StarDestroyer.Net BBS

Get your fill of sci-fi, science, and mockery of stupid ideas
http://stardestroyer.dyndns-home.com/

Incredimail: "Is it safe ?"

http://stardestroyer.dyndns-home.com/viewtopic.php?f=24&t=94645

Page 1 of 1

Incredimail: "Is it safe ?"

Posted: 2006-07-12 08:26am
by Bounty
A number of people I know (and whose computers I occasionally troubleshoot) insist on using a mail client called Incredimail

(++http://www.incredimail.com/english/splash/splash.asp)

I hate it. It's garish, it nags you to upgrade to a $$$ premium version and hogs system resources. However, I make it a point never to tell people to uninstall software they themselves installed unless I'm reasonably sure it's malware - so is it ? I googled and checked a few reviews, but I can't find a *definate* confirmation it's actually dangerous.

Can I tell them to keep using it or should I intervene ?

Posted: 2006-07-12 08:57am
by Faram
All those "features" for free? No way.

I guarantee that it is spyware in it, or I will eat my new hat.

Image

If they don't lisen to reason say "Fine but next time you have computer problems I am charging 10, 20 whatever an hour to help you."

Posted: 2006-07-12 09:15am
by Bounty
HJT file of a PC with the crap installed:

Logfile of HijackThis v1.99.1
Scan saved at 15:04:22, on 12/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ScanWizard 5\ScannerFinder.exe
C:\Program Files\Driver for ZOLID Laser Mouse\MouseDrv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\svchost.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://shell.windows.com/fileassoc/file ... 13&Ext=bin
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\Driver for ZOLID Laser Mouse\StartAutorun.exe MouseDrv.exe
O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Program Files\ExtraFilm PhotoAssistant\Agent.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ImInstaller_Magentic] C:\DOCUME~1\gaste\LOCALS~1\Temp\ImInstaller\Magentic\magentic_installBuild 296.exe -startup -product Magentic
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Scanner Finder.lnk = C:\Program Files\ScanWizard 5\ScannerFinder.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4651135191
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



I can't find anything, but I still don't trust it.

Posted: 2006-07-12 09:21am
by Faram
Sorta clean computer, however I don't like HP or Adobe autostart crap, but that is me.

I also hate ZoneLabs they where good but nowdays they are little more than annoying bloatware.

But for spyware, no glaring examples in that HJT log.

Posted: 2006-07-12 09:26am
by Bounty
Faram wrote:Sorta clean computer, however I don't like HP or Adobe autostart crap, but that is me.

I also hate ZoneLabs they where good but nowdays they are little more than annoying bloatware.

But for spyware, no glaring examples in that HJT log.
It used to be a corporate laptop, a local charity store buys used ones in bulk and has them refurbished by ex-cons and retards. It came with all that stuff preinstalled, I never bothered wiping it because it's not exactly supposed to be a high-performance machine and I'm lazy.

You can eat that hat with some ketchup if you like :)

I'd still like a reason to throw Thunderbird on those computers. Maybe I'll just have to fake a problem.

Posted: 2006-07-12 09:37am
by Faram
Bounty wrote:It used to be a corporate laptop, a local charity store buys used ones in bulk and has them refurbished by ex-cons and retards. It came with all that stuff preinstalled, I never bothered wiping it because it's not exactly supposed to be a high-performance machine and I'm lazy.

You can eat that hat with some ketchup if you like :)

I'd still like a reason to throw Thunderbird on those computers. Maybe I'll just have to fake a problem.
Naa give them Thunderbird anyway, easier to support one known system than a crapload of strange shit.

I do get bad wibes from that site, perhaps they use some sort of HTML woodoo and stuff to track usage, I would not trust them in any way shape or form.

Those images in that mailprogram I bet they are hosted on a server, usage is tracked and indexed for future use or sold to spammers.

Posted: 2006-07-12 12:16pm
by Vendetta
I don't think Incredimail is actually infested, but it's certainly one of the more hideous mail clients, and I'd be surprised if it had any kind of privacy filters, protection from simple script viruses, or other sensible mail client features.

So, not actually The Problem, but almost certainly a contributing cause.

Posted: 2006-07-12 12:20pm
by Darth Wong
I hate it based on the name alone.

Posted: 2006-07-12 12:53pm
by Hotfoot
Faram wrote:All those "features" for free? No way.

I guarantee that it is spyware in it, or I will eat my new hat.

Image

If they don't lisen to reason say "Fine but next time you have computer problems I am charging 10, 20 whatever an hour to help you."
A fine hat, sir. I am the proud owner of a T4 model myself.

Upside? Eat your hat, get a new one. :P

Posted: 2006-07-12 01:03pm
by Einhander Sn0m4n
Incredibly bloated, garish, and looks just like Ed's laptop screen from Cowboy Bebop when she's on a particularly crunchy hacking session...

Posted: 2006-07-13 07:45am
by Luke Starkiller
From what I know of Incredimail it is pretty much Outlook Express with a different skin.

Edit: I know this because I have the misfortune of supporting it for Road Runner Customers
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited