This is a small guide on how to install the DivX 5 Pro
package bundled with GAINware without being "infected"
by the spyware included. It is based on a Microsoft
Windows 2000 system, so if you have a different system,
just adapt it yourself.
1. Download and launch Ad-Aware
Every individual concerned about their privacy should have Ad-Aware
installed on his/her computer. You can download it at
http://www.lavasoft.de
for free. The most recent version as of December 5, 2002 is
Ad-Aware 5.83.
Now launch Ad-Aware, and keep it running during the
install process of DivX 5 Pro.
2. Launch the DivX 5 Pro installer
If you wish to know what you are avoiding by using this
HOWTO, read the Gator license agreements. Aren't they
rude? Anyway, click "Yes" on all the agreements. You won't
follow them, but oh well, if you were, why would you be
reading this, you cheating bastard? :)
Now quickly open your Windows Task Manager by pressing
Ctrl+Shift+Escape and look at the processes.
Now sort them by process ID (PID), and look at the bottom.
Look for "gain_trickler_3" or something similar, and when
you find it, END PROCESS immedately. This is the GAINware
in action.
3. Run an Ad-Aware scan
Scan everything. Quick and deep registry scan. Scan ALL
of your hard drives. Scan memory. Scan EVERYTHING.
There are a total of six (6) entries made after install
of GAINware bundled with DivX 5 Pro:
* [D] Directory "C:\Documents and Settings\<user>\Local Settings\Temp\fsg_tmp"
* [F] File "C:\Program Files\DivX\DivX Pro Codec\gain_trickler_3202.exe"
* [K] Registry "HKEY_CLASSES_ROOT\CLSID\{21ffb6c0-0da1-11d5-a9d5-00500413153c}"
* [K] Registry "HKEY_LOCAL_MACHINE\SOFTWARE\gator.com"
* [K] Registry "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}"
* [V] Registry "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Trickler"
Explained:
The first four entries are Gator software. These are not
so hazardous, so just check the first box to delete the
temporary directory. The file and the CLSID is needed for
verification.
The next entry is the Alexa browser monitoring tool. This
is part 1 of the spyware. Check the box to remove the
filth.
The next entry is Trickler, the executable file we
are bound to keep. You MUST delete this entry before you reboot, because
if not, the program will be run in the background and you
will have running spyware on your computer. Check the box,
quickly.
You should have boxes 1, 5 and 6 checked. Now click
"continue". Voila! Your system is clean again, and you've got a
good, clean version of DivX 5 Pro. And without paying
$30!
...Disclaimer
The contents of this guide is probably illegal to exercise,
and you shouldn't do it. I take no responsibility whatsoever
for the consequences of reading this guide and/or performing
the actions described herein.
Or something like that.
Update: thanks to Stavr0 for notifying me that it is www.lavasoft.de, not .com.