Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Warning About East-tec Eraser


  • Please log in to reply
4 replies to this topic

#1 Mike Andrews

Mike Andrews

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Location:East Point, Georgia
  • Local time:05:57 AM

Posted 19 December 2005 - 05:08 AM

To all:

Below please find a slightly edited letter I faxed recently to a member of government regarding a once-popular utility, the East-Tec Eraser.

Any forum members using East-Tec products are strongly advised to uninstall them and uninstall then RE-install any anti-spyware programs, as the latter are targeted by the CWS-based components East Technologies employs to render such software useless. It'll still load and apparently san ok; but it won't find anything. This applies to anti-virus as well. Better safe than sorry.

For information on how to set up a safe boot (or clean boot) in WinXP refer to Microsoft Knowledge Base article 310353.

After uninstalling it is advisable to delete all prefetch files (WinXP) named UNWISE.EXE and anything bearing a relationship with Eraser or East Technologies. In the past it has been my pleasure to select-all and DELETE the whole prefetch can of worms. It can't hurt. If you discover that some files remain in the trash after you've attempted to MT the latter into freespace, you will have to do a special dump job in safe boot. Safe boot unhooks all but required system processes and allows the user to get 'down and dirty' with spyware.

Then run scans in the Windows search assistant for any and all associated names, such as ete, ETE, Eraser, East-Tec and East Technologies, followed by a registry search for same, deleting all entries at the key level.

Finally, check in the registry for the MD5's listed below to see if they are present. It may be necessary to hyphenate the latter in the standard integers for CLSIDs using 8-4-4-4-12 (example: {00000000-0000-0000-0000-000000000000}), and delete any you find. Why not do all this from safe boot?

Then, after UNINSTALLING and REINSTALLING all anti-spyware software and updating same, run a spyware scan.

Or, buy a Mac.

A.

-----------------------------------------
Friday, December 9th, 2005

Dear Sir:

I am writing to advise of a situation which may merit the attention of XX Department of Law.

As you will no doubt be aware, the burgeoning threat of spyware and viruses is rampant in today's IT field. Users of the X-86 Windows platform are beset from all sides, with hackers, ad servers and software manufacturers incorporating 'sops' into their products, included files downloaded by unsuspecting users through 'trick' servers.

Today the entire global software industry is so terribly corrupt that it goes beyond the mien of most new, or "newbie" users what it is they will face in the field of computer-driven communications. Personally I believe this is a shame, and that more could be done to relieve this abomination under the enforcement powers of state judiciaries. Consumer protection acta already on the books should in my opinion be sufficient to address the issue of malware... and I would cite as one example Warranty of Merchantability.

It has become obvious to some of us that the federal judiciary will do little or nothing, nor will the so-called advocacy groups operating as NGOs, such as ASAP, ever accomplish anything in their make-believe agenda of 'protecting' the consumer. Because what we actually have in the former is the wealth-and-power-driven cyber mafia clamoring and posturing IN FEAR that enough citizens might stand up against the malware menace THEY POSE to force government's hand.

The recent move in Congress to pass anti-spyware legislation is encouraging; yet still, short of rigid enforcement backed by arrest warrants, little good will result.

It is in light of these that matters I contact you today, hoping that you will initiate an investigation into the business practices of the corrupt software middleman-operation RegSoft.

I am convinced that RegSoft is a functionary of the east European cyber mafia and complicit in a criminal arrangement with the latter to piggyback malware onto downloads of products purchased from entities operating beyond the veil of US law. East Technologies is a company located in the heart of east European mafia territory, and a business partner with RegSoft.

East Technologies is maker of the East-Tec Eraser and other products. Despite clever legerdemain at East-Tec's web sites such as sweet talk and images of flowers, East Technologies is a criminal entity dealing in spyware. Any person who is duped into installing East Technologies' malware will have no personal security from that day forward; it is of the greatest irony that the latter touts its malware as an enhancement to security.

Of note in the matter of East-Tec's spyware venue are several CWS-based components. The two which I'm most aware of are as follows; they are entered here like they may or may not appear in the Windows registry as class IDs; below they are actually shown as 'hashes,' 32 digit binary strings alphanumerically sequenced in accordance with the values of the malware components represented:

Buddy Spy 2.2 MD5 6a79774969056d4a20b42c5a9fcce58e
Ezula MD5 211e2d8dd219b8534783ffae63152308

There are undoubtedly many others. Refer to the T. Klein list and the Computer Associates web site for more in-depth information on Ezula and MySearch, etc. BuddySpy 2.2 is new as of November, 2005.

The components reflected in the above strings are hidden in Eraser (and probably all East Technologies software) within the file UNWISE.exe, an uninstall wizard, which is an executable that the average user-victim will be unable to open short of uninstalling the software. Of course, uninstalling the software will NOT uninstall the spyware; it remains behind. It will be of the utmost difficulty for the victim to manually delete the spy file... and since UNWISE.exe is write-protected to an UNKNOWN folder there is no way to delete it and make the deletion stick. Moreover, skilled users who ARE successful in deleting UNWISE.exe find that (Eraser, for one) no longer functions.

Ordinarily it is quite possible to run a deregister script in regedit32 to unhook a file so it can be deleted in SafeBoot mode; but one must first know the name of the folder whose root the file is registered to for this to be successful.

I would personally enjoy seeing East-Tec's satrap RegSoft put out of business. That would go far in preventing East Technologies from continuing its deceptive sales agenda within the United States... and would send a clear message to other mafia rodents in the spyware business to 'get out of Dodge.'

Below please find pasted what I could come across in Google about East Technologies. When I first began doing business with the latter in 2002 they represented themselves as an American company domiciled in Brunswick, Georgia. But checking today I was unable to come across even a whisper of a reference that these bums were ever in Brunswick; although they may very well still occupy office space there... a single room with a mail drop, etc. But there's nothing on the Net to that effect as far as I could determine.

My guess would be that victims of these shysters have complained enough to raise the heat on East-Technologies and thus predispose the abandonment of all domestic installations.

Here's the bio:

------------------------------------
EAST Technologies
Piata Unirii Nr. 2-4, Et. 1
Oradea 3700
Romania

Kontakt
(Romania)

Horatiu Tanescu, President
E-mail: htanescu@east-tec.com

Eugen Malita, Chief Executive Officer
E-mail: emalita@east-tec.com

EAST Technologies, founded in 1997 by Horatiu Tanescu and Eugen Malita, focuses on the development, marketing and support of leading privacy/security and data management applications. EAST Technologies is widely known for its East-Tec brand of security applications designed to protect data and the user's computer and Internet privacy.

EAST Technologies has a customer base that spans individuals, small to medium-sized businesses, the Fortune 500 and governmental agencies. They all trust the quality of our products and enjoy accessing powerful features through intuitive and easy to use interfaces.

EAST Technologies has been honored with hundreds of awards and excellent reviews for its software as well as its corporate reputation.

*****************************************************************
[Do you see through this charade? -- Above and below are instances where members of the global cyber mafia have afforded themselves accolades, awards, back-pats and endorsements in order to better peddle their trash-ware. Virtually all the names dropped are of Microsoft toadies, sycophants bowing in abeyance to the monopoly player and principal crux in the cyber mafia, Bill "I got my start in Israel" Gates.]
*****************************************************************
East-Tec Eraser has received the Editors' Pick Award from ZDNet, the Vnunet.com Choice Award, the SoftSeek Editor's Pick, the WinDrivers.Com Daily Tech Utility Award and maximum 5 star ratings from major software sites and networks such as ZDNet Deutschland, 5 Star Network, Rocketdownload.com, SoftList, Hotwinfiles, TopShareware, Paul`s Picks, PC Win, SoftLandMark, FileTransit, Softwaretyme, SoftNews, File Hungry, etc. East-Tec Eraser has been reviewed by leading magazines and newspapers such PC World, Computer Shopper, Law Office Computing, Computer Times, ComputorEdge, The Herald Tribune, LaPresse (the largest French-language newspaper in North America), Folha de S. Paulo (the leading Brazilian daily newspaper), etc. East-Tec Eraser has also been featured at the Washington D.C. Bar 2001 Winter Convention, in the Criminal Defense Guide (a guide written by American criminal defense lawyers), on Military-Software.Com and Police-Central.com.

EAST Technologies has development offices in Europe and partner companies and resellers in the United States and worldwide.
---------------------------------------
Everything you see above is cleverly structured advertising rhetoric, made possible through collusion with other members of the cyber mafia; one of which, if you ask me, is named Google. ?

It should also be realized that the versions of software products East Technologies ships to entities who could cause... ahem, 'difficulties,' such as the US military and law enforcement agencies; NSA, etc., are likely to be spyware-free. It comes to mind as well, haha, that some of the latter may even be complicit in using Eraser as a vehicle for domestic surveillance. After all, this IS the age of Bush :-).

Please do all possible to end East Technologies' career of crime in the US by 'getting the goods' on RegSoft, and by putting out a bulletin to government offices under your purview to fight shy from handling East-Tec products.

We the People will thank you.


Yours Very Truly,

(Andreades)

BC AdBot (Login to Remove)

 


#2 acklan

acklan

    Bleepin' cat's meow


  • Members
  • 8,529 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Baton Rouge, La.
  • Local time:04:57 AM

Posted 19 December 2005 - 07:12 AM

:thumbsup: dude...
"2007 & 2008 Windows Shell/User Award"

#3 phawgg

phawgg

    Learning Daily


  • Members
  • 4,543 posts
  • OFFLINE
  •  
  • Location:Washington State, USA
  • Local time:02:57 AM

Posted 19 December 2005 - 03:37 PM

It's hard for me to roll the companies MS, Google and East-Tec into a fabric that creates unending complicity and conspiracy to do damage by data-mining. True, there exists a mutual benefit society that at it's core lies the spyware-antispyware conflict. Also true, I believe, is that the money-making endeavor(s) of some eastern european software manufacturers cross over the line drawn between legitimate and illegal activities.

I'm glad you have done the research you have, and thank you for your involvement and effort to help the web users in general. We need watchdogs that can understand the technical and psychological tricks that are in practice daily to alert the very many users who don't have a clue.

It would perhaps be more accurate to simply expose that which is factual, and allow for the interpretations to be applied individually, though. All companies involved in making money do so with understanding of the market. All governments are money making entities, too. They are mandated to protect their "investments", and citizens as well. That can cause conflicts within the management sector, as obviously allowing citizen soldiers to die is not really protecting them. The issues, therefore, can become unclear rapidly when summarizing the "intent" or "procedures" followed by capitalistic organizations.

I'm thinking that the issue of bundled spyware and duping the consumer is one issue, and what one can infer regarding the world power-players in business and it's close cousin, government, should simply be understood as nowhere near perfect, but probably not catastrophically alligned to cause destruction of what continues to be a remarkable acheivement on the part of multi-national and multi-cultural intelligent persons - the WWW.

I trust the "checks & balances" that do exist to maintain stability will be exercised to the benefit of the common users worldwide for the most part. I hope the next generation has their ear to the ground, so-to-speak, and learns of ways to avoid exactly what one could paranoically imagine to be a vast complex of evil practitioners bent on abusing everyone and able to do so. It will be, after all, difficult to pull the wool over the eyes of some billion or so thinking individuals who can communicate with each other, don't ya' think?

Keep up your good work ...
patiently patrolling, plenty of persisant pests n' problems ...

#4 Mike Andrews

Mike Andrews
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Location:East Point, Georgia
  • Local time:05:57 AM

Posted 21 December 2005 - 11:26 PM

phawgg,

Thanks for your reply to my barbarous assault on the global ad/spyware mafia.

I shudder to imagine what you'd think if I had really let loose with a full-house invasionary steroid-level attack, LOL; but yeah... I did use some strong language. Sometimes the truth puts forth that connotation.

But hey... like the old mayonnaise commercial had it, you gotta break some eggs to make the real thing. However, that doesn't mean you gotta walk on the shells while you're doin' it.

No reform will emerge from sweet-talking a cobra. It will still bite you if you aren't careful, because that is the nature of the serpent.

Our world will never put an end to the spyware/virus scourge with polity, my friend, but with straight talk and arrest warrants.

If you doubt the existence of a global criminal matrix consisting of factions and cells the world over dedicated to stealing precious human freedoms... like, for instance, the freedom to be private in our personal lives, or the right to be left alone without molestation, then you should rethink your position.

Indeed, Microsoft alone accounts for enough criminal acts to make the wickedest mafiosi jealous. Since Windows 95 shipped, Microsoft OEM/bundled installation media infected with (for openers) the Commonname parasite has co-opted countless millions of computers world-wide. And that's only the tip of the iceberg.

As a clincher, any person who orders NEW replacement OEM/bundled media for supported Windows versions will receive infected media! The only difference will be where the damaged/lost CD was an SP1 or earlier version, the person placing the order will get an identical, albeit infected CD incorporating SP2. But itz free! (Such a deal.)

What Microsoft does is take old media produced in the Chicago and other known mafia centers, but that never got shipped, and unlock them so that they can be enhanced with the newest service pack. But NOTHING is done to alter Commonname. It 'don go nowhere.

It installs along with Windows from nine setup files which were placed on the CD when it was originally struck. Perhaps one additional installation file is added, as SP1 CDs typically install CN from nine files; the SP2 CDs Microsoft is shipping these days feature ten files that, all together, place the parasite on your drive. The files are:

HIVECLS.INF (i386)
HIVEDEF.INF (i386)
INTL.INF (i386)
SCRIPT.DLL (VALUEADD/MSFT/USMT/ANSI)
SCRIPT_A.DLL (VALUEADD/MSFT/USMT/ANSI)
SETUPAPI.DLL (WIN9XUPG)
TXTSETUP.SIF
WIN95UPG.INF
LAYOUT.INF
And a tenth file which is unavailable as of this posting.

In unca Billy's infinite generousity it was seen fit to incorporte the above so that your life could be... ahem, shared... with plenty of inquisitive and money-hungry others.

Got your attention yet? Hey, I'm smiling here; so don't think this has anything to do with sour grapes where you or any member of the forum is concerned. But where Micromafia is concerned the sour grapes I'm packing are the size of watermellons.

But how about a little test to see if your machine's infected with unca Billy's favorite sop? It's easy, really -- FINDING Commonname; but NOT so easy getting rid of it. Did you buy your computer new with pre-installed OS? WinXP Hm Ed? Well, if that's the case and you've had it since mid-2003 or B4 I'd be willing to bet a buffalo nickel your machine's sporting a healthy Commonname infection.

To find out, try this: Go start> run and type regedit; enter. Collapse the registry so that only the words 'My Computer' remain; take your pointer up to edit> find and type this CLSID into the box: {00000000-0000-0000-0000-000000000000}. Hit 'find now.'

Users of spybot will have a long list of rotten CLSIDs installed to their HKLM...\ActiveX Compatibility list for 'protection,' so if the search engine finds the zero monster there at the top of the heap, no worries, mate! Anywhere else... (please continue going to edit and hitting 'find again') -- and you're infected with a virulent spy that transmits packets out via the TCP/IP stack.

That's service host (svchost) to you techy types. All firewalls regardless of stateful-ness must regard svchost as a trusted source. The official title for whatever it's worth is Generic Host Process for Win32 Services (or similar). That's as it appears in ZoneAlarm Pro's Programs section. Block it and there's no such thing as surfing... not unless you have a board and live near a beach.

If anyone has the moxy to run my little test and comes up infected, just post the results to this thread and I'll enter a generic, one size-fits-all explanation how to remove the SIMPLEX version of CN. There's a more complex version that creates a bogus Winsock LSP through which all connectivity is scavenged. Incorrectly sever any of CN's tentacles and you got problems. So I don't offer advice when that version is present. Can't take the criticism, haha.

The Internet is the most wondrous and innovative technology that's come to our world. As long as it remains completely free (meaning unrestricted) we'll all benefit in a positive way and see our personal horizons expanded greatly.

However, there are criminals and other selfish individuals and groups who want to strip us of the right to use the Net freely, as open and unrestricted communication poses too many risks to their plans for us. Now as in the future mankind will be immersed in a constant battle royal for Internet freedom... and not a single one of us will be able to escape the tempest.

The best thing we can ALL do for ourselves and others is to stand up and speak from the heart! Remember... the squeaky wheel gets the grease. If we sit idly by while corrupt politicians and their plutocratic bosses call the shots we'll lose our precious Internet freedom and wind up with something like what the Chinese must face EVERY SINGLE DAY. In China there's no such thing as freedom. The old, hard-line rulers are still hanging on for dear life there, keeping the people in subservience. Chinese email communications and web surfing are heavily regulated and censored.

One thing that many of us don't know is that unca Billy is involved with the despotic Chinese government in providing filtering software, so that the rulers of China can maintain suppression over the masses. The despots are loathe to have the truth of their heinous deeds reach the outside world. But they do, nonetheless.

Still, our own US resident has the Chinese rulers beat when it comes to despotism.

Which leads one to ponder... what do you suppose William Gates, world's wealthiest man, would do in the way of censorship in the US and UK if he had the opportunity?

Remember... by a man's acts is he known. The Chinese people are human beings just like we of the West. If Mr. Gates would aid and abet in a scheme to suppress the Chinese, what's to prevent him from doing the same on Elm Street, USA?

A.

#5 Cacadevaca

Cacadevaca

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:57 AM

Posted 15 March 2012 - 02:24 AM

Holy Trojan, Batman! This post is old, but is it legit? Is East-tec still a scam?

Thanks in advance!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users