Source: Don Hankins (Flickr)

Adware peddler's computer filled with adware


Solving one of philosophy’s most confounding questions, adware purveyor Sendori was kind enough to post screenshots of how to remove their program in Windows, revealing just how much the support tech’s computer was stuffed to the gills with iffy software.

A little background: I found this gem while researching today’s featured story on hijacked HTTPS connections. Sendori’s software goes next level for adware, actually performing man in the middle attacks on infected users, though it isn’t clear whether it is passively logging the communications.

Most notably, it is known for hijacking DNS settings, redirecting users to URLs other than where they intended to go, and injecting ads on search engines and other places on the web in hopes that they appear to be native to those sites. Additionally, it seems to make changes to affected computers’ registries and other security settings that make them vulnerable to even more nefarious attacks.

Anyway, in the interest of running a legal (or at least quasi-legal) business, Sendori has posted uninstall instructions. While I’m not sure if those are really adequate to rid you of the malware, as these removal instructions on Bleeping Computer would suggest, they still are great for a laugh.

Check out the programs list in the image that shows you how to uninstall Sendori via Windows’s uninstaller:

Source: Sendori

Source: Sendori

Let’s review some of these bad boys:

  • join.me – while a basically legitimate piece of software, McAfee Site Advisor commenters seem to agree with my impression that this is a very spammy freeware product.
  • Mysearchdial – this is verifiably malware that also likes to log search queries and inject its own content into search results.
  • PassShow – another example of obvious adware of the sort you see “offered” to you when downloading free software. This one will display coupons and offers to the affected user in addition to redirecting to or injecting affiliated shopping links.
  • PureLeads – while it says it’s by “PureLeads,” this is also Sendori-owned software and also adware.
  • Search Protect – another nasty bit of malware that masquerades as something that “protects your search settings from takeover by third parties” according to its maker Conduit. Protects you from takeover from third parties by taking the settings over itself and bringing a bevy of trojans and other problematic elements along with it!
  • Shopop – you guessed it, more malware. This one also affects search, saying it helps you by combining multiple search engines.

It’s all almost too hilarious to be true. I don’t have any great explanations as to why somebody working for Sendori – and it’s clearly someone who works for them, as another screenshot in the tutorial reveals email conversations about the user license agreement for Sendori – would have so much of this stuff installed on their computer, especially considering most of it comes from other third parties.

Maybe companies like Sendori only hire people that wouldn’t know malware if…well, if it was colonizing their entire computer. Perhaps there is a huge conspiracy connecting all of these software makers. Of course, this doesn’t even begin to explain the presence of reputable, best-in-class malware removal tool MalwareBytes on this computer. Is it for show? If it’s there for show, why leave all of the other embarrassing software? So many questions unanswered here.

More importantly, what in the world is the search experience like on this computer? There would be a battle royale between all of this malware for control of search results.

Featured image by Don Hankins (Flickr).

Tags: Adware Funny Malware Technology Virus Alert Weird