Is Earth Station 5 an "abnormal" P2P alternative?

Discussion in 'Spyware' started by PMS chick, Jul 7, 2003.

  1. PMS chick

    PMS chick Guest

    A few questions for the experts:

    I went through the trouble of installing E.S.5, and discovered the
    following strange things:


    1.
    Why does ES5 need so many ports?

    Facts:
    ES5 needs so many ports opened up at the router and the user has no
    control over changing the port numbers. Does anybody guess why the
    application needs more than 2 ports?

    Or do you know of any other applications using the same port numbers?
    The fact that there is no flexibility built into ES5 could simply be a
    poor design.


    2.
    Is there a decent Internet backbone connectivity in Gaza?

    Facts:
    I'm highly familiar with Israel, know many people there etc. It is more
    than unlikely that Gaza or the Westbank have any decent connection to a
    major Internet backbone which could supply the bandwidth to support such
    an endeavor. Does anybody have better information than my sources?


    3.
    Can anybody verify the address of the company?

    Facts:
    Checking the Whois for earthstation5.com used to reveal some address in
    Gaza.
    Neither myself nor any of my friends in Israel are permitted to travel in
    Gaza. Anybody with the rights to travel into Gaza, can they add any
    insights to the address?

    3.
    Did anybody store the original information reported by netsol.com?

    Facts:
    The Whois has now been disabled. Strange or not?



    4.
    The "company info" on the www.earthstation5.com


    Facts:
    Reading through the hilarious story of the "employees at ES 5" made me
    (not really) use Kleenex tissues.
    Any opinions?
    AFAIK the Middle East rather well, it is all to strange, and I am missing
    the typical mistake made in either "Hebrew-English" or "Arabic-English"



    5.
    No real P2P sources are available

    Facts:
    Not even searching for very popular items revealed any significant
    download sources. I used "Madonna", "Puff Daddy" etc.




    Needless to say I disabled the ports on my router, cleaned the installed
    files and directories to the best of my knowledge etc. And: I used it
    on my non production computer in the first place.



    Hope to hear many more interpretations from you.

    c.u. (or not) either way
     
    PMS chick, Jul 7, 2003
    #1
    1. Advertisements

  2. PMS chick

    -=ô;ö=- Guest

    |
    In regards to your questions, I may have posted it all in a below thread and what I did
    not fill in, others ferreting will..it seems all the IP's are from 1 MS source or
    another..strange..not really since MS and the RIAA are working together(more $$ for both)
    to throttle the P2P into their private domain, more "Pigolopolists" are helping another..

    did you check and clean your registry of all references to Excalibur???
    (not hidden in start up as I found with Magic Tweak, was not shown in a standard view)...

    Also Freeweb is also a bit intriguing too since I am not broadcasting anything to their
    servers after 4 weeks since deinstalling, why they keep probing for a custom port I
    configured???
     
    -=ô;ö=-, Jul 7, 2003
    #2
    1. Advertisements

  3. PMS chick

    Malev Guest

    inetnum: 213.152.100.0 - 213.152.101.255
    netname: EARTHSTATIONV
    descr: Peer to Peer Ebay Web Pages
    country: PS
    admin-c: RAS9905-RIPE
    tech-c: NKA9905-RIPE
    status: ASSIGNED PA
    notify:
    remarks: Speednet's #2002122740
    mnt-by: SPEEDNET-MNT
    mnt-routes: EARTHSV-MNT
    mnt-lower: EARTHSV-MNT
    changed: 20021231
    source: RIPE

    route: 213.152.100.0/24
    descr: Earthstationv
    origin: AS25276
    mnt-by: SPEEDNET-MNT
    changed: 20030225
    source: RIPE

    person: Ras Kabir
    address: 121 Gaza
    address: Gaza, Palestine
    phone: +972 673 51065
    fax-no: +972 673 51065
    e-mail:
    nic-hdl: RAS9905-RIPE
    changed: 20021119
    source: RIPE

    person: Nasser Kabir
    address: 121 Gasa
    address: Gaza, Palestine
    phone: +972 673 51065
    fax-no: +972 673 51065
    e-mail:
    nic-hdl: NKA9905-RIPE
    changed: 20021119
    source: RIPE
     
    Malev, Jul 7, 2003
    #3
  4. PMS chick

    -=ô;ö=- Guest

    Yes..but did you do a back trace orn the IP's also???


    |
    | >
    | >Facts:
    | >The Whois has now been disabled. Strange or not?
    | >
    | >
    | >
    | inetnum: 213.152.100.0 - 213.152.101.255
    | netname: EARTHSTATIONV
    | descr: Peer to Peer Ebay Web Pages
    | country: PS
    | admin-c: RAS9905-RIPE
    | tech-c: NKA9905-RIPE
    | status: ASSIGNED PA
    | notify:
    | remarks: Speednet's #2002122740
    | mnt-by: SPEEDNET-MNT
    | mnt-routes: EARTHSV-MNT
    | mnt-lower: EARTHSV-MNT
    | changed: 20021231
    | source: RIPE
    |
    | route: 213.152.100.0/24
    | descr: Earthstationv
    | origin: AS25276
    | mnt-by: SPEEDNET-MNT
    | changed: 20030225
    | source: RIPE
    |
    | person: Ras Kabir
    | address: 121 Gaza
    | address: Gaza, Palestine
    | phone: +972 673 51065
    | fax-no: +972 673 51065
    | e-mail:
    | nic-hdl: RAS9905-RIPE
    | changed: 20021119
    | source: RIPE
    |
    | person: Nasser Kabir
    | address: 121 Gasa
    | address: Gaza, Palestine
    | phone: +972 673 51065
    | fax-no: +972 673 51065
    | e-mail:
    | nic-hdl: NKA9905-RIPE
    | changed: 20021119
    | source: RIPE
    |
    |
    |
    |
     
    -=ô;ö=-, Jul 7, 2003
    #4
  5. PMS chick

    Anon Guest

    I must admit to being confused about references to spyware in ES5 called
    Excalibur. Adaware, spybot, TDS-3 and etrust virus scan showed zilch after
    several test installs of this program. Nothing in my win98 startup -
    although I didn't tick run at start up in ES5.

    Then I scanned the registry. Excalibur appears to be the name given to ES5
    for its registered componants. It is NOT the same as the Excalibur trojan
    which locates itself into the registry run services. The registry entries
    relate to ES5 program settings and don't look particularly unusual.

    As far as I can tell those claiming ES5 is installing the spyware program
    Excalibur (which is actually a trojan) are talking bollocks of the highest
    order.
     
    Anon, Jul 7, 2003
    #5
  6. PMS chick

    Secret Guest

    || I must admit to being confused about references to spyware in ES5
    || called Excalibur. Adaware, spybot, TDS-3 and etrust virus scan
    || showed zilch after several test installs of this program. Nothing in
    || my win98 startup - although I didn't tick run at start up in ES5.
    ||
    || Then I scanned the registry. Excalibur appears to be the name given
    || to ES5 for its registered componants. It is NOT the same as the
    || Excalibur trojan which locates itself into the registry run
    || services. The registry entries relate to ES5 program settings and
    || don't look particularly unusual.
    ||
    || As far as I can tell those claiming ES5 is installing the spyware
    || program Excalibur (which is actually a trojan) are talking bollocks
    || of the highest order.

    Pandasoftware can detect Excalibur, try a free online scan to see if
    anything was missed and let us know.
    http://www.pandasoftware.com/activescan/
     
    Secret, Jul 7, 2003
    #6
  7. PMS chick

    Anon Guest

    Thanks Secret - tried the online test. No Excalibur detected.
     
    Anon, Jul 8, 2003
    #7
  8. PMS chick

    Anon Guest

    Also tried the Cleaner trojan detector. Still no Excalibur.

    So to recap, three installs of ES5 including full and beta versions, no
    Excalibur showed up with scans of :

    Etrust anti virus
    Panda online anti virus
    TDS 3 anti trojan
    The Cleaner anti trojan
    Spybot
    Adaware

    The only references in my registry with 'Excalibur' are related to ES5
    functions. No reference in the run services key where the trojan Excalibur
    would put an entry. No start up reference to Excalibur unless load with
    windows specified.

    I suspect they originally called the program Excalibur, then realised a
    trojan existed by the same name, renamed it ES5 but didn't bother
    reprogramming the registry entries.
     
    Anon, Jul 8, 2003
    #8
  9. PMS chick

    Secret Guest

    || Also tried the Cleaner trojan detector. Still no Excalibur.
    ||
    || So to recap, three installs of ES5 including full and beta versions,
    || no Excalibur showed up with scans of :
    ||
    || Etrust anti virus
    || Panda online anti virus
    || TDS 3 anti trojan
    || The Cleaner anti trojan
    || Spybot
    || Adaware
    ||
    || The only references in my registry with 'Excalibur' are related to
    || ES5 functions. No reference in the run services key where the trojan
    || Excalibur would put an entry. No start up reference to Excalibur
    || unless load with windows specified.
    ||
    || I suspect they originally called the program Excalibur, then
    || realised a trojan existed by the same name, renamed it ES5 but
    || didn't bother reprogramming the registry entries.
    ||
    || ||| Thanks Secret - tried the online test. No Excalibur detected.
    |||
    |||
    |||| Pandasoftware can detect Excalibur, try a free online scan to
    |||| see if anything was missed and let us know.
    |||| http://www.pandasoftware.com/activescan/
    |||| ---------------
    |||| Secret

    Another possibility the Trojan is added at some point while using the
    program, maybe when you enter a profile for the dating service or one of the
    other features. Maybe even after a download so you do not notice the file
    transfer.
     
    Secret, Jul 8, 2003
    #9
  10. PMS chick

    Anon Guest

    There is no trojan. The entry on startup for Excalibur only appears when I
    set 'run ES5 on startup'. There is still no sypware or trojan on my system.

    It just looks like Excalibur was the name given to the program originally,
    then they changed it to ES5 but didn't alter the registry settings.
     
    Anon, Jul 9, 2003
    #10
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.