More Awesome Than You!

I have a game that I registered using a *coughkeygencough* and for some reason it repeatedly tries to hijack my web browser. I don't think this is the *coughkeygencough*'s fault, since none of the other games do this.

It doesn't do anything if I'm just playing the game. But, if I start a web browser while the game is running, and then go to any website, I get a popup saying that the game has "modified the memory of iexplorer.exe in memory." It does the same thing to Firefox.

I deny this action, which causes the website to not load. Then I can't load any websites until I restart my web browser. After restarting my web browser everything works fine and it doesn't try to hijack it again... for a while, anyway.

Is this game trying to get me busted? Or is the firewall acting crazy? What does that message mean, anyway?

Sounds like spyware antics to me. When is the last time you did a deep scan of your system for malware?

No program should ever be allowed to modify the memory of a third-party program. This is exactly how trojan horses work: they attach themselves to a legit process like a web browser, and do their damage in the background.

Might be the game, or the keygen.

This is not entirely true: There are legitimate reasons for why a program would modify the memory of another program: Debuggers, cheat programs, and even some forms of cracks and hiding software all have legitimate reasons for why they would modify the memory or executable space of a third-party program.

Most likely, however, in this case, the behavior is that of Evil Spywares.

I had my browser doing something similar for awhile although not using the game as an excuse. It was then that i realized that my boyfriend looks at porn and doesn't run the virus scan or ad-aware afterward. I don't care if he looks at pron but he will not infect my computer by his own stupidity! I now badger him to run them after such use and run them twice a week anyway.

I use CPF 3.0.2.5 Alpha (it's still somewhat unstable and you have to sign up to get it), and this is what pops up whenever I get a global hook.

(http://img378.imageshack.us/img378/3082/comodohipsglobalhookvw0.png)

I've noticed that CPF 2.4 displays some really odd messages when it comes to web browsers saying something like "Photoshop wants to inject a hook into Firefox" or "Some setup program wants to inject a hook into Firefox".  Like you said, if you deny these then it'll prevent your browser from connecting to anything.  This is one of the reasons I stopped using it.

I found tons of adware. Looks like the game and keygen had nothing to do with it after all, since I seem to have been infected yesterday. It probably hitched a ride with some stuff I downloaded from NoNags.

*sigh of relief*

Now I can go back to stealing from Reflexive with a clear conscience....

NoNags, the one whose Yahoo! listing says "Offers freeware programs with no viruses, spyware, or trojans."  :-X

Well, if you have a NoNags membership, which you have to pay for, I guess they scan everything you download. But if you don't, then you're downloading from individual publishers' sites. So it isn't much safer than just finding those sites on your own, I guess.