What is Clientman and Clientman Removal?

ClientMan, a form of spyware sponsored by Odysseus Marketing, Inc., places your computer at a high risk for personal security.  It is a Browser Helper Object, or BHO, that has the functionality of adware coupled with the capability of a Backdoor Trojan.

ClientMan captures, stores, and sends confidential information including IP address, browser identification, and user logins to a remote server.  It usurps the Internet bandwidth on the infected computer, possibly creating sluggishness in its processing.

ClientMan has the ability to generate pop up advertisements based upon the user’s Internet activity.  Additionally, it can redirect your Web searches and add links to Web pages for advertising purposes.

ClientMan infects computers with the following operating systems: Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, Windows Me, and Windows Server 2003.

It is best to remove ClientMan as soon as you discover it has infected your machine.  ClientMan can be removed with a current anti-spyware program.  Additionally, manual removal of ClientMan can be accomplished.  The registry editor will be used in a manual removal of this application.  Therefore, it is important to back up your computer files before attempting removal.  Using the registry editor may result in accidental deletion of important files.

The ClientMan registry values, registry keys, DLL files, processes, and files need to be completely removed from the infected computer.  To delete each file, process, and key manually, complete the following set of directions. 

• Click Start.
• Click Run.
• Type ‘regedit’.
• Click ok to open the registry editor, referred to as regedit.
• Click my computer at the top of the box.
• Click edit.
• Click find.
• Type in the one of the keys or files in the following lists, and click find or find next.  Begin with the ones that do not start with HKEY, since these are more easily discovered and deleted.  Make sure that the box is checked in front of keys, values, and data, so that the regedit looks in the correct places.  Regedit should locate a key for you.  Right click on the key and delete it by clicking delete in the menu that appeared or on the keyboard.
• You will do this one file at a time.  After you delete each one that you locate, hit the F3 key on your keyboard to reopen the find next box.  Continue the process and delete additional bad registry files.
• Once regedit indicates that the search is finished, you should click on my computer in the regedit and redo the search to guarantee that you have deleted all possible bad files from this program.

ClientMan files:

addata.lst
app.dat
ause3.exe
ause3-decoded.exe
blank.gif
cachelut.dat
clickthru.log
client.cfg
cmupd.exe
elitejho32.exe
firstrun.log
fixtitle.exe
getall.php
getbuys.exe
infoctl.exe
ipend.log
msawindows.exe
msckin.dat
msckin.exe
mscman.dat
mscman.exe
msdioo.exe
msdm.exe
msgdmf.exe
msmm.exe
msnkmi.dll
msobfl.dll
msurlcli1.exe
msvc32.exe
mungedpage.html
popup.log
searchhijack.html
setup_jalapeno.exe
svc.exe 
uinfo4.exe
uinfo4-decoded.exe
uinfo5.exe
uinfo7.exe
uinfo7-decoded.exe
uninstall.uni
unpacked-svc.exe 
whois-om.html
words.lst

Detecting and deleting the ClientMan files or keys that begin with HKEY involve a more involved set of steps.  Use the following steps to manually delete the ClientMan values that start with HKEY.

• Click Start.
• Click Run.
• Type ‘regedit’.
• Click ok to open the registry editor, referred to as regedit.
• Click my computer at the top of the box.
• Follow the path given in each value, clicking each folder open to locate the next item in the path until you have reached the last item.  Once you have gotten to the last item, you can delete it.  Each slash indicates a new folder.

ClientMan registry values:

HKEY_CLASSES_ROOT\AppID\urlcli.DLL

HKEY_CLASSES_ROOT\appid\{026e4b83-1bf7-41cb-8233-4af35341bc69}
HKEY_CLASSES_ROOT\clsid\{00a0a40c-f432-4c59-ba11-b25d142c7ab7}
HKEY_CLASSES_ROOT\clsid\{0982868c-47f0-4efb-a664-c7b0b1015808}
HKEY_CLASSES_ROOT\clsid\{0ba1c6eb-d062-4e37-9db5-b07743276324}
HKEY_CLASSES_ROOT\clsid\{166348f1-2c41-4c9f-86bb-eb2b8ade030c}
HKEY_CLASSES_ROOT\clsid\{25f7fa20-3fc3-11d7-b487-00d05990014c}
HKEY_CLASSES_ROOT\clsid\{447160cd-ecf5-4ea2-8a8a-1f70ca363f85}
HKEY_CLASSES_ROOT\clsid\{5ed50735-b0d9-47c6-9774-02dd8e6fe053}
HKEY_CLASSES_ROOT\clsid\{94927a13-4aaa-476a-989d-392456427688}
HKEY_CLASSES_ROOT\clsid\{96be1d9a-9e54-4344-a27a-37c088d64fb4}
HKEY_CLASSES_ROOT\clsid\{a097840a-61f8-4b89-8693-f68f641cc838}
HKEY_CLASSES_ROOT\clsid\{ba77911b-a393-4a2e-b5b5-5b8ed17d7b43}
HKEY_CLASSES_ROOT\clsid\{cc916b4b-be44-4026-a19d-8c74bbd23361}
HKEY_CLASSES_ROOT\clsid\{f76fda04-87fa-4717-91f6-4bb5be9fd2bb}
HKEY_CLASSES_ROOT\clsid\{fcaddc14-bd46-408a-9842-cdbe1c6d37eb}

HKEY_CLASSES_ROOT\Disable.DisableObj
HKEY_CLASSES_ROOT\Disable.DisableObj.1
HKEY_CLASSES_ROOT\dnsrep.dnsrepobj
HKEY_CLASSES_ROOT\dnsrep.dnsrepobj.1
HKEY_CLASSES_ROOT\interface\{a7370377-e217-4467-8448-9845270cd4a3}

HKEY_CLASSES_ROOT\Interface\{570F481A-1C3B-4DF6-9DBE-FAE17DD008F9}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{00a0a40c-f432-4c59-ba11-b25d142c7ab7}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{0982868c-47f0-4efb-a664-c7b0b1015808}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{0ba1c6eb-d062-4e37-9db5-b07743276324}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{166348f1-2c41-4c9f-86bb-eb2b8ade030c}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{25f7fa20-3fc3-11d7-b487-00d05990014c}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{447160cd-ecf5-4ea2-8a8a-1f70ca363f85}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{5ed50735-b0d9-47c6-9774-02dd8e6fe053}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{94927a13-4aaa-476a-989d-392456427688}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{96be1d9a-9e54-4344-a27a-37c088d64fb4}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{a097840a-61f8-4b89-8693-f68f641cc838}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{ba77911b-a393-4a2e-b5b5-5b8ed17d7b43}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{cc916b4b-be44-4026-a19d-8c74bbd23361}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{fcaddc14-bd46-408a-9842-cdbe1c6d37eb}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5ED50735-B0D9-47C6-9774-02DD8E6FE053}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{94927A13-4AAA-476A-989D-392456427688
HKEY_CLASSES_ROOT\typelib\{a1a986e7-7674-4d8b-8081-e422fdb8480b}

HKEY_CLASSES_ROOT\TypeLib\{75FC904C-6E6B-4E9D-9FD3-7A447962DA9B}
HKEY_CLASSES_ROOT\TypeLib\{026E4B83-1BF7-41CB-8233-4AF35341BC69}
HKEY_CLASSES_ROOT\urlcli.urlcliobj
HKEY_CLASSES_ROOT\urlcli.urlcliobj.1
HKEY_CURRENT_USER\software\climan
HKEY_CURRENT_USER\software\ipend
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run clientman
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run msmc
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run clientman1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run clientman1
HKEY_LOCAL_MACHINE\software\classes\clsid\{00a0a40c-f432-4c59-ba11-b25d142c7ab7}
HKEY_LOCAL_MACHINE\software\classes\clsid\{0982868c-47f0-4efb-a664-c7b0b1015808}
HKEY_LOCAL_MACHINE\software\classes\clsid\{0ba1c6eb-d062-4e37-9db5-b07743276324}
HKEY_LOCAL_MACHINE\software\classes\clsid\{166348f1-2c41-4c9f-86bb-eb2b8ade030c}
HKEY_LOCAL_MACHINE\software\classes\clsid\{25f7fa20-3fc3-11d7-b487-00d05990014c}
HKEY_LOCAL_MACHINE\software\classes\clsid\{447160cd-ecf5-4ea2-8a8a-1f70ca363f85}
HKEY_LOCAL_MACHINE\software\classes\clsid\{5ed50735-b0d9-47c6-9774-02dd8e6fe053}
HKEY_LOCAL_MACHINE\software\classes\clsid\{94927a13-4aaa-476a-989d-392456427688}
HKEY_LOCAL_MACHINE\software\classes\clsid\{96be1d9a-9e54-4344-a27a-37c088d64fb4}
HKEY_LOCAL_MACHINE\software\classes\clsid\{a097840a-61f8-4b89-8693-f68f641cc838}
HKEY_LOCAL_MACHINE\software\classes\clsid\{ba77911b-a393-4a2e-b5b5-5b8ed17d7b43}
HKEY_LOCAL_MACHINE\software\classes\clsid\{cc916b4b-be44-4026-a19d-8c74bbd23361}
HKEY_LOCAL_MACHINE\software\classes\clsid\{fcaddc14-bd46-408a-9842-cdbe1c6d37eb}

HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\Ext\Stats
\{0982868C-47F0-4EFB-A664-C7B0B1015808}

Use the uppermost set of directions to find and delete these ClientMan DLL files:

2in1fd04f73f.dll
browserhelper.dll
browserhelper2db3ad7a.dll
browserhelper-decoded.dll
browserhelpere90a5c6.dll
disable.dll
disable1.dll
dnsrep13f4a6e5.dll
dnsrepa9c22ca5.dll
gstylebhob76a4c84.dll
iestcrmfrood.dll
metahelp60741389.dll
mscdka.dll
msdaim.dll
msdpdm.dll
mseclk.dll
msedah.dll
mseffm.dll
mselhm.dll
msfaol.dll
msibkd.dll
msjfbl.dll
mskceo.dll
mskhhe.dll
mskpkc.dll
msnkmi.dll
msobfl.dll
msvrfy804449fd.dll
newads.dll
searchrep6706569a.dll
searchrep8181a0e2.dll
tagger.dll
taggerbhoe884facd.dll
trackurl5f9d991e.dll
trackurl79ad003c.dll
trackurl7f663945.dll
trackurl7f663945-decoded.dll
trackurld66084b4.dll
unpacked-browserhelper.dll
urlcli25e74486.dll
urlcli67806664.dll
urlclia30956de.dll

To manually detect and delete the ClientMan processes, complete the following set of instructions:

• Click Start.
• Click Search.
• Click for files or folders.
• Type in the name of the file, one at a time, from the following list of ClientMan processes.
• Click search.
• Delete the found files.

ClientMan processes:

ause3.exe
ause3-decoded.exe
cmupd.exe
elitejho32.exe
fixtitle.exe
getbuys.exe
infoctl.exe
msawindows.exe
msckin.exe
mscman.exe
msdioo.exe
msdm.exe
msgdmf.exe
msmm.exe
msurlcli1.exe
msvc32.exe
setup_jalapeno.exe
svc.exe
uinfo4.exe
uinfo4-decoded.exe
uinfo5.exe
uinfo7.exe
uinfo7-decoded.exe
unpacked-svc.exe

A4Zeta Beta 1 Removal Facts

A4Zeta Beta 1 is an insidious software application that belongs to the family of spyware.  It is a malicious and insidious Trojan known as a Remote Administration Tool or RAT.  This program is equipped to perform many clandestine activities that put the infected computer’s safety and security features at risk, as well as disrupting the processing of the computer.

A4Zeta Beta 1 has been around since 2002, possibly originating in South America.  The author of this program is Renner.  The primary goal of this malware program is to gain access to a computer for the purpose of controlling the computer through a server and a remote client.  A4Zeta Beta 1 installs the server that it will use to access your personal information.

A program such as this is fully capable of monitoring the computer user’s activity to the point of recording keystrokes, tracking the computer user’s browsing habits, maintaining a log, and stealing personal information.  A4Zeta Beta 1 will be able to gain access to your important data, including account numbers for your bank accounts and credit card accounts, passwords, and any other information that you have stored on the infected computer.

Additionally, A4Zeta Beta 1 can usurp the infected computer’s bandwidth, disrupting the computer’s processing ability.  This particular program is known for restarting the infected computer, further disrupting the computer user’s  time on the computer.  Moreover, A4Zeta Beta 1 is capable of downloading additional software applications onto the infected computer without the owner’s consent or knowledge.

To remove A4Zeta Beta 1, it will be necessary to ensure that all A4Zeta Beta 1 processes, A4Zeta Beta 1 registry keys, A4Zeta Beta 1 DLL files, and other dangerous A4Zeta Beta 1 files from your computer.  This needs to be done with caution, however, due to the sensitive nature of the computer’s registry.  Specifically, the A4Zeta Beta 1 process, a4zetabeta 1.exe needs to be removed.  In addition, the A4Zeta Beta 1 files, a4zetabeta 1.exe and leia-me.txt need to be removed.

To remove the A4Zeta Beta 1 Program manually, follow these instructions:

For Windows 95, Windows 98, Windows 2000, Windows Me, Windows NT, and Windows XP in the classic view:

• Click the start button to open the menu.
• Click settings.
• Click control panel.
• Double click the “add/remove programs” icon in the control panel window to open it.
• Search for the A4Zeta Beta 1 program in the list of entries.
• Click on the phrase, A4Zeta Beta 1 to select it.
• Click on the button that will remove it, either “add/remove” or “change/remove.”
• Follow the prompts that are given to remove A4Zeta Beta 1.
• Reboot your computer.
• Open the Add/Remove Programs icon and check to see if A4Zeta Beta 1 has been removed from the list of currently installed programs.
• If A4Zeta Beta 1 is still listed in the currently installed programs file, then you will need to take further steps to remove the application.

If your computer is using Windows XP in the default XP view, you will navigate directly from start to control panel.  The remaining removal steps for A4Zeta Beta 1 will be the same as those listed above. 

Manual removal is tedious and full of potential for mishap.  For these reasons, it is highly recommended that an anti-spyware application be considered for removal of this and all spyware, malware, and adware programs.

A RAR file extension (a file ending in .rar) is a type of format that archives and compresses documents and executables.

The RAR file format was introduced by Eugene Roshal, which is where the format got its moniker (Roshal ARchive).  The RAR format is used by businesses and individuals to compress and save files for distribution over the Internet or in email communications. The most common software application used to create and open RAR files is WinRAR. The software is available as shareware and distributed by RARLAB. A RAR file format is similar to the more popular ZIP file format, but RAR archives have some significant advantages over its competitor.

Uses for a RAR Archive

Like Winzip, WinRAR creates a container file, which is used to hold each executable and document. However, RAR files have the advantage of separating larger files into smaller pieces, segmenting the archive into smaller parts for people who have slower Internet connections. This technique is useful for software developers and application websites that allow users to download installation files. As software evolves to accommodate more advanced technology, installation files can amass into hundreds of megabytes. These large installation files may take users hours to download, and it can be impossible for a user with a slow Internet connection. Using a RAR application, a company can segment the archive into small, 50 megabyte parts and allow users to download the RAR files one-by-one.

Another benefit of a RAR archive is its ability to more efficiently compress files into smaller storage units.  RAR files also have repair capabilities, and users can encrypt sensitive data using the latest RAR application.

For businesses that need better compression and control over archive files, RAR is more beneficial than a ZIP file. Although these archives may take longer to decompress, it provides a smaller file for Internet downloads. Download the latest RAR archive application to implement encryption for better security.

File Extension Name: JPG Image
File Extension Type: Raster Image
File Extension: .jpg, .jpeg

File Extension JPG, JPEG Description:
The .JPG file extension format is one of the most common image files, as it provides high quality graphics without the large space requirements of files such as bitmaps (.BMP).  .JPG files are raster images, which means they are made up of an arrangement of pixels (individual points of color).  While this results in convenient editing, the raster format means that .JPG files are often distorted when resized; the images are resolution dependent, and severe loss of quality may result if one expands or contracts the image significantly beyond its original measurements.  .JPG is a shortened version of .JPEG, which stands for “Joint Photographic Experts Group,” the body that developed the file format.  While the .JPEG file extension is still used, it is more common to see the .JPG format today.

Associated Applications that open File Extension:
.JPG and .JPEG files can be opened in nearly every image editor, from simple programs such as Microsoft Paint and internet browsers such as Mozilla Firefox to applications such as Adobe Photoshop and Corel Paint Shop Pro Photo.  .JPG files are also compatible with Mac OS and Linux, so programs such as Apple Preview and Linux’s GIMP can be used to view or edit the files.  Other compatible programs include ACDSee Photo Manager, Logo Creator 5, and Nuance PaperPort.

Benefits and features:
JPG files have many benefits, including ease of editing, compatibility, high image quality, small file size and wide range of colors.  Most digital cameras store photographs in the .JPG format, and even those not very familiar with graphic design and programming should recognize this format.

Let Google Send You All the Traffic You Want

Many webmasters put Google Adsense ads on their sites without thinking about making money from the other side of the coin — Google Adwords. You can be the advertiser and make the money from prospects who buy your own or affiliate products.

The Google Adwords program can make you wealthy — or poor.

There’re 4 basic elements:

1. The ad copy
2. The display URL
3. The keywords you bid on
4. How much you bid

Your ad copy is restricted to 3 lines. The headline is the first line and cannot be over 25 characters (spaces count as a character). The second and third lines cannot be over 35 characters. You get a grand total of 95 characters to entice prospects to click on your ad.

The display URL is the fourth line of the URL. In most cases, it is not the actual url you send visitors to. Most display URLs are home pages. You can send visitors to a deep page on your site or to an affiliate link.

The keywords you bid on are extremely important. When somebody enters keywords you’ve bid on, your ad is displayed. So your keywords must be relevant to your ad. Google has found that people do not click on irrelevant ads. And the more clicks your ad pulls, the higher up it will be displayed on the right side of Google’s search results pages.

Also, you should give Google a list of “negative keywords.” This means that when those negative keywords are used, your ad will not be displayed. Say you’re selling Apple computers. Some good negative keywords would be, “pie, tree, core, fruit, peel, grove, orchard, juice, sauce” and so on — any word that’s associated with apples the fruit.

Unless you’re giving something out for free to generate leads, you should always include such negative keywords as, “free, cheap, bargain, on sale” and so on. Those keywords indicate people who don’t want to spend money.

How much you bid. You actually set a maximum amount. Unless your maximum is the 5 cent limit, you may pay less than the maximum. (Though always at least 5 cents.) That is because Google automatically manages the ads so you don’t have to pay any more than necessary. But you will be charged every time somebody clicks on your ad’s link.

Before you activate your ad, however, consider the landing page. If you’re sending someone to a merchant’s site, make sure they land on the precise product page. If they want to buy Vitamin C, send them to the Vitamin C page, not to a vitamin company’s home page.

Once you activate your ad, there’s no time to relax. You must make certain that the money you make from sales more than covers the money you owe Google for clicks. That means you must continually test and track.

Most Google ads lose money at first.

That’s normal, so if you’re losing money, don’t quit. Try a new headline. Write several different ads and test them against each other. Google allows you to run continual ad testing.

When it’s obvious that one ad is better than another, drop the poorer-performing ad. Write a new ad and see if that performs better or worse. You should always be testing the headlines and words in your ads. Sometimes a small difference in wording will make a big difference in results.

If you pay attention to your ad test results and your ad’s sales results, you should be able to make more money than you pay out.

I have purchased a used laptop (as starter for my daughter) and want to restore to factory settings can you help? (IMB A31 with Windows 2000)

Since you purchased the laptop used, you might not have the manual or recovery disks available. However, if you do have them, refer to the manual for specific instructions on resetting the laptop to factory settings. Several strategies can be used to reset the laptop.

Resetting Laptop to Factory Settings: System Restore

It is possible to use the System Restore feature to reset the laptop back to an earlier date prior to the installation of secondary programs. While it’s unlikely that a restore point is available dating back nearly a decade, it can’t hurt to check. Follow this path: Start>Programs>Accessories>System Tools>System Restore. Use the earliest date possible to reset the laptop.

Resetting Laptop to Factory Settings: System Recovery

Lenovo ThinkPads feature a blue ThinkVantage button that can be pressed during boot up to access the power to complete a full system recovery that takes you back to the factory settings. The Blue ThinkVantage button at boot up is designed to generate a menu of options or system recovery tools. These tools include a full system recovery of the preinstalled Windows operating system. You can also access this by selecting the blue Access IBM button if you do not have the blue ThinkVantage button on your laptop.

Simply press the button early on during bootup and choose the option to reset to factory settings. When you reformat the laptop in this manner, any data or programs outside of the operating system are wiped away, so you might want to save anything that you have placed on the laptop already.

Resetting Laptop to Factory Settings: Use Restore Disks

If you have the restore disks for the IBM A31 available, you can use them to restore your laptop to its factory settings. If you do not have a set of restore disks, create them by following this path: Start>Programs>ThinkVantage>Create Recovery Media. You should have at least 2 blank disks to copy the data onto. In fact, even if you use the system recovery to restore your laptop to the factory settings, you can create a set of restore disks for use in the future.

After Restoring IMB A31 to Factory Settings

Once you have reset your IBM A31 to factory settings, you need to reinstall any software, drivers, games, and custom settings that you want on the laptop. These are all lost during the resetting of the laptop. In addition, you will need to update Windows.