Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

W3i, LLC is pushing Trojans and Spam

 
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Spyware/Adware in the News
View previous topic :: View next topic  
Author Message
micaman
Junior Member


Joined: 28 May 2007
Last Visit: 18 Aug 2007
Posts: 27
Location: Florida, USA

PostPosted: Wed Jul 11, 2007 12:42 am    Post subject: W3i, LLC is pushing Trojans and Spam Reply with quote

I have reported them to Ben Edelman in hopes he will take the case!

The company (W3i, LLC) operates under these website domains:

Freeze.com
Core Demographic:
70% Female, 30-45 yrs

Screensaver.com
Core Demographic:
55% Female, 25-40 yrs

Wallpapers.com
Core Demographic:
60% Female, 20-35 yrs

My.Freeze.com
Core Demographic:
70% Female, 25-40 yrs

Ringtone.com
Core Demographic:
75% Female, 15-30 yrs

YourScreen.com
Core Demographic:
70% Female, 30-45 yrs

Please warn as many people as you can to avoid this company at all cost. A visitor to my CAAM - Consumers active Against Malware site reported them to me to investigate.

After a basic test, my test machine had a trojan! I have filed formal complaints with several government officials, including the FBI.

This is one BAD COMPANY!
Back to top
View user's profile Send private message
ld
Warrior


Joined: 01 Mar 2005
Last Visit: 29 Jul 2010
Posts: 185

PostPosted: Fri Jul 13, 2007 3:42 pm    Post subject: Reply with quote

I would hardly be shocked if what you say is true. Can you give us any details so we can make an educated decision as to how dangerous it is? Did simply visiting one of the sites get you infected or did you download something from the site that contained it? If it was the website that infected you, did you contact them? Many popular websites have been hacked in past and the attackers have injected code into the pages to try and hack and infect visitors. If it was in the software did the EULA mention it was installing "extras"? What does this trojan due that would concern us?
Back to top
View user's profile Send private message
micaman
Junior Member


Joined: 28 May 2007
Last Visit: 18 Aug 2007
Posts: 27
Location: Florida, USA

PostPosted: Fri Jul 13, 2007 6:10 pm    Post subject: Reply with quote

Hi ld,

I would love to provide more information. This company should not be in business...in my opinion. But, in light of your question, let me give you and the many fine computer professionals here more information.

Shocked
I was directed to investigate the Freeze.com site from a visitor to one of my free computer help sites. She instructed me that upon downloading a free screensaver, her machine became infected with a Trojan and now has a host of problems that she needs help with. I offer free security help to any visitor to the many computer related sites I own, becasue I simply hate Malware!

So, I went to freeze.com and downloaded a free screensaver that: installed a desktop search toolbar, altered my desktop settings, altered my internet settings, turned off Mcafee Virus Scan, and added a hidden (just a blank spot) startup item to my system tray, changed various other settings and installed a new.net Trojan that locked my machine up until unplugging my network cable (broadband). After unplugging from the internet, it took 24 minutes to give me any response to the mouse. After I could get a response, I plugged back into the internet, and IE opened with a pop-up and a new website (PrivacyProtector) that said my machine had traces of porn and I should use their scanner to remove unwanted traces. Upon 'red Xing' the page, it opened another page that locked up IE again. And provided a two pop up's that I could not get rid of. After closing IE and the pop up's with Task Manager, I opened IE again, only to be taken to several porn sites, that locked up my machine again for 11 minutes. During all of this lock up time, I do not know what was done to my machine, but 35 minutes (total) on a broadband connection could have provided all the time they needed to complete their rogue tasks! This whole process took 3.5 hours and a lot of manual work.

The Eula stated that I could choose from what would be installed, yet I was never given a chance to choose. After the install, it said I could view the Privacy Policy and Terms and Conditions, yet there is nothing on the pages (blank pages).

I will be spending another two or three hours examining my machine to see what else has happened to it. Before Freeze.com, it was clean and fast, and now it is slow, even after removal.

Here is what was listed when installed:

HKEY_CURRENT_USER\Software\Freeze\yourscreen
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\yourscreen
HKEY_LOCAL_MACHINE\Software\RegisteredApplications

After removal, I had a unknown entry that was traced to:

HKEY_CURRENT_USER\Software\Freeze

I do believe I will find more upon further digging.

If I did not have CounterSpy v2.5, McAfee Internet Security Suite 2006, and some security knowledge hunting Malware, my machine would be toast right now. My processes went from the normal 41 - on up to 68. I can only guess at what a novice computer user would go through upon finding this site. My machine right now, even after removing it and having NO OTHER CHANGES, is running at 44 processes. They are unmarked and the extra processes are svchost.exe items.

In order to provide you with as much information as possible, this machine is a Windows XP SP2 Home Edition fully updated, and well maintained.

After much digging through the registry and days later after uninstalling there product, this is the most recent addition to my registry:

HKEY_CURRENT_USER\Software\Triodesign\slideshow screensaver 1.0

But the entries do change. I am somewhat letting it do as it pleases, but at this point, since I uninstalled the main product through Add/Remove, there SHOULD be NO MORE interactions with my machine.

I will use avery resource I have to continue to tract this company and save the masses from the deciet. If you or anyone is a worker of the company, please note that I have much more data on this and I am a Network Administrator for a Law Firm and will defend my right to state truthful facts on what this company is all about!

Shocked
Back to top
View user's profile Send private message
suzi
Site Admin


Joined: 27 Jul 2003
Last Visit: 21 Sep 2014
Posts: 10329
Location: sunny California

PostPosted: Fri Jul 13, 2007 6:16 pm    Post subject: Reply with quote

The first 3 domains you mention have long been known for installing adware. Whether or not it is classified as trojans depends on the vendor and their method of classification.

You might be interested in the stopbadware reports on one of the sites.

http://www.stopbadware.org/reports/reportdisplay?reportname=waterfalls
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. Smile
Back to top
View user's profile Send private message Visit poster's website
micaman
Junior Member


Joined: 28 May 2007
Last Visit: 18 Aug 2007
Posts: 27
Location: Florida, USA

PostPosted: Fri Jul 13, 2007 6:19 pm    Post subject: Reply with quote

suzi wrote:
The first 3 domains you mention have long been known for installing adware. Whether or not it is classified as trojans depends on the vendor and their method of classification.

You might be interested in the stopbadware reports on one of the sites.

http://www.stopbadware.org/reports/reportdisplay?reportname=waterfalls


That is very nice indeed. I will add this link to my case study and send it to my visitor who first sent me to this site/company.

THANKS!!! Very Happy
Back to top
View user's profile Send private message
suzi
Site Admin


Joined: 27 Jul 2003
Last Visit: 21 Sep 2014
Posts: 10329
Location: sunny California

PostPosted: Fri Jul 13, 2007 6:20 pm    Post subject: Reply with quote

Oh, I just saw your last post.

You can look up the domain regsitration information here:

http://www.domaintools.com/

Their address, phone number and fax number are there:

http://whois.domaintools.com/freeze.com

Freeze.com has been around since 1997.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. Smile
Back to top
View user's profile Send private message Visit poster's website
micaman
Junior Member


Joined: 28 May 2007
Last Visit: 18 Aug 2007
Posts: 27
Location: Florida, USA

PostPosted: Fri Jul 13, 2007 6:22 pm    Post subject: Reply with quote

suzi wrote:
Oh, I just saw your last post.

You can look up the domain regsitration information here:

http://www.domaintools.com/

Their address, phone number and fax number are there:

http://whois.domaintools.com/freeze.com

Freeze.com has been around since 1997.


Will add it, too! I will keep checking this post for ANY inforamtion you can add. Thansk Suzi, for taking the time to add these things!

James
Back to top
View user's profile Send private message
ld
Warrior


Joined: 01 Mar 2005
Last Visit: 29 Jul 2010
Posts: 185

PostPosted: Sat Jul 14, 2007 3:03 pm    Post subject: Reply with quote

Thanks for the additional info. That is exactly what I was looking for and definitely stuff I want to stay away from.
Back to top
View user's profile Send private message
JeanInMontana
Warrior


Joined: 16 Jan 2005
Last Visit: 22 Dec 2008
Posts: 177
Location: South Central Montana, USA

PostPosted: Sat Jul 28, 2007 5:34 pm    Post subject: Reply with quote

Did you ever us Google to research the company?

Here is an interesting item http://www.prweb.com/releases/software/marketing/prweb541397.htm

Here is some corporate structure info http://www.prweb.com/releases/2007/7/prweb540987.htm

You can even get a job with them http://careers.w3i.com/ .

Oh and you will just love this one http://blog.w3i.com/index.php/category/w3i/ .

These guys are not going away easily.

_________________

Hoax~Slayer * hpHosts * T.I.C. * Malwarebytes
* A.S.A.P. Member 2004
Back to top
View user's profile Send private message Visit poster's website
micaman
Junior Member


Joined: 28 May 2007
Last Visit: 18 Aug 2007
Posts: 27
Location: Florida, USA

PostPosted: Sat Jul 28, 2007 6:03 pm    Post subject: Reply with quote

[quote="JeanInMontana"]
Quote:
Did you ever us Google to research the company?


I have been going through the information and adding it to the file. It has been quite helpful...and very interesting, to say the least!

Quote:
Here is an interesting item http://www.prweb.com/releases/software/marketing/prweb541397.htm


Wow, this may be why the lady who brought this to me said she trusted them...they gave her the impression that they were with Yahoo.

Quote:
Here is some corporate structure info http://www.prweb.com/releases/2007/7/prweb540987.htm


It is funny that they call themselves a business, much less a corporation. I always thought is was...people first and then money, even in business.

Quote:
You can even get a job with them http://careers.w3i.com/ .


micaman...undercover at W3i headquarters...if no one hears from me...please notify the proper authorities! LMAO

Quote:
Oh and you will just love this one http://blog.w3i.com/index.php/category/w3i/ .


You are right, I do love that one. That is CRAZY! lol

Quote:
These guys are not going away easily.


You are right again!

These types of companies really "dig in" when they set up shop. And even when someone gets to the bottom of their tricks, they simply change names. That "LLC" part in their name makes it quite easy to have "limited responsibilities" as a business, and jump ship at the drop of a hat, which, as you pointed out...will not be anytime soon. More malware = more victims.

Thanks for taking the time to add to this subject. It is all VERY HELPFUL!
Back to top
View user's profile Send private message
JeanInMontana
Warrior


Joined: 16 Jan 2005
Last Visit: 22 Dec 2008
Posts: 177
Location: South Central Montana, USA

PostPosted: Sat Jul 28, 2007 6:46 pm    Post subject: Reply with quote

Your welcome, but all I did was highlight the 3 letters W3i using Firefox and right click, then choose "search Google". There were over 166K hits. I just picked some of the more eye popping ones. Shocked
_________________

Hoax~Slayer * hpHosts * T.I.C. * Malwarebytes
* A.S.A.P. Member 2004
Back to top
View user's profile Send private message Visit poster's website
Nightmaretony
Warrior


Joined: 15 Mar 2005
Last Visit: 30 Jun 2011
Posts: 256
Location: Meadowbrook

PostPosted: Sat Jul 28, 2007 7:19 pm    Post subject: Reply with quote

Here is some corporate structure info hxxp://www.prweb.com/releases/2007/7/prweb540987.htm

Sort of hilarious about criminals touting their corporate promotions.

Would love to see it in LA:

LittleRed joins Crips, takes over Fingerbreaker for eye gouging and small caliber hqandgun protocols. "We are pleased to have LittleRed join our long standing company tradition", says ShortyChevy, vice president of the Crips. His experience with the Sharks, Jay13 and Cervantez14 have proven invaluable and a 3 year stretch in prison helps confirm his abilities and talent in this field".

There was no comment from LAPD on this announcement.
_________________
For this is the place
where dreams
and nightmares
are birthed
and bred

Nightmare Park
Back to top
View user's profile Send private message Visit poster's website AIM Address
Nightmaretony
Warrior


Joined: 15 Mar 2005
Last Visit: 30 Jun 2011
Posts: 256
Location: Meadowbrook

PostPosted: Sat Jul 28, 2007 7:19 pm    Post subject: Reply with quote

The above is my own opinion concerning this matter and should only be construed as such.
_________________
For this is the place
where dreams
and nightmares
are birthed
and bred

Nightmare Park
Back to top
View user's profile Send private message Visit poster's website AIM Address
Display posts from previous:   
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Spyware/Adware in the News All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group