Der VIRUS BARGAIN BUDDY wird einem besonders gern von Leuten serviert, die einen schon besch.... haben und das fortzusetzen gedenken.
Bargain Buddy consists of an IE Browser Helper Object, and a process set to run at startup. The BHO monitors web pages requested and terms entered into forms. If there is a match with a preset list of sites and keywords, an advertisement may be shown. The process can contact its maker`s server to download updates to the list of adverts and to the software itself.
BargainBuddy/Apuc, original version whose BHO is stored in its own Program Files `Bargain Buddy` folder. BargainBuddy/Versn, the BHO is a file inside the host application whilst the updater is still in `Bargain Buddy`. BargainBuddy/adp uses the folder name `adp` in Program Files. BargainBuddy/Apuc2 is the same as Apuc, but constantly tries to restart itself if you kill it.
Also known as
Bargains (process name), Ikena (the server it connects to).
Is included in Net2Phone CommCenter, lately the Versn variant as CC_Versn.dll. The Adp variant is installed by the mail.com Alerts software and vCatch, an anti-virus tool. BargainBuddy/Apuc was also installed by some versions of LimeWire, MThree MP3 tools and the FavoriteMan parasite.
What it does
Yes. On a known URL or keyword entered into a form, a pop-up window opens containing advertising.
Some. When an advert is served, the advertiser will likely know which site was visited/keyword was entered, and DoubleClick can track these with cookies. However there is no evidence that the current version of the software sends browsing logs of pages unaffected by the extra adverts.
Yes. BargainBuddy updates itself silently through connections to adp.ikena.com. The latest version of the software does now include code-signing, at least.
Some versions can be removed from the Add/Remove Programs option in the Control Panel. This option seems to be missing in the newer Net2Phone version.
Before you can delete it, the DLL file must be deregistered.
In BargainBuddy/Apuc, this DLL is inside the Bargain Buddy folder in `Program Files`. Here there will be one or more `bin` folders, one of which will contain a file called apuc.dll. If, for example, it`s in `bin2`, the commands to enter (from a DOS command prompt window, under Start->Programs->Accessories) would be:
regsvr32 /u "Program FilesBargain Buddybin2apuc.dll"
(If your `Program Files` directory has a different name (for example, on a non-English version of Windows), or is on a different drive, you`ll have to substitute that in the path above.)
In BargainBuddy/Version, the file you have to get rid of is instead called `CC_Versn.dll`, and it`s inside the `Net2Phone CommCenter` folder in Program Files. The commands to get rid of it are:
regsvr32 /u "Program FilesNet2Phone CommCenterCC_Versn.dll"
After the deregistration, end the `Bargains` process from the Task Manager (ctrl-alt-delete). Having successfully done this you should be able to delete the entire `Bargain Buddy` folder. To clean up the registry, run regedit and delete the value in HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun that refers to Bargain Buddy. You can also delete the key HKEY_LOCAL_MACHINESoftwareBargains; in the Adp variant this is HKEY_LOCAL_MACHINESoftwareMicrosoftadp instead.
An installer executable may be included with the host application which attempts to download enough of the software to run so that it then updates itself fully. If this fails or has not yet run, you will only have the `bargains` process. Kill this from the Task Manager (ctrl-alt-del) and remove the `Run` value mentioned above, then you can delete the entire Bargain Buddy directory manually.
Exact Advertising is the company behind it, spun off from Net2Phone/mail.com.
|aus der Diskussion:||Warnung vor Schweine-Hunden und anderen Kreuzungen|
|Autor (Datum des Eintrages):||SleepingBeauty (08.04.04 10:27:11)|
|Beitrag:||1 von 9 (ID:12691703)|
|Alle Angaben ohne Gewähr © wallstreet:online|