Patchou: You are an <insert unflattering description here> - Part 2
Summary: The Sponsor Program deliberately bypasses XPSP2's pop-up blocker; it removes protective entries from HOSTS files, it *may* edit your firewall settings to grant itself unfettered access to and from the net (blocked on my system by Group Policy). Older, vulnerable operating systems, or systems running with lowered security settings, will be infected with additional malware products automatically. You won't just get the "Sponsor", you'll get the Sponsor and lots of other crap. Read on.
WARNING: THE FOLLOWING BLOG POST CONTAINS WHAT MANY CONSIDER TO BE *ADULT* GRAPHICS: NOT SUITABLE FOR MINORS!!! PROCEED AT YOUR OWN RISK.
The graphics may drop to bottom of screen... scroll down if you see lots of white space.
Ok, let's have a look at the "Sponsor Program".
Lots of shortcuts have been added to the desktop:
Guess where "Find a Date" goes - do you want *your* underage/minor kids seeing this?
Let's check out the Sponsor Program popups.... the first one that appeared was:
There is NO WAY I am clicking on that OK button... pity those who are not so net savvy
Next we see http://inetexplorer.mvps.org/images/11.png. I can tell you now that my machine has NOT been scanned.
BE WARNED: 11.png may be evidence that the Patchou's Sponsor package is trying to install Vundo malware on your machine - and Vundo uses rootkits - note the similarity in graphics - many thanks to plunx at Castlecops for spotting the similarity:
So, what does the very reputable spywarewarrior website say about WinAntivirusPro? Let's see....
The "Sponsor Program" is damned persistent... I am seeing constant popup windows demanding that I allow various activex controls to install, including the following:
But, they're not even the real persistent bastards... have a look at this. First we see:
We click on cancel only to be greeted by:
Ok, so we click on cancel again.. .then guess what happens:
DO NOT CLICK ON THE OK BUTTON!!! CLICK ON THE RED X
What do we see next?
On to Part 3.....