redirect.paviliondownload.com spyware?

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by CarrollMS, Dec 8, 2005.

  1. CarrollMS

    CarrollMS Private E-2

    I just loaded up the Agniturm Outpost firewall; one of three FREE recommended by MajorGeeks.

    I have it set on rules, and got a request when I signed on:

    Allow activity for application BWDELAY.EXE BWDELAY.EXE redirect.paviliondownload.com HTTP Outbound TCP

    I allowed based on the official looking name, but today went back to check and found that it is a form of spyware incorporated by HP in their internet ready keyboard. Here is a post on the topic from the web at this site and copied below with author's permission from the web site
    http://www.gank.com/spyware/HP/

    BTW: I blocked it today. My compliments to MajorGeeks and Agnitum Outpost, it was a very simple task, very straightforward, and it sounds like Agnitum beats the author of the web reviews firewall hands down!

    Mark


    SPYWARE REPORT
    Hewlett Packard (HP) Pavilion
    One-touch Multimedia Keyboard MMKEYBD.EXE
    It would seem that keyboards are good places to attack privacy and security.

    Hewlett Packard Pavilion computers come pre-installed with "phone-home" spyware made by Netropa. This nasty phone-home software is named the "One touch multimedia keyboard". This spy ware is located in a computer file executable named mmkeybd.exe which drives the HP Pavilion pre-installed internet enabled keyboard.

    The internet enabled keyboard is actually pretty cool because with one-touch of a keyboard button you can access the internet, your favorites and other stuff.

    Only thing is that the keyboard is spyware! Not unlike a lot of other trojan horse programs, it gives you something cool and then piggybacks its dangerous payload. All without your knowledge. So this program operates in the background of your HP Pavilion, hijacking the internet connection without the user's knowledge.

    The "One touch multimedia keyboard" generates TCP, UDP and ICMP pings about once every second.

    Of course not only does this invade an HP customer's privacy by phoning home every few seconds, it greatly slows down internet connections with unnecessary bandwidth. HP should be taken to task for not disclosing these privacy violations. I am surprised the news media has not jumped on Hewlett Packard for this. This seems to pale in comparision to the Real Networks privacy violations of late.

    Attempts to uninstall the program only make life more difficult and inconvenient. You have to remember that the MMKEYBD.exe program drives the keyboard. Which means that the keyboard becomes useless without the driver. Ever tried to use a computer without a keyboard? Remove the driver and you are left with a keyboard-less computer.

    Also the speaker controls for the HP Pavilion are located on the keyboard. Want sound? If you are smart enough to know what is going on with the MMKEYBD trojan program and you uninstall the spyware you can forget being able to adjust the sound while you listening to your CDs or playing your favorite video game!

    HP and Netropa are crafty and bundle essential operations with the trojan.

    The only way to avoid the privacy invasions is to use firewall software. But watch out! It is not that easy either. My Norton Personal Firewall caught the TCP and UDP packets, but did not catch the rogue ICMP packets.

    So after I thought I was protected (I blocked MMKEYBD.exe from TCP and UDP access), I was not really. Checking my logs (a long time later), I noticed many, many hits to redirect.paviliondownload.com

    So I had to also block ICMP packets. Things are ok now, but I have wasted a lot of time doing extensive research to compile this information and I am ticked. I have not yet sniffed the packets to determine what information was sent. So I do not yet know what they know about me.

    HP and Netropa should be taken to task for invading my and thousands of other's privacy.

    If anyone has information about this HP Pavilion and the Netropa spyware "one-touch multimedia keyboard", please reply to this posting on the usenet newsgroup alt.privacy.spyware.

    I have also published this here: http://www.gank.com/spyware/index.htm

    If you are not associated with Hewlett Packard or Netropa, then you are free to download this page and post the page on your website. Just keep the above link which provides a link back this site. ;)

    Needless to say. We will NOT be buying another HP computer!

    And we will not buy the Netropa One-Touch Multimedia Keyboard.


    --------------------------------------------------------------------------------

    Update: July 12, 2003

    Periodically I have received comments about this article. Some are from HP employees who are none to happy with my version of the facts. They want to tout the fact that there is a new driver that you can install to avoid all of this.

    But this ignores the fact that this should not have done in the first place and many people myself included have wasted much time trying to figure out what was going on with their computer and the once per minute connection attempts.

    Then I get some uninformed person saying that this article is completely wrong or that I must just have something against HP -- blah, blah, blah... Well before all of these problems with my Hewlett Packard Pavillion, I had nothing against the company. I was pretty neutral... Actually I was more positive than neutral... I spent my hard-earned money and bought a brand new HP when I could have purchased any other computer.

    Recently I decided to search the major search engines for links to this article because I was going to update the contents. But after finding many other people with the same problem, I decided to leave the article as is.

    HP was wrong to put this spyware in the keyboard or to work with a company such as Netropa that creates keyboard spyware. If you ask the average user, most would not want their keyboard phoning home. Some things I learned about the phone home feature (after writing the article) is that the keyboard has some "hot keys" which are programmable shortcuts/links to your favorite web pages. The problem however is that your web page requests are first directed to Hewlett Packard's website. All of the sites you visit will be known to HP. That is invasive to me and I bet to many other people.

    And it is not easy to find out that this is happening unless you have a firewall and it is not easy to turn off unless you know what you are doing.

    Here is another article that I found from a person who had a similar problem. Here is a quote:

    "This is nothing new for HP however, since they are also the proud purveyors of other phone home apps such as Wild Tangent Games and Backweb, both of which are known to be violators of your privacy."


    END as of 12/08/2005
     
    CarrollMS, Dec 8, 2005
    #1
  2. Shadow_Puter_Dude

    Shadow_Puter_Dude MG Authorized Malware Fighter

    BWDELAY is a process that belongs to BackWeb. Many debate whether or not BackWeb is Spyware/Adware. BackWeb and BackWeb Lite are used to keep programs updated and comes preinstalled on several systems, HP systems most notably. To remove BackWeb would actually break several applications on the system,
     
    Shadow_Puter_Dude, Dec 9, 2005
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds