Tuesday, December 9, 2008

Proxy-OSS

Here is the story about Proxy-OSS that is on your computer Chris.
PROXY-OSS

This software is not a virus or a trojan. It is detected as a "potentially unwanted program." Proxy-OSS is distributed as an Internet Accelerator program, created by Marketscore. As advertised, the program is designed "to enhance the speed of the Internet while tracking user trends". It is a data gathering mechanism which collects personal information and internet usage statistics. The LSP (Layered Service Provider) stack is modified such that internet traffic is routed through servers operated by Marketscore. More recent versions of the software employ a local proxy, routing traffic through a process running on the host system instead of to remote servers. This local process then makes periodic transmissions to remote servers, presumably when data of interest is identified.

This software is installed via an ActiveX control downloaded from www.marketscore.com. Several files are dropped using an InstallShield installation package and many registry entries are created. A license agreement and privacy policy are displayed on the Marketscore website and must be agreed to (via selection of a checkbox) in order for the setup executable to be downloaded.

Although not observed during testing, it is possible that consumer surveys may be delivered via popup windows, as mentioned in the privacy policy.

Privacy

The Privacy Policy established sweeping rights for Marketscore to monitor internet traffic, collect user data, and establish correlations with other, personally identifiable data (version dated Feb 14, 2005)

Full Privacy Statement: http://www.marketscore.com/privacy.aspx
Full Membership Agreement: http://www.marketscore.com/MembershipAgreement.aspx

System Changes

Files Added

Note: Although created during the installation, the following files and folders appear to be standard components of the InstallShield installation packaging software, and not related to the functionality of the Proxy-OSS software.

c:\WINDOWS\Downloaded Program Files\setup.exe
c:\Program Files\Common Files\InstallShield\Professional\RunTime\iKernel.rgs
c:\Program Files\Common Files\InstallShield\Professional\RunTime\IsProBE.tlb c:\Program Files\Common Files\InstallShield\Professional\RunTime\Objectps.dll c:\Program Files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
c:\Program Files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
c:\Program Files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
c:\Program Files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
c:\Program Files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
c:\Program Files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
c:\Program Files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll

The remaining files appear specific to the Proxy-OSS software installation.

c:\WINDOWS\nsreg.dat
Size: 335 bytes

c:\WINDOWS\system32\mksc.exe
Size: 864,256 bytes
MD5: 09B44309B8CB641300D93458D9358ADF

c:\WINDOWS\system32\nsosscfg.exe
Size: 118,784 bytes
MD5: 46DC45B14503070FC8053CE75DBCCC0C

c:\WINDOWS\system32\okshook.dll
Size: 49,152 bytes
MD5: A8A11A2873C6A21AE8C0916DAD013F7C

c:\WINDOWS\system32\osmim.dll
Size: 303,104 bytes
MD5: F0BFFBA3F4C2EE36FA5229FF2C293657

c:\WINDOWS\system32\sporder.dll
Size: 8,464 bytes
MD5: 97F50C3E6EEB45CBE2413431F1BB52FB

Registry

Keys Added

HKEY_CURRENT_USER\Software\InstallShield
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Netsetter
HKEY_CLASSES_ROOT\CLSID\{35B7E48B-9D81-4C6C-9578-5FD4F620D886}
HKEY_CLASSES_ROOT\CLSID\{F4817E4B-04B6-11D3-8862-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{00345390-4F77-11D3-A908-00105A088FAC}
HKEY_CLASSES_ROOT\Interface\{00A0DBE3-B12E-4DC3-8C27-4197CA4DF76B}
HKEY_CLASSES_ROOT\Interface\{084A0737-26B9-4433-8007-A9161333B5FC}
HKEY_CLASSES_ROOT\Interface\{0BA4BA22-2EF0-11D3-88C8-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{0C8D0880-1AC4-11D3-A8FF-00105A088FAC}
HKEY_CLASSES_ROOT\Interface\{0E67BBC9-18CB-4B22-BACD-687CDF6387B6}
HKEY_CLASSES_ROOT\Interface\{112EB4F0-5A48-11D3-A90A-00105A088FAC}
HKEY_CLASSES_ROOT\Interface\{1169A235-14D9-4488-8B56-58ECE9C57002}
HKEY_CLASSES_ROOT\Interface\{16344B6E-52E1-4BBC-AA79-E08B10B7BAB9}
HKEY_CLASSES_ROOT\Interface\{17773851-7FF4-44C1-B084-1E1EDB2BFD4D}
HKEY_CLASSES_ROOT\Interface\{1AE441C6-2C13-49CE-909A-57A81F74F38E}
HKEY_CLASSES_ROOT\Interface\{1B1B8830-C559-11D3-B289-00C04F59FBE9}
HKEY_CLASSES_ROOT\Interface\{1ED19966-1493-4539-B9F5-97A6556CE8F8}
HKEY_CLASSES_ROOT\Interface\{1F1ABEE7-FEDB-45AF-A01B-0B4DE6887573}
HKEY_CLASSES_ROOT\Interface\{1F9922A2-F026-11D2-8822-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{21D98482-146C-4EBF-AF1E-B04395110005}
HKEY_CLASSES_ROOT\Interface\{229A85A7-2F77-42A2-8CBD-01DD1C09BC88}
HKEY_CLASSES_ROOT\Interface\{230FFDDA-4771-42D0-9383-42547833224B}
HKEY_CLASSES_ROOT\Interface\{251753FA-FB3B-11D2-8842-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{2583251F-0A04-11D3-886B-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{348440B0-C79A-11D3-B28B-00C04F59FBE9}
HKEY_CLASSES_ROOT\Interface\{39040274-3D36-11D3-88EE-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{3D8B6331-D8B1-11D2-80C5-00104B1F6CEA}
HKEY_CLASSES_ROOT\Interface\{3D8B6332-D8B1-11D2-80C5-00104B1F6CEA}
HKEY_CLASSES_ROOT\Interface\{3DFE4F8F-A5A1-4ECA-9A50-E5CF9BA836E9}
HKEY_CLASSES_ROOT\Interface\{3EDC2C10-66FE-11D3-A90F-00105A088FAC}
HKEY_CLASSES_ROOT\Interface\{3EE77D8B-40C1-4A2A-9B77-421907F02058}
HKEY_CLASSES_ROOT\Interface\{3FB92AF0-B9EE-4C30-8D36-93495070CCA1}
HKEY_CLASSES_ROOT\Interface\{44D61997-B7D4-11D2-80BA-00104B1F6CEA}
HKEY_CLASSES_ROOT\Interface\{4C5C8B37-CCB7-11D5-ABEC-00B0D0238DF5}
HKEY_CLASSES_ROOT\Interface\{4D08A70C-42E4-4238-AF79-7A7485C66EE2}
HKEY_CLASSES_ROOT\Interface\{4E26CAD5-1B59-4D1D-9063-2D91314C9E45}
HKEY_CLASSES_ROOT\Interface\{5331F72D-17F1-4D16-A17A-F190461343BF}
HKEY_CLASSES_ROOT\Interface\{5469EE67-1493-402F-8E2C-99936C9E4983}
HKEY_CLASSES_ROOT\Interface\{54DADAB2-28A6-11D3-88BA-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{54DADAB3-28A6-11D3-88BA-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{61892D50-28EF-11D3-A8FF-00105A088FAC}
HKEY_CLASSES_ROOT\Interface\{6494206F-23EA-11D3-88B0-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{65D37452-0EBB-11D3-887B-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{6B15A454-9067-4878-B10E-B9DFFE03049D}
HKEY_CLASSES_ROOT\Interface\{6D0A2C7B-875F-40E7-B7BE-2E909A3A9026}
HKEY_CLASSES_ROOT\Interface\{6FFDEFD7-3EC4-4E5A-9EFC-AD04E14A9934}
HKEY_CLASSES_ROOT\Interface\{761C8359-55AF-4E7B-9C83-C1A927E0F617}
HKEY_CLASSES_ROOT\Interface\{787D0980-F63F-462C-86BC-FC23847C70F4}
HKEY_CLASSES_ROOT\Interface\{78A47147-ACE5-46F8-BA85-BEAF37827CF4}
HKEY_CLASSES_ROOT\Interface\{7B288F47-79AB-43A8-8494-D9F4D5985B29}
HKEY_CLASSES_ROOT\Interface\{7BB118F1-6D5B-470E-82D0-AFB042724560}
HKEY_CLASSES_ROOT\Interface\{7D795704-435D-11D3-88FF-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{7FA3F3D3-7B9E-4F51-9448-3642B544CEBD}
HKEY_CLASSES_ROOT\Interface\{80FDE82A-2CAA-11D3-88C3-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{83755DD1-086B-11D3-8868-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{8415DDF9-1C1D-11D3-889D-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{8415DE38-1C1D-11D3-889D-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{8C3C1B10-E59D-11D2-B40B-00A024B9DDDD}
HKEY_CLASSES_ROOT\Interface\{8C3C1B11-E59D-11D2-B40B-00A024B9DDDD}
HKEY_CLASSES_ROOT\Interface\{8C3C1B12-E59D-11D2-B40B-00A024B9DDDD}
HKEY_CLASSES_ROOT\Interface\{8C3C1B13-E59D-11D2-B40B-00A024B9DDDD}
HKEY_CLASSES_ROOT\Interface\{8C3C1B14-E59D-11D2-B40B-00A024B9DDDD}
HKEY_CLASSES_ROOT\Interface\{8C3C1B15-E59D-11D2-B40B-00A024B9DDDD}
HKEY_CLASSES_ROOT\Interface\{8C3C1B16-E59D-11D2-B40B-00A024B9DDDD}
HKEY_CLASSES_ROOT\Interface\{8E156322-57D4-448B-BAB4-35DC0C7ADF53}
HKEY_CLASSES_ROOT\Interface\{91814EBF-B5F0-11D2-80B9-00104B1F6CEA}
HKEY_CLASSES_ROOT\Interface\{91814EC1-B5F0-11D2-80B9-00104B1F6CEA}
HKEY_CLASSES_ROOT\Interface\{91814EC3-B5F0-11D2-80B9-00104B1F6CEA}
HKEY_CLASSES_ROOT\Interface\{91814EC5-B5F0-11D2-80B9-00104B1F6CEA}
HKEY_CLASSES_ROOT\Interface\{91CD1F51-7199-46FA-9629-9C89D2F1AE22}
HKEY_CLASSES_ROOT\Interface\{94F4A332-A2AE-11D3-8378-00C04F59FBE9}
HKEY_CLASSES_ROOT\Interface\{9AEE3F7A-A79F-4B41-BC48-E7946FFEAB35}
HKEY_CLASSES_ROOT\Interface\{9B697780-DBBC-11D2-80C7-00104B1F6CEA}
HKEY_CLASSES_ROOT\Interface\{9BD0749C-12DC-4D2B-A4F6-9E52F0F38A6C}
HKEY_CLASSES_ROOT\Interface\{9CFCFE67-0BB8-43E0-8425-378D0A02ACE4}
HKEY_CLASSES_ROOT\Interface\{9D1BC05A-7056-458F-B605-A6298C8BD4B1}
HKEY_CLASSES_ROOT\Interface\{9E274DCA-9B35-4B99-904F-76F2C5B59F76}
HKEY_CLASSES_ROOT\Interface\{A36ECFBE-FAAA-417D-9D41-7FEF98FDE554}
HKEY_CLASSES_ROOT\Interface\{A74C06E4-12DF-4060-9AA7-83CFAA66D604}
HKEY_CLASSES_ROOT\Interface\{AA7E2060-CB55-11D2-8094-00104B1F9838}
HKEY_CLASSES_ROOT\Interface\{AA7E2061-CB55-11D2-8094-00104B1F9838}
HKEY_CLASSES_ROOT\Interface\{AA7E2062-CB55-11D2-8094-00104B1F9838}
HKEY_CLASSES_ROOT\Interface\{AA7E2064-CB55-11D2-8094-00104B1F9838}
HKEY_CLASSES_ROOT\Interface\{AA7E2065-CB55-11D2-8094-00104B1F9838}
HKEY_CLASSES_ROOT\Interface\{AA7E2066-CB55-11D2-8094-00104B1F9838}
HKEY_CLASSES_ROOT\Interface\{AA7E2067-CB55-11D2-8094-00104B1F9838}
HKEY_CLASSES_ROOT\Interface\{AA7E2068-CB55-11D2-8094-00104B1F9838}
HKEY_CLASSES_ROOT\Interface\{AA7E2069-CB55-11D2-8094-00104B1F9838}
HKEY_CLASSES_ROOT\Interface\{AA7E2084-CB55-11D2-8094-00104B1F9838}
HKEY_CLASSES_ROOT\Interface\{ABF74802-8E5B-44EA-880E-8E128A06A113}
HKEY_CLASSES_ROOT\Interface\{AF57A6F0-4101-11D3-88F6-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{AF57A6F1-4101-11D3-88F6-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{AFED5DD0-0694-11D4-A934-00105A088FAC}
HKEY_CLASSES_ROOT\Interface\{B0D1DB92-DE05-4926-A5DC-01F3F9857587}
HKEY_CLASSES_ROOT\Interface\{B12A5014-0AA8-451A-B621-F717998B0B53}
HKEY_CLASSES_ROOT\Interface\{B310295D-E006-4E5A-9CBE-FA7C092F2FC3}
HKEY_CLASSES_ROOT\Interface\{B4D3EAE5-8A3A-4376-8B65-6A81293EDB1D}
HKEY_CLASSES_ROOT\Interface\{B964AF40-4AB7-11D3-A908-00105A088FAC}
HKEY_CLASSES_ROOT\Interface\{BA24E1DA-9E87-4502-9AF0-B5DDFA6D6B23}
HKEY_CLASSES_ROOT\Interface\{BD307C4E-6FC9-40FB-B15E-BEC6851EF52C}
HKEY_CLASSES_ROOT\Interface\{BE0B3F76-166A-4DA5-A97C-318595E3D15C}
HKEY_CLASSES_ROOT\Interface\{BE6115A1-7DE5-48DC-AD2A-25060E00FCE2}
HKEY_CLASSES_ROOT\Interface\{C4143914-2238-40F8-A74C-67C4B8ACB27A}
HKEY_CLASSES_ROOT\Interface\{C4AAC3B1-C547-11D3-B289-00C04F59FBE9}
HKEY_CLASSES_ROOT\Interface\{C8D5B971-D521-4113-82D6-869817B452DE}
HKEY_CLASSES_ROOT\Interface\{CC096170-E2CB-11D2-80C8-00104B1F6CEA}
HKEY_CLASSES_ROOT\Interface\{D2A3A842-FBA3-49D4-8806-7734716364A2}
HKEY_CLASSES_ROOT\Interface\{D4FF39B9-1A05-11D3-8896-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{D4FF39BB-1A05-11D3-8896-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{DAB9BF17-267D-11D3-88B6-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{DBBBE57D-A05D-43EC-8408-ED3EAA713963}
HKEY_CLASSES_ROOT\Interface\{DED5FEEC-225A-11D3-88AA-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{E1B9357F-24B9-11D3-88B2-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{E3CD7A86-04E4-4B47-88E8-3EE03A3DEE56}
HKEY_CLASSES_ROOT\Interface\{ECBE1E54-3649-4287-9888-D9FB133CAE0D}
HKEY_CLASSES_ROOT\Interface\{F4817E4B-04B6-11D3-8862-00C04F72F303}
HKEY_CLASSES_ROOT\Interface\{F8CB9A40-3665-4D33-B239-32CA4C7B8DEA}
HKEY_CLASSES_ROOT\Interface\{FEBEC920-1849-11D3-A8FE-00105A088FAC}
HKEY_CLASSES_ROOT\Setup.Player
HKEY_CLASSES_ROOT\Setup.Player.2K2
HKEY_CLASSES_ROOT\TypeLib\{94636247-BC39-4B8B-A728-2D1FBEBFA76A}
HKEY_CLASSES_ROOT\TypeLib\{BC44B51D-1A01-4B50-92F2-E7D736F75DA8}
HKEY_LOCAL_MACHINE\SOFTWARE\comScore Networks, Inc.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{35B7E48B-9D81-4C6C-9578-5FD4F620D886}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\
Certificates\A32C2B8361CA79FB7DCD14CBDA793D0DF855991C
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\
Certificates\F8D953700E84F3945390C81A1A3BF929C8A29EB7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
ModuleUsage\C:/WINDOWS/Downloaded Program Files/setup.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Uninstall\{a71b1608-0de3-445d-afc1-16cc74422a9e}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RASMAN\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TAPISRV\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\
LEGACY_RASMAN\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\
LEGACY_TAPISRV\0000\Control

Values Added

Over 600 registry entries were added.

Network Impact

Possible performance impact due to delays relaying data through the Marketscore proxy network.

Removal Instructions

Monday, December 8, 2008

Gift Ideas

Every year I post my Holiday Gift List. These are things that are sure to please any guy who has an interest in technology. Sorry ladies, I still have trouble coming up with good technology presents for women. However, the iPod's or the Flat Panel HDTV's might be appropriate. Guys, whatever you do don't buy her an iRobot. Unless you want a very cold shoulder. That is a present for YOU since your place always needs vacuuming. My ex-wife said it best guys "nothing that plugs in for a present that shows you really care. Try the jewelry store instead of the computer store. Unless she is truly excited by plug-in devices".
Nexxtech Ultimate Portable Speaker $19.99 at Circuit City. I love this thing. I use it for my car radio so I can play my iPod on the road. It's small and has a really big sound. It hooks up to every device imagineable. I had to buy it when I saw it so don't send me one for Christmas ;o)
iRobot Roomba $119.96 at Circuit City is an incredible robotic vacuum cleaner.
Vonage Digital Phone System Wiring solution for your entire house. With Rebate it pays you 1 cent ($149.99 purchase price). Need I say more ;o)
Vonage wireless router $34.99 with $70 rebate pays you $35.01. Really what are you waiting for?
Vonage Digital phone System costs $69.99 and gives a $70 rebate pays you 1 cent again!!!!
Laptop Coolers $34.99-$39.99 shows you care. For those overheating laptops that you can't really use on your lap unless you want to feel singed.
Kill A Watt and Kill A WattEZ by P3 International $49.99 monitor your electrical equipment and find where your power is going. This helps point out where all your electrical power is going.
iPod Shuffles and other mini-MP3 players are now as low as $47.99
19" LCD HDTV Flat Panels are going for as low as $299. I live in NYC so I'm always looking for more compact TVs. No room for the wall of TV.
26" LCD HDTV Flat Panels are going for as low as $499. I'm tempted this year.