Spyware found in MB trading Sotware

patrick_newB · Aug 19, 2006

I don't think I could ever trade with a broker that puts spyware in their product.

MiamiHurricanes · Aug 19, 2006

What is the difference between spyware and built in aspects of the trading platform that customize your access to the market based on your position, etc.

GTS · Aug 19, 2006

My god, I have never seen such misinformed hysteria.

Something in the MBT Naviagtor installation process is creating this single registry entry:

HKEY_CLASSES_ROOT\CLSID\{00000000-0000-0000-0000-000000000000}

A registry entry like this doesnt do anything. It doesnt hijack your browser, it doesnt execute. Its just data.

Spyware/Adware CommonName also creates that same registry entry, but it also creates a lot more registry entries and installs executable software

From: http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453072513

Registry Items:
HKEY_CLASSES_ROOT\appid\{118a2bfa-5ac7-4d29-beb9-d68f4d2cccab}
HKEY_CLASSES_ROOT\appid\{ae6ddeb6-5683-4f5d-ad53-0f93b02a3f93}
HKEY_CLASSES_ROOT\appid\cnform.exe
HKEY_CLASSES_ROOT\babeie.agentie
HKEY_CLASSES_ROOT\babeie.agentie.1
HKEY_CLASSES_ROOT\babeie.handler
HKEY_CLASSES_ROOT\babeie.handler.1
HKEY_CLASSES_ROOT\babeie.helper
HKEY_CLASSES_ROOT\babeie.helper.1
HKEY_CLASSES_ROOT\babie.handler.1
HKEY_CLASSES_ROOT\babie.helper.1
HKEY_CLASSES_ROOT\clsid\{00000000-0000-0000-0000-000000000000}
HKEY_CLASSES_ROOT\clsid\{046d6ea4-15e3-4b27-8010-45bd78a9219e}
HKEY_CLASSES_ROOT\clsid\{0e5c2cc6-72da-4342-94b3-76b47a1c6d14}
HKEY_CLASSES_ROOT\clsid\{118a2bfa-5ac7-4d29-beb9-d68f4d2cccab}
HKEY_CLASSES_ROOT\clsid\{2eb3eff2-f707-4ea8-81aa-4b65d2799f31}
HKEY_CLASSES_ROOT\clsid\{4f476e6b-1eca-4a3b-845a-505d8892da1a}
HKEY_CLASSES_ROOT\clsid\{4f9ca775-2c5f-4e2a-b157-cb440564f7f4}
HKEY_CLASSES_ROOT\clsid\{53b1b977-193e-4a9f-b9fc-e1dcc24016a1}
HKEY_CLASSES_ROOT\clsid\{541a3704-4320-4e2d-9371-e4a4c9803191}
HKEY_CLASSES_ROOT\clsid\{64809b75-d8c3-4052-a7ad-6a3ecc39218e}
HKEY_CLASSES_ROOT\clsid\{6656b666-992f-4d74-8588-8ca69e97d90c}
HKEY_CLASSES_ROOT\clsid\{882f36a6-5178-477b-a00a-2e1d3b7e8e80}
HKEY_CLASSES_ROOT\clsid\{8adbbe3e-1841-4708-85df-727ccee6220b}
HKEY_CLASSES_ROOT\clsid\{9346a6bb-1ed0-4174-afb4-13cd4ec0aa40}
HKEY_CLASSES_ROOT\clsid\{a7fe5e20-9866-4c49-b5ed-3991954a2acd}
HKEY_CLASSES_ROOT\clsid\{ac04dc43-28e9-4746-9164-c200a04b8921}
HKEY_CLASSES_ROOT\clsid\{ae6ddeb6-5683-4f5d-ad53-0f93b02a3f93}
HKEY_CLASSES_ROOT\clsid\{c4b81c49-5ea5-490b-af95-04994a4214d4}
HKEY_CLASSES_ROOT\clsid\{ecb81a15-365c-4953-827f-6e848634c1f0}
HKEY_CLASSES_ROOT\clsid\{fb68cc40-c725-491a-aac3-f37dde794edb}
HKEY_CLASSES_ROOT\cnbar.activater
HKEY_CLASSES_ROOT\cnbar.activater.1
HKEY_CLASSES_ROOT\cnbar.bandsink
HKEY_CLASSES_ROOT\cnbar.bandsink.1
HKEY_CLASSES_ROOT\cnbar.cnbarband
HKEY_CLASSES_ROOT\cnbar.cnbarband.1
HKEY_CLASSES_ROOT\cnbar.explorerbar
HKEY_CLASSES_ROOT\cnbar.explorerbar.1
HKEY_CLASSES_ROOT\cnform.cnbarhelper
HKEY_CLASSES_ROOT\cnform.cnbarhelper.1
HKEY_CLASSES_ROOT\cnform.history
HKEY_CLASSES_ROOT\cnform.history.1
HKEY_CLASSES_ROOT\dnserr.dnserrobj
HKEY_CLASSES_ROOT\dnserr.dnserrobj.1
HKEY_CLASSES_ROOT\interface\{2d0f5208-3198-49a4-86a7-d65e9e582751}
HKEY_CLASSES_ROOT\interface\{4f476e6b-1eca-4a3b-845a-505d8892da1a}
HKEY_CLASSES_ROOT\interface\{53b1b977-193e-4a9f-b9fc-e1dcc24016a1}
HKEY_CLASSES_ROOT\interface\{64809b75-d8c3-4052-a7ad-6a3ecc39218e}
HKEY_CLASSES_ROOT\interface\{8adbbe3e-1841-4708-85df-727ccee6220b}
HKEY_CLASSES_ROOT\interface\{99908473-1135-4009-be4f-32b921f86ed9}
HKEY_CLASSES_ROOT\interface\{a7fe5e20-9866-4c49-b5ed-3991954a2acd}
HKEY_CLASSES_ROOT\interface\{fb68cc40-c725-491a-aac3-f37dde794edb}
HKEY_CLASSES_ROOT\protocols\handler\cn
HKEY_CLASSES_ROOT\software\microsoft\internet explorer\toolbar {00000000-0000-0000-0000-000000000000}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\uninstall\commonname toolbar 3.50_is1
HKEY_CLASSES_ROOT\typelib\{541a3704-4320-4e2d-9371-e4a4c9803191}
HKEY_CLASSES_ROOT\typelib\{ac04dc43-28e9-4746-9164-c200a04b8921}
HKEY_CLASSES_ROOT\typelib\{c4b81c49-5ea5-490b-af95-04994a4214d4}
HKEY_CLASSES_ROOT\typelib\{cc364a32-d59b-4e9c-9156-f0050c45005b}
HKEY_CLASSES_ROOT\typelib\{d879d743-e2cc-4161-8034-2234203681c9}
HKEY_CLASSES_ROOT\typelib\{dd0032df-ceef-4e0a-8b75-e4d8861e11e5}
HKEY_CLASSES_ROOT\winnet.update.1
HKEY_CURRENT_USER\software\commonname
HKEY_CURRENT_USER\software\microsoft\internet explorer\menuext\add a page note
HKEY_CURRENT_USER\software\microsoft\internet explorer\menuext\bookmark this page
HKEY_CURRENT_USER\software\microsoft\internet explorer\menuext\email this link
HKEY_CURRENT_USER\software\microsoft\internet explorer\menuext\search using commonname
...
HKEY_LOCAL_MACHINE\software\classes\appid\winnet.exe
HKEY_LOCAL_MACHINE\software\classes\babeie.handler
HKEY_LOCAL_MACHINE\software\classes\babeie.handler.1
HKEY_LOCAL_MACHINE\software\classes\babeie.helper
HKEY_LOCAL_MACHINE\software\classes\babeie.helper.1
HKEY_LOCAL_MACHINE\software\classes\interface\{2d0f5208-3198-49a4-86a7-d65e9e582751}
HKEY_LOCAL_MACHINE\software\classes\interface\{8adbbe3e-1841-4708-85df-727ccee6220b}
HKEY_LOCAL_MACHINE\software\classes\protocols\handler\cn
HKEY_LOCAL_MACHINE\software\classes\typelib\{d879d743-e2cc-4161-8034-2234203681c9}
HKEY_LOCAL_MACHINE\software\classes\winnet.update
HKEY_LOCAL_MACHINE\software\classes\winnet.update.1
HKEY_LOCAL_MACHINE\software\commonname
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6656b666-992f-4d74-8588-8ca69e97d90c}
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\advancedoptions\commonname
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\brows
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-0000-0000-0000-000000000000}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{046d6ea4-15e3-4b27-8010-45bd78a9219e}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run cndesk

DLL Files:
%program_files%\common files\tsa\rainbow\classify.dll
cnoutlook.dll
cnmib.dll
cegffawm.dll
byaddagn.dll
%program_files%\commonname\toolbar\cnbarie.dll
%program_files%\commonname\toolbar\cnbabe.dll
%program_files%\commonname\toolbar\babeie.dll
%program_files%\commonname\desktop\resdll.dll
%program_files%\commonname\desktop\babe.dll
%program_files%\commonname\addressbar\cnbabe.dll
%program_files%\common~2\toolbar\cnbarie.dll
%program_files%\common~2\toolbar\cnbabe.dll
%program_files%\common~2\toolbar\babeie.dll
%program_files%\common~2\addres~1\cnbabe.dll
%program_files%\wtpxsqpx\giwdishm.dll
%program_files%\intern~3\inetkw.dll

Ad-aware has detected that this ONE registry entry matches the pattern that also occurs when a machine has had CommonName installed but the presence of just this one registry entry does not mean that machine has CommonName.

None of the DLL software or other registry entries that occur with CommonName have been found

I also scanned my system with Spybot (latest defs) and it came back with the same result, only that registry entry is flagged - no spyware, no adware

allan0 · Aug 19, 2006

I installed MB demo and I don't have any problems. Also, as it has been pointed out a couple of times, that single registry entry is harmless, at worst just useless but can't harm your computer in any way.

mktman · Aug 19, 2006

This misinformed hysteria is common among ET posters.

GTS
Nice post.
As you said no executables.

traderob · Aug 20, 2006

Just got back from holiday, and nice to return to the warmth of ET.

Try to keep any comments civil.

rhinoaa1 · Aug 20, 2006

Thank Goodness for the ET Forum:

Last week I spent more hours than I care to admit researching Forex âNON-Dealing Desk brokersâ here at ET.

Following all of the posts in this thread has further convinced me to download MB Navigator Demo onto my machine this evening.

Of course last weekâs research already convinced me NOT to open a live account at FXCM.

The hunt is on!!!

Thank you to all who have posted,

Rhinoaa1

StoragePro · Aug 20, 2006

Good for you!!!!! Although ET is a lousy place to research, it has led you to the correct conclusion. ECN's like MB are the only answer. Find a good one like MB and you at least have a chance to let your wits allow you to prosper. FX is NOT hard. What is hard is ignoring the nitwit advice the negative nelly's dole out here.

As usual they are wrong.

Quote from rhinoaa1:

Thank Goodness for the ET Forum:

Last week I spent more hours than I care to admit researching Forex ?NON-Dealing Desk brokers? here at ET.

Following all of the posts in this thread has further convinced me to download MB Navigator Demo onto my machine this evening.

Of course last week?s research already convinced me NOT to open a live account at FXCM.

The hunt is on!!!

Thank you to all who have posted,

Rhinoaa1

rhinoaa1 · Aug 20, 2006

Hello SP,

Thank you for the info on research and NOT to detract from ET, but where else would you suggest researching FX brokers???

You can PM me @ bhands@earthlink.net

Many thanks,

Rhinoaa1

StoragePro · Aug 20, 2006

Are you kidding me? Where? Wow.

If you don't know how to properly research this market - and NO, ET is NOT the right place, then plaease stay out of it. You will lose everything.

Not trying to be mean, but you have homework to di first

Quote from rhinoaa1:

Hello SP,

Thank you for the info on research and NOT to detract from ET, but where else would you suggest researching FX brokers???

You can PM me @ bhands@earthlink.net

Many thanks,

Rhinoaa1