DanielR

Distinguished
Sep 18, 2001
5
0
18,510
Ok, im a regular spyware freak. I know exactly what everything is in my task manager and know what my copmuter does when it starts up. I also check my registry all the time for new or other anomolous strings.

I found some file in under c: called GatorPdpPlg.log, naturally, this got me interested into what is going on.

here's what the log had to say:
__________________________________________________________
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\PdpPlugin.dll v4.0.9.4 starts Mon Jan 06 20:29:45 2003
(Loaded by C:\Program Files\Internet Explorer\iexplore.exe v6.0.240.82)

ATTACH PdpPlugin 0x092E0000
CPdpPlg(i=0x09330CE0): (active instance)
OS is "Windows XP"
OnCreate(i=0x09330CE0, w=0x000A0644)
Fire_OnPluginCreated() returned 7 (0x00000007)
Parent BrowserType=IE
params="&fcn=hd&bgcolor=FFFFFF&src=webpdp.gator.com/v3/download/trickler_4010.ex_&aic=HIC_Adtegrity&pidel=this&email=&fname=&country=&zip=&wuid=PhotJgr6AhgAABuOFmU&rs=1&hdeulaurl=http://www.gatorcorporation.com/help/hd-post-yes-p1f.html&did=0&apprq="
(param-delimiter char is '&')
src = "webpdp.gator.com/v3/download/trickler_4010.ex_"
aic = "HIC_Adtegrity"
wuid = "PhotJgr6AhgAABuOFmU"
did = "0"
hdeulaurl = "http://www.gatorcorporation.com/help/hd-post-yes-p1f.html"
apprq = ""
rs = "1"
Plugin function is "hd (OK)"
TID = "3e1a2d89"
Validating domain for "webpdp.gator.com/v3/download/trickler_4010.ex_"... OK
Validating domain for "http://www.gatorcorporation.com/help/hd-post-yes-p1f.html"... OK
Performing HD run-ability checks:
1 secs since Registration... OK.
IE's ActiveX security level is 0 (enable)...Set AxValue: "BAD(SecLvl=0)"
DoInternalVsDlg:
SecurityDlg was displayed for 1 seconds.
Set AxValue: "REJECT"
Set end-msg: IEAXNOVS (AxeDlg(1,"REJECT"))
CWorkerThread ends.
LogGS: 200 [MID_IEGATOR|START|CE6F29E8-BFFE-464E-8212-427D93489235|HIC_Adtegrity||SAR_OK|PhotJgr6AhgAABuOFmU|3e1a2d89|0]
LogGS: 200 [MID_IEGATOR|END|CE6F29E8-BFFE-464E-8212-427D93489235|HIC_Adtegrity|hd (OK)|0|IEAXNOVS|AxeDlg(1,"REJECT")|0|UNKNOWN|PhotJgr6AhgAABuOFmU|3e1a2d89|0]
LogRS: 200 [event=END&guid=CE6F29E8-BFFE-464E-8212-427D93489235&aic=HIC_Adtegrity&data1=hd (OK)&data2=0&data3=IEAXNOVS&data4=AxeDlg(1,"REJECT")&data5=0&data6=UNKNOWN&data7=PhotJgr6AhgAABuOFmU&data8=3e1a2d89&data9=0&]
LogRS: 200 [event=START&guid=CE6F29E8-BFFE-464E-8212-427D93489235&aic=HIC_Adtegrity&data1=&data2=SAR_OK&data3=PhotJgr6AhgAABuOFmU&data4=3e1a2d89&data5=0&data6=&data7=&data8=&data9=&]
** All stats processed **
OnDestroy(i=0x09330CE0, w=0x000A0644)
~CPdpPlg(i=0x09330CE0)
Clearing Trust DB... OK.
Unregistering plugin... DllUnregisterServer()
OK.
Waiting for log threads to complete...
DETACH PdpPlugin 0x092E0000

Log closes Mon Jan 06 20:32:55 2003
___________________________________________________________


Now i looked through my my downloaded programs directory and there is no CONFLICT.2 directory and i can't find the dll file anywhere. I looked through my registry and under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{731918D2-517A-47E2-886A-3BC1380C591D} and some other strings that had the word gator in it. I also found an attachment to a file called pdpplugin.inf


here is what the .inf file says
________________________________________________
; CAB INF file for PdpPlugin.dll
[version]
; version signature (same for all Win32 platforms)
signature="$CHICAGO$"
AdvancedINF=2.0

[Add.Code]
PdpPlugin.dll=PdpPlugin.dll

; needed DLL
[PdpPlugin.dll]
file-win32-x86=thiscab
clsid={731918D2-517A-47e2-886A-3BC1380C591D}
FileVersion=4,0,9,4
RegisterServer=yes

; Nonstandard stuff for Gator.com CAB management
[_VerisignInfo_]
text=(after accepting our agreements) Precision Time/Date Manager, free 10 second downloads that display exact time/date and offers based on websites you view? Click here to read our agreements. Click Yes to accept
url=http://www.gatorcorporation.com/help/privacystatement-3.html?HDID=DM_PTE=3.1
[_CabMaker_]
Version=4.0.1.2
__________________________________________



I just wanna know if anyone else has this and if it is indeed anything to be concerned about. If it is then im gonna clean it, if not then ok. but anything attached to gator worries me.

who ever has the most ram when they die wins!
 

GearJammer2513

Distinguished
Mar 10, 2002
50
0
18,580
Heck, back it up to a disk and then delete it. Or better yet, download a proggy called Adaware and run it. If it says it recognizes that key as spyware, then sure enough, you've been spied on!

GearJammer
<i><font color=blue>It takes 10 'Attaboys' to make up for 1 'Awww...crap!'</font color=blue></i>
 

svol

Distinguished
Jul 18, 2001
117
0
18,630
Sounds like spyware... download Spybot to make sure and clean the mess.

My dual-PSU PC is so powerfull that the neighbourhood dimms when I turn it on :eek:
 

DanielR

Distinguished
Sep 18, 2001
5
0
18,510
I did the adaware scan.. it found some other stuff, but it didn't lable the two files in question. Im donwloading the newest reference files. ill see if that helps.

See what bothers me is that i don't know how this crap gets on my computer. I have warned my whole family as to the pop up boxes that ask to install software and to always say no or ask me first. makes me angry

who ever has the most ram when they die wins!
 

svol

Distinguished
Jul 18, 2001
117
0
18,630
The latest ref-file of Ad-Aware is very old... they didn't update the last months. They say they're working on a total new tool.
SpyBot S&D does the same as Ad-Aware and even more and updates regulary.

My dual-PSU PC is so powerfull that the neighbourhood dimms when I turn it on :eek: