The other day while I was sufing on the WWW I noticed an ugly looking icon in the task bar. When I pointed my mouse cursor at it, it said "eZula 81% installed". After the first wave of virus panic I started investigating. It seems that it's not a virus, rather some kind of nasty advertizing tool. Now it has installed itself all over my PC and refuses to get uninstalled. Finally after venturing into the registry editor could I delete all the files (I hope). There must have been at least 10 of the program, all over the hard drive.

Anyone who knows more about what it is? I suspect that I got it when I installed a MP3 to wav decoder that day.

<a href="http://www.lavasoftusa.com/" target="_blank">http://www.lavasoftusa.com/</a>

Ad-aware 5.62
License: Free
Minimum requirements: Windows 95/98/NT/2000
Uninstaller included?: Yes
--------------------------------------------------------------------------------
Description
Ad-aware scans your memory, Registry, and hard drives for software
components from Alexa (through 5.0), Aureate (1.0, 2.0, and 3.0),
Comet Cursor (through 3.0), Cydoor, Doubleclick, DSSAgent,EzUla,
Expedioware, EverAd, Flyswat, Gator, Gratisware, HotBar, OnFlow,
TimeSink (through 5.0), Transponder, Web3000, Webhancer, and more.
Ad-aware then displays a list of detected spyware modules, Registry
keys, files, and folders, and allows you to remove them from your
system selectively.
This update supports removal of EzUla, Expedioware, and Transponder
modules, and features an "exclude" option to ignore modules you want
to keep.

From a firewall newsgroup "[the] MP3 crowd ... do not have a clue what they are getting into when they install these P2P FS apps, and then grant them server privileges. I mean, why bother having a firewall in the first place if you are going to poke a bunch of holes in it for any app that asks you to. &lt;jeez&gt;"

There are many other ways for parasitic services to be installed on your computer. One firm that I am aware of - it is mentioned in TR4A's post - uses free kiddie software. The software is offered free of charge. You download it. You install it. Your kids play it for free. Then it spys on you when you get back to your computer.

A long list of sites/services known or believed to be associated with spyware, data mining and data warehousing companies was posted in a firewall newsgroup about a month ago. Ezula was of course one of them. Its aliases are bloyalty and contextpro.

I won't post the entire list of firms and IP addresses here unless one of the moderators pokes his nose in and says that it is ok.

This is probably a silly question, and I'm almost embarrassed to ask it, but is C_DILLA related to all this? A C_DILLA folder appeared in my C Drive about six months ago without me doing anything.

There are only three files; installs for 16 and 32 bit and an uninstall for 16 bit. As I'm on Win2K, would I need an uninstall for 32 bit to get rid of it and what would happen if I did? <img src="redface.gif" border="0">

{More info: there is only the briefest of references to c-dilla (Note the different dash) in the Registry to a little-used taxcalc program}

[ 06 January 2002: Message edited by: fobotcso ]</p>

Thanks TR4A!! Did download and install the AdAware program and surprise surprise, it found not only a couple more of the eZula that I thought I had deleted but also a few other ones as well. I wouldn't be surprised if a lot of pc's around the world are full of these spies! Highly recommended!!

fobotsco, do you remember a pop-up box telling you a licence manager was being installed? Have you installed any software that required authorization? Have you been prevented from burning any discs? Have you installed any demo and then uninstalled the demo?

Macrovision has products that are marketed to developers to enforce copy protection and a few similar things. They license it to developers as being "transparent to the consumer." Macrovision's software may have been installed by an application to manage a license or to prevent you from copying a CD to another CD or to your hard drive. The application that installed the c_dilla folder may not work if you tamper with the folder or c_dilla registry entries.

Before taking any action, see if you can isolate the application that installed the folder. Searching on file dates may give a clue. Snoop around the Macrovision web site for its licensees.

Macrovision's product has been called spyware because it it is secretly installed and has a secret monitoring function but so far as I know it does no reporting (so I wouldn't call it spyware). Just consumer abuse. Whose hard drive is it anyway? We have long since reached the point at which it is necessary for consumer protection laws to enter the digital age.

I bought Ad-aware Plus which comes with Ad-watch.

Ad-watch catches spyware parasites before they can integrate into your system, protecting your system in realtime.

Registering gives you the Ad-aware plus application including Ad-watch, additional security features, unlimited free upgrades and lifetime free product support.

Price: EUR 17.27 / USD 15.00

Thank You BB for your comprehensive reply - very helpful.

It was, as you described, the Licence Management System called C_DILLA planted silently on my PC without any banners or warnings during the Autorun phase of the CD spin-up before the install options screen was displayed. Had I aborted the installation, the intrusive folder/files would have remained; they remained even after I had installed and uninstalled the offending program. I had to delete the rubbish manually from the HD and also from the Registry.

I did a test copy of the CD while the Program was installed and the C_DILLA stuff was still there; no problems.

The irony of this? This illegal (in my view) planting of this software on my CD without my knowledge or approval was done by the UK's leading Consumer Rights Activists called the Consumers' Association on their 1998 Income Tax Calculator called Taxcalc 98!! If I'd realised this before, I'd have asked for my money back. They've stopped doing it on later years' CDs! <img src="mad.gif" border="0"> <img src="mad.gif" border="0">

[ 08 January 2002: Message edited by: fobotcso ]</p>