Internet Gamebox is owned by GAD Network, which is a known spyware supplier. Their setup package, which is needed to play their free online games, reportedly installs a hard to remove rootkit. Uninstallation of their software is only possible through a form (bottom of this page). This also makes me wonder about the proper licensing of all the gaming characters they use (Sonic, Mario, Pacman, Donkey Kong, ...).
In short: Is showing this ad on GameDev really necessary?
Internet Gamebox ad
Author
Just got this ad on GameDev:
Internet Gamebox is owned by GAD Network, which is a known spyware supplier. Their setup package, which is needed to play their free online games, reportedly installs a hard to remove rootkit. Uninstallation of their software is only possible through a form (bottom of this page). This also makes me wonder about the proper licensing of all the gaming characters they use (Sonic, Mario, Pacman, Donkey Kong, ...).
In short: Is showing this ad on GameDev really necessary?
Internet Gamebox is owned by GAD Network, which is a known spyware supplier. Their setup package, which is needed to play their free online games, reportedly installs a hard to remove rootkit. Uninstallation of their software is only possible through a form (bottom of this page). This also makes me wonder about the proper licensing of all the gaming characters they use (Sonic, Mario, Pacman, Donkey Kong, ...).
In short: Is showing this ad on GameDev really necessary?
Author
I see the Internet Gamebox ads are still running...
I duplicated one of my Virtual Server images and ran the Internet Gamebox installation on it. I had Filemon running on the background logging newly created files and modifications. The installation created a file named 'noffmmtudd.exe' in the windows\system32 directory and executed it. This file didn't show up in Explorer with 'show hidden/system files' turned on. A registry search didn't find a mention of this file either.
Then I turned off the virtual machine and added the disk as a second (non-booting) disk to a clean virtual machine. The file named 'noffmmtudd.exe' was suddenly visible with Explorer in the windows\system32 directory, along with some data files also starting with 'noffmmtudd'.
After rebooting the infected virtual machine the mentioned files were still not visible in Explorer or the registry. I ran the uninstaller which said it had removed all components of Internet Gamebox.
Loading the disk in the clean virtual machine again showed that the files were still there. I then renamed the exe file.
After rebooting the infected virtual machine the renamed exe and data files finally showed up in Explorer. A registry search came up with 'noffmmtudd.exe' being called on startup.
I hope this proves that Internet Gamebox does indeed install a rootkit. I don't know how to check what the rootkit actually does but it can't be good when it tries to hide itself.
I duplicated one of my Virtual Server images and ran the Internet Gamebox installation on it. I had Filemon running on the background logging newly created files and modifications. The installation created a file named 'noffmmtudd.exe' in the windows\system32 directory and executed it. This file didn't show up in Explorer with 'show hidden/system files' turned on. A registry search didn't find a mention of this file either.
Then I turned off the virtual machine and added the disk as a second (non-booting) disk to a clean virtual machine. The file named 'noffmmtudd.exe' was suddenly visible with Explorer in the windows\system32 directory, along with some data files also starting with 'noffmmtudd'.
After rebooting the infected virtual machine the mentioned files were still not visible in Explorer or the registry. I ran the uninstaller which said it had removed all components of Internet Gamebox.
Loading the disk in the clean virtual machine again showed that the files were still there. I then renamed the exe file.
After rebooting the infected virtual machine the renamed exe and data files finally showed up in Explorer. A registry search came up with 'noffmmtudd.exe' being called on startup.
I hope this proves that Internet Gamebox does indeed install a rootkit. I don't know how to check what the rootkit actually does but it can't be good when it tries to hide itself.
Okay, I'm trying to remove the ad, but I don't have enough information. We serve ads from third party networks, so I need the image location and URL to be able to determine where it's coming from.
Author
Image: http://content.yieldmanager.edgesuite.net/atoms/13/82/13823a48ecc9aac4c20ea58ce0720fb3.gifLink: http://ad.yieldmanager.com/click,UhgAAMoJAAC7SwQAsqIBAAABBAAAAA0AAgADCwAABANtBQAAExwCANWoAgAAAAAAAAAAAAAAAAAAAAAAAAAAAC3RCEYAAAAA,,http%3A%2F%2Fwww%2Egamedev%2Enet%2Fcommunity%2Fforums%2Fforum%2Easp%3Fforum%5Fid%3D3,Image: http://content.yieldmanager.edgesuite.net/atoms/91/bd/91bdaf373e695862e896c3d685a7cb97.gifLink: http://ad.yieldmanager.com/click,UhgAAMoJAAC9SwQAsqIBAAABDAAAAA0AAQADCwAABANtBQAAxBECANWoAgAAAAAAAAAAAAAAAAAAAAAAAAAAACPSCEYAAAAA,,http%3A%2F%2Fwww%2Egamedev%2Enet%2Fcommunity%2Fforums%2Fforum%2Easp%3Fforum%5Fid%3D3,Image: http://content.yieldmanager.edgesuite.net/atoms/13/32/13328502889928c83f5d8dc5dbd5ec63.gifLink: http://ad.yieldmanager.com/click,UhgAAMoJAADZSwQAsqIBAAABFAAAAA0AAQADCwAABANtBQAAExwCANWoAgAAAAAAAAAAAAAAAAAAAAAAAAAAAFbSCEYAAAAA,,http%3A%2F%2Fwww%2Egamedev%2Enet%2Fcommunity%2Fforums%2Fforum%2Easp%3Fforum%5Fid%3D3,Image: http://content.yieldmanager.edgesuite.net/atoms/b0/0c/b00c6e197c6bcd863522c59382cedee8.gifLink: http://ad.yieldmanager.com/click,UhgAAMoJAADLSwQAsqIBAAABGAAAAA0AAgADCwAABANtBQAAExwCANWoAgAAAAAAAAAAAAAAAAAAAAAAAAAAAPHSCEYAAAAA,,http%3A%2F%2Fwww%2Egamedev%2Enet%2Fcommunity%2Fforums%2Fforum%2Easp%3Fforum%5Fid%3D3,
Author
And another one
Image: http://content.yieldmanager.edgesuite.net/atoms/ea/9b/ea9b24690f5518e37a59f26b55fc44dc.gifLink: http://ad.yieldmanager.com/click,UhgAAMoJAADMSwQAsqIBAAIBAAAAAP8AAAADEwAABANtBQAAxBECANWoAgAAAAAAAAAAAAAAAAAAAAAAAAAAAOVKCUYAAAAA,,http%3A%2F%2Fwww%2Egamedev%2Enet%2Fcommunity%2Fforums%2Fforum%2Easp%3Fforum%5Fid%3D3,This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement
