This morning at 9:59 AM local time, a dialog from an unknown app popped up and asked me if it could install Adobe’s Flash player. My reaction is the one everyone should have in response to things like this: Don’t click. Stop and think. I’ve been around for awhile and I’m not stupid. I’d never heard of EasyBits Go and certainly hadn’t installed it on my system. I brought up Windows Task Manager, and sure as hell, there was a process running called easybitsgo.exe. Worse, there was an icon on my desktop that hadn’t been there a few minutes before. And the dialog had a blatant misspelling on it. “Do you wan to install it now?”
Talk about red flags!
I immediately did a search for EasyBitsGo.exe on my system, and found the executable at Documents and Settings/All Users/Application Data/Easybits GO/ There are several subfolders as well. There was an app listed in the Add or Remove Programs applet. There was a folder (dated a few minutes later) called “go” in my user tree under Application Data. It contains some kind of a log. Last and worst of all, there were Registry keys in the HKEY_CURRENT_USER subtree under Software/EasyBits.
Only after gathering that data (and taking a quick look on Google, which showed almost nothing) did I begin removing it. Online postings just a few minutes old verified my suspicion: It had ridden in on Skype. I was using Skype at 10 AM when the dialog popped up. I did not have a browser open, and in fact was not doing anything unusual. (I was editing an Odd Lots entry for Contra.)
EasyBits is a real company, and they created and have been running Skype Game Channel for some years now. I’m not a gamer and hadn’t run across them before, but they have some history, and don’t appear to be malware vendors. (This does not mean that malware could not impersonate them.) Nonetheless, however they had pulled it off, what they’d done was utterly unacceptable: They’d installed a whole app with no obvious connection to Skype without any warning, much less any request for permission.
Too, too much. I may be done with Skype. Still thinking about that. In the meantime, if this happened to you as well, here’s how to fix it, at least under XP:
- In Skype, select menu option Tools | Options | Advanced, and un-check Automatically Start Extras. Click Save.
- Shut down Skype.
- Bring up Task Manager. If the EasyBits GO dialog is still visible, EasyBitsGO.exe is probably running. Kill it. The box will vanish. (Kill the process even if you’ve already closed the dialog.)
- Make sure the SkypePM.exe process is not running. If it is, kill it.
- Go to the Add or Remove Programs applet and uninstall EasyBits GO. It uninstalls almost instantly, which suggests that nothing is actually being uninstalled. This was the case as best I could tell.
- Find the folder tree at Documents and Settings/All Users/Application Data/Easybits GO/ and delete it.
- Go to the Application Data folder tree under the user that was active when the damned thing installed, and find the go folder. (It contains some kind of log file.) Delete it.
- Go to the Windows/Prefetch directory and look for the file EASYBITSGO.EXE-364DAFD6.pf and delete it.
- Search for and delete all instances of ezPMUtils.dll. They may be in different locations depending on your version of Windows.
- If you’re comfortable editing the Registry, get rid of the keys at Software/EasyBits as shown in the screenshot above.
- Reboot. Theoretically that should do it, but if Skype could push this thing down to countless users without their knowledge once, it could do so again.
- After rebooting, I think it might make sense to update your virus scanner signature database and do a full scan on your system.
So whatthehell is going on here? There’s still not a great deal online, but I’m seeing more and more angry people posting every hour. I have a guess: EasyBits paid Skype for the install. This is the crapware business model, in which a company pays a hardware or (less often) software vendor to install stuff that the customer did not ask for, and pays by the install. This is typically trial version software, and the crapware vendor benefits when customers cluelessly upgrade to paid versions.
The crapware business model is why I no longer buy retail PCs, which come so clogged with crapware that they can barely move. I buy either custom-built machines or used corporate machines like the SX280 USFF, which were never retail machines to begin with and came with no crapware at all.
Cheap or free stuff is often less cheap or less free than its vendors imply. Crapware is one reason retail PCs are as cheap as they are. Dell, HP, and the others take a certain profit on each retail PC selling crapware slots. Absent the crapware, the machine would cost more. I buy new custom locally or used on eBay, and the machines are as cheap as new retail PCs and work a lot better. (Why does a four-year-old P4 2.6 GHz corporate box go so much faster than a current Core 2 Quad 3 GHz retail PC? Crapware.)
This is a guess, but it makes sense. Why else but money would Skype do something so absolutely certain to get them crucified in the blogosphere? With my tinfoil hat on I could imagine that certain parties at Skype aren’t happy with being assimilated by the Borg and are getting some parting shots in. It’s too late to foul the deal, but anything that makes Ballmer itch in bad places might be worth it to them.
Finally, if this happened to you, let me know in the comments or by email. It seems like a lot of people got hit with this, at least those running current versions of Skype. What if the entire installed base of current Skype instances pushed EasyBits Go down the pipe and onto user desktops? That would be a freaky thing indeed, and will make them a Mordor horde of enemies. Stay tuned.
UPDATE: I cranked up an old XP SP2 machine with Skype 5 installed this afternoon and so far, the EasyBits install hasn’t happened. Will leave it on tonight and check it in the morning. It may be that the install requires SP3, Vista, or Win7.