Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is Aluria A Threat?


  • Please log in to reply
8 replies to this topic

#1 paulboc

paulboc

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 10 January 2006 - 10:02 AM

Since becoming a member of this very useful site I have become much more security conscious. I posted a problem I am having using Norton Ghost 9.0 to restore a drive. I kept getting a message that the destination drive was in use although there was nothing on it (I thought). I noticed that there was an Aluria cache file on the destination drive. I deleted it and checked to find the same file on my other two drives.

Searching the net I found posts concerning Aluria's partenering with WhenU, an ad producer, and the concern this alliance caused.

I did not install anything from Aluria that I am aware of. I tried to delete Aluria files from my system but was prevented by a message "source file in use" or words to that effect. I have run Ad-Aware and Spybot and did not find any major threats. Searching through my files I can not find a folder named Aluria. I am concerned that the application is creating cache files of each of my three drives without my knowledge or permission for an unknown purpose.

My question is this: How can I totally remove Aluria from my system?

BC AdBot (Login to Remove)

 


#2 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:10:52 PM

Posted 10 January 2006 - 10:04 AM

Read How to post a HijackThis Log.
Please read, and follow, all directions carefully.

Then, run a log, and post it in the HijackThis forum, at this link. Do not, fix anything, yet.
A member, of the HJT Team, will help you out.
It may take a while to get a response, because the HJT Team are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.

NOTE:
Once you have made the post, please, DO NOT make another post in the HJT forum, until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post, there will be 1 reply. The team member, glancing over the replies, might assume someone is already helping you out, and will not respond. So, just make your post, and let it sit there, until a team member responds. This way you will be taken care of, in the most timely manner.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#3 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:52 PM

Posted 11 January 2006 - 11:50 AM

Hi paulboc,

I've answered your HJT log here:
http://www.bleepingcomputer.com/forums/ind...38&#entry218638

Since Aluria and Earthlink have just come out with this firewall I thought it would be better to post about it in this thread and forum so anyone else with questions about it will know what's going on. Here are some pages that will give you some more information:

http://home.businesswire.com/portal/site/g...323&newsLang=en
http://www.earthlink.net/software/free/pcc/fw/
http://www.aluriasoftware.com/homeproducts/firewall/

I looked around the Earthlink support pages yesterday and could find no FAQ's or how-to articles about the firewall--I imagine it's so new they haven't had time to do that yet.

If you still want to remove any Aluria from your system I would suggest contacting Earthlink support. It's unclear to me whether or not you can just uninstall the firewall by itself or if you would have to uninstall the EarthLink Protection Control Center, if that can even be uninstalled seperately.

If it were me, I would uninstall Eartlink's entire software package. It's not required for Earthlink's service and can be a real drag on your system. I know from experience as Total Access was installed on my system up until June of last year.

Their security tools are actually pretty good. SpyBlocker is their version of WebRoot SpySweeper, which is just about the best commercial anti-spyware out at this time. And it's free thru Earthlink.

VirusBlocker I believe is actually a Symantec/Norton product. I don't care much for Norton's bloat and I believe you have to pay an extra fee thru Earthlink for it, but it is an established anti-virus.

I would be leary of Aluria's Firewall. They make a pretty good anti-spyware app, but the firewall is so new I would imagine that it would be somewhat buggy, especially since this isn't their area of expertise. And as you pointed out their association with WhenU is somewhat questionable and I don't like that they don't offer a trail version of the firewall. If they did I could download it and check it out to see if it's worth having.

The other thing about these security tools Earthlink and other ISP's offer is that they don't give you much control over the program and what it is doing. You have to be on your toes with all that is out there today and keep an eye on your security tools to make sure they haven't been compromised. ISP software tends to lull one into a false sense of security by oversimplifying it and wanting you to think their tools can take care of it automatically. It's a selling point for them. But malware is very good at getting around automatic tools now.

So I would suggest uninstalling Total Acces completely and install independent security tools. Use this as a guide to what you need for your security:

Simple and easy ways to keep your computer safe and secure on the Internet


The list of firewalls is rather incomplete and it's getting harder to find good free ones that are easy to use--Symantec bought out Sygate, which is my favorite, and killed it--so here is the most current list:

Kerio Personal Firewall
OutPost Firewall Free
Jetico Personal Free
ZoneAlarm

Understanding and Using Firewalls

I just tested Jetico, but find it's not very user friendly. ZoneAlarm is, but can cause some problems that are hard to diagnose and resolve. But you definitely need a firewall on your system.

Free antivirus:

Antivir
Avast Free
AVG Free
Bitdefender Free

If you decide to uninstall Total Access, I would also suggest getting Earthlink support on the phone to walk you thru it. I didn't have the opportunity to do an uninstall myself--my mobo went down so I had to re install windows, so I don't have that experience.

Let us know hat you decide and if you need any help with it or have any other questions.

And if you could do us a favor, I would like to get those firewall files into our startups database after we take a closer look.

Please create a folder called c:\submit. Now copy the following files into that directory:

F:\PROGRAM FILES\EARTHL~2\PROTEC~1\EFWPPS~1.EXE <--Windows has abbreviated this long file name with a tilde (~), but the name beegins with EFWPPS. The folder names are also abbreviated in this way.
F:\PROGRA~1\EARTHL~2\PROTEC~1\ELNKServ.exe

To copy the files simply navigate to the directory they are in and right click on the file name, and then click Copy. Now go back to the c:\submit folder. Right click the folder and select Paste.

Once the files are all copied zip the folder and rename submit.zip to paulboc.zip. If you are not sure how to send the files to a zip folder click the following link for a tutorial: How to create and extract a Zip File in Windows ME/XP/2003
How to create and extract a ZIP File in Windows 95/98/2000

When the files are zipped click this link to go to the BC submisions page:
http://www.bleepingcomputer.com/submit-malware.php

1. Fill in the required fields and then click the Browse button.
2. Navigate to paulboc.zip and click the Send File button.

If you have any problems copying the files, boot into Safe Mode and try again.

Thanks. :thumbsup:

We always did feel the same

We just started from a different point of view

Tangled up in blue--Bob Dylan


#4 paulboc

paulboc
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 14 January 2006 - 08:49 AM

Papakid

I have submitted the zipped files concerning Aluria as you directed. thanks very much for your assistance.

#5 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:52 PM

Posted 14 January 2006 - 12:01 PM

You're welcome and thanks for submitting the files. :thumbsup:

http://www.bleepingcomputer.com/startups/E...vice-14053.html
http://www.bleepingcomputer.com/startups/E...vice-14054.html

If you don't mind teling, I'm curious as to what you decided to do and if you got the problem with Norton Ghost 9.0 straightened out.

We always did feel the same

We just started from a different point of view

Tangled up in blue--Bob Dylan


#6 paulboc

paulboc
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 28 January 2006 - 01:01 PM

Papakid,
Sorry to be so long in answering your last message to me but I have been struggling with getting Ghost to work. At last I can report success but I am really annoyed with Norton/Symantec.
At first the issue seemed to be something running on the drive that I was trying to restore. This turned out to be Aluria’s cache file which apparently was recording everything that happened to that drive (G:/). When I deleted the Earthlink Protection Control Center that had installed the Aluria cache file I thought I had the problem fixed. Not so!
As a digression there are two modes of restoring data images. The first is “Restore a drive”, secondly there is “Restore files or folders”.
I was attempting to use the first option ”Restore a drive”. After eliminating Aluria restoration seemed to progress up to the point of copying files from the image file to the drive. Then I got an error message “…can not copy data from the image file to the destination. Error E7C30010 Device \\.\Physical drive| can not write 4096 sectors starting at LBA 63…”
Looking in Windows Explorer I found that the G:/ drive had been dismounted! Went through that exercise twice getting the same result. Sat back and scratched my balding pate for a time.
Tried the second mode “Restore files or folders”. This procedure creates a browser file from the image file so that the user can select specific files or folders or select all data. I had saved my image file on 5 CDs. The process of creating the browser file required swapping the CD’s in and out 15 times. When the browser file finally appeared the process would hang for a short time then continue to ask for the CDs to be inserted. At no time did the process ask for the 4th CD. Again frustration!
I read the user manual supplied with the package to no avail. Then I started looking at the help files on the app CD. There I found a statement to the effect “..if the backup image files are on removable media then copying the files to a hard drive and restoring from there may help…”. BINGO!!!
Once again an incredibly inept, incompetent, poorly written user manual caused hours of needless agony and frustration. Needless to say Symantec is a the top of my s..t list.
I would be interested in hearing what you learned from the two Aluria files I sent to you. Was my analysis of their function correct?

Best wishes and thanks. \\// (Live long and prosper)

#7 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:52 PM

Posted 04 February 2006 - 11:42 PM

Hi paulboc,

Sorry for taking so long to post back. eMachines is on my, um, list right now. I'm having to use a backup 98 SE.

Thanks for posting back with your experience. As you can see by the title under my user name, I'm still a newbie with not a lot of experience in running Ghost and mulitple drives and partitions, etc. I am about to get into some of that, have just been trying to keep it simple and kind of got sidetracked by learning more about the registry and malware removal instead. So I learned by your post and appreciate your sharing.

I do know that manuals can be lacking in clarity and some big companies like Norton can make a joke out of the word "support". That is one reason I joined this site.

I would be interested in hearing what you learned from the two Aluria files I sent to you. Was my analysis of their function correct?

Well, all I did was scan them for malware and verify they were from a legitimate program so they could be added to the startups database. I'm not equipped to do any further testing than that. There is no way I could reproduce your particular setup and with my lack of technical expertise the data from such a test would be beyond me. I also don't think that just testing those two files on their own would even work without installing the Earthlink software they are integrated with. And as I mentioned earlier, Aluria's standalone Firewall doesn't offer a trial version that I could see.

Not sure what your analysis of their funtion is--that caching to your G drive? All I know is all Earthlink related processes were installed on F. Best guess is that the firewall was designed to protect all installed drives, but again I'm getting into something I don't really know that much about. Someone with more knowledge and experience in this area might better answer your question. I'll see if I can get Grinler or some one to pop by.

We always did feel the same

We just started from a different point of view

Tangled up in blue--Bob Dylan


#8 hitbit

hitbit

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:52 AM

Posted 05 February 2006 - 05:53 PM

Hi There,
I speak from experience, put as many miles as you can between your system and Aluria. Do not believe a word they say, ignore their assurances and promises. They cheat, lie, have a deal whereby their Spyware Eliminator (oops nearly forgot they had to change the name did they not to Aluria something or other) ignores any products WhenU tries to install on your system and they will promise and promise and promise and promise to give your money back, they will say a refund will be approved, has been approved, has been issued but you will never get your money back. To add to this their customer services people are the most arrogant individuals I have ever had to deal with. Now just to show I am not overreacting to some minor difficulty or have a problem with online services let me explain that I have McAfee, DiamondCS, Miscel, Firetrust, Sunbelt, Spybot and Webroot security programmes on my system. Over the years I have often had to seek their customer services or tech support help as things did not always work from the gate. I can honestly say that unlike Aluria all were fair and honest.

hitbit
We do not own the planet we are simply minding it for our children

#9 MrNick

MrNick

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:52 AM

Posted 06 February 2006 - 03:37 PM

Hi All,

I have a Win 2003 computer protected with:
Symantec AntiVirus
ZoneAlarm Pro
Microsoft AntiSpyware
IE-Spyad Restricted sites list
Blocking hosts file
and regular runs of both:
Spybot - Search & Destroy &
Ad-Aware SE Personal - so fairly well buttoned up.

Symantec AntiVirus on my XP laptop cought a couple of viruses last night so I thought that I would give it and the 2003 box a good going over. I found a review that said that Aluria was one of the best (maybe misguided opinion) Anti-spyware tools so went and downloaded the Aluria Lite Scanner.

Here is the point of the post.
It did very little and didn't take very long about it and reported an infection with Transponder.Bolger.

To verify I ran ewido anti-malware and it didn't find anything much and it took 4 hours about it.

Now my background is as a Windows software developer with > 11 years Win32 experience.
Much of it as a debugging guru.

So I'm a bit suspicious now and look with HJT and the SysInternals tools and find nothing.
I look at the anti-virus companies virus/spyware definitions and find no mention of Transponder.Bolger.

My guess is that they are reporting false positives to drive sales.

Can anyone confirm or refute my suspicion?

MrNick




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users