New DivX Adware

I just posted the article New DivX Adware.

Wiccabilly used our newssubmit to tell us that the new DivX 5 professional is probably using Gator to get it’s revenues.

As you may know, the new DivX 5 codec comes in a free version that…

Read the full article here:  [](

Feel free to add your comments below. 

Please note that the reactions from the complete site will be synched below.

I started installing this adsupported pro version, until somewhere during the installation the name Gator popped up. Didn’t have to give this one much thought, I’ll settle for the normal version until there’s a pro version without this vile software included …

This is the information they give during the installation of the divx pro version with ad support: ------------------ Here’s what we do know… While we don’t know who you are, GAINware does collect and use certain information as described below. We associate such information with an Anonymous ID randomly generated by The Gator Corporation. Some information we may collect, use, and associate with your Anonymous ID includes: - Which web pages your computer views and how much time is spent at those sites - Your response to the ads we display - Standard web log information and system settings - What software is on your computer - Your first name, country, and five digit ZIP code - Your GAINware usage characteristics and preferences Information associated with your Anonymous ID is used in any of three ways: a) to offer assistance (e.g. knowing when to offer help filling in a form or adjust your computer’s clock), b) to select and deliver installation files for optional new GAINware and/or third party software applications, and c) to deliver advertisements and information to you on behalf of our advertisers who are often competitors of the web sites you are viewing. ---------------- First of all I think no one wants to have someone monitoring anything you’re doing! And if you really only get information you need to provide advertisements based on your interests, you really do not need your name, country and ZIP code. So yeah, I’m not interested in installing that pro version either. So I canceled the installation after reading that stuff and installed the basic one.

There’s a Pro version without ADs, flowing around the net already :4

Sure there is, but this version still GAIN’S from your web habits.

I installed the pro version, then configured Tiny Personal Firewall to block the ads, then ran Lavasoft’s Ad-Aware to remove Gator. Ain’t this solution sufficient for an unobtrusive pro version? I’m a bit confused why The Playa wanted to connect to the www, I denied it access and it runs okay apart from the memory hogging. I’ll stick to Zoom Player, thank you very much!

NickSTAR: Do the Pro features still work after you remove the Gator components?

what is needed is a fake gaitor file similar to the fake cd_clint.dll for cydoor which is used to deceive kazaa and grokster. then it would be possible to delete all gain gaitor files with ad aware plus and still deceive divx or any other programmes which require this spyware installed. so please, dear programmers, create a fake file for this spyware!

The Pro version works fine after the adware is removed… But I can’t see any real majopr quality improvments… XVideo is still faster for me and the difference in quality is hard to pick. 2 Pass seems to be more accurate than DivX 4.12, however XVideo normally comes out within 1mb, depending on the build.

I just found a page with a small tutorial on how to successfully remove the adware in DivX Pro 5.0. You can find the article here:

@raplor is it a real reg.file in the prog? the message is -no reg.file- when i use them.

hmm at the moment when I wrote my post, I hadn’t examined the archive yet, sorry; so I didn’t notice that the .reg-file was exported with regedit v5.0 (!) - that means Win2K or WinXP. So when you open the file in the Win98 notepad the only thing you get is a hand full of cryptic garbage :wink: but here is what’s in the .reg-file: ------------------------ REGEDIT4 [HKEY_CLASSES_ROOTCLSID{21FFB6C0-0DA1-11D5-A9D5-00500413153C}] “uets”=hex:0b,d6,81,da,7a,d8,48,63 “GEF”=dword:00000040 “GMG”=“9D39F700-7505-4BDA-BC04-C7185DF29832” ------------------------ just copy and paste it into your windows notepad and save it as a .reg-file :7

ah shit - the backslashes are missing (). one after root and one after clsid (clearly)

i installed the standard no ad divx5 bundle monday as well as one other program from someone else. on friday at 1:09 am, ctb_54_3_1_15_3.exe and httppost.exe in my windows temp directory tried to get through my firewall. these set up a ‘click the button folder’ in Program Files and spread ctb.dll’s. it then set the ctb.exe program to run on startup. an ad-aware scan detected that a gator spyware program was set up. i deleted all the folders it set up, the stuff in windows temp, and the dll’s. however, it just installed itself again. it looks like have a resident virus that is trying desperately to install this ‘click the button’ program. anti virus programs don’t detect anything. i wonder if this virus came from one of these 2 programs that i ran. does anyone else get a ‘click the button folder’ a few days after running divx5.

Kyle_SGMS, I had this experience just this morning! as I’m not very expert in programs, can you give me any hint on how to procede? I refuse to allow it to go through the firewall (zonealarm), and it did a visual basic ++ runing error. also the rundll32.exe was trying to work with it. I got confused and checked in a local server about virus and found out about a virus that copy it self and also add some stuff at the registry. I followed all the steps and didn’t find any new “line” for the mentioned virus by the local server. So, what should I do with this HTTPPOST.EXE from my TEMP file? Thanks!:slight_smile: