Your
generous donations help keep this site online!
|
Specifically, it has been
reported that installing software bundled with the SoundBlaster also installed
spyware components, including ADVERT.DLL and CD_LOAD.EXE. They are believed
to be installed with the "freeware" product, Media
Ring Talk, which allows PC-to-PC voice communication. (This software
goes under several names, including Media Ring Chat, MRTalk99, SBring or
MRTS.) Upon further investigation, the advert.dll file appears to be proprietary
to Media Ring, and not associated with the Aureate
spyware by the same name. It is unknown whether the cd_load.exe file
is the one from Cydoor's spyware foundry.
Due to the possibility of spyware infestation, I recommend using Windows' Add New Hardware wizard (if possible), rather than any auto-installers on the Soundblaster setup disk, to install the hardware drivers. (Use of SB-supplied installers means a higher risk of having other things besides the drivers installed!)
See also: NewsUpd.exe,
another confirmed spyware application installed by CreativeLabs installers.
Spyware/MRTalk Removal Procedures
In addition to the files
in the program's own directory, some files are also added to the Windows
system directory, as described below.
Bruce writes:
Should you decide to do your own housekeeping after uninstallingThe following Registry entries are created by the software and can safely be removed:
MediaRing Talk as I am forced to do after my brief evaluation you
might search your hard drive for the following files and delete them
manually.c:\WINDOWS\FONTS\R0DFONT.fon
c:\WINDOWS\mruninst.exe
c:\WINDOWS\SYSTEM\Dbwin32.exe
c:\WINDOWS\SYSTEM\mstart.exe
c:\WINDOWS\SYSTEM\sp3.dll
c:\WINDOWS\SYSTEM\sx20.ini
c:\WINDOWS\SYSTEM\Sx20p32.dll
c:\WINDOWS\SYSTEM\sx5363.ini
c:\WINDOWS\SYSTEM\sx5363s.dll
c:\WINDOWS\SYSTEM\sx7383.ini
c:\WINDOWS\SYSTEM\Sx73p32.dll
c:\WINDOWS\wutil.dllAlso remove your MediaRing Talk directory if anything was left in it.
I installed this software on a computer that has no modem or Internet
connection I therefore feel my privacy was not compromised your
results may vary.
HKEY_USERS\.Default\Software\Mediacom Technologies (S)The program is also said to tamper with certain Windows fonts and/or their Registry entries, including the Verdana font. When removing the application, search for and delete the advert.dll and cd_load.exe spyware files. If the MRTalk program is run with the files missing, it reportedly crashes with a GPF and can take Windows down with it.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.mrt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-mediaring-mrt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\mstart.Document
More information will be posted here as it becomes available.
Thanks Privacy
Power for the spyware alert and additional information.
"All trademarks are hereby acknowledged as the property of their respective owners." So don't even THINK about suing me :)