Hijack by ABI Network

Its not a vrus, its essentially a trojan - it opens your system to invaders.. However you got it, from whatever site or link, you acceptd the download. Getting rid of it does take a lot more effort than acquiring it did. But then, thats just my take. What the heck, what do I know?

AG link
<b>husker</b>

I got the bill.gates homepage using the above link. I eventually did GS for the NY AG. Did a search for complaint form. Several links down I found internet crimes or something of the sort and went from there.

DAMN...I just got a Windows Update window that popped up wanting to know about restart....I was terrified it was going to be an Aurora! Been gone 3 days. Whew!

But I digress, I figure the AG's office will make some sort of thrust on this front (no pun intended) just to get all the internet geeks off his back. As Timber related to me earlier, there is already a suit pending against these a$$hats so hundreds of thousands of complaints will only serve to fuel the AG's inevitable acrimonious ire.

I'm not sure why the above link went MS. Is there some sort of board rule about that type of link? Of course I wouldn't know being a nubie and all. At least I got all of that placenta off..............

ABI
OK, I was just exposed to the ABI crap, someone please help.

bakerball, Welcome to a2k. There are several suggestions in this forum you can use. I highly recommend the one outlined by timber in the Computer Forum on a2k. Good luck.

abi network
Well my first guess would play Sherlock and track the ABI Network hijacker by the site that is recommended when you try to remove it. mypctuneup.com and upon doing a WhoIs Search on that site it comes up with the following Registrar info. And I'm sure in there policy somewhere this type of activity is not allowed. And maybe they could get some results if nothing but taking the site down until the ABI hijacking are stopped
It's worth a try.

Under a WhoIs Search it comes up with the following info.
Domain Name: MYPCTUNEUP.COM
Registrar: TUCOWS INC.
Whois Server: whois.opensrs.net
Referral URL: http://domainhelp.tucows.com
Name Server: GLOBE.I.FGREP.NET
Name Server: GLOBE.A.FGREP.NET
Name Server: GLOBE.I.ISPHWY.NET
Name Server: GLOBE.W.ISPHWY.NET
Status: REGISTRAR-LOCK
Updated Date: 27-jan-2005
Creation Date: 14-feb-2004
Expiration Date: 14-feb-2007


>>> Last update of whois database: Wed, 22 Jun 2005 09:26:44 EDT <<<

NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.

TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.

The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.


The previous information has been obtained either directly from the registrant or a registrar of the domain name other than Network Solutions. Network Solutions, therefore, does not guarantee its accuracy or completeness.

Show underlying registry data for this record



Current Registrar: TUCOWS INC.
IP Address: 64.95.228.122 (ARIN & RIPE IP search)
IP Location: US(UNITED STATES)-NEW JERSEY-JERSEY CITY
Record Type: Domain Name
Server Type: Apache 1
Lock Status: REGISTRAR-LOCK
Web Site Status: Active
DMOZ no listings
Y! Directory: see listings
Secure: No
E-commerce: No
Traffic Ranking: 4
Data as of: 21-Jun-2004

mypctuneup.com update-abi network
More Registrar info on mypctuneup.com is:
Registrant:
Thinking Media LP
275 Madison Avenue
New York, NY 10016
US

Domain name: MYPCTUNEUP.COM

Administrative Contact:
Services, Reg. [email protected]
275 Madison Avenue
New York, NY 10016
US
+1.8668396164
Technical Contact:
Services, Reg. [email protected]
275 Madison Avenue
New York, NY 10016
US
+1.8668396164


Registration Service Provider:
DBMS VeriSign, [email protected]
800-579-2848 x4
Please contact DBMS VeriSign for domain updates, DNS/Nameserver
changes, and general domain support questions.


Registrar of Record: TUCOWS, INC.
Record last updated on 27-Jan-2005.
Record expires on 14-Feb-2007.
Record created on 14-Feb-2004.

Domain servers in listed order:
GLOBE.A.FGREP.NET 64.124.153.8
GLOBE.I.FGREP.NET 64.95.228.8
GLOBE.I.ISPHWY.NET 64.74.242.8
GLOBE.W.ISPHWY.NET 64.192.114.8


Domain status: REGISTRAR-LOCK

PC_dr I think your pc still has a bug - my link works fine.

EASY WAY TO UNINSTALL ABI NETWORK POP-UP FROM YOUR PC
go to: "MyPCTuneUp.com"...and use the unstaller provided at that site and the aroura pop up will never come on your computer again .....UNTILL YOU DOWNLOAD SOME FREE SOFTWARE THAT IS ATTACHED WITH ABI NETWORK ADVERTISING PROGRAM...YOU CAN ACTUALLY FIND IT IN YOU ADD/DELETE PROGRAMS ...BUT IT WILL NOT LET YOU REMOVE IT THAT WAY.....

The MyPCTuneUp uninstaller itself loads unwanted, unnecessary, potentially compromising yuckware into your system, and creates a few undesireable, difficult-to-find-and-reverse registry changes. If you care to wade through the details, see This Discussion for a technical (and relatively geeky) analysis of the application. I really don't recommend going that route. Give it a shot if you're looking for an easy fix, but don't be surprised if you find yourself disappointed ... or worse.

Over the past few weeks, a group of us here have been working on an updated step-through intended not only to rid your system of yuckware but to harden it against future re-infestation. Its going to be a replacement for THIS, which was developed last year, and which, while safe and effective in handling what it was developed to handle, has fallen somewhat behind the current state of yuckware purveyors' sophistication. As of this writing, there's still a bit of refining to do, but the proceedure has been tested on Win 98 (with download/installation of a few specific things not native to Win 98), Win 98SE, Win 2K, Win XP, and Win MCE, and seems to be safe and effective. As I said, its still being refined, but you can consider it a "Final Beta". Anyone who wants to give it a shot can find it HERE. Bear in mind its essentially a "Beta" at this point; it seems to work and it seems to do no harm. If you do try it out, feedback on your experiences with it would be helpful and appreciated.

boy am i glad i don"t have your computer....because when i ran their uninstaller it worked very well on my computer with out any of the problems or yuckware you said it did to your computer....it had a very positive result...got rid of all the ABI pop ups.....with out ANY !! youckware or problems that you said would happen....so whats wrong with your computer, that the uninstaller would cause so many problems on your computer...did you really use it? or is all the problems and youckware that you are talking about just your theory of what will happen to your computer if you use their uninstaller ?.....my experiance with their uninstaller was great....everything did what it was supposed to do with no side effects to my computer.....the proven" results" always out weights the "theory"

I'm very glad you're happy with the results you got, and I'm very, very glad you have no access to any of my computers, nor any for which I'm responsible.




I don't notice as I said anything about my own computer, or any problems I'd encountered through use of the uninstaller. I mentioned my impression of what I had found when I tried the uninstaller, and said " ... I really don't recommend going that route. Give it a shot if you're looking for an easy fix, but don't be surprised if you find yourself disappointed ... or worse." I stand by that.

I'm reasonably happy with my computers, as I said (I have a bunch of 'em), and the clients that pay me to look after theirs are happy enough with what I do for them that they keep paying me - which in some respects really isn't all that different from what I and others do here for free - and plenty of folks helped by myself and others here at A2K are pretty happy, too. Now, while I don't know you, and can only assume you're a perfectly acceptable person, with plenty of great qualities and marvelous skills, I suspect managing computer security and privacy is not among your strong suites.

Just to give you a sense of what's behind my "theory", I actively participate in numerous security and privacy forums, newsgroups, blogs, and email lists, and try to stay abreast of what's going on in The Fight - contributing here, learning there.

When it comes to cleaning and hardening systems, I often deliberately infect known-to-be-clean machines running different versions of Windows with a new threat, while on each a fairly sophisticated program monitors and logs whatever goes on during the install of the yuckware. To whatever extent possible, I try, using a couple different file analyzers, to examine the suspect software's actual coding, to figure out what, how, and why it does what it does. If necessary, I zip the file and send it off to specialists for analysis.

With that out of the way, I begin to compare the pre-install to post-install changelogs of the infected machines to see if I can find out just what has happened (registry changes, file and folder creation or alteration, processes created, terminated, or modified, .dlls created, deleted, or modified, settings and permissions changed, start and search pages redirected, BHOs and ActiveX controls changed or added - that sorta thing), then set about figuring out how to reverse it and prevent it from happening again. Fairly frequently, a handy, tested-safe-and-reliable software tool which greatly simplifies dealing with a particular problem will be available; if so, I'll recommend that, along with what I hope are clear instructions for its proper use. If not, I'll detail manual steps that should solve the problem. My whole approach is to return control of the machine to the user, without affecting anything the user doesn't need to get rid of.

And yes, I did go through the process with MyPCTuneup.com's uninstaller. Of course, I first read their many-page-long EULA, part of which, for your entertainment and edification, I quote:



Now, in plain English what that gobbleydegook fineprint says is that they don't want (and take steps to prevent) any software - like antivirus or antispyware programs - to automatically detect and remove their crap, nor do they want you to hunt it down and clean it out yourself; they want to do it for you, and that they will leave themselves a "backdoor" onto your system.


Now, lets look at what ABI/Aurora does when it installs on your system:

Creates (and in many instances hides or otherwise protects) over 30 processes

Registers, and again hides or otherwise protects, nearly 50 .dlls

Effects, and again in many instances hides or otherwise protects, more than two dozen registry changes

Installs at least a half dozen Browser Helper Objects

Places scores of webites into your "Trusted" zone

And creates, you guessed it, hiding or otherwise protecting, several directories.

All in all, its initial payload amounts to a few hundred individual files, many of which install hidden and/or with permission settings that render them all but invulnerable to user-action.


The initial Aurora download is around 6000KB at a minimum. Unpacked and installed, it fires up all those processes it brought along on every boot (and some of those processes call up their buddies out there to let the gang know the door's open - loading even more crap into your system), drastically adding to your resource load and adversely affecting your system's stability and capabilities. Once on your system, it monitors its protected components, rebuilding or redownloading them as necessary if they happen to be found and deleted or disabled by a user or a security/privacy application. With its hijacking of your browser and search settings, and its manipulation of your security and privacy settings, seriously compromising your online safety, it serves you an endless stream of "targeted ads" - lots of which are at best somewhere between "inappropriate" and "indecent", if not themselves downright obscene or otherwise illegal. Within a few hours of web surfing, your root drive will have been encumbered with hundreds of essentially useless, unwanted megabytes of dreck, not all of which will be in Temp folders, and over a couple weeks or so, the crap can amount to gigabytes. You betchya it slows things down.

OK - you go use the removal tool they so generously provide. Guess what I found out when I used the uninstaller? First, it does nothing about the crap already cached in your system - all that downloaded dreck is still there. Sure, you can clean it out by emptying your temp folders and hunting down and dumping a bunch of pre-fetch files. Still, your privacy and security settings remain vulnerable to any number of other threats and exploits out there; not all the badguys are Direct Revenue/ABI/Auroroa, you know. Some legitimate, desired applications or web functions may be adversely affected. Your system's stability remains impaired. Many of the baddies are not really removed by the uninstaller; they're merely "switched off" - they're still there, and some can be reactivated by unrelated yuckware. And there's ABI's back door.

Here's the gist of the press release anouncing Aurora's debut:



Interesting, isn't it, that Aurora and MyPCTuneUp together comprise a complete marketing package? These creeps are scum. But you go ahead and play their game with them if that appeals to you. I have a different philosophy.

Taking your words,
I can only agree wholeheartedly, and note that I believe the results I have seen proven are far superior to the theory you espouse. I prefer solving problems, at their roots, and preventing their return, to just patching them over. Those reading along may decide as they see fit; I only offer advice based on training and experience, I don't issue orders.

I got "hijacked" by this thing to.
I just googled up "ABI" and got this thread. Just wanted to thank yall for letting me gleam information off of your expertise as I am pretty computer illiterate.

I tried that "mypctuneup" and it said it was uninstalling the program. When I clicked on it it said it was "not responding". Anyways I keep getting those damn popup adds all the time and it is driving me crazy. Any recommendations on how to get rid of the program completely.

I downloaded SPYBOT and ADAWARE but it didnt work on this problem. I was finally able to get rid of the "Cash Back Buddy" icon in my deskbar.

Once again thanks for all the information.

No disrespect here buya but Timber knows his stuff. I've been around long enough to know he's the real thing(pain in the ass though he is) in computer diagnostics. Save yourself some headaches down the line and follow his procedures.

I second panzade's suggestion. It's the best there is as far as I'm concerned.

Thanks, pan and c.i. - I really appreciate your confidence and endorsement. Politics and philosophy ain't everything

Oh - I'll second those folks (CI and Pan) also!

timber, I can usually determine the difference between the chaff and the grist. The pleasure is all mine.

Aurora!
Hi all -
i read the entire Aurora thread and I'm kinda' stuck. I'm nowhere near geeky enough to follow Timber's solution and I'm convinced that the easy way is a bad idea. Forget about guru assistance -- I live really, really out in the sticks. Any point in just waiting for a better solution? In the meantime, running adware gets rid of a lot of the popups, but not all...

Thanks for a good read in any case!

Thanks for droppin' by Miss Casey. I too was flummoxed by Timber's directions so I decided to print them out and stack 'em by the computer. Then I sat down and carefully went step by step until Lo plus Behold!. I was rid of all them pesky critters.

Hope you plan on stayin' a while Missy.

PSSST C.I. Whaddya think of my Timberspeak?

Pretty neat! Couldn't do it any better meself.