Backweb.exe file

[JustLookin]

Does anyone know what the file backweb-7288974.exe is ??
This file is trying to access the net but I've stopped it with my
firewall.
Thanks for your help.

Cheers.

 

[nicky]

Does anyone know what the file backweb-7288974.exe is ??
This file is trying to access the net but I've stopped it with my
firewall.
Thanks for your help.

Cheers.

A quick Google shows it to be spyware. Download Spybot S+D or Ad-aware to
clean spyware from your system:

Ad-Aware:
http://www.lavasoft.de/software/adaware/
Spybot:
http://security.kolla.de/

Nicky

 

[JustLookin]

Thanks for the info everyone. I found out that it was installed by
several programs. Logitec (my webcam), Kodak (my digital cam) and
Media Player among them.
So it is very common and is installed without your knowing or consent.
Now if I delete the lot, and there is heaps of files related to
Backweb, I'm worried that it will affect the performance of my
computer. I'll just have to see what happens I spose :-(

 

[Jeffrey A. Setaro]

Does anyone know what the file backweb-7288974.exe is ??
This file is trying to access the net but I've stopped it with my
firewall.

Thanks for your help.

Your welcome.

--
Cheers-

Jeff Setaro
(e-mail address removed)
http://people.mags.net/jasetaro/
PGP Key IDs DH/DSS: 0x5D41429D RSA: 0x599D2A99 New RSA: 0xA19EBD34

 

[nicky]

This is where a "quick search of google" fails you.
The "Backweb" application has many legitimate uses.
Removing it with Ad-Aware might just result in no longer
having your AV definitions autoupdate. It is a legitimate
autoupdating service which has also been abused by adware
and spyware.

Would Ad-aware not recognise it as being a legit auto update file for his AV
(if thats what it turns out to be) rather than the spyware element tagged
onto other applications? I thought Ad-aware would only alert on spyware and
wouldn't alert on legit files.

Nicky

 

[Sugien]

Would Ad-aware not recognise it as being a legit auto update file for his AV
(if thats what it turns out to be) rather than the spyware element tagged
onto other applications? I thought Ad-aware would only alert on spyware and
wouldn't alert on legit files.

Nicky

Legitimate files *can* be (and are) used maliciously

 

[FromTheRafters]

Would Ad-aware not recognise it as being a legit auto update file for his AV
(if thats what it turns out to be) rather than the spyware element tagged
onto other applications? I thought Ad-aware would only alert on spyware and
wouldn't alert on legit files.

One would hope so, but the mere presence of that application
trying to access the internet is not necessarily an indication of
plunderware. IIRC someone had Ad-Aware alert on one once
and asked about it here, and a registry search indicated it was
a legit (?) (printer related?) update application.

I would be interested to know if indeed Ad-Aware and Spybot
Search and Destroy were able to discriminate between legit and
non-legit use of this application.

 

[FromTheRafters]

Legitimate files *can* be (and are) used maliciously

Yes, but the question here is whether or not adware and or spyware
detection programs are capable of discerning the difference.

Nicky may be right, but I think I remember at least one instance
of falsely alerting to a legit "backweb" as spyware.

 

[S.Heenan]

I would be interested to know if indeed Ad-Aware and Spybot
Search and Destroy were able to discriminate between legit and
non-legit use of this application.

F-Secure Anti-Virus2003 uses Backweb as a means of providing updates. Spybot
S&D ver1.2 detects it by default. Deleting any of the ~20 registry entries
renders the anti-virus application inoperable. I don't recall how Ad-Aware
regards Backweb.

 

[Sugien]

Yes, but the question here is whether or not adware and or spyware
detection programs are capable of discerning the difference.

Nicky may be right, but I think I remember at least one instance
of falsely alerting to a legit "backweb" as spyware.

I am not so sure they ( adware and or spyware detection programs ) can tell
the difference; because the same back web can be used by 2 different
applications at the same time , one legitimate and one not there for the
adware and or spyware detection programs would have to be far more powerful
then they are currently and would have to key on running processes instead
of *just* the name of the suspected adware. Hmmmm, I wonder if one were to
rename a backweb.exe file and then simply call and pipe into it using the
changed name if the adware and or spyware detection programs would still
find it? I don't think so; because I think as it stands now they are using
a simple library or list type of detection iow just going by the name of the
offending software and a simple renaming of it would bypass the detection by
the most popular adware and or spyware
detection programs.

 

[David W. Hodgins]

I would be interested to know if indeed Ad-Aware and Spybot
Search and Destroy were able to discriminate between legit and
non-legit use of this application.

No.

I came across a copy included with WD diagnostic software. Spybot
identifies it, and very clearly warns you that whatever software it
accompanied may no longer function, if you choose to remove it. I
have yet to see any software fail without it, although I understand
there are some cheap games that will.

Regards, Dave Hodgins

 

[sam yintong]

did i see backweb in a recent version of f-secure??

sam

 

[Robert Moir]

Would Ad-aware not recognise it as being a legit auto update file for
his AV (if thats what it turns out to be) rather than the spyware
element tagged onto other applications? I thought Ad-aware would only
alert on spyware and wouldn't alert on legit files.

Then you thought incorrectly. Ad-Aware (and other spyware scanners, this
isn't pick on ad-aware day) can only alert on a suspicious file or registry
setting being present. It has no idea of context, e.g. if a file that can
either be used for either good or bad purposes is being used for good this
time, and it can't tell if you have decided to live with a piece of evil
spyware because some "freeware" you totally love will not run unless that
spyware is present.

 

[Robert Moir]

FromTheRafters wrote:

I would be interested to know if indeed Ad-Aware and Spybot
Search and Destroy were able to discriminate between legit and
non-legit use of this application.

I can concur with s. heehan's example of F-Secure's backweb updater being
picked up as spyware despite being a clear install option and a legit one
too.

 

[nicky]

Then you thought incorrectly. Ad-Aware (and other spyware scanners, this
isn't pick on ad-aware day) can only alert on a suspicious file or registry
setting being present. It has no idea of context, e.g. if a file that can
either be used for either good or bad purposes

So is the file the same whether it is good, eg AV updater or bad eg spyware?
The OP's file had a string of numbers in it which I would assume would act
as some sort of identifier.

is being used for good this

time, and it can't tell if you have decided to live with a piece of evil
spyware because some "freeware" you totally love will not run unless that
spyware is present.

within S+D (not sure about ad-aware) you can see where the full file path
so that you can easily see what files are associated with what software.

Rob

Nicky

 

[Gregg Cattanach]

One would hope so, but the mere presence of that application
trying to access the internet is not necessarily an indication of
plunderware. IIRC someone had Ad-Aware alert on one once
and asked about it here, and a registry search indicated it was
a legit (?) (printer related?) update application.

I would be interested to know if indeed Ad-Aware and Spybot
Search and Destroy were able to discriminate between legit and
non-legit use of this application.

I had a .dll flagged by Ad-Aware that is a legitimate part of a software
development suite that I use, but it thought it was a 'TimeSink' spyware
file. This detection was simply on the file name alone, 'tsad.dll'. The
file size and signature are most certainly different between the two.
Another example was a file 'dw.exe' which is piece of freeware I have to
cycle my wallpaper (Desktop Wizard), but Ad-Aware thought it was a dataminer
program.

You must look carefully at what Ad-Aware is suggesting you delete. However,
I heartily recommend Ad-Aware and SpyBot S&D. Anyone that surfs the web
should use them.

Gregg C.

 

[=?ISO-8859-1?Q?=BBQ=AB?=]

I would be interested to know if indeed Ad-Aware and Spybot
Search and Destroy were able to discriminate between legit and
non-legit use of this application.

Me too.

Backweb can be used as a stand-alone pull client. McAfee used to come
with a branded version of Backweb to pull definition updates; iirc it
was labeled 'SecureCast.' It was completely separate from the McAfee
installation, and it was a full Backweb client, i.e. it could be used
to pull from other 'channels' than just McAfee's. The whole thing was
pretty transparent and configurable, and it did not seem to be spyware
at all.

But Backweb technology can certainly be used as spyware, and the
Backweb people don't seem to care how their products are used as long
as they get paid. I would think it difficult for Ad-Aware or Spybot to
determine whether or not any given Backweb component is spyware or not.
In any case, those apps should provide a clear warning of possible
consequences if they offer automagic Backweb removal. Backweb's
partners include some heavy hitters (NAI, IBM, SAP, F-Secure).

 

[null]

Me too.

Backweb can be used as a stand-alone pull client. McAfee used to come
with a branded version of Backweb to pull definition updates; iirc it
was labeled 'SecureCast.' It was completely separate from the McAfee
installation, and it was a full Backweb client, i.e. it could be used
to pull from other 'channels' than just McAfee's. The whole thing was
pretty transparent and configurable, and it did not seem to be spyware
at all.

But Backweb technology can certainly be used as spyware, and the
Backweb people don't seem to care how their products are used as long
as they get paid. I would think it difficult for Ad-Aware or Spybot to
determine whether or not any given Backweb component is spyware or not.
In any case, those apps should provide a clear warning of possible
consequences if they offer automagic Backweb removal. Backweb's
partners include some heavy hitters (NAI, IBM, SAP, F-Secure).

Those "heavy hitters" certainly don't impress me in this regard. Trust
noone when it comes to spyware. I wouldn't use any app that required
BackWeb. It's been uninstalled from my PC and I don't miss it one bit.
It, along with a Multimedia Keyboard mess that came with my Hp
Pavilion are all long gone since they're loaded with suspicious and
unwanted internet callouts. I prefer running a clean machine



Art
http://www.epix.net/~artnpeg

 

[FromTheRafters]

F-Secure Anti-Virus2003 uses Backweb as a means of providing updates. Spybot
S&D ver1.2 detects it by default. Deleting any of the ~20 registry entries
renders the anti-virus application inoperable. I don't recall how Ad-Aware
regards Backweb.

I certainly hope either program will advise the user of the possible
consequences of making changes without due consideration.

 

[FromTheRafters]

No.

I came across a copy included with WD diagnostic software. Spybot
identifies it, and very clearly warns you that whatever software it
accompanied may no longer function, if you choose to remove it.

This is a good thing, but would someone know if their AV's autoupdate
feature were suddenly disabled by the absence of Backweb?

I have yet to see any software fail without it, although I understand
there are some cheap games that will.

....and some AV's