Ad's Suck! Spyware Sucks too...

	The Ongoing Proactive fight for your box Ad's Suck! And Spyware sucks too...	Removing banners
September 2000	by XXXX
	Courtesy of Fravia's searchlores.org
fra_00xx 981607 [blue] 1000 AA RB	"I found out where my box was going... I was pissed!", writes XXXX, and indeed, as many current discussions (inter alia on the warez discussion thread) attest, more and more people are disgusted by the ruthless violations of all privacy by wannabies programmers and their malwares. This is an interesting small essay, especially because it delivers a very nice HOSTS file, that you can immediately use (with great profit, eheh :-) I'll take this opportunity to note here a most recent finding: a new french service: http://www.nopub.com/ seems to offer now the first (afaikj) free access to the web WITHOUT any advertisement whatsoever. A great idea, that deserves to be spread and that I hope will make waves. Of course this service has been prontly boicotted by the tv-chains and all other commercial bastards, who have refused to advertise an anti-advertisement system :-)	Anti-advertisement
	There is a crack, a crack in everything That's how the light gets in Yada Yada
~S~ Rating	(x)Beginner ( )Intermediate ( )Advanced ( )Expert

What a pain in the ass!

The Ongoing Proactive fight for your box

Ad's Suck! And Spyware sucks too...

Written by XXXX

Introduction

Ad's Suck! And... Spyware sucks too. So get Pro-Active, because nobody is going to help you fend your box off from these lower life forms.

Tools required

an editor, and ztree, @guard, browser, and .01% of a brain.

Target's URL/FTP

target: Tsadbot & Aurate and @guard rules. urls: HAHAHAH! Shea Right...

Program History

Steve is a talented programmer no question, I have a friend that knows him personally. HOWEVER, It upsets me that Steve is going ahead and going to make optout Cinderella on us. Here's my answer.
It's been my answer since BEFORE optout existed. I have since added to this. This kills Tsadbot and Aurate's port connections for me. The heart of this is just plain old DOS commands. You could do the whole thing manually, but why?

Regarding the running of software...
Generally anything with a 2000 on it; to me. sux. I use older stuff. I don't upgrade.
I don't run m$ie, if a program requires m$ie, I don't run it.
PERIOD.
There are plenty of other things that will do the same job if you look around, or you can LIE to the system and make it think IE is installed. I use 98lite Freeware( 98lite.net) and ROM II (which is getting harder to find now!! However, it's still out there though...) I have a giant friggin hosts file based on the original one from +F's site. However at the end there is much more to ad (pun intended) The new HOSTS file came from http://www3.sympatico.ca/teampowerhouse/

I will include my hosts file anyway since links tend to disappear. I am always searching for new anonymous proxies. I use an @guard software based firewall for my wintel box. I use a blackice for stealth. I disabled port 139. I don't yet trust ZoneAlarm.........

Sometime after the using this batchfile method, I came across some rules for @guard, they're redundant, but everything helps in our fight...

Essay

You are going to have to know some DOS. Just read. This goes off the "0 byte file" or "directory with
same name principle."


rem c:\ = my windows drive
rem c:\z = my windows directory
rem c:\z\system = my windows system


c:\
md tsadbot.exe


cd \z
deltree /y TEMP
deltree /y Recent
deltree /y Temporary Internet Files
echo 1 >Recent


rem There is a registry hack for moving the Recent aka History aka Documents 
rem to the Recycle Bin - Search for it 

echo 1 >Temporary Internet Files
echo 1 >Favorites
md advert203.ocx
md advertx.ocx
md amc
md amcis.dll


cd \system
echo 1 >amc
echo 1 >adcache
md adimaglce.dll
md advert.dll
md advpack.dll
md amcis.dll
md amcis2.dll
md amcompat.tlb
md amstream.dll
md anadsc.ocx
md anadscb.ocx
md htmdeng.exe
md ipclient.dll
md msipcsv.exe
md tfde.dll


cd \Program Files
rem you could just rename this very file to "TimeSink"
rem and copy it to your \Program Files root dir.
echo 1 > TimeSink


rem you need to get unix command line tools 
rem (hell just install linux...

rem or search.... they're out there probably on Simtel
rem I keep all the batchfiles and tools like this in a
rem directory in the path. For Example C:\x 
rem and I keep the path *SHORT*

cd\RECYCLED
rm *.*
rm -r c:\z\TEMP
cd\z
md TEMP



That's it for the DOS part, there are some rules that
surfaced for @guard (sorry I do not remember the original 
sources for everything)


Spyware & AT-Guard


1.Add firewall rule:


Name: Aureate
Action: Block
Direction: Outbound
Protocol: TCP or UDP


Any application
Remote service:
Single
port 1749
Local service:
Single
port 1749
Address: any address
Logging: as required


2. In the Firewall tab move this new rule to the verytop

3. Add the following firewall rules:

adimage.dll
advert.dll
advpack.dll
amcis.dll
amcis2.dll
amcompat.tlb
amstream.dll
anadsc.ocx
anadscb.ocx
htmdeng.exe
ipclient.dll
msipcsv.exe
tfde.dll
Cd_clint.dll
CD_FlashInstallAX.exe
CD_Gif.dll
Cd_load.exe
Cd_swf.dll
rundll.exe
rundll32.exe
tsadbot.exe



Name: as above for each
Action: Block
Direction: Outbound
Protocol: TCP or UDP


Aplication shown above. name as shown above (no path)
Any service Any address
Logging as required


Then move each rule to the top of the list.


The LAST Rule (At the bottom of the list)
I made was ALL OTHERS
TCP or UDP in Either Direction.


Overkill???

Just wait till you see this "hosts" file, 
Courtesy of http://www3.sympatico.ca/teampowerhouse/

XXXX's (teampowerhouse's) hosts file
~
hosts_11.txt

Final Notes

This work I have done, was because I saw pieces floating everywhere. I can't say that in Latin... oh well.

Ob Duh

I won't bother going any further to explain why we all need to BUILD and distribute to others our tools and bots with which to fight (or disrupt ;^)) the crap which commercial sites thrust upon us, regardless of our own desires. It drives the message home to the advertisers' pocketbooks when one of their sleazy ploys doesn't work!