Anybody heard of Play 2p ? Is it Spyware ?

  • Thread starter Thread starter davexnet
  • Start date Start date
D

davexnet

My 13 year old son was, apparently, browsing some unsavory websites on
my PC last night. About an hour after he went to bed, I returned to the PC
and see this "Play 2p" icon in the tray - apparently uploading *something*
to the internet at 60 % of my bandwidth.
I couldn't find any more info because I couldn't find a GUI. What
was it uploading ?

I was able to stop it, and a quick look at the internet revealed very little
info
about his app. There was nothing in add/remove programs, but I did find a
an associated uninstall program for it, in the hidden folder
\documents and setting\userid\recent

Furthermore, my Avast anti-virus didn't flag anything and the
realtime mode of Windows Defender had been disabled.

I attempted to use System Restore, but it failed.

At this point, Play 2p appears to be uninstalled; Spybot Search and
Destroy and Malwarebytes hasn't found anything. I'm going to
disable/re-enable system restore so it starts fresh.

Any info or tips to proceed appreciated. (OS is XP sp3/IE 8/Firefox)
According to the IE 8 History, at least some of my son's extra-curricular
browsing was done in there,
with records of 3 links to adult WMV video's.
Dave
 
Hello Dave,

I would suggest staying on the side of caution... D/L and install
Siteadvisor or TrendProtect , also install SpywareBlaster

TrendProtect
<http://www.trendsecure.com/portal/en-US/tools/security_tools/trendprotect>
TrendProtect is a FREE browser plug-in that helps you avoid Web pages with
unwanted content and hidden threats. TrendProtect rates the current page and
pages listed in Google, MSN, and Yahoo search results. You can use the rating
to decide if you want to visit or avoid a given Web page. To rate Web pages,
TrendProtect refers to an extensive database that covers the following
information for billions of Web pages:

OR

One more great application for safer surfing is to use Siteadvisor.
<http://www.siteadvisor.com/>



SPYWAREBLASTER - <http://www.javacoolsoftware.com/spywareblaster.html>
(Prevents malware Active X installs, blocks spyware/tracking cookies, and
restricts the actions of potentially dangerous sites) (BTW, SpyWareBlaster is
not memory resident ... no CPU or memory load - but keep it UPDATED) The
latest version as of this writing will prevent installation or prevent the
malware from running if it is already installed, and, additionally, it
provides information about and fixit-links for a variety of parasites.
Tutorial here:
<http://www.bleepingcomputer.com/forums/tutorial49.html>
One additional feature of SpywareBlaster is the ability to add your own
supplemental Custom Blocking CLSIDs. Some directions for manually adding
these can be found here:
<http://www.wilderssecurity.com/showthread.php?t=13684>

YOU and your son, must have the expertise since it is your or his choices
and education that dictate how secure is your system.


I hope this post is helpful, let us know how it works ºut.

Ǝиçεl
-=-
 
Hello Dave,

I would suggest staying on the side of caution... D/L and install
Siteadvisor or TrendProtect , also install SpywareBlaster

TrendProtect
<http://www.trendsecure.com/portal/en-US/tools/security_tools/trendprotect>
TrendProtect is a FREE browser plug-in that helps you avoid Web pages with
unwanted content and hidden threats. TrendProtect rates the current page and
pages listed in Google, MSN, and Yahoo search results. You can use the rating
to decide if you want to visit or avoid a given Web page. To rate Web pages,
TrendProtect refers to an extensive database that covers the following
information for billions of Web pages:

OR

One more great application for safer surfing is to use Siteadvisor.
<http://www.siteadvisor.com/>



SPYWAREBLASTER - <http://www.javacoolsoftware.com/spywareblaster.html>
(Prevents malware Active X installs, blocks spyware/tracking cookies, and
restricts the actions of potentially dangerous sites) (BTW, SpyWareBlaster is
not memory resident ... no CPU or memory load - but keep it UPDATED) The
latest version as of this writing will prevent installation or prevent the
malware from running if it is already installed, and, additionally, it
provides information about and fixit-links for a variety of parasites.
Tutorial here:
<http://www.bleepingcomputer.com/forums/tutorial49.html>
One additional feature of SpywareBlaster is the ability to add your own
supplemental Custom Blocking CLSIDs. Some directions for manually adding
these can be found here:
<http://www.wilderssecurity.com/showthread.php?t=13684>

YOU and your son, must have the expertise since it is your or his choices
and education that dictate how secure is your system.


I hope this post is helpful, let us know how it works ºut.

Ǝиçεl
-=-
 
Thanks.
I'll take a look at your previous post to see what I can incorporate.
siteadvisor sounds interesting.
I already have Avast anti-virus, SS&D, Malwarebytes & Windows Defender.
Avast and WD operating in realtime, but the exploits get in as if they
weren't there. It's pathetic really.
In this case, I'm unable to tell if the exploit was from Firefox or IE 8.
I don't thinks any activex or BHO were installed.

I'm quite aware of the risks and behave accordingly. My son, however,
is not.. He's just a normal 13 year old. Doesn't know anything about
malware.

Play2p may not be malicious in the strictest sense,
but I don't like the way it seems to hide itself.
There's not entry in add/remove and the uninstall executable
is in a hidden folder. Doesn't exactly inspire confidence in it.

This seems to be the home page, but there is very little info:
http://www.play2p.com/technology.html

Dave
 
Thanks.
I'll take a look at your previous post to see what I can incorporate.
siteadvisor sounds interesting.
I already have Avast anti-virus, SS&D, Malwarebytes & Windows Defender.
Avast and WD operating in realtime, but the exploits get in as if they
weren't there. It's pathetic really.
In this case, I'm unable to tell if the exploit was from Firefox or IE 8.
I don't thinks any activex or BHO were installed.

I'm quite aware of the risks and behave accordingly. My son, however,
is not.. He's just a normal 13 year old. Doesn't know anything about
malware.

Play2p may not be malicious in the strictest sense,
but I don't like the way it seems to hide itself.
There's not entry in add/remove and the uninstall executable
is in a hidden folder. Doesn't exactly inspire confidence in it.

This seems to be the home page, but there is very little info:
http://www.play2p.com/technology.html

Dave
 
I found a link to such a video on my 13 year old daughters machine about a
year back. I put in Windows Live family safety, and it was such a pain for
both of us that I eventually removed it again--she never asked why I put it
in, but she was clear that it wasn't needed, and I think she learned a
lesson--primarily from what she looked at...

Can you spot an executable? Submit it to virustotal? This sounds like it
might be some sort of peer-to-peer app, maybe unrelated to the adult videos?
 
Hmm - so this is a bittorrent implementation for flash or other videos. Not
good, I suspect--nothing wrong with the technology--it's the question of
what content is involved.

In a p2p situation, your resources are being used by others. Should there
be illegal content for example, it might be on your machine, even if you (or
he) are not looking at that particular file.

I think it is time to talk about the risks involved--at least from a
technological standpoint, and maybe about the actual content as well...
 
Hi Bill, play2p is uninstalled now. I found the uninstall program in the
following hidden folder:
documents and settings/userid/recent/play2p

I took a chance, ran the uninstall.exe, it asked me if I really wanted to
uninstall, I did it,
and now it seems as if it's gone.
It was uploading something, but I never found what.

I'm wondering if the exploit was from the WMV itself - I've heard a little
about
vulnerabilities still existing, even with patched WMP 10?

Dave

PS I thought very carefully about installing some "family" software as you
did,
or even one of those "spy" programs that record all the activity so you can
review it all later.
I decided against it. I know what he occasionally gets up to, I don't need
to see the gory
details. For now, I've restricted him to the older and slower computer in
the family room,
rather than the PC in my bedroom - where he was essentially alone.
He doesn't have his own -my wife absolutely refuses to entertain the idea
until he's a bit older (and more resonsible!). Obviously that's a parenting
issue,
and every family dynamic is different.
 
Back
Top