Category Archives: Identification

For any given product, listings of autoplays and startupware entries.

Windows Update Broke My Computer… not!



Yesterday was Patch Tuesday. That’s the monthly release date for Microsoft to push out patches for Windows; it’s always on the second Tuesday of the month. Today, I’m getting phone calls about computers being down.

First call: “When I looked at the computer this morning, the screen said it was shutting down. It just sat there, so I rebooted. Nothing. Blank”

My questions: Does that computer run all the time? (Yes, it backs up at night to an external drive.)

So it hasn’t rebooted in a while? (I guess.)

“OK, unplug the external hard drive and any other USB storage devices, and reboot.” That fixed it.

Why? Because PCs of a certain age, circa 2003-2006, frequently dislike booting with a USB storage device plugged in. The machine is never turned off, until Windows Update comes along and forces a reboot.

Second call: “I thought I broke it. It was just sitting there with a spinning message forever. I let it run and it eventually shut down. My husband says I broke it again. You repaired it last week!”

Answer: LOTS of big patches last night. Slow shutdown was normal; patches were installing.

Hey, Microsoft! Automatic patching is clearly doing more good than evil, BUT clear communications would really help. Like “Your monthly security patches from Microsoft are installing right now. These happen on a regular schedule. Learn more at: (simple link that can be remembered for later)” NOT “Your computer is shutting down” or “Installing… Do not turn off your computer…” Clear messages that say that you’re working to improve their security are better than techie messages that say their systems are going DOWN. 🙁

Don’t scare your customers. That’s the job of the bad guys.

BackBlaze

FTC places temporary halt on XP Antivirus and Family

The Federal Trade Commission has gone to U.S. District Court, and shut down, at least for the moment, Innovative Marketing, Inc. and ByteHosting Internet Services, LLC, who they’ve identified as the source of such nasty-ware as WinFixer, WinAntivirus, DriveCleaner, ErrorSafe, and XP Antivirus.

Here’s their press item:
//www.softwarekb.com/news/2008/12/11/court-halts-bogus-computer-scans/

This group of rogue programs has made this past year interesting for me. I clean up these programs more than any other type of malware, and yes, I get paid. But all in all, I’d rather be upgrading hard drives and building new systems.

Nero 7 Essentials

I’ve been getting some very specific complaints about Nero 7 Essentials. “The computer slows down. It crashes. Started with the new DVD writer.” All the drives in question were bundled with the OEM version of Nero 7 Essentials. Time for another test. Test box for today is running an Athlon XP 1900+, Windows 2000 Pro with Service Pack 4, no antivirus or security software whatsoever, lots of memory and drive space, and not much on the hard drive.

Before the install, I ran Hijack This and added everything to the ‘ignore’ list, and ran CCleaner, and accepted every registry issue found–it’s a clean test box, so there wasn’t much.

Started the install:
Nero 7 Welcome Screen

I chose all the default options:
Nero 7 typical install

At the truly arrogant file options, I made no changes–Nero wants to be your program for everything related to content. Apparently it’s more than a DVD burning program, in the opinion of the publisher.
Nero 7 file options

At the install options, I again made no changes. Note the “Nero Scout” item at bottom left, unchecked by default.
Nero 7 options

The install completed without problems. I restarted the computer, and went looking. No new system tray icon appears, and no indication that I’ve installed anything more than a DVD burner. But wait, there’s something–in the Windows menus, in the Nero group, I see Nero Scout. Ooh, options. Here’s the view–it’s ON by default, and installed without asking:
Nero 7 indexing without asking

Ran HijackThis again. There are only two new entries:
O4 – HKLM\..\Run: [NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O23 – Service: NMIndexingService – Nero AG –
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

So my DVD burner software includes a full indexing scan for files, also called ‘desktop search’, on by default, of all types (it’s on that ‘Files’ tab), with no system tray icon, and no obvious place to type in a search. What does this have to do with burning a DVD? (Nero, if you’re reading this, send me an answer–I’ll post it.)

I won’t comment much on the functionality of the product, except for one item: DVD-video functions (Nero Vision and some other areas) work for 30 days, then display an expired message. OK, I have no problem with a vendor trying to upsell, but announce that the product is half real and half 30-day trial in advance, and give me an option to uninstall the dead software chunks–I don’t need all this clutter.

Uninstalled. No error messages. Restarted the PC. Ran HijackThis a third time, and both autostart entries have been removed–good so far. Under C:\Program Files, there’s a leftover folder “Nero” containing 4 files and 2 more folders. Sloppy, but not unusually so. There’s a file left in the c:\WinNT folder, “NeroDigital.ini”.

Ran CCleaner, and checked the registry. Remember, I cleaned it before the install. There are now 380 registry errors. These are in the categories of:

    ‘Unused File Extension’ mostly for graphics still formats,
    ‘ActiveX/COM Issue’ for ‘AppCore.MediaSource,
    ‘Invalid or empty file class’ for CDmaker, and
    several hundred “Open with Application Issue’ entries, pointing to “HKCR\NeroExpress.Files7…”

Overall results:
Is it startupware? Absolutely. It adds two autoplay entries, one totally unrelated to the program’s function, doesn’t ask permission before adding the unrelated functions, and turns on a processor-intensive application by silent default.

Recommendations–

First, don’t install with the defaults. Uncheck every file format on ALL the pages in the install options, except those that you’ll really use the program for. If in doubt, uncheck it.

Second, check off that box: “Configure Nero Scout on first usage” and then disable it.

Or find the autoplay entry for Nero Scout, it’s in Control Panel, Administrative Tools, Services, NMIndexingService–choose stop, and disable. Then find and delete the file:
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

And finally, consider some other program. This install doesn’t inspire trust.