Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Back Web and Pavillionware on HPs

7 views
Skip to first unread message

bss

unread,
Jan 30, 2002, 4:09:19 PM1/30/02
to

Looks like I am not the only one who feels that pre-installed software on
machines may be intrusive. I think it's opened the boxes up for easy
intrusion.

Maybe my lost time will help someone else avoid the problem.

http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0x7dc1a2db8513d6118ff40090279
cd0f9,00.html

From Joe on Hps Tech info area

====January 30, 2002 20:59 PM GMT

----------------------------------------------------------------------------
----
I have been reading about backweb on the group here, This is the program
that HP has to give us HP updates.I have it on my ME and XP has it too.
People are saying that the HP program is looking for our SS numbers, Bank
accounts, personal information. I dont know if this is all true or not, but
if it is all of us need to be concerned.
Im fed up with this crap.. sombody better give us some correct answers. I
want to know if this is true. Is it true HP ? ====


From what I can find on Pavillionware it's normal for those programs that I
get creeped out over (ie, terminator.exe, killwind.exe, cloaker.exe,
shadow.exe) to come installed these boxes. They do some strange things
without thinking of security issues.

It actually did change my settings in Norton because it configured them to
block Windows direct update so that it could do the updating.
I put a link to the Back Web info
http://forums.itrc.hp.com/cm/components/FileAttachment/0,,0x65c1a2db8513d611
8ff40090279cd0f9,00.txt

Now back to the sick computer room....
Brenda..


bss

unread,
Jan 30, 2002, 4:21:08 PM1/30/02
to
here is another user who is lots smarter than I am who makes it clearer -
Brenda

January 30, 2002 14:14 PM GMT [ 10 pts ]

----------------------------------------------------------------------------
----
Joe,

I just started having problems with my Pavillon for about a week now. I keep
getting a message about BW8237..-A.exe caused a page fault. After doing some
investigating I found that this is a Backweb program. When I tried to kill
it, it said that the program was in use. I came up in DOS mode and found
that the program was hidden. I un-hid the program and renamed it then
rebooted only to find it back again.

I then did a search for anything that had "back" in it. The search revealed
many files associated with backweb. Looking at the backweb.exe file with a
hex debugger, there appears to be text that it was written by "weird sd".
HONESTLY! Doing more looking in /programfiles/common/GMT/scripts (may not
have gotten the path correct) I found scripts that appear to look for
personal data. I really could not believe what I was seeing. Things like,
date of birth, SSN, first name, last name, mother's maiden name, and more.
This scared the heck out of me to the point that I disconnected from the
internet until I did more research about Backweb. It appears to me that the
scripts are gathering personal information from places like Wells Fargo,
Vanguard and some additional sites that I have personal information.

I am determined to rid my system of Backweb. I also found the the files for
Backweb are in ZIP format with a ".bin" at the end of them. There appears to
be about 12 of them that come alive probably unzipping on command and
reinstalling Backweb.

Backweb appears to be an covert program that steals your information. Reload
your system and before you install any other programs, remove Backweb any
way you can. They appear to be stealing personal information.


Sugien

unread,
Jan 30, 2002, 4:35:46 PM1/30/02
to

"bss" <bs_s...@cox-internet.com> wrote in message
news:u5gou7t...@corp.supernews.com...

My main system which I use daily is a HP Pavilion 8560c which does come with
backweb; BUT!! when even I use the recovery cd and reinstall the system one
of the first things I do is to remove backweb; as well as several other
programs that are install by default; because the main reason is from a
default reinstall I only have 56% system resources right after a cold boot
before running any other software. After either deleting or unchecking them
in msconfig, startup and then rebooting I have 95% system resources.
Besides I also don't like something running on my system that takes up
system resources and that I have no control of and that are installed by
default.


--
/}
@###{ ]::::::Dino-Soft Software::::::>
\}
https://www.paypal.com/refer/pal=dinosoft%40adelphia.net
Click the above for a fast , and easy way to send money on line


Jeffrey A. Setaro

unread,
Jan 30, 2002, 6:06:31 PM1/30/02
to
In article <u5gou7t...@corp.supernews.com>, bs_stone@cox-
internet.com says...

> here is another user who is lots smarter than I am who makes it clearer -
>

[Snip]
Brenda; BackWeb commercial application. It is not a virus, Trojan horse,
or (so far as I know) spyware.

Take a look at <http://www.backweb.com/> for more information about
BackWeb products.

--
Cheers-

Jeff Setaro
jase...@sprynet.com
http://home.sprynet.com/~jasetaro/
PGP Key IDs DH/DSS: 0x5D41429D RSA: 0x599D2A99

no spam

unread,
Feb 25, 2002, 2:05:17 PM2/25/02
to
Yes! It is creepy that HP Pavillions have executable files with evil
sounding names. The c:\hp\bin directory has:

KillWind.exe with an Icon of a nuclear explosion.
the description of the file is "A Ruthless Killer of
Windows"
Author: Matt Gerrans
company name: Key Concepts, Inc.
comments: Efficiently assassinates windows or processes;
run with no parameters to see syntax.

Terminator.exe with an icon with a target and arrow in the center
Description: A Ruthless Killer of Windows
Comments: Efficiently assassinates windows or processes; run with no
parameters to see syntax.


Cloaker.exe with an Icon of a recycle bin with the trash being
taken from it
Comments: Jzzxnhic njzlgye jn Iddk Ejdkaug
company Name: Hewlett-Packard Co.
Product Name: Cloaker, Cloaker, Cloaker!


ProcessLogger.exe with an Icon of a somewhat evil looking clown
Description: Exciting Windows Process Logging Technolgy.
Comments: Specify number of minutes to run on the command
line, defaul is 15. Results are logged to the file process.log in
the Windows temp directory.
company Name: Hewlett-Packard

Fondlewindow.exe with an icon of a windows logo without color
Options: c, t, all, show, hide, close, enumChildren.
Company Name: Key Concepts, Inc.


Spawn.exe
Description: Spawn! Windows Millenium Spawn
Comments: Process forker
Company Name: Hewlett-Packard Co.
Private Build Description: Private!
Special Build Description: Isn't it special?



It is creapy that Hewlitt-Packard allows this. It appears they don't
examine the programs they place on their machines. It appears the
people writing the programs are children who are not being monitored
or mentored. It appears there is no quality control and concern for
security issues.

0 new messages