ATI and SPYWARE

:FI:WillieOFS · Post by **:FI:WillieOFS** » Mon Apr 18, 2005 4:17 am

Sent to ATI customer care,

I was using my ATI Catalyst center and decided to check for updated drivers. Upon clicking the link my NOD32 anti-virus went full alert. I downloaded the newest driver and went to my desktop to find a LOAD of stuff had been placed on it.

Several nasty and resilient forms of spyware were installed on my machine and I have spent about 3 hours cleaning that crap out of my system.

WHAT KIND OF SICK TRASH IS THIS THAT ATI HAS TO STOOP TO THAT LEVEL??

I am SO fed up right now that I'm thinking of selling EVERYTHING that is made by ATI and going BACK to NVIDIA!!

Sincerely,
Willie Palm

Buster82 · Post by **Buster82** » Mon Apr 18, 2005 4:57 am

has ATI replied yet?
i'm kinda curious myself about why they would that.

:FI:WillieOFS · Post by **:FI:WillieOFS** » Mon Apr 18, 2005 5:46 am

Nothing yet and I'm still trying to get nail.exe OFF my damn machine.

Beowolff · Post by **Beowolff** » Mon Apr 18, 2005 12:45 pm

willie... just a thought, but ATI would be/is incredibly stupid to put such things in their downloads... it could cost them their business, i mean completely, if such things got out to the general public. in fact it WOULD no doubt cost them their business. especially with gamers and other special function users.

are you 99 percent sure the spy stuff and such came from ATI? that the downloader or whatever you used wasn't jacked in some slick, hacker-type way? or that something else isn't at fault here... maybe the stuff was sleeper stuff and had just activated or turned itself on at about the same time you were downloading?

not that i'm saying either thing happened and that you're not completely right in blaming ATI... no way. but just throwing a couple more wild "thoughts" into the equation since it would seem so completely ignorant for such a big company like ATI to act so foolish and plant the stuff inside their official downloads.

hope you get it straightened out, partner.

salute.

Beo

:FI:ZekeMan · Post by **:FI:ZekeMan** » Mon Apr 18, 2005 4:08 pm

Hey Willie,
I regularily update my vid drivers with ATI and never had any spyware downloaded with the drivers. When you say "Catalyst Center", do you mean the ATI driver download website, or something different? I am going to doublecheck with the next DL however, that would definitely suck if ATI took that road.

Z

:FI:WillieOFS · Post by **:FI:WillieOFS** » Mon Apr 18, 2005 10:07 pm

I have the fancy schmancy ATI control center. I had no windows open when I clicked the link in their deal to check for driver updates. Immediately upon clicking that linkm my NOD32 anti-virus went off with multiple warnings.

Furthermore, Firefox 1.03 is my default browser and I think that link opened in internet exploder.

IF ya want a laugh, here is ATI's response to my "ticket"

Based on our experience, performance related issues are usually due to hardware
limitation, improper software installation or system configuration settings.
Click the following link to review the full details for trouble shooting performance
related issues.

I doubt anybody bothered reading what I sent or they're scared to answer.

:FI:WillieOFS · Post by **:FI:WillieOFS** » Tue Apr 19, 2005 1:20 am

Here is their latest answer.......

Solution:
We do not and I repeat do not include any form of spyware / adware in any of our software and drivers.

There is some other issue with your system which has infected our drivers or software.

[/code]

:FI:WillieOFS · Post by **:FI:WillieOFS** » Tue Apr 19, 2005 2:57 am

Here is the load of crap that I got by using ATI's link to d/l the latest driver.
ftp://68.189.216.86/UBER%20TRAIN/Image1.bmp

FYI, Trojan Hunter is pretty good but could not get rid of the ABETTERINTERNET stuff. Nor could HIJACKTHIS.exe

Spyware Blaster did nothing either.

Spybot SearchandDestroy plugged it the first time.

I think what may have happened is that one of those damn things was in my system and it couldn't do anything until IE opened up. For some strange reason when I clicked that link in the control center it opened IE and the fun began.

Oh well 5 hours of getting intimate with my registry was interesting but not very rewarding......

:FI:Heloego · Post by **:FI:Heloego** » Tue Apr 19, 2005 3:45 am

I am certain you had the "sleeper" crap as Beo deftly pointed out.

Over the years I've had so much trouble from stuff written to activate in conjunction with IE, that I make it a point to find out if IE (ANY form) is one of the "minimum requirements" for either hard- or software. If it's required I won't install it.

So far I believe the strategy has worked.

In over a year I've only recently had such issues, and it was a deviant Java Script that was apparently designed to screw up my Firefox 1.0.

A quick sortie through Explorer and the registry solved the problem, though removal of the offending crap stopped my ability to view some items at Ordata Online and prevented me from using the Emoticons here at :FI:.

An upgrade to Firefox 1.03 fixed that issue.

Now, on to re -installing my Saitek drivers...sheesh (see Technical Issues post).

:FI:ZekeMan · Post by **:FI:ZekeMan** » Tue Apr 19, 2005 6:13 am

I still don't know if it had anything to do with ATI, but I am no expert. I think you nailed part of it by stating that it may have lain dormant on your system for awhile until you started up IE. I know this past two weeks I have been bombarded with Trojan Horse viruses, and I can't figure out where they're coming from, but I do use IE. I have the XP firewall up and running and am protected by AVG which has nailed the viruses every time. Are any of you getting spam from a pharmacutical company? Somehow that crap is getting by my filters and I have a suspicion that the viruses are coming in by that email.

Beowolff · Post by **Beowolff** » Tue Apr 19, 2005 1:00 pm

like you, Zeke, as of late, AVG is hammering the GD trojans right and left. almost every day it goes berserk and picks off one or two. and of course i too and using a firewall and everything else i can think of. none have got through YET. but they keep trying. and i sure as hell am keeping AVG fully updated.

where ARE they all coming from? i mean THIS is insane. evidently the internet is eat up with GD virus's that are coming at us from all sides.

Beowolff

:FI:WillieOFS · Post by **:FI:WillieOFS** » Tue Apr 19, 2005 11:33 pm

I was using AVG. Right now I'm using the NOD32 Beta. It is AWESOME! It has intercepted several HTML threats in my junk mail. (I've got my filters set to not allow HTML from anyone not on my contact list, so it wouldn't have bothered me.)

Whoever writes that code for that shit is pretty smart ( and needs their ass whipped) I deleted nail.exe about a hundred times, both the .exe and the corresponding registry entry and the sumbitch would come back grinning. Renaming the punk didn't help either. Another file would be deleted and then return with a different name, but it was always the same punk browser hijacker.

So, after fighting them for 4 or 5 hours, I went to some forums and tried their tricks to no avail. I then d/l a trial (but full verison of Trojan Hunter) it found 'em but couldn't get rid of that chameleon file. Spybot Search and Destroy smoked it the first go round and it's FREEWARE!!!

I should have just run it first, I guess.

I sent this to ATI;

I owe you guys and apology.

The only sequence of events that can logically explain what happened is this. I run FIREFOX as a browser, I suspect that somewhere I got that browser highjacker stuff and it waited for an instance of IE to embed itself.

When I clicked the link to update my drivers, that thing opened in IE. As that was the only window I had open at the time and with my NOD32 anti virus going off in full alert status, I thought it was from your site or the from the link to your site.

I have FINALLY gotten all that trash out of my computer and things are running normally again.

Please accept my apology.

Sincerely,
Willie

Beowolff · Post by **Beowolff** » Wed Apr 20, 2005 1:27 am

good show, Willie. on getting the garbage out of your system...and in saying you were wrong to the folks at ATI. most people wouldn't have bothered...but YOU did. now that's a class act all the way. good to know that we have good men like that in the squadron and watching our backs.

Salute!

Beowolff

:FI:ZekeMan · Post by **:FI:ZekeMan** » Wed Apr 20, 2005 6:57 am

WTG Willie, and ditto what Beo said. I wish some converted hacker would make a virus that could backtrack to the source of a malicious virus and blow his friggin computer up in his face the next time he turns it on.

Z

Stovies_ · Post by **Stovies_** » Wed Apr 20, 2005 8:12 pm

Hi Willie, I am using nod32 also and its pretty darn good!!

Download counterspy (trial) and it will find spyware that adaware, spybot etc cant find!!

I swept my pc with the others and then got rid of what they found. I then ran a scan with counterspy and it found several password hijackers!!

Just dont run it with the MS beta antispyware as it uses a similar but loads better engine.

ATI and SPYWARE

ATI and SPYWARE

That sucks, Willie!