If you have reached this page then you have probably already read the page written by Dick Hazeleger
on spyware. Or perhaps you have considered already a number of reasons why you might be best NOT to have spyware on your computer ? Our link at "Spyware - Stability issues ?" perhaps ? Or maybe visited ;

( 2002 - Update : Some of this site is "dated" now, however the "issues" are just as relevant now as when I first wrote it up. I intend updating things as soon as I get some spare time but in the meantime I only want to add the one link. To the Pest Patrol site. These people have a gread deal more info, and more detail, on not only spyware but other malware as well. Be sure to check them out when you are finished here. )

TIME Digital -- Special Report: Privacy, Who's Watching You Surf ?
The Sunday Times - Spies behind your screen,
Pssssst ... someone may be following you on the Internet,
Your PC Is Watching (washingtonpost.com).
Internet Companies Are Pushing Their Privacy Luck.
Your Web Browser is Bugged.
HoustonChronicle : Secrets & Spies.
The Spyware Infested Software List,
List of Known Spyware,
Firm Tracking Consumers on Web for Drug Companies,
The Nando Times : Technology News - Internet "spyware" programs worry privacy advocates.
Big Brother Is Watching . . . What You Buy.
Microsoft quietly shadows Web surfers across MSN sites. While we are talking about Microsoft ;
IE feature can track Web surfers without warning.
PC Magazine : You may well be sharing your Internet connection with a spyware program.
The parasite economy.

or similar sites. This page assumes that you know what things like "cookies" are. If not go to Cookie Central.

You might also learn more about spyware by checking out details of the AOL spyware case. "The lawsuit, originally filed in July 2000, alleges that AOL electronically eavesdropped on  SmartDownload users when it assigned them a unique identification number, monitoring and logging the files they downloaded using the utility."

Talking about monitoring what people do. Apparently Gator tracks the sites that users visit and forwards that data back to the company's servers. Then sells this information to advertisers. As if that weren't enough how about replacing advertisements and/or links on your own web site ? Check out the full story :

Gator plays dirty tricks with personal data, ads, Web sites.

If you haven't previously heard about the idea of a plugin that allows the display of keyword targeted links on your site, without your permission and without compensation of any kind then check out sites like :

Software that is ripping webmaster off. Scumware.com
PCWorld.com - Latest Online Ad Gimmick: Hyperlinks
Peer-to-peer exchanges court advertisers -  Tech News -  CNET.com

To help keep up to date with this issue you might like to also visit :

The Scumware Links site.

If that idea doesn't impress you then go to the

eZula & Surf+ Script Killer page.

Getting back to the topic of spyware. The Halifax Area Personal Computer Club also has some information worth reading in their newsletter.

Sometimes it is interesting to read the "privacy policy' of some sites to see what happens with some of your data. For example the Onflow Privacy Statement says ;

"Data transmitted

Each time the Onflow Player displays images, it transmits data to our server such as the serial number of the Player, the image displayed, the web page in which it was shown and whether you moved your mouse over the image or clicked on it."

They also add "This data does not identify you." Obviously however IF they know that fred@myisp.com ownes serial number eg. 12345 then they will know the information above about Fred.

Hopefully you will also have been reading posts in some/all of the following newsgroups ;

• alt.privacy.spyware
• news://news.grc.com/grc.spyware
• alt.comp.freeware

Okay, so was that enough ? Or did you also check Dick's list against every program on your computer ?
Or perhaps you went to the spychecker site and checked there ? Even if you did, did you know that Aureate/Radiate is only one of the companies that installs what is termed by some as "spyware" ? What about the others ?

Well, you could wait for Steve Gibson, at GRC to update his OptOut program. But that might take months. Do you want to wait ? Especially when you "think" that your system is "spyware free" ? Bye the way, if you don't know who he is then apart from going to his site you might like to read Tinker, Tailor, Software, Spy.

What does one do ? Fortunately, these people create extra folders/files on one's system that one can look for. Find these files/folders and one knows one is infected. Not find any of them and you stand a good chance of being "spyware free". Keep in mind that the following are NOT all the files that are installed. They are simply a couple of files/folders that, if found, should confirm infection.

When I get time I will list more of these files/folders and perhaps list registry entries as well. I also hope to suggest a "manual" way to disable/remove this spyware. With the time that this will take, and the lack of free time I have, one should consider this page "in progress" and not expect a quick completion. Until then.....if you have any/all of the following then you "might" have a problem :

AUREATE/RADIATE :

adimage.dll
advert.dll
amcis.dll
amcis2.dll
anadsc.ocx
anadscb.ocx
htmdeng.exe
ipcclient.dll
msipcsv.exe
tfde.dll

You might find the log of a recent Radiate uninstall to be of help to you. You might not have all the following, but it should give you an idea of the sort of thing to look for :

Directory C:\WINDOWS\Start Menu\Programs\Radiate\Advertising
Directory C:\WINDOWS\Start Menu\Programs\Radiate
Directory C:\WINDOWS\amc
Directory C:\WINDOWS\amcdl
Directory C:\WINDOWS\SYSTEM\ADVERT.DLL

Registry entries...
Removed automation registrations from the registry
Removed OLE registrations from the registry
Removed class name identifiers from the registry
Removed registry key HKEY_CLASSES_ROOT\Software\Aureate
Removed registry key HKEY_CURRENT_USER\Software\Aureate
Removed registry key HKEY_LOCAL_MACHINE\Software\Aureate

Talking about Radiate, you might find that this page on a German site is interesting. You might also like to read these comments by Microsoft : Invalid Page Faults Occur if You Run Internet Explorer 5.5 and Aureate Radiate.

CONDUCENT/TIMESINK :

tsad.dll
vcpdll.dll
FlexActv.dll
tsadbot.exe
C:\Program Files\TimeSink

Do you want to remove Timesink ? Apparently Conducent themselves give the following info ;

1. Remove from c:\winnt or c:\windows:       tsad.dll
                                                                vcpdll.dll
                                                               FlexActv.dll

2.  Remove tsadbot.exe from C:\Program Files\TimeSink\AdGateway.

3.  Remove C:\Program Files\TimeSink directory.

Clean the Registry:

4. Remove HKEY_LOCAL_MACHINE\Software\TimeSink registry key.

5.  Remove HKEY_CURRENT_USER\Software\TimeSink registry key.

6. Remove Conducent entries from:

   HKEY_CURRENT_USER\Software\Microsoft\CurrentVersion\Run

TRANSCOM'S BEELINE :

?????

COMET CURSOR :

comet.dll

If you want to uninstall the Comet Cursor files then go to their site and follow their instructions.

GOHIP :

What GoHip does is detailed here.

The executable is called winstartup.exe. This file is located in c:\windows. Delete it.  If you're running Win98, also uncheck it from the Startup tab in MSCONFIG, where it will show up as c:\windows\winsta~1.exe.

Instructions on Removing the GoHip! Browser Enhancement:

Right-click on the "Start" button on your Windows Toolbar.
Select "Open".
Double-click on the Programs Folder.
Double-click on the StartUp Folder.
Right-click on Windows Startup and choose "Delete".
Click on "Yes" to remove this file.
Reset your computer by left-clicking on the "Start" button on your Windows Toolbar and selecting "Shut Down" and then selecting "Restart".
Enter your browser and change your home page to your desired homepage. If you do not know how to change this setting, please search your browser's Help Section. If you skip this step, GoHip! will remain your homepage.
Enter your email program and change your signature to your desired signature or delete. If you do not know how to change this setting, please search your mail client's Help Section. If you skip this step, GoHip! will remain in your signature line.
If you are using Word as your email editor choose the Email.dot as your standard Stationary.

You can find other instructions at :
http://www.gohip.com/remove_browser_enhancement.html

..............................................................................

Even if your system is "clean", perhaps you want to reduce the situation of your browser accessing spyware servers and/or want to reduce the bandwidth of accessing advertising servers ? If so these two links are well worth checking out ; Using the Hosts File to Block Advertisements and Entries for the hosts file.

The Privacy Power! and Adware, Spyware and Trojan Horses - and how to remove them sites are other excellent sites that discuss spyware and related issues. An interesting site that discusses Trojans is the Pro-Tect 2000 site.

If you got this far then I expect that the issue of "privacy" is one that interests you. As one last comment, what do you think of this ?

"If an individual provides identifying information such as a name and address during an online interaction with an Abacus Alliance member, their name and a "cookie" will be recorded in DoubleClick's database and used to profile their future online activities."

Why not read the full "DoubleClick FTC: Statement of Additional Facts and Grounds for Relief" article ? In case you are wondering what many internet users think about privacy, take a look at the CNN.com - Survey :  Most in U.S. want companies to guarantee online privacy. A similar link is here. Another issue I haven't even mentioned is "Identity theft".

For those people who still think that tracking of internet users with cookies and/or spyware isn't going on and/or nobody wants to create a file on everyone who uses the internet, check out what DoubleClick and NetCreations are doing. You might also like to read DoubleClick accused of unlawful consumer data use as well. It isn't all bad news however. Take a look at DoubleClick meets Street but shares tumble.

If the above comments/links have served to make you feel paranoid and/or depressed, and/or you think that sites like this are a waste of time, then follow the following link. The "message" that people don't like advertisers etc. "tracking" what they do on the internet IS, slowly, getting recognised. Link is :
IE will warn users about 'cookies. A screenshot of the proposed change is here. You might also like to read the Computerworld article : Cookie' amendment gains ground in U.S. House and Click and Cover: As the privacy debate rages on.. .

Even the bigger companies are beginning to "get the message" that people don't like being tracked. Take a look at AOL Removes Netscape Feature.

In case you are under the impression that companies will respect (keep private) personal information that you give them, take a look at Toys R Us Privacy Policy Questioned.

So that we can finish this page on a positive note, take a look at How to Protect Your Online Privacy and Make Your PC Hacker-Proof. If you really want to keep up to date/informed about the things mentioned here you might like to check out SuraSoft Network & Data Security: firewalls, tempest attacks, anti virus, security reviews, webbugs etc.

Other worthwhile links to check are the Protecting Your Privacy & Security on a Home PC and the List of Lists.

John Fitzsimons.

This article is provided as is without any express or implied warranties.  While every effort has been taken to ensure the accuracy of the information contained in this article, the author assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained herein.

Copyright (c) 2000 by John Fitzsimons, all rights reserved. This may be posted to any USENET newsgroup, on-line service, or BBS as long as it is posted in its entirety (without change) and includes this copyright statement.