Spyware Warrior

webhelper

Webhelper: 02 May 2004 Transponder Sites Update

This also include the older DigitalRooster Transponder sites. You will notice that I have added SohoDigital.net to this group. Reasons:
1. The offeroptimizer.com and the bestoffers.bz use the same logo
2. Both sites are registered to thinkingmedia.net
3. Email to the bestoffer.bz will return with a Sohodigital.net email address of the Vice president of Sohodigital.net

All information listed is that of the webhelper4u.com. I have a set of criteria I use which is listed below to explain why the following sites are listed. Many sites I will review if in dispute BUT ANY SITE that is directly or indirectly linked to any of the transponder sites that create, advertise, and/or install any transponder variants will only be removed from my list if the site is totally sold and no longer contains any links to any of the transponder live files.

63.99.224.18 mail.thinkingmedia.net
63.99.224.19 Amazingmerchants.com
63.99.224.20 thinkingmedia.net
63.99.224.21 Direct-Revenue.com
63.99.224.34 mail.clickalchemy.com
63.99.224.37 stop-popup-ads-now.com
63.99.224.37 clickalchemy.com
63.99.224.47 cleangetaway.biz
63.99.224.47 mypanicbutton.com
63.99.224.57 Twain-tech.com
63.99.224.57 mx-targeting.com
63.99.209.59 Ipinsight.com
63.99.224.62 mail.msview.cc
63.99.224.65 msview.cc
63.99.224.65 www.freephone.cc
63.240.11.56 disk11.com
64.66.168.38 EC16.com
64.191.159.9 mail.hostpool.net
64.191.159.9 mail.direct-revenue.com
64.191.159.120 xadx.offeroptimizer.com
64.191.159.120 xads.offeroptimizer.com
64.191.159.123 ximages.offeroptimizer.com
64.191.159.125 reports.offeroptimizer.com
64.191.159.132 c.abetterinternet.com
64.191.159.133 s.abetterinternet.com
64.191.159.133 update.stop-popup-ads-now.com
64.202.165.92 mail.mypctuneup.com
64.41.114.15 tps108.org
64.41.111.75 truedata.org
65.61.130.193 server.ipinsight.net
65.255.32.5 www.offeroptimizer.biz
65.255.32.5 top10sites.com
65.255.32.5 skinhead.com
65.255.32.5 letssearch.com
65.255.32.8 Quicklaunch.com
65.255.32.70 offeroptimizer.biz
65.255.32.70 mail.www.offeroptimizer.biz
65.255.32.70 mail.offeroptimizer.biz
66.113.176.180 Bestoffers.bz
66.113.176.180 mail.bestoffers.bz
66.216.73.161 sentrymon.ipinsight.net
66.199.187.168 munky.com
66.199.187.168 NameAdministration.com
66.199.187.168 15X.NET
66.199.187.168 pantyland.com
66.199.187.168 steelwool.com
66.199.187.175 adblock.linkz.com
66.199.187.175 smartcasual.com
66.199.187.175 linkz.com
66.199.187.175 hostpool.com
66.199.187.175 adblock.com
66.199.187.175 nameadmininc.com
66.216.73.160 belt.abetterinternet.com/bi/servlet/Belt?StubName=Belt
66.216.73.160 stubmon.ipinsight.net
66.216.86.121 download.ipinsight.net
69.20.5.14 cr.stop-popup-ads-now.com
69.20.5.14 mail.stop-popup-ads-now.com
69.20.5.39 69.20.5.39/download/cabs/BI5101/
69.20.5.39 69.20.5.39/download/cabs/BILATEST/
69.28.158.21 static.abetterinternet.com
69.28.158.21 xlime.offeroptimizer.com
69.90.32.70 Get.freephone.cc
69.90.32.140 download.abetterinternet.com
69.90.32.140 download2.abetterinternet.com
69.90.32.141 thinstall.abetterinternet.com
69.28.146.21 xlime.offeroptimizer.com
207.217.96.41 sohodigital.net
207.246.105.39 test.disk11.com
207.246.105.49 Celticfestival.org
207.246.124.10 vx2.cc
207.246.124.61 z1.vx2.cc
207.246.124.90 internal.vx2.cc
207.246.124.101 ads.vx2.cc
207.246.124.105 download.vx2.cc
207.246.124.113 checkin.clickalchemy.com
207.246.124.113 ctl.twain-tech.com
207.246.124.113 transctl.vx2.cc
207.246.124.116 www.offeroptimizer.com
207.246.124.116 cliks.org
207.246.124.120 xads.offeroptimizer.com
207.246.124.120 xadso.offeroptimizer.com
207.246.124.130 mail.tps108.org
207.217.96.43 sohodigital.net
216.110.36.129 ipinsight.net
216.110.36.129 mypctuneup.com
216.187.118.218 OPTINEMAILSERVICES.Com
216.187.118.221 Hostpool.net
216.254.144.14 n69.com
216.254.144.15 bc777.com

The following are addresses to actual live files and is for informational purposes only and not to be used unless you are a researcher that knows how to handle transponder files:

Known Files and Locations:

69.20.5.39/download/cabs/BI5101/Belt.cab Rackspace.com
69.20.5.39/download/cabs/BILATEST/bi.cab Rackspace.com
69.20.5.39/download/cabs/BI5101/belt.exe RackSpace.com
69.90.32.140/download/cabs/BI5101/Belt.cab
69.90.32.140/download/cabs/BILATEST/bi.cab
69.90.32.141/download/cabs/BILATEST/bi.cab
69.90.32.140/download/cabs/BI5101/Belt.cab peer1.net
69.90.32.141/download/cabs/BI5101/Belt.cab peer1.net
69.90.32.141/download/cabs/BI5101/belt.exe
69.90.32.141/download/cabs/BI5101/Belt.cab
download.abetterinternet.com/download/cabs/ASH19126/payload2.cab
download.abetterinternet.com/download/cabs/ASH19126/payload.cab
download.abetterinternet.com/download/cabs/ASH19126/ashton.cab
download.abetterinternet.com/download/cabs/CGA14100/thin.cab
download.abetterinternet.com/download/cabs/CGA14100/cga14100.exe
download.abetterinternet.com/download/cabs/TUR14100/thin.cab
download.abetterinternet.com/download/cabs/TUR14100/tur14100.exe
download.abetterinternet.com/download/cabs/MPB14100/thin.cab
download.abetterinternet.com/download/cabs/MPB14100/mpb14100.exe
download.abetterinternet.com/bi/servlet/Banner?d=JEN54158
download.abetterinternet.com/download/cabs/JEN54158/thin.cab
download.abetterinternet.com/download/cabs/JEN54158/jen54158.exe
download.abetterinternet.com/bi/servlet/Banner?d=LOT34006
download.abetterinternet.com/download/cabs/LOT34006/lotto.cab
download.abetterinternet.com/download/cabs/LOT34006/payload.cab
download2.abetterinternet.com/download/cabs/LOT34006/lotto.cab
download2.abetterinternet.com/download/cabs/LOT34006/payload.cab
download2.abetterinternet.com/download/cabs/BIINI1/biini.cab
207.246.124.105/cabs/ROOSTTD3001/TPS108.cab
download.abetterinternet.com/download/cabs/STOP8105/stoppop.cab
download.abetterinternet.com/download/cabs/STOP8105/payload.cab
download.abetterinternet.com/download/cabs/BANN8002/payload.exe
download.abetterinternet.com/download/cabs/PBTN8100/button.cab
download.abetterinternet.com/download/cabs/PBTN8100/payload.cab
download.abetterinternet.com/download/cabs/PBTN8100/payload2.cab
download.abetterinternet.com/download/cabs/MXTDLL/mxTarget.cab
download2.abetterinternet.com/download/cabs/MPB18102/button.cab
download2.abetterinternet.com/download/cabs/MPB18102/payload.cab
download2.abetterinternet.com/download/cabs/MPB18102/payload2.cab
download2.abetterinternet.com/download/cabs/MPB18105/button.cab
download2.abetterinternet.com/download/cabs/MPB18105/payload.cab
download2.abetterinternet.com/download/cabs/MPB18105/payload2.cab
download.abetterinternet.com/download/cabs/SS4J8105/screen.cab
download.abetterinternet.com/download/cabs/SS4J8105/payload.cab
download.abetterinternet.com/download/cabs/SS4J8105/payload2.cab
download2.abetterinternet.com/download/cabs/CGA18105/clean.cab
download2.abetterinternet.com/download/cabs/CGA18105/payload.cab
download2.abetterinternet.com/download/cabs/CGA18105/payload2.cab
download2.abetterinternet.com/download/cabs/CGA18102/clean.cab
download2.abetterinternet.com/download/cabs/CGA18102/payload.cab
download2.abetterinternet.com/download/cabs/CGA18102/payload2.cab
download.abetterinternet.com/download/cabs/CLEN8100/clean.cab
download.abetterinternet.com/download/cabs/CLEN8100/payload.cab
download.abetterinternet.com/download/cabs/CLEN8100/payload.cab
download.abetterinternet.com/download/cabs/TUR38106/turbo.cab
download.abetterinternet.com/download/cabs/TUR38106/payload.cab
download.abetterinternet.com/download/cabs/TUR38106/payload2.cab
download.abetterinternet.com/download/cabs/TURB8102/turbo.cab
download.abetterinternet.com/download/cabs/TURB8102/payload.cab
download.abetterinternet.com/download/cabs/TURB8102/payload2.cab
download.abetterinternet.com/download/cabs/TURB8105/turbo.cab
download.abetterinternet.com/download/cabs/TURB8105/payload.cab
download.abetterinternet.com/download/cabs/TURB8105/payload2.cab
download.abetterinternet.com/download/cabs/TURB8108/turbo.cab
download.abetterinternet.com/download/cabs/TURB8108/payload.cab
download.abetterinternet.com/download/cabs/TURB8108/payload2.cab
download.abetterinternet.com/download/cabs/TURB9106/turbo.cab
download.abetterinternet.com/download/cabs/TURB9106/payload.cab
download.abetterinternet.com/download/cabs/TURB9106/payload2.cab
download.abetterinternet.com/download/cabs/FIX19105/flash.cab
download.abetterinternet.com/download/cabs/FIX19105/payload.cab
download.abetterinternet.com/download/cabs/FIX19105/payload2.cab
download2.abetterinternet.com/download/cabs/FON19106/flash.cab
download2.abetterinternet.com/download/cabs/FON19106/payload.cab
download2.abetterinternet.com/download/cabs/FON19106/payload2.cab
download.abetterinternet.com/download/cabs/OPTI8105/optimize.cab
download.abetterinternet.com/download/cabs/OPTI8105/payload.cab
download2.abetterinternet.com/download/cabs/BIINI1/biini.cab
bc777.com/software/SiteHlpr.cab
download.abetterinternet.com/download/cabs/OPTIAOL2/optimize.cab
download.abetterinternet.com/download/cabs/OPTIAOL3/optimize.cab
download.abetterinternet.com/download/cabs/OPTIAOL4/optimize.cab
download2.abetterinternet.com/download/cabs/OPTIAOL4/optimize.cab
download.abetterinternet.com/download/cabs/OPTIAOL2/isearch.cab
download2.abetterinternet.com/download/cabs/OPTIAOL2/isearch.cab
download2.abetterinternet.com/download/cabs/OPTIAOL3/isearch.cab
download2.abetterinternet.com/download/cabs/OPTIAOL4/isearch.cab
download.abetterinternet.com/download/cabs/OPTIAOL4/isearch.cab
download.abetterinternet.com/download/cabs/ASH19108/ashton.cab
download.abetterinternet.com/download/cabs/ASH19108/payload.cab
download.abetterinternet.com/download/cabs/ASH19108/payload2.cab
thinstall.abetterinternet.com/download/bi_prob/bi_prob.exe
thinstall.abetterinternet.com/bi/servlet/ThinstallPre
download2.abetterinternet.com/download/cabs/TWTDLL/twaintec.cab
thinstall.abetterinternet.com/bi/servlet/ThinstallPost
s.abetterinternet.com/bi/servlet/BIMaster
xads.offeroptimizer.com/ctx/ron_context.php
xlime.offeroptimizer.com/parse.js.php
transctl.vx2.cc/vx2/servlet/TransCtl
static.abetterinternet.com/download/cabs/MXTINI1/mxtini.cab
thinstall.abetterinternet.com/bi/servlet/ThinstallPost
thinstall.abetterinternet.com/bi/servlet/ThinstallPre
thinstall.abetterinternet.com/download/bi_prob/bi_prob.exe
thinstall.abetterinternet.com/download/tt_reco/tt_reco.exe
transctl.vx2.cc/vx2/servlet/TransCtl
abetterinternet.com/ashton/agreement.htm
abetterinternet.com/flashtalk/agreement.htm
abetterinternet.com/policies.htm
mypctuneup.com/cabs/REMALL/remall.exe
mypctuneup.com/cabs/REMALL/thin.cab

List of all known files
Belt.cab
Belt.exe Updates installs of missing files or new variants.
Belt.inf
Belt.ini
biC.inf
Bi.dll
bi.ini
bi4.exe (self extracting)
bi4.inf
bi5.cab
bi5.exe (same as bi5.cab)
bi7.inf
bi9.cab
bi9.exe (same as bi9.cab)
bi9.inf
biini.inf
biJ.exe (self extracting)
biJ.inf
biK.cab
bik.exe (Same as bik.cab)
biK.inf
biini.cab
biini.inf
biini.ini
biK.exe (self extracting)
biK.ini
biK.inf
biO.cab (contains bi.dll, biO.inf, preInsBI.exe)
biO.exe
biO.inf
preInsBI.exe
Biprep.exe
bundle.exe Sahagent
twaintech.dll
twaintech.ini
twtini.ini

Uninstall files for the twaintech uninstall registry entry:
tt_unadd.ini
tt_unadd.inf
tt_unadd.cab

Uninstalls the bi.dll (win32 application) uninstall registry entry
bi_unadd.cab
bi_unadd.inf
bi_unadd.ini

clickalchemy.com
alchem.cab Usually takes 2 to 4 days before installing.
alchem.exe Updates installs of missing files or new variants.
alchem.inf
alchem.ini

mx-target.com
mxTarget.cab
mxTarget.dll
mxTarget.inf
mxtarget.ini
mxtini.cab
mxtini.inf
preInsMt.exe
tt_reco.exe (This is the one that removes all twaintech registry entries)
This variant like the bi and twaintech also use the offeroptimizer ad server for the popup ads to users computers

remall.exe used by mypctuneup.com to remove the BHO registry entry of the variant found but leaves all the rest of the registry entries and files intact. This file can only be downloaded after getting the logon link after submitting an online form request for help at mypctuneup.com.

Webhelper4u.com Site Listing Criteria:
The following are domains and IP addresses of sites that through investigations I have listed and monitor on a daily or monthly basis. Sites that are entered into the list must meet one or more of the criteria that I have set forth.

The entries fall into two groups, the first is any site that directly or indirectly aids in the installation of adware, trackware, or controlware, with or without the end users knowledge or permission for the purpose of profiting from the end users personal and/or computer information, or to control where a user may go or view while on the Internet. The second is any site that involves itself in software scams, scare advertising, using names similar to other domains to sell or re-direct customers to the site in question to market their products and /or services.

To be removed from the list, those who own the entries listed must prove in email why they shouldn’t be listed and sent to thewatcher@india.com.

THIS LIST IS NOT ALL INCLUSIVE AND CAN BE UPDATED WITHOUT ANY ADVANCED WARNING AT ANY TIME.

Criteria For Entry into TheWatcherList
1. Any site that directly or indirectly, with or without the end users permission or knowledge installs adware, trackware, controlware, or anything that collects, tracks, and/or transmits the end users personal, private, and computer information to one or more controlling servers.

2. Any site that registers through services like that of Domains By Proxy that aids in hiding the real identity of its owners.

3. Any site that is owned by a site that meets any of the criteria set forth.

4. Any site that advertises and/or sells security software and has other sites that are involved in what their security software is supposed to prevent.

5. Any site that sells security software that has only an email support with no real in-depth data on what the software will or will not do.

6. Any site that sells software that is proven to be hacked or cracked versions of legitimate software of others.

7. Any site that has live links to registry files *.reg that will automatically entry registry entries for the purpose of hijacking the end users home page, search pages, and/or 404 pages to profit from pay per click advertising clients.

8. Any site that creates, supports, or aids in the marketing of scam ads that state free gifts, etc. and after filling out forms on one or more pages have to pay with a check or money order for a product or service in order to get the free gift unless stated on the first ad seen.

9. Any site that aids or profits from, banner ads, or popup ads that requires online forms to be filled out with the end users personal information being transmitted to multiple ad servers for use in online email and/or mail order marketing, or telemarketing, or for the resale to others for marketing purposes.
*****************************************

Disclaimer
All names of people, domains, addresses, and historical information that is listed by the webhelper is cited from data available to the public through searching the Internet.

Reference to names of people and linking them to sites that are or were known to support directly or indirectly to the installation of adware have been gathered from Whois databases, Government online corporation databases, and from current and archived web pages.
_________________
Wächter der Geschichten:
http://www.webhelper4u.com/thewatcher.html
Member of ASAP Since 2004

wawadave · Posted: Sun May 02, 2004 8:28 pm Post subject:

thank you webhelper!!!!!!! your work is appreciated!
_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd

Nick · Posted: Sun May 02, 2004 8:45 pm Post subject:

Agreed, this info is good for researching things on this site via the search function if you have questions about a url .
_________________
Nick's Security Ticker