I’m on vacation right now. So I began my long planned task of improving my guitar skills with dusting off my electric guitar and putting on new strings. I have not yet cleaned & repaired my amp so I plugged the guitar into the PC and abused it as a makeshift amplifier. This worked surprisingly well, and before long I discovered a few guitar-centric websites where I found dedicated amplifier and DSP-effect software. The most promising one was GuitarFX, and with it my PC worked as a better amplifier (in terms of available effects) than my real hardware amp & effects ever worked. For those of you who dare, here is a first example 🙂
That was mostly on Saturday. Since I recommended a few links to BoingBoing during the weekend, I checked the site a few times. Already then I had a rather odd feeling, which was confirmed today: both BoingBoing and Lifehacker show a statistically above-average amount of guitar-, guitar-amplifier and guitar-effect related ads:
I was pretty surprised to see such targeted ads. Actually I never saw targeted ads to such an extent before. But only after similar ads showed up on Yahoo as well I started to realize that someone has hijacked my browser. So I ran virus and spyware checkers – but they didn’t find anything special. I did a thorough run around the Windows startup options only to find nothing. So I had a closer look at the ads and finally clicked the “Remove these ads” button. This transferred me to a site which said:
Annoying ads in your internet browser? Don’t scream like a baby! You have ads in your TV, but you don’t panic even you can’t remove ads from your TV.
The site showed a few links – one redirects to a Google sponsored Firefox download promising FF does remove ALL banners, and another one to payable (sic!) banner removing software. OK, so where has this bugger embedded itself into my system? The ads are showing up in Firefox and Internet Explorer, so it must be pretty low level. One link dubbed “recommendations for stupid beginners” had something interesting to say:
Special notes for GuitarFX users: you must uninstall this software via Windows Control Panel. Sometime you must install it and then uninstall immediatly, this helps in 100%. Note: you was informed about ads in the licence.txt file of GuitarFX, if you run it, you agree to see ads. Uninstall it via Windows Control Panel and do not see ads.
A-ha! So it was GuitarFX! Unfortunetaly the mentioned licencse.txt file wasn’t there, but there was a readme.txt and it said:
The Demo version can change your default home page in Internet Explorer and can show banners or other ads and can visit some www pages that can content banners, other ads and standard internet counters wich can track info available via internet and internet explorer you use and, may be, some other tech info about GuitarFX itself and your PC hardware and software. […] Use of this software indicates you agree to this.
My IE hompage is protected so this one could not have been changed. So I dug a bit deeper in the installed software and finally
found a small batch-file which had the timestamp of the installation of GuitarFX and which was manipulating my hosts-file:
copy C:\WINDOWS\system32\drivers\etc\hosts.001 C:\WINDOWS\system32\drivers\etc\hosts
copy C:\WINDOWS\system32\drivers\etc\hostsb C:\WINDOWS\system32\drivers\etc\hosts
That was the culprit! I thought my hosts file was write protected – but maybe the software did clear that too. I gave Spybot S&D a run at it, filled it with its default entries and write protected it again – and now the ads are not showing anymore.
I’m pretty disappointed about this behaviour. The program looked good and was very versatile – I was even considering to buy the full version. But implanting spyware on my system is so out of bounds! I should have been warned though. The creaters of GuitarFX made such a pathetic approach at search engine spamming, distributing their program across various domains and Geocities accounts. It made me smile inwardly. But they caught me. They did. And that’s the part that really surprised me since I consider myself a Pro at spotting shady methods like that.
So, beware of GuitarFX (.net, .org, .info) – unless you want to get your browsers hijacked! Gladley there are alternatives who are playing fair. I’m currently evaluating Guitar FX Box and it looks good.