Patchou: You are an <insert unflattering description here> - Part 2

Summary: The Sponsor Program deliberately bypasses XPSP2's pop-up blocker; it removes protective entries from HOSTS files, it *may* edit your firewall settings to grant itself unfettered access to and from the net (blocked on my system by Group Policy). Older, vulnerable operating systems, or systems running with lowered security settings, will be infected with additional malware products automatically. You won't just get the "Sponsor", you'll get the Sponsor and lots of other crap. Read on.

WARNING: THE FOLLOWING BLOG POST CONTAINS WHAT MANY CONSIDER TO BE *ADULT* GRAPHICS: NOT SUITABLE FOR MINORS!!! PROCEED AT YOUR OWN RISK.

The graphics may drop to bottom of screen... scroll down if you see lots of white space.

Ok, let's have a look at the "Sponsor Program".

Lots of shortcuts have been added to the desktop:

Guess where "Find a Date" goes - do you want *your* underage/minor kids seeing this?

Let's check out the Sponsor Program popups.... the first one that appeared was:

There is NO WAY I am clicking on that OK button... pity those who are not so net savvy

Next we see http://inetexplorer.mvps.org/images/11.png. I can tell you now that my machine has NOT been scanned.

BE WARNED: 11.png may be evidence that the Patchou's Sponsor package is trying to install Vundo malware on your machine - and Vundo uses rootkits - note the similarity in graphics - many thanks to plunx at Castlecops for spotting the similarity:
http://wiki.castlecops.com/Vundo_Rootkit_Detection_and_Removal_Procedure

So, what does the very reputable spywarewarrior website say about WinAntivirusPro? Let's see....
http://inetexplorer.mvps.org/images/12.png

The "Sponsor Program" is damned persistent... I am seeing constant popup windows demanding that I allow various activex controls to install, including the following:

and this:

But, they're not even the real persistent bastards... have a look at this. First we see:

We click on cancel only to be greeted by:

Ok, so we click on cancel again.. .then guess what happens:

DO NOT CLICK ON THE OK BUTTON!!! CLICK ON THE RED X

What do we see next?

On to Part 3.....

Published Fri, Apr 7 2006 15:51 by sandi

Filed under: Security, safety and privacy on the Internet, Vulnerabilities, viruses and exploits

Comments

# Ahhhh, now they know....

Sunday, April 09, 2006 4:05 AM by Spyware Sucks

I've received an alert that&nbsp;Patchou's posse know about my blog entries&nbsp;about Patchou's new...

# re: Patchou: You are an &lt;insert unflattering description here&gt; - Part 2

Sunday, April 09, 2006 5:51 AM by Anti-Sandi

Stop trying to bring down someone because they are better than you.

# re: Patchou: You are an &lt;insert unflattering description here&gt; - Part 2

Sunday, April 09, 2006 6:01 AM by sandi

Is that the best you can do? :-D

If you think that exposing users (sorry, "victims") to malware like Vundo is acceptable, then I really do question your morals, or more precisely the lack thereof.

# LOL

Saturday, June 24, 2006 7:47 AM by Sz

my cousin has this and i tried uninstalling it but then it said i didnt have administrative access when my cousins account WAS the admin

# re: Patchou: You are an <insert unflattering description here> - Part 2

Tuesday, October 10, 2006 2:11 PM by Genosonic

how about you don't go with the sponsor program?

Sandi: You are kidding me, right? How about Patchou stop bundling the damned sponsor program so we can all stop warning people not to use it.

I didn't and I don't have so many problems like you had, unless you have an IQ of an ape you could go with it,

Sandi: How dare you! I am sick to death of Patchou's sycophants insulting the victims of the sponsor program. This boils down to trust. Those who install the Sponsor Program are trusting Patchou to do no harm to them, and they're being pressured to install it by Patchou's emotionally charged "I refuse to give my support" text.

If you really believe that only those with an "IQ of an ape" would install the Sponsor Program, then how dare you support Patchou as he takes advantage of people's trust, and inexperience. In my world we protect people who are at an intellectual disadvantage. We don't take advantage of them and we don't insult them.

I doubt Patchou will appreciate your comments. With friends like you, who needs enemies.

I don't support Patchou with his sponsor program, but I do support him by using his fantastic application

Sandi: Yeah right. Patchou's fan club don't use the sponsor program but they are willing to stand by while new users and innocents are taken advantage of, and then insult those new users because they are unable to discover the dangers inherent in the sponsor program via some type of mysterious osmosis. Oh yeah, you guys are *real nice* (not).

There is one good thing about you posting here Genosonic. There are no trigger happy moderators around to protect Patchou by deleting comments like yours. Let the world see exactly how Patchou's fans talk about those who trust Patchou to do them or their computers no harm, install the sponsor program because they want to support the guy, and then complain when they realise the crap that is advertised via said Sponsor Program, or that their computers are infected with malware via the Sponsor Program.

Try reading when installing something, or learn to read... or... learn to use a computer properly.

Sandi: You show me where on the install screens or in the EULAs new users are warned that, in the past, the sponsor program has been used as an infector vector by malware pushers to try and install hostile software like "winfixer" on their machine. You show me where new users can read, whether it be on the install screens or the EULAs, that the Web sites advertised by the Sponsor Program are risky in and of themselves and may attempt to install malware on their machines if they visit them.

# re: Patchou: You are an <insert unflattering description here> - Part 2

Tuesday, October 17, 2006 12:39 PM by thedisgracehere

the disgrace here is that this Sandi person has been given the MVP Award. It's obvious her intelligence is severy lacking and that she has little or no education. Someone who calls herself the "flame queen" should NOT be in a community respresetative program. Take a look around at the number of enemies she has and you'll soon find out.

Sandi: The correct pseudonym is "flamethrower queen" and goes back to when my ISP's server room burned down in late 1999 after some of the hardware developed a fault - but you know me so well you already know that, yes?

Oh, and its "severely" and "representative", and I believe you want a capital "T" at the beginning of the first sentence. If you are going to flame somebody about their education levels (or lack thereof) you should, at the very least, ensure that your flame is grammatically (and factually) correct.

# Messenger Plus! Live 4.10 has been released - time to take another look at the installer and sponsor program

Sunday, November 12, 2006 7:07 AM by Spyware Sucks

Now that a new version of Messenger Plus! Live has been released, it is appropriate to have another look

Spyware Sucks

This Blog

Syndication

Search

Tags

Community

Archives

News