Avast WEBforum

Other => Viruses and worms => Topic started by: Dichromaru on May 28, 2011, 02:48:39 PM

Title: Possible Threat?
Post by: Dichromaru on May 28, 2011, 02:48:39 PM
I had a random program popup recently tonight while checking some messages on Facebook. Seems as though Skype has randomly decided to install software onto my computer without my permission - or at least that is what it claims.

Something called "EasyBits GO" just pops up and starts running now, at random. I can't seem to find any sort of information about them, other than the random foreign language page listing off the process name and some other random stuff I simply can not understand. It's like this thing just randomly popped up out of nowhere and no one knows anything about it - that or it's a possible threat that's cleverly blocking any bad information that can be found about it searched via Google (which is probably not possible, but eh, what do I know? lol).

Folder: C:\ProgramData\Easybits GO

I've tagged the folder with Avast!, MalwareBytes and SUPERANTISPYWARE, but no red flags pop up about it from either of the 3. So why is this a problem you might ask? I've already scoured my computer and for the life of me, I can't find a way to permanently remove it from my system. In my experience, anything that is legitimate has an uninstaller of some sort. Tried to see if it'd be removed via Uninstallation of Skype, but no go on that. Deleting the folder just causes it to be restored on a restart (go figure).

And if it helps at all, I'm currently running Windows 7 Ultimate (64-Bit).

Also, I apologize if this post is difficult to understand, it's almost 7AM here and I've not slept yet. >..>
Title: Re: Possible Threat?
Post by: DavidR on May 28, 2011, 02:57:39 PM
Seems I can find lots of hits on that http://forum.avast.com/index.php?topic=9671.msg650021#msg650021 (http://forum.avast.com/index.php?topic=9671.msg650021#msg650021) see http://skype.easybits.com/ (http://skype.easybits.com/).

EasyBits Software is the creator of unique gaming
platform for Skype network and the exclusive operator
of the Skype Game Channel

So do you have the Skype Game Channel enabled, etc. ?
Title: Re: Possible Threat?
Post by: Fettor on May 28, 2011, 02:58:18 PM
Wish I could help, but I've just made account specifically for this intriguing situation.
The exact same thing just happened to me.
I post in hope that someone can shed some light on why/how this has been installed without our knowledge.

I bet there's some clause in the T&C or something.. psh
Title: Re: Possible Threat?
Post by: Dichromaru on May 28, 2011, 03:02:48 PM
So do you have the Skype Game Channel enabled, etc. ?

There's no option or similar to "enable" it. It's just there with no way to disable it.
Title: Re: Possible Threat?
Post by: DavidR on May 28, 2011, 03:11:01 PM
Looks like Skype have made some changes to add functionality, should you ever choose the Skype Game Channel.

I don't use Skype so I can't speak from any personal experience, but I do hate these autocratic decisions without the ability to opt out.
Title: Re: Possible Threat?
Post by: CTakayama on May 28, 2011, 05:39:38 PM
This post came up high on google rankings, it happened to me today as well as soon as I updated to Service Pack 3 for XP (May or may not be related)

I solved the problem doing the following: (For XP)

1. Uninstalled EasyBits Go from Add/Remove Programs in Control Panel
2. Deleted the Skype Plugin Manager folder from C:\Program Files\Skype
3. Deleted the EasyBits Go Folder from C:\Documents and Settings\All Users\Application Data

You may run into a "Cannot Delete" problem for steps 2 and 3. When I tried to delete the Easybits Folder, several times I was denied access. I found out later that it was because SkypePM.exe was accessing. (As you know you can't delete programs currently accessed in the computer's memory)

In summary, the root of the problem was SkypePM.exe

I also expect the short outage that took place yesterday (link: http://www.huffingtonpost.com/2011/05/26/skype-down-problems-_n_867332.html , additional news on this can be found on google news) was probably because of their attempt to implement the stupid EasyBits Go Crapware onto everyone's computer. The spyware probably couldn't be installed on older versions of Skype so it crashed alot of user's computers, and inexperienced computer users probably upgraded their versions of skype to the newest version(which supports ads) thinking that it would fix the problem but instead they just opened the door for Micro$oft to feed crap to Skype users.

Now that Skype is owned my Micro$oft, any Corporate Lawyers looking to file a class action lawsuit on Skype using SkypePM.exe to monitor users behavior, this might be a good chance to make some $ for yourself and to protect everyone's right to privacy.
Title: Re: Possible Threat?
Post by: CTakayama on May 28, 2011, 05:59:48 PM
Skype snoop agent reads mobo serial numbers
'Quite normal' feature has been removed

By Dan Goodin in San Francisco
Posted in Malware, 11th February 2007 22:29 GMT

Skype has been spying on its Windows-based users since the middle of December by secretly accessing their system bios settings and recording the motherboard serial number.

A blog entry [1] made on Skype's website assures us it's no big deal. The snooper agent is the handiwork of a third-party program called EasyBits Software, which Skype uses to manage Skype plug-ins.

Among other things, EasyBits offers DRM features that prevent the unauthorized use or distribution of plug-ins, and that's why Skype 3.0 has been nosing around in users' bios. Reading the serial number allows EasyBits to quickly identify the physical computer the software is running on. The practice was discontinued on Thursday, when Skype was updated to version

"It is quite normal to look at indicators that uniquely identify the platform and there is nothing secret about reading hardware parameters from the BIOS," Skype's blog author, Kurt Sauer, assured us. He also says Skype never retrieved any of this data. We're not sure that's the point.

Skype goes to great lengths [2] to assure users they will not be fed spyware, which the eBay-owned VOIP provider defines as "software that becomes installed on computer without the informed consent or knowledge of the computer’s owner and covertly transmits or receives data to or from a remote host." What's more, we were unable to find terms of service the spells out what EasyBits does with the information it gathers on Skype users.

It's also hard to take Skype's nothing-to-see-here notification at face value because of the lengths the software goes to conceal its snooping. As documented [3] in the Pagetable blog, the Skype snoopware runs a .com file and prevents the more curious users among us from reading it. Were it not for errors it was giving users of 64-bit versions, we'd probably still be in the dark.

Skype's decision to remove the EasyBits DRM feature is a good start. Time now for an apology and an explanation of what has been done with the information already collected. ®