allentech.net

Home > Browser Parasites > Parasite Database > DownloadPlus

About Us

Online Stores

TQ Support

Web Services

Database Help

Tech Links

Projects

Online Manual

Browser Parasites

Privacy Policy

Contact us

Send Page

Limited Time!
Totally FREE Web Design!
Click here!

Blue Host

Parasite: DownloadPlus

This record last updated Tue Sep 20 2005 00:34:15

PLEASE NOTE: Due to the overwhelming extent of this problem and the unbelievable volume of email we have received, we regret that we cannot respond to questions about browser parasites at this time. If you have attempted to contact us about this parasite please accept our apology for not responding. "Thank you's" are always appreciated ;-)

Description

DownloadPlus is a process run at Windows startup which opens pop-up adverts (many of them porn-related) and, for some reason, weather reports.

Variants

DownloadPlus/MCInst is an ActiveX installer control for the main DownloadPlus program.

The code for the MCInst variant is derived from the Xupiter/Sqwire parasite; it is suspected the same people may be behind DownloadPlus as Xupiter.

Also known as

The software also refers to itself as MessageCenter.

Distribution

Installed by ActiveX drive-by download in pop-up ads (via DownloadPlus/MCInst).

Also loaded by the ISTbar/AUpdate parasite. In this case there is no ActiveX installer control, and the script at this site will be unable to detect DownloadPlus.

What it does

Advertising

Yes. Downloads an untargeted list of adverts to show from its controlling server tnc4u.com, and opens them periodically as pop-unders.

Privacy violation

No.

Security issues

Yes. Can silently download and execute arbitrary unsigned code from its controlling server, as a self-updating feature.

Stability problems

No.

Removal

Click Start and open the Programs menu. Open the Startup submenu, right-click ‘Download Plus’ and choose ‘Delete’.

Restart the computer and you should be able to delete DownloadPlus.exe which can be found in the Application Data folder. (On Windows 95/98/Me, the Application Data folder can be found inside the Windows folder; on Windows NT it is inside your user ‘Profiles’ folder in the Windows folder; on Windows 2000 and XP it is inside your user Documents and Settings folder.)

If you have the MCInst loader, open Downloaded Program Files (which is in the Windows folder), right-click ‘Loader class’ and choose ‘Remove’.

You can also delete the key ‘HKEY_CURRENT_USER\Software\0x7A69’ in the registry (Start->Run->regedit) to clean up, if you like.

* Parasite information and detection script by Andrew Clover - www.doxdesk.com, used with permission.

For more information about Scumware, Spyware and Parasites, their sources and their cure, visit our About Parasites page and related Tech Links.

Visit our new services portal at Allen One for a completely new parasite database format, comming November 2005!

webmaster@allentech.net
Tech Bench
Web Analytics by My-OLAP!

Top