Duped and maybe worse???

I was looking for DVD copier software - not my intention to pirate DVDs. A friend sent me a DVD and I wanted to share it. And, thought the program may come in handy later.

I thought I was downloading EZ DVD. I even printed out the home page.

Payment went through ClickBank - my credit card.

Of course, I had to pay first. It was $39.95. I started the download and got other messages. You will need this - I think it was an encrypter. It noted it was a demo - download full version here. I didn't download the full version. Then there was some kind of warning. It may have been about the harddrive. I knew I was in over my head, but couldn't go back.

Well, I don't have EZ DVD. I have DVDx and DVD Encrypter. I found out today it is freeware.

The program is beyond me and will not run anyway.

I e-mailed EZ DVD support yesterday. I asked for a refund and manual instructions for uninstalling. I have not received a response.

Today, I submitted a request for a refund through ClickBank(online form). I haven't received any confirmation from ClickBank. After I made the purchase I was given a purchase receipt (to print) and an e-mail address for the author of the product. I e-mailed the "author" too. No response - probably bogus.

If ClickBank is legitimate, I may get my money back.

But, I am really worried about this download. I'm afraid something damaging may have been attached.

I want to remove the software. The DVD Encrypter has an uninstall icon in the Program Folder. DVDx does not, but there is a file in the folder named unins000.exe. Properties show Author as Jordon Russell. I checked out www.innosetup.com. Inno setup is an installer program with uninstall capabilites, but I don't know what this particular file is and I don't want to run it.

I've checked several sites that offer DVDx (FREE!), but can't find any uninstall information.

Is it generally best to use Windows Add/Remove feature or the uninstaller that comes with the software?

I have run Spybot and Spysweeper. I haven't run Norton AV yet. I was waiting for today's update.

 

I wasn't familiar with ClickBank but from some searching, my gut feeling is they are legit.

You should be able to deal with your credit card company as well since this looks like fraud on the face of it but it will be interesting to see what ClickBank does.

As to your uninstall question - if the app is listed in add/remove, that would be the first place to try a removal. If it fails and with the sound of this software, not sure I'd mess with their uninstall .exe since there is no way to tell what the thing might do to you.

 

Hi zanetti,

Is it generally best to use Windows Add/Remove feature or the uninstaller that comes with the software?

Really doesn't matter, can use the one in the program folder provided that you know that's what it is. So do this: uninstall, use the Add/Remove entry, if it exists, some software will not put one there. Then use System Restore to restore to a point as close as possible prior to the install of this software. The restore will get rid of any reg entries the uninstall leaves behind. The program folder and in it .txt files will remain - just delete after the restore.

As an aside: the Ad/Remove entry (XP) uses the uninstaller provided by the application. XP cannot remove an app by itself.

Regards - Charles

 

Duped/DVDX

Newt and Charlesvar,

Thank you for your help. I will try the Add/remove route - hope it works.

And, I will do a system restore - just downloaded it yesterday.

I'll let you know about ClickBank. It looks legit to me, too, but PayPal and other companies usually send a confirmation e-mail when inquiries are received.

 

Duped, DVDX, etc.

I wanted to let you know that I received an e-mail from ClickBank this morning stating I have been refunded the $39.95 and it may take 10 business days for the credit to appear. I will have to wait until I get my credit card statement to be sure.

I have received nothing from the e-mail for the support at EZ DVD or the e-mail address given me by ClickBank for the "author" of the program.

And, I wanted to let you know about something I learned yesterday about system restore. I followed your directions. The software seemed to uninstall - even the folders for both programs. I wanted to do the system restore as an extra precaution. I found that I could not do a system restore. I tried two dates - unsuccessfull both times - just said it couldn't. So, I started searching and read somethiing to the effect that virus utility programs can interfere with system restore. If there is a file somewhere on the system - like a virus that couldn't be cleaned - system restore would not restore to a previous restore point. I happend to think about my Norton quarantine folder. I don't think I ever cleaned that folder out. I didn't worry about it because I had read the files that were quarantined were encrypted and could not do any harm. I had over 100 viruses in the quarantine folder! I deleted all those files. I reset system restore - started with a new date last evening. I did a system restore this morning with yesterday's restore point and it worked.

I'm assuming that quaratined folder was the problem. If so, I think Symantec should warn people about leaving files in there for any period of time because if someone needed to do a restore, it probably would not work. I searched Symantec and could not find anything about leaving files in the quarantined folder. I found a lot of information about having to disable system restore before trying to rid a machine of viruses.

BTW, I have only done 1, or perhaps 2, system restores and that was when I only had my machine a short while. I'm assuming I did not have any virus files in the guarantined file. It may have been something else that caused the system restore to fail, but at this point I think it was probably the guarantined files.

 

Hello zanetti,

Congratsulations on your success with ClickBank.

And THNK YOU for the info on Symantec backup quarentined folder and System Restore - you've added to everyone's knowledge here.

Please stick around!

Regards - Charles

 

Hi zanetti,

I have NAV2002 and set about testing what SR would do w/ Symantec's quarentine folder. Since I didn't have anything in there, I do have a test EICAR virus folder(s) - unzipped - ziipped - double zipped and allowed NAV to quarentine the files (NAV thinks they are real).

The end result is SR still worked. BTW, since NAV2002, SR has no effect on NAV - meaning that if you have just updated virus defs, and then did a restore, the current defs are still there. Not sure who's doing that is - SR's or NAV's.

So I suspect that your problem was corrupted restore points - you did write that about having all those quarentined virus's.

Regards - Charles

 

Nav2002

Charles,

I have NAV2002, too.

Are you saying you unzipped the files and let NAV quarantine them?

I don't think they would affect system restore unless they were recognizable as viruses or corrupted files at the restore points in system restore.

If you did it today and did system restore back to yesterday or before, it would probably work.

If you haven't already, try leaving the files in the quarantine folder until another system restore point is created or create one yourself (after the files are guarantined). Then try it.

Let me know.

When I get another virus threat, I'm going to experiment myself. First I'll do a system restore to a point before the virus was detected. Then I'll leave the file in quarantine until another restore point is created and try it again.
As for all the viruses - Fortunately, I have never been infected. Norton has done a very good job. I use automatic update. I will also manually download if I become aware of a new virus. Still no guarantee, but I try to stay vigilant. My ISP now checks e-mail, too. Most of the time, the ISP catches and deletes the virus before the mail is delivered. But, twice in the last month, a couple got by the ISP scanner and Norton caught them.

 

Hi zanetti,

Yes, did unzip to trigger the quarentine procedure.

If you haven't already, try leaving the files in the quarantine folder until another system restore point is created or create one yourself (after the files are guarantined). Then try it

The procedure was, allow NAV to quarentine - did that after reading your post on this, create a SR point with the files in quarentine, and later, just before I wrote may post, to do a restore.

If you feel that this needs more time or to do it differently, will do.

BTW, don't have to unzip these files - unzipping them will trigger an alert of course - for NAV to catch them on a scan.

http://www.rexswain.com/eicar.html You can try this yourself. Post back on the results.

Going on vacation Saterday, this may have to wait for a full test on my part.

Regards - Charles

 

System Restore

Charles,

I printed out the page about the EICAR Test Virus. I'll probably try it.

You don't have to answer now, but I am wondering what happened in Norton as far as the option to clean the virus. I don't see how it could clean the virus if it's not a real virus. Anyway, the viruses that can't be cleaned are the ones that cause the problem with system restore. If I can find wherever I read that stuff, I'll refer you to it and maybe you can understand it better than I.

The reason I am open for all these viruses is because genealogy is my hobby. I am a member of several mailing lists. I have over 300 contacts in my address book, so probably at least that many people have my e-mail address. If any one of those people pick up a virus, it will likely be passed to me.

Have a great vacation!

 

System Restore Help

Charles,

Guess where I found the info about the virus utilities - system restore help file.

Here it is:

Antivirus utilities can affect whether your system can be restored to a previous point. If a restore point contains an infected file because the utility is not set to clean the file within the restore point, or if an infected file has been removed from a restore point by an antivirus utility because it could not be cleaned, System Restore will not recover the computer to this partial or infected state. If System Restore could not restore your computer to a previous state, and you suspect that one or more restore points contain infected files or have had infected files removed by the antivirus utility, you can remove all restore points from the System Restore archive by turning off System Restore and then turning it back on.

___

Can you explain this better? What relationship, if any, to files in the quarantined folder?

Thanks,
Norma

 

thanks for sharing your tale with us. Im very glad it turned out so well. A lot of sketchy web sites out there, to be sure.

 

Hi Norma,

Ok, that makes sense, I dimly remember reading that about SR - that's the reason I wrote this: So I suspect that your problem was corrupted restore points - you did write that about having all those quarentined virus's.

So the way you set the problem up originally - having viruses that are already quarentined - will not create a problem for SR. Its when a virus is not caught before it's backed up in SR that's the problem, which is why the standard response to users having malware problems that are "live" - meaning they are not being handled by the Anti Virus - is to clean out restore points.

In the meantime, I'll think about setting up tests in differing ways with the EICAR files and think more on your questions. If you have any more questions or problems, please post here - lots of security mavens around here.

To answer your question about EICAR, to an AV, it seems a real threat. Remember, there has to be a way to test AV's w/o doing real damage, and by industry consensus, this is it. What it tests is the AV's mechanical or procedual responses: is the AV active? Will the AV intercept it if it's in an e-mail? That's what I mean that.

To answer your last question: Can you explain this better? What relationship, if any, to files in the quarantined folder?

When a file is quarentined, the AV take out what ever is the virus in the file, the file remains in it's original place + in the quarentine folder - sometimes. So if you ever opened a "cleaned" file in it's original location, it woud be "gutted ". So if a cleaned out file would be needed by a process or an execute, it no longer would work. The quarentined version would have the damaging virus still there, but kept inactive.

Once again, thanks for your posts.

Regards - Charles

 

Well, Well. How about this. Mr Gates and Company back me up.

That may well be a first.

I do not wait to find out whether SR works or not.

If I run SpyBot, Virus/Trojan check, run Ad-Aware and IF ANY OF THEM finds anything and after I do any cleanup of same System Restore is SHUTDOWN and restarted IMMEDIATELY

If any of you that have been reading my post FOR YEARS should know that I have attempted MANY TIMES to get this point across.

Not only the System Restore points in XP but the RB00X.CAB files in 98 as they may cause the same problem if a Virus is involved. I can vouch for that.

1-Do any house cleaning.
2-Make any changes.
3-Delete the old and make new backups.

BillyBob

 

System Restore

BillyBob,

I did a search and found a thread in which system restore was discussed.

I still don't know why it didn't work for me.

Someone posted that the message that SR could not revert will come up if there are NO CHANGES to be made.

I think a restore point is created for me about everyday, too.

I do try to keep my machine clean.

So, was it so clean it didn't work or was it the dirt in the quarantine folder?

I may never know.

I had never disabled system restore - until yesterday - to get a new restore date. So, I have to decide if I should do that more often.


Thanks for your reply.

 

Hi Norma,

A way to test SR:

Take any executable file ( extention .exe) , and burn it out and/or move it to the My Documents folder and delete it from it's original location. SR does not monitor files in My Documents folder regardless of file type.

Then restore to the initial restore point created by the system; the deleted executable should be back in it's original location. Afterwards, you can delete the copy in My Documents.

Clearing the points out should be done when there is a reasonable certainty of a problem, not otherwise, that's just potentially crippling yourself. You have to make judgments on this, not just blind procedure.

Regards - Charles

 

System Restore

Charles,

I moved an .exe file as you suggested.

The restore failed.

Learned something else today:

I chose yesterday's date because I knew I had shut down and another restore point was created. But, I didn't think about doing a successful restore AFTER that point was created.

So, after the failed restore today, I checked SR again and found that:

Wednesday - a restore point, but I had disabled and enabled Thursday - new restore point. Wednesday would no longer work.
Thursday (yesterday) - showed successful restore operation - NO restore point AFTER the restore operation on Thursday.
Friday (today) - no restore point created yet.

I think that is why the restore failed - SR had not created a new restore point after I did the successful restore yesterday.

I created a new restore point for today: 1:01 p.m.

I again moved the file as you suggested.

I waited about 10 min. and tried another restore.

Successful restore - file was back in original location.

SR showed restore operation and date/time.

So, I learned that after a successful restore, to create a new restore point unless one feels safe waiting another 24 hours or however long it takes for a new restore point to be automatically created. Of course, there may be a need to undo the restore - wait long enough to see how things go.

At least that is what I am going to do.

Still don't know if SR will work if I should really need it.

I will probably try it once a week to see and if Norton detects another virus and I guarantine it, I'm going to leave the file in quarantine and see if SR works. That really won't prove anything - if it doesn't work, may still be coincidence.

Regards,
Norma

 

Gotta clear something up here.

If you did in fact disable System Restore on Thursday [b}WHY WAS Wednesdays RP still there ?[/b]

Or am I mis-reading ?

I do not think it should have been. I will check someting out and be back.

BB

 

I started System Restore. There were 3 RPss. One for Wednesday. One for Thursday and one for today.

I went to My Computer, right clicked on it, selected Properties and shut down System Restore on all Drives.

Tried to start System Restore and it would not even start.

Went back and re-enabled SR and System Restore will now start and show one the one RP that was just made.

BillyBob

 

Hi Norma,

A breif decription on I operate:

By defualt, the RP's are created approx every 24 hrs. - system idle time, hibernate and standby don't count.

I changed SR to create points every 3 days - whenever I install, upgrade, or make any changes to the system, I create an RP before.

At one time I shut SR off - but decided not a good idea. To do that, turn off Task Schedular Service, but that has other cosequences. EDIT: mean shutting creation of auto RP's off.

I changed the size allocation for System Volume Information, SR's file, from the default 12% of HD size, to 5%, so I have a fairly fast "turnover" rate of RP's.

Regards - Charles