Wild Tangent and F*$%&#* AOL

***thehorse13*** · April 4th, 2004, 02:35 PM

I noticed a large spike (586 events a minute) associated with updaterservice.wildtangent.com. After some poking around, I found that Wild Tangent is installed with version 5.5 of the AIM chat client. Now, I'm sure this has been mentioned before but I think it is worth another mention.

Anyway, SpyBot and Ad-Aware did *not* remove Wild Tangent when installed by AIM. I dug up some removal instructions that do work (I forget where I got them).

1. Close AIM
2. Open my computer and navigate to the folder \Program Files\AIM
3. Delete the file AIMWDInstall
4. Navigate to the folder \Program Files\AIM\Sysfiles
5. Delete the file AIMWDInstall (do not delete AIMWDUninstall)
6. Open add/remove programs in the control panel
7. Uninstall WildTangent multiplayer library
8. Uninstall WildTangent Web Driver
9. Uninstall WildTangent Updater
10. Restart the computer
11. Navigate to the folder C:\Program Files
12. Delete the WildTangent folder
13. Navigate to the folder C:\WINDOWS
14. Delete the wt folder
15. Open start/run and type regedit
16. Delete the key HKEY_LOCAL_MACHINE\SOFTWARE\WildTangent
17. Add the domain wildtangent.com to the IE restricted sites zone (even
if you don't use IE)
18. If this is the only user account on this PC you're done, if not keep
reading
19. Open regedit again
20. Navigate to the key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains
21. Right click on it and hit export
22. Type a name for the file and save it to C:\Documents and Settings\All
Users\Documents or any other place that all accounts can access
23. Log into each account, double click on the file, and hit yes in the
box that appears
24. You're done

This worked fine for me. Now I have to script it and blow it out to all the users who installed AIM 5.5.

GRRRRRRRRRRRRR!

***Tedob1*** · April 4th, 2004, 05:36 PM

thanks for this TH. although we dont "allow" AIM i still get some in the remote locations that do it. its been no biggie, i just call and ask them to please remove it armed with this info i can send every one a letter to all and post and article on the intranet site. hopefully you've saved me allot of work. sorry i couldn't have done that for you.

while gathering information on this i came accross an article which isnt particularly about aim 5.5 but its worth a look to be sure:

There are other things that AOL software does. For instance, some software such as Netscape and ICQ 2000b will insert free.aol.com into Internet Explorer's "Trusted" security zone. When you put a web site in the "Trusted" zone, Internet Explorer will allow that site to download, install and execute any piece of software completely without interaction with the user.

The reason for AOL inserting that entry became clear when we started spotting ActiveX files from free.aol.com in people's HijackThis log files at the message board. AOL is inserting their web site into the "Trusted" zone so that they can install software without the user knowing they are doing it!

http://www.computing.net/security/ww...orum/9665.html

***thehorse13*** · April 4th, 2004, 09:08 PM

Urgh! Thanks for the heads up Tedob1, I had no idea that AOL has gotten this sneaky. It's time to fire up group policy and add all of their domains to untrusted.

--TH13

***Tiger Shark*** · April 4th, 2004, 09:37 PM

AOL's login servers are blocked and IDS'ed on my network..... It's a business network and logging onto AOL is a non-business act, thus the IDS.

I see it this way.... I run a network for professionals..... AOL is for amateurs..... 'nuff said?

***thehorse13*** · April 5th, 2004, 11:38 AM

Yeah, I certainly agree. However, the use of AIM is a political issue that I have battled since day 1. Perhaps now I have a little more ammo.

Leave it to my pal Tiger to give me the needle!

Thread: Wild Tangent and F$%&# AOL

Thread Tools

Display