the reply and it sounds good to me, and even better that they acknowledge that tracking cookies do exist at that site. However, my question to you is... as a premium subscriber, what happens when your cookie expires? Do you go back into the public verison of the site in order to log in? If so, then that means an advertising cookie has the potential of being installed.
_________________
http://computercops.biz/ |
|
| Back to top |
|
|
QuietOne
Lieutenant
Joined: Dec 28, 2003
Posts: 227
Location: USA
|
| Posted: Sun Mar 28, 2004 3:10 pm Post subject: |
|
|
| Paul wrote: |
| I read the reply and it sounds good to me, and even better that they acknowledge that tracking cookies do exist at that site. However, my question to you is... as a premium subscriber, what happens when your cookie expires? Do you go back into the public verison of the site in order to log in? If so, then that means an advertising cookie has the potential of being installed. |
You're right Paul. I don't argue that possibility at all however I'm willing to take that risk because I'm aware or both: 1) That it occurs and 2) When. So I can log in at the public site when needed and immediately clean out the necessary cookies which gets me back to the "no tracking cookie" state I should be in in the first place. If I wasn't aware of when it was happening or that it was happening at all, it would be an entirely different deal.
I hope that this series of events has also done some to improve your opinion of CeoExpress as a website too but whether it has or not is your business. JM2c and thanks for both getting back to me and for your diligence. It's appreciated.
_________________
Stealth is the best weapon
|
|
| Back to top |
|
|
Paul
Admin
Joined: Feb 22, 2002
Posts: 5103
Location: USA
|
| Posted: Sun Mar 28, 2004 7:11 pm Post subject: |
|
|
I personally don't have any opinion of CeoExpress (neither does IACOJ). We're just both really busy on this site.
_________________
http://computercops.biz/ |
|
| Back to top |
|
|
IACOJ
Site Admin
Joined: Oct 15, 2003
Posts: 246
Location: USA
|
| Posted: Mon Mar 29, 2004 9:37 am Post subject: |
|
|
Hi QuietOne,
btw.. Paul answered for me above because he read your last reply to me, and I said "neither do I" 
Here is the list of what you can safely remove from your start up. Again if you need assistance with how to remove it, let us know, and we'd be happy to help.
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINNT\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe ************* Not required to run at startup for your modem to function correctly. It is for a messaging applet used by your modem, and will autoload when required.***********
O4 - HKLM\..\Run: [GetSmile] C:\Program Files\GetSmile\GetSmile.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
The things listed aren't necessary at startup. The ones which are user defined I haven't included, because you are probably used to things working the way they do. |
|
| Back to top |
|
|
QuietOne
Lieutenant
Joined: Dec 28, 2003
Posts: 227
Location: USA
|
| Posted: Mon Mar 29, 2004 11:18 am Post subject: |
|
|
Not a problem IACOJ,
Thanks for the help.
_________________
Stealth is the best weapon |
|
| Back to top |
|
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
Powered by phpBB 2.0.8a © 2001 phpBB Group
Version 2.0.6 of PHP-Nuke Port by Tom Nitzschner © 2002 www.toms-home.com
Version 2.2 by Paul Laudanski © 2003-2004 Computer Cops
|
You can syndicate our news using the file RSS 0.91, ultramode.txt, or RSS 1.0.
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
