Jeff Duntemann's Contrapositive Diary Rotating Header Image

May 28th, 2011:

EasyBits GO, Skype, and The Crapware Problem

EasyBitsGoDialog.jpgThis morning at 9:59 AM local time, a dialog from an unknown app popped up and asked me if it could install Adobe’s Flash player. My reaction is the one everyone should have in response to things like this: Don’t click. Stop and think. I’ve been around for awhile and I’m not stupid. I’d never heard of EasyBits Go and certainly hadn’t installed it on my system. I brought up Windows Task Manager, and sure as hell, there was a process running called easybitsgo.exe. Worse, there was an icon on my desktop that hadn’t been there a few minutes before. And the dialog had a blatant misspelling on it. “Do you wan to install it now?”

Talk about red flags!

EasyBitsRegistryKeys.jpgI immediately did a search for EasyBitsGo.exe on my system, and found the executable at Documents and Settings/All Users/Application Data/Easybits GO/ There are several subfolders as well. There was an app listed in the Add or Remove Programs applet. There was a folder (dated a few minutes later) called “go” in my user tree under Application Data. It contains some kind of a log. Last and worst of all, there were Registry keys in the HKEY_CURRENT_USER subtree under Software/EasyBits.

Only after gathering that data (and taking a quick look on Google, which showed almost nothing) did I begin removing it. Online postings just a few minutes old verified my suspicion: It had ridden in on Skype. I was using Skype at 10 AM when the dialog popped up. I did not have a browser open, and in fact was not doing anything unusual. (I was editing an Odd Lots entry for Contra.)

EasyBits is a real company, and they created and have been running Skype Game Channel for some years now. I’m not a gamer and hadn’t run across them before, but they have some history, and don’t appear to be malware vendors. (This does not mean that malware could not impersonate them.) Nonetheless, however they had pulled it off, what they’d done was utterly unacceptable: They’d installed a whole app with no obvious connection to Skype without any warning, much less any request for permission.

Too, too much. I may be done with Skype. Still thinking about that. In the meantime, if this happened to you as well, here’s how to fix it, at least under XP:

  1. In Skype, select menu option Tools | Options | Advanced, and un-check Automatically Start Extras. Click Save.
  2. Shut down Skype.
  3. Bring up Task Manager. If the EasyBits GO dialog is still visible, EasyBitsGO.exe is probably running. Kill it. The box will vanish. (Kill the process even if you’ve already closed the dialog.)
  4. Make sure the SkypePM.exe process is not running. If it is, kill it.
  5. Go to the Add or Remove Programs applet and uninstall EasyBits GO. It uninstalls almost instantly, which suggests that nothing is actually being uninstalled. This was the case as best I could tell.
  6. Find the folder tree at Documents and Settings/All Users/Application Data/Easybits GO/ and delete it.
  7. Go to the Application Data folder tree under the user that was active when the damned thing installed, and find the go folder. (It contains some kind of log file.) Delete it.
  8. Go to the Windows/Prefetch directory and look for the file EASYBITSGO.EXE-364DAFD6.pf and delete it.
  9. Search for and delete all instances of ezPMUtils.dll. They may be in different locations depending on your version of Windows.
  10. If you’re comfortable editing the Registry, get rid of the keys at Software/EasyBits as shown in the screenshot above.
  11. Reboot. Theoretically that should do it, but if Skype could push this thing down to countless users without their knowledge once, it could do so again.
  12. After rebooting, I think it might make sense to update your virus scanner signature database and do a full scan on your system.

So whatthehell is going on here? There’s still not a great deal online, but I’m seeing more and more angry people posting every hour. I have a guess: EasyBits paid Skype for the install. This is the crapware business model, in which a company pays a hardware or (less often) software vendor to install stuff that the customer did not ask for, and pays by the install. This is typically trial version software, and the crapware vendor benefits when customers cluelessly upgrade to paid versions.

The crapware business model is why I no longer buy retail PCs, which come so clogged with crapware that they can barely move. I buy either custom-built machines or used corporate machines like the SX280 USFF, which were never retail machines to begin with and came with no crapware at all.

Cheap or free stuff is often less cheap or less free than its vendors imply. Crapware is one reason retail PCs are as cheap as they are. Dell, HP, and the others take a certain profit on each retail PC selling crapware slots. Absent the crapware, the machine would cost more. I buy new custom locally or used on eBay, and the machines are as cheap as new retail PCs and work a lot better. (Why does a four-year-old P4 2.6 GHz corporate box go so much faster than a current Core 2 Quad 3 GHz retail PC? Crapware.)

This is a guess, but it makes sense. Why else but money would Skype do something so absolutely certain to get them crucified in the blogosphere? With my tinfoil hat on I could imagine that certain parties at Skype aren’t happy with being assimilated by the Borg and are getting some parting shots in. It’s too late to foul the deal, but anything that makes Ballmer itch in bad places might be worth it to them.

Finally, if this happened to you, let me know in the comments or by email. It seems like a lot of people got hit with this, at least those running current versions of Skype. What if the entire installed base of current Skype instances pushed EasyBits Go down the pipe and onto user desktops? That would be a freaky thing indeed, and will make them a Mordor horde of enemies. Stay tuned.

UPDATE: I cranked up an old XP SP2 machine with Skype 5 installed this afternoon and so far, the EasyBits install hasn’t happened. Will leave it on tonight and check it in the morning. It may be that the install requires SP3, Vista, or Win7.

Odd Lots

  • Heads up here; this is important: Something called EasyBitsGo.exe appeared in a directory under Documents and Settings/Application Data/All Users this morning about half an hour ago. The executable was already installed and running and wanted permission to install Flash Player. (I do not allow Flash Player on Windows machines, as it’s exploit fertilizer.) The timestamp on the executable’s directory tree indicated that it had been installed no more than a minute before it popped up. There appears to be a Skype connection, and I was using Skype at the time. Be careful. If you see it, close Skype, kill the easybitsgo.exe process in Task Manager to close it, and then nuke that directory. Then go to Add/Remove Programs and uninstall it. Reboot. If Skype did in fact install this thing without asking, it may be the beginning of the end of my own use of Skype.
  • Per the above: Launch Skype. Select Tools | Options | Advanced, and un-check Automatically Start Extras. Then reboot again and make sure it’s not still running.
  • All RAMmed up and nowhere to go: KingMax has announced a 64GB MicroSDXC card…and there’s almost nothing on the market that will use that much storage in one chunk. If we’ve learned nothing else in the last thirty years, it’s that “barriers” are a mark of either hardware vendor cheapouts, or software vendor incompetence. Are address lines so dear that we can’t raise the barriers to a level at least five years out? (I suggest 256 TB. Ok, six or seven years out.)
  • What if Babbage had outsourced tech support to the Pacific Rim? (Thanks to Ernie Marek for the link.)
  • Yet another longstanding dietary fetish is now in jeopardy. The case against salt always looked weak to me, in that it was clearly hazardous to people who already had certain kinds of heart disease, but that the case that it caused heart disease was mighty thin and mostly anecdotal. All roads continue to lead back to carbs, and especially sugar. More in coming days as time allows. (Thanks to Carol for the link.)
  • If just rooting your Nook Color isn’t quite enough, here’s a description of how to turn it into a complete Android tablet. If it sounds scary to you, well, you may not have the computing experience to do it; but when I read the article I thought, Sheesh, that’s easy. You can even boot from the SD slot to get a sense for the mod before making changes to device memory. The process appears to be reversible, and the mod allows you to use Bluetooth-capable GPS receivers and other Bluetooth devices. Given how cheap the NC is, I’m tempted to try it while I wait for the high-end slates like Xoom to mature.
  • We could maybe use a few more of these.