TUCoPS :: PC Hacks :: boobysw.htm

Booby Trapped Shareware
Back
 last update: 13 May 01
Booby-Trapped Shareware
====================================================================
- (*)

Indicates new or updated info.
- 1ClickFormFiller

After being reg'd and working 4 or 5 times it pops a message saying you are using an invalid serial number
and shuts down your system. Probably phones home.
- (*) 1toX

v2.57, Uses a blacklist for pirate serials.
- (*) 12Ghosts

When online it will phone home and unreg itself, registration nags come back, etc.
- a4proxy (Anonymity 4 Proxy)

Shortly after running this for awhile a user noticed repeated incoming connections trying to
logon to his ftp server. These attempts all used the same pass 'a4proxy' and a userid 'a4pid##'.
The number (##) changed on each attempt, eg. a4pid17, a4pid18, a4pid19.

It may appear registered but will only pop a nag screen if you check more than one proxy at a time.
Randomly send you to a 'buy' page instead of the requested one.
- Abbyy Finereader

The counter for the trial is stored in win.ini.
[ABBYY]
Splash2=-289722068
Changing that entry back to that number should give you 30/30 again.
- Accelerate 2000

Deletes itself when the trial period is up.
- AccuChef

Uses a blacklist for pirate serials, might pop scary messages on using a bad serial.
- AcdSystems
- (ACDSee, Pica View)

As of ACDSee v3.0 & PicaView v1.32 the registration system has changed.
They now have separate demo and retail version.
You can no longer enter a serial into the trial versions,
they need to be patched.
You can however enter a serial in the new retail versions of the progs.

After all the hype, ACDSee DOES NOT phone home.
It includes a new updates checking feature which obviously does require net
access. Also the recent virus warning about ijl10.dll is false, due to a problem
with The Cleaner. Grab the latest version to fix it. Launching an image file
from agent results in a new acdsee window each time, it is a bug in acdsee.

Using an old serial# on v3.1 may result in the prog crashing, requiring a reboot,
and then the root directory being wiped. Use the SUPPLIED serial#.
- Ace Clock

v2.51, when using the 'syncronioze from the internet' feature this may try to open your browser
with a gotcha type page, and un-register itself.
Also using a bad serial results in a nasty message.
- (*) acqURL

v5.0, Apart from the warning message it now attempts to phone home.
v4.2, using a keygened serial# might 'seem' to work but upon clicking a url will pop an
'illegal registration number' type warning.
- (*) Adaptec Easy CD Creator

Another user reported the program fails after upgrading to v4.03.

A user reported that after upgrading to v4.02d it permanently set the write speed to 1X.
This can be overcome by backing up the registry and restoring it after the update.
Where EXACTLY the info is stored is not known yet.
- Adobe Demos/Trials

All downloadable demos/trials are crippled. This means the code for the disabled features
isn't in there and cannot be enabled.
This also applies to many other progs with crippled features.
- AddWeb

Uses server authentication to confirm the users registration.
The second time you use it, you will get a lovely message about using illegal
software and that your IP address was recorded.

Try blocking connections to their server with a firewall but allow all other connections
for the actuall page submissions to the search engines.

v4.0.2.4, Entering a bad serial will immediately pop your browser to the authors website.
- (*) AdFilter

One user reported that after using a keygen this nearly fried his system.
- Adobe Pagemill

To be able to re-install it delete 'sysexec.sys' in your \Windows\System\ folder.
- Advanced Administrative Tools

Uses server authentication to confirm the users registration.
- Advanced Zip Password Recovery (AZPR)

Will only accept a valid key, uses a blacklist for pirate keys,
if one is detected wastes CPU cycles without giving a solution.
- Advanced Disk Catalog (ADC)

Will only accept a valid key, uses a blacklist for pirate keys,
if one is detected slowly corrupts its databases.
Earlier versions had anti-SoftICE code in them,
though the author later removed this.

The author of AZPR & ADC uses very strong encryption to protect his code,
it won't ever be properly cracked. Alot of releases of these are not 100%
however one group has released v1.30 with a working valid serial#.
- AI Picture Utility

From a recent Core release - blacklist for pirate serials,
various hidden checks in each version release.
- AntiViral Toolkit Pro (AVP)

Bogus CRACKER.* trojan messages about many files, reported to falsely detect
cracks and keygens as virii and corrupts them, this may only happen if you try
to 'clean' the infected files.

False/Joke reportings of freeware/shareware progs being virii.
eg. Ghost Mail v5.1 is reported as "Virus: Spammer.GhostMail.51"
- Antivirus Expert 2000 Pro (AVX)

One user reported that after downloading and installing the database upgrade, which AVX said to do,
his whole system was screwed up requiring a clean format to fix.
- Archiver Shell

v6.3, as reported in a recent CORE release, causes system problems if a
blacklisted name/serial is used.
- aShampoo 2000

A regular in a.b.c. had only just installed this, no crack or ad blocking, was about to setup
the ad blocking and realized ALL his AtGuard firewall rules had vanished.

If you have had ANY strange problems with AtGuard even if you haven't installed aShampoo
please let me know.
- (*) Atrex

After using an old keygen the prog will eventually start deleting the report files.
Soon after it will delete the database files too.

Under win2k you can change the permissions on the folder and files to stop the deletion.
- Audio Grabber

Phone's home with author's server, invalidates itself when you go online.
Might screw up your mouse buttons too.
This checking may only be connected to the CDDB feature.
Search your C Drive for a file 'SLICKS.CNT' and delete it.
Repeat if it invalidates itself again.
Try another prog from http://www.cddb.com to perform cddb queries.
Also try blocking the connection with a good firewall, Conseal or @guard.

As of (?) v1.62 'SLICKS.CNT' is now named 'FLOSS.CNT'.
As of v1.7x other names used have been 'ssplz.cnt' & 'MSDEFF32.CNT'

The phone home has been confirmed when using CDDB but it doesn't seem to happen every time.
It looks like the *.cnt file is now randomly named.
It's normally stored in the 'windows' or 'winnt' directory depending on your OS.
Aparently legal users are getting bugged by this too.
Delete the *.cnt file or whatever it's called to enter the serial again.

More users have reported the turd file as 'SPOOF32.HID' & 'PROXIES.VID', so it looks like it
could be called anything now.

To help find the turd file being used search for a prog called 'Filemon'.

When you get busted using CDDB close AG, go straight to explorer, c:\windows\, sort by date, check the files time&dated just moments ago.

Once you have found the turd file, try this...

Open the turd in notepad.
Delete the text.
Save it.
Set the properties of the file to READ-ONLY.
Goto back into AG and register with the same serial as before.
It 'should' now stay reg'd no matter what.
- Audioactive Production Studio

If you lose access to your cdrom after uninstalling this it's because of a buggy driver or bug in the
uninstall routine. The file cdfs.vxd needs to be restored into windows/system/iosubsy/ directory.
- Aureate
(changed it's name to Radiate)

http://grc.com/aureate.htm

Check out the Company sites for info on what progs use the system, etc...
http://www.aureate.com, http://www.radiate.com

Online Check for Aureate Components -
http://www.pcpitstop.com/pcpitstop/AureateCheck.asp

Steve Gibson of Grc.com has released his OptOut program.
This will cover not only Aureate but other intrusive nasties.
http://grc.com/optout.htm

AureateRadiate Remover
http://www.radiate.com/privacy/remover.html

Aureate Scanner
http://members.vavo.com/users/omega3/download/ASD.ZIP

There are now 2 other utils out that will scan your drives for the suspect files.
The one by Cokebottle (AntiSpy) removes some VALID system files -
advpack.dll (Advpack), amstream.dll (DirectShow), amcompat.tlb(Active Movie/MediaPlayer).
I highly suggest you backup the suspect files first as some ppl have had probs after their removal.
- (*) AVX

Have seen mention that this phones home.

Generally screws up c:\ and corrupts dlls when using a bad serial.
- Bali Tools 2000

A Zor reader reports that this phones home.
- BCWipe, Best Crypt & others by Jetico

Jetico works very quickly to defeat cracks, be careful using a mismatched app & crack.
- (*) Befaster

Contains webHancer spyware.

A Zor reader reports after rebooting this deleted system.ini.
It happened with 2 separate downloads of the prog, on 2 separate PC's.
The problems have been confirmed by a few more ppl.
- Black Widow

Was awhile ago now, afew got hit by 'something', denied by authors,
the particular version was pulled very quickly, has been reported
to communicate with the author's server, also claimed to look for
commonly pirated programs.
- BlackIce Defender

If you are installing a new version over an older one and having trouble,
go into the NetworkICE folder and open the file license.txt.
Replace the serial in license.txt with a later one.
It has been suggested to totally completely remove the older version before
installing a new one. Check the registry for instances of 'Network ICE',
'LoadBlackD', 'Blackice' & 'Blackd' and remove them.

(from FOSI) - using the update check seems to cause program to GPF,
making it unusable after this.
The authors are blacklisting alot of serials, so if you try to download and
update from their webpage and it won't let you, that's why.
Recently a 'snitch' url was discovered, this is part of an upcoming feature of
the prog and seems not to be to 'phone home'.
v1.9.6 seems to have cleared up all the problems and confusion.
- BPM Studio

v3.3+, there is a 'noise' problem that seems to be date triggered.
- BrainWave Generator

v3.1, phones home.
- BSI Wavestation

Later versions after v2.71X, would do severe system damage if it detected use of
that keymaker:

1) Overwrites win.ini, system.ini, user.dat, and system.dat.
2) Overwrites user.da0 and system.da0 (registry backup files).

This will render your system unbootable, and within seconds of doing this you
will get a registry error message, prompting you to reboot.
At that point it is too late.
Incredibly, all those system files are backed up by the program (with different
names, in the program directory) after it does this, so if you keep cool you
can still restore your system.

The ONLY version to consider safe is v2.71X, It has been disassembled and
verified that no trojan horse code exists in it.
- Bulletproof FTP

Uses server authentication to confirm the users registration, opens your browser
to a 'gotcha' page if invalid, repeatedly new serials are released for new
versions, frankly don't bother, most if not all shared serials are cancelled by
the author when they are eventually discovered.
The last version that seems very stable is v1.15.

Try using a single word TWICE for the name when using a keygen.
eg. keygen keygen
- BullEyes Pro

SPYWARE.
- Cakewalk

v8.0, you MUST specify a 'temp' directory during installion, otherwise it will use the root.
When the install completes it cleans up thus removing ALL files from the root directory.
- Catraxx 2000

After you enter more than 100 albums, a big red screen comes up warning you about the dangers
of using cracks and from downloading from untrusted sources. It then starts creating error messages,
and then it wipes your ENTIRE album list database that you've created.
- CD Wizard

If you put the serial in wrong it might pop a warnimg saying 'We have detected a
virus attached to your copy of CD Wizzard' or similar.
- cdlabel

v5.0, using an old/blacklisted serial results in popup warnings.
- CdrWin

Possibly the ONLY crack to trust is the one by 'GranddFather'.
The Radium 3.7c release is another verified good version.
At one point filled the hd with junk, another time deleted system files,
ongoing double checking of the serial and if it fails burns coasters.
There have been reports of it inserting garbage into the write stream as well.
This means that only some files may have errors.
This would make it somewhat difficult to detect for the average user.
Doing a plain directory or filesize compare may not reveal any corrupt files.
Use a crc validator or a binary file compare util on all images burned this.
- CFAtest

v1.41 (+?), this will take over the verify functions of QuickSFV.
You will need to uninstall, then reinstall CFAtest & QuickSFV in that order.
- ClipMate

Opens your browser to a 'gotcha' page using blacklisted name/serial
v4.11 using a blacklisted name/serial might also make it crash
Solution: Just delete the Registration Info from your Registry.
(HKEY_CURRENT_USER\Software\Thornsoft\Clipmate5\Registration)
after v5.1.04 a registry appears, S9 or P9 which contains the date 5 days from
installation. On this date the prog fails and pops a you're busted message.

v5.1.08+, detects the presence of a time-limit extending program such as Cracklock in the Startup Group
then it refuses to open (and consequently can't be "registered"!), informing the user that the ClipMt52.exe file
has probably been "damaged by a virus". The solution is simply to remove >Cracklock from the Startup Group.
- CloneCD

A v2.8.4.2 user reports bootup problems after a few days of use.
Removing the prog cleared up the problem.

As of v2.7.8.1 (maybe earlier) the registry keys mentioned below have new names.
'Messiah' (for Current_User) and 'Dogma' (for Local_Machine).

New serials get blacklisted very quickly, make sure you use the correct
serial with the version you have. It might appear to accept old serials but
will burn dud cds. Have also seen reports of it threatening to format the hd.
Goto HKEY_LOCAL_MACHINE\Software\The Silicon Realms Toolworks\
and delete the 'Armadillo' key for 10 more writes.

AVP might report the installer is infected. This is a false positive but
treat all warnings with care.
Try unzipping the installer and scanning the files, should be clean.

If you are having trouble installing new versions...
Goto -
HKEY_CURRENT_USER\Software\Elaborate Bytes\CloneCD\Stolen
AND
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\magnacarta
AND
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\magnacarta
and clean those entries.
It also puts some stuff in win.ini under the section [CloneCD], delete that section too.
- CodeWright

Whenever you want to re-install Codewright,
you must first delete the following key from your registry:
HKEY_CLASSES_ROOT\CLSID\{CDE06051-E12F-11D2-8468-00A0C96C6A07}
- CommView, Essential NetTools, SmartWhois
by TamoSoft

The author updates to defeat cracks but keep same version number, no ill effects reported yet.
Also see SmartWhois entry below.
- Cool Edit 2000

Detects if you've had a previous cracked/pirated v1.2 on your system.
It might Delete itself on this detection.
Also seen mentioned that the CoolEdit MP3 Plugin does the same thing.

BEFORE rebooting after install search for 'uncool.bat' in your windows directory.
- Coolfocus Applets

Have been reported to phone home, show an 'Unregistered' message before the menu appears
and overwrite the .class files.
- Compupic

An a.b.c. reader reports a problem with the html thumbnail generator.
The thumbnailed images were replaced by 0kb files each time it was used.
This could be a bug, maybe not.
- Content Advisor (MSIE Internet Properties)

Goto HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Ratings
Delete the key/s under 'Ratings'. Delete 'Ratings.pol' from your system folder.

- (*) Copernic

The ads or lack of might be related to specific serials.

Using AdSubtract as a proxy will also stop the ads.

v4.0/4.1+ - Using the built-in update feature results in the ad banner window
returning. Try getting a newer version and do a clean install of it.
Make sure you use a newer serial too.

Have seen mention of the ads coming back on a new search.

To remove the grayed out box and remove Advertisments go to Registery Editor.
(HKEY_CURRENT_USER\Software\Copernic Techologies\Copernic4Plus\Preferences\)
and remove the 'ShowAd' key.
OR try, inside the 'ShowAd' key replace 0Xffffffff to 0X00000000

Also try a different serial if you can find one.
And try increasing the 2nd last number by 1.
- Cover Pro

Under 'VB and VBA Program Settings' in the registry, remove the cover pro entires
and you have a new trial period.
- CPUidle

A Zor reader mentioned that AtGuard reports that this tries to establish
an outgoing TCP/IP connection. To do what he doesn't say.
- CSE HTML Validator

Phones home only when using the built-in update check.
If you have used an invalid serial and try to update,
it will then always try to phone home.
Solution: Just delete the Registration Info from your Registry.
(HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\CSE3310)
- Cubase vst32

Recognizes all previous projects made with cracked Steinberg products and deletes or
corrupts them.
- Cumberland Family Tree

Type the serial, don't copy/paste.
- CuteFtp

v3.xx, using cracks may make the program and your system become very unstable.
As of v3.54 there are a few good cracks that contain a valid registry file.
Apparently the program has multiple layers of key-checking and numerous
self-integrity checks.
See what the authors have to say. http://www.globalscape.com/support/cracks.html,
http://www.globalscape.com/support/cracks2.html

While the program may be reasonably protected by the registration system,
CuteFTP's data files are protected by an extremely weak 'encryption'.
The term 'encryption' is used very loosely in this regard as usernames and
passwords in the 'tree.dat' (v2.x) and 'smdata.dat' (v3.x) are easily recovered.
There is one other username and password combination that is stored as plaintext
in the registry and CuteFTP's ini file.

To see the registered name goto HKEY_CLASSES_ROOT\RI.
Double-click on the keys to see it in hex & ascii.
- Cybercorder 2000

Uses blacklist for pirate serials.
- Dansie Shopping Cart

Secretly emails the author who has access to a hidden back door.
(from a Fravia essay at searchlores that uses this document as it's basis, without proper kudos given)
- DartPro 98

A file named 'EXTRAP.EXE' is installed which tries to access the net.
- DiskState

v2.02 maybe others, seems to be a dupe file checking util.
Saw a sketchy report that it fills the registry with CLSID's.
This appears to be part of it's normal opperation.
- (*) Download Accelerator

Could be a bug (?) that causes it to crash continually after trying to reg it.
To remove the ads find the 'Ads' folder and delete the image files,
if they come back, delete them again.
Search the registry for 'accelerator', find and delete the 'Ads' key.

Also try...
Delete all the ads from the Ads subfolder in the DAP folder but leave the
Ads folder empty, don't delete it.
Open RegEdit and goto HKLM\SOFTWARE\SPEEDBIT\DOWNLOADACCELERATOR\ADS.
Find the key 'defaultserver'.
Right-click, choose modify and enter 'http://blank.htm'.

Also try renaming c:\windows\system\anigif.ocx to e.g. anigif.oc_.
- Download Demon

Hijacks certain browser task without permission.
Sends details (e.g. file names and URLs) to RealNetworks/Netzip.
This 'feature' is mentioned in the privacy policy.
- Download Programs

The Anatomy of File Download Spyware
http://grc.com/downloaders.htm
Are you being watched when you download?
http://zdtv.com/zdtv/screensavers/answerstips/story/0,3656,56,00.html
Privacy Suit Targets Netscape
http://www.wired.com/news/politics/0,1283,37435,00.html
AOL/Netscape hit with privacy lawsuit
http://www.zdnet.com/zdnn/stories/news/0,4586,2600180,00.html
- DrumStation (DT-010)

Uses a blacklist for pirate serials.
- Earthtuner

Using the 'update' feature will cause the prog to expire and result in the
trial popup returning.
- EF Commander

v2.38.3, a regular Zor reader reports that after using Fallen's keygen the prog worked perfectly.
BUT, soon realized that after using the built-in viewer, the viewed file was being deleted.
- Eudora

v4.3x, performs an update check on each run.
What Eudora is sending...
http://x55.deja.com/=dnc/getdoc.xp?AN=615588664&CONTEXT=962925880.1478819860&hitnum=32

To get rid of the update page and/or the blank screen that will
come up in front of the "In" box:
Go to the Eudora directory, look for the file "eudora.ini" and open it.
Look for lines that start with "NGBase" and "NGLast". Delete all these lines, add 'DontShowUpdates=1'
& 'DontShowAudit=1' on separate lines, save your changes, then start Eudora.
You won't get the upgrade or "blank" white screen anymore.

Have also seen mention of making 'Eudora.ini' read only.
Remeber to turn that off tho if you change any settings otherwise it won't be saved.

You can try to stop it phoning phome adding '127.0.0.1 jump.eudora.com' and
'127.0.0.1 jump1.eudora.com' to your hosts file.

Eudora Support Document - Ads: Not Seeing Ads...
http://www.eudora.com/techsupport/kb/1922hq.html

To enter the serial goto Help > Payment & Registration > Paid Mode, and hit cancel.
Then enter the name & serial and you should be able to select Paid mode.

Another ad fix...

Add these lines to the [Settings] section of your Eudora.ini file.

RegistrationFlag=-1
Code=IC
NC=1
- Evidence Eliminator

Firstly a word of CAUTION.
I have seen talk about a filemask being set to *.* for the IE cookies folder.
This appears to be part of the prog and being able to set what files to search for to clean.
This can have disasterous results. Check all settings when installing a new version.

v5.0, will accept a bad serial#, upon restart will immediately expire and soon pop
'illegal reverse engineered' warnings and it stops working properly.
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\ttsflc
and clean it out.
HKEY_CURRENT_USER\Software\Evidence Eliminator
Create a key named 'Registered' and enter for the value 'Registered'.
If you don't see a key called 'App.Path' in there add it and enter the path to the prog.

To display the unlock window...
Start it up and after choosing trial, click once and hold with the LEFT mouse button on the
blue top and press the "Cntrl"-key AND the "i"-key At the same time!
This will display the Unlock window! Enter your name reg number and enjoy.

You might need to move your clock forward 30 days AND reboot to make the trial expire.
This should allow you to enter the unlock code.
- Exploit Submission Wizard

Saw a report that this deleted the FAT partitions on his HD, nasty.
This happened after using a patch.
- Extractor Marketing Software
- (Extractor Pro & Web Weasel)

Phones home every time the prog is started.
- EZPix

v4.4, after using a keygen and a week of use this might pop a message saying...
'the serial number you have used is not in our database. You must register.....'
Possibly phones home but continues to stay reg'd with no ill effects.
- (*) Faststats Log Analyzer

Complains and stops working when using an older serial.
Try reinstalling and enter a valid serial.
- Feurio

v1.30 and later, Be carefull using a shared or keygened serial.
Although it seems registered, it inserts a spoiler into a random track.
It goes : "beeeeeep... illegal copy ... beeeeeep".
- Firehand Ember

Not sure of versions v5.93+ i think, pops a warning using a 'pirated' serial,
damages system.
After v3.8.6(?) there are separate demo and retail versions.
- FlashFXP

Uses a blacklist for pirate serials, if you use a blacklisted serial
the app contacts the author's website and pops threatening messages,
it's not recommended using the update feature, tHE eGOISTE/Tmg has a
good crack for it and eGO has a program that reads the blacklist.
- FlashGet (ex JetCar)

Uses Radiate spyware.
- Fluid Promotion

v1.02, using a bad serial will seem to register it, but it'll stop working,
will also pop 'gotcha' messages and report you to the author's site.
- Folder Guard

Uses blacklist for pirate names.
- FreeMem Pro

v4.3, a user reported strange memory problems after visiting a particular website.
It may not be related to the memory problems though.
- Fruity Loops

v2.01, to enter serial - ctrl+shift+F2, reported as having 4 stages to the
protection scheme, Basic, Full, TS404, a 'God' mode being the final,
this 'God' mode has been reported as bogus.
It appears that the download from the FruityLoops site is a CRIPPLED demo.
Depending on the TMG keygen you have it may not work.
TMG have also released a keygen for a FULL (non-crippled) FruityLoops.
- Fruity Tracks

v1.50, to enter serial - ctrl+alt+F9.
Also try ctrl+alt+F5.
The crippled problem with FruityLoops may also apply to this one.
- FTP Voyager

A very strange report on this one...

v7.2.0.0, One user reports that ALL his icons have the FTP Voyager icon superimposed on them.
Changing the original icon makes no difference, the FTPV icon comes back.
It could be a system problem but it's very strange indeed.

Serial is date dependant. Stops downloading files a few bytes
before completion when using blacklisted name/serial.
- FTPPro98/2000

Received a report that this phones home reporting your usage times.
There was also mention that some cracks for this alter your system ID,
and the prog or home server thinks you are using it on more than one system.
- GameSpy

Only use cracks by REBELS.
Uses server authentication to confirm the users registration,
forget about using keygens or serial#s alone.
- Genius

v2.6 on detecting a blacklisted serial pops up a little "you're using pirated
software, etc." window and disables various functions.
- Getright

Uses a blacklist for pirate serials. Might try to bring up a 'gotcha' page.
If it starts playing up...
Goto HKEY_CLASSES_ROOT\CLSID\{F853B2C7-386A-11D3-A860-006097897A00}
and delete 'ID'
Goto HKEY_CURRENT_USER\Software\HeadLight\GetRight\Config\
and delete 'Window00' and 'RegistrationCode'
or delete the number itself. Then try using another serial#.
- Gohip.com

This is some kind of multimedia website that pays you to advertise for them.
To clean this rubbish out...
http://www.gohip.com/remove_browser_enhancement.html
http://korova.com/virus/gohip_remove_browser_enhancement-022000.htm
Also remove windows folder winstart.exe which is called by an entry in the
HKLM\Software\Microsoft\Windows\CurrentVersion\Run key.
Check with MSCONFIG, it will show up Gohip autorun as c:\windows\winsta~1.exe.
If you use OE check you signature as well.
- Gordon Production's software
- (ASCII-Help, Einstein,
- Home Project, KarCheck,
- PasteMaster)

Einstein maybe others, phones home and reports the use of a crack,
expect an email from the author. Saw a report on Zor's news that the
author emailed a keygen user knowing it was used.
- Gotmail? Screensaver by Gotime solutions

Phones home, you will get an email from the author mentioning "registered user"
and the username you choose from the keygen. After awhile you will get another email
about pirated software and threats of the prog deleting files from the windows directory.
- Hellfire Screensaver

At some time may pop a warning 'Executable file is damaged (or cracked)!'.

- HistoryKill 99

Pops a warning about sending mail to the author when using a bad serial#,
have seen one report of it doing system damage.

- HoneyQ

v1.50, not all serials seem to enable the use of video,
if video gets disabled after registering then this is why.
- HotDog

Uses server authentication to confirm the users registration.
- Htmasc32

v3.03.22 uses a blacklist for pirate serials, will randomly popup a bogus
program error on detecting a blacklisted serial.
- HTML (Un)Compress

Uses blacklist for pirate serials.
- HyperMaker 2000

There is a feature called 'customer key code generator' that allows you to generate keys
for clients who have bought your ebooks made with the prog.

It seems that this feature does more checking on the registration serial#.
If it doesn't pass the test then the 'customer key code generator' generates the same key
everytime.

Aparently one cracked version did work properly BUT your customers will start seeing
messages poping up talking about illegel copies of the software.

No offence to anyone, don't do business with cracked software, period, atleast until you have
throughly tested every single feature AND over a period of time of weeks or months.
- Hypersnap DX

One user reports this tried to access the net, maybe trying to phone home
- ICQ

To remove the opening splash screen -

Create a shortcut and add "-minimize" (minus the quotes) to the end of the target.
This will automatically minimize to the system tray when you first start ICQ and you
won't get the "Loading ICQ" with the flower splash screen.
- ICUii

Delete ncvutl10.dll to renew the trial period.
The download package is a wrapper. You must enter a serial# to unlock it.
The actual installer is extracted to /windows/temp/, can be saved for later use.
No serial is required to install or use the prog with the actual installer.
- InfoSelect

Tries to phone home each time it's started.
- Intermute

Uses server authentication to confirm the users registration.
This may have been removed since v1.40.
v1.50 has been reported as clean.
- Internet Watcher 2000

v1.08, After about a weeks use on a keygened serial this popped a message about a pirated ID
and threatened if the prog wasn't bought within 48hrs the police would be called.
- Juno

To get rid of the adbar and create a normal DUN entry...
Open juno.ini in the c:\windows directory.
Under your user name you will see a juno generated sixteen digit password.
Make a new dial-up networking connection with your user name and this password.
- KeyText

Most older serial/keygens (v1.1x) were not 100%, prog ended up still limited,
more recent serial#s might be fine.
- Kyodai Mahjongg

Be careful using old keygens & serials, has been reported to do nasty things.
Possibly uses a blacklist for pirate serials.
Might pop nasty messages and delete itself when using only certain serials.
- Leech by Aeria

Registers with a keygen ok, using it online it seems to phone home and expire the trial.
- Lightspeed Products
- (Rocket, WebConvert Pro)

Rocket maybe others phones home and reports the use of a crack,
expect an email from the author.
- LinkBot

v5.0, Phones home.
- Liquid FX

Takes your browser to a 'gotcha' page on detecting a blacklisted name/serial.
- Lockdown2000

Have seen very conflicting reports about the effectiveness of this,
also seen mention that although it claims to be, it is NOT a firewall.
Repeatedly updated by authors to overcome new cracks,
seemingly very little time spent updating functionality.
Be careful trusting your system security on this, do some testing and you
decide. Some interesting test results to consider -
http://www.primenet.com/~lippard/pchelp/LDtest.htm
http://www.nwi.net/~pchelp/lockdown/Davis/index.html
http://www.nwinternet.com/~pchelp/lockdown/debunk/index.html
http://www.nwinternet.com/~pchelp/bo/htinvest.htm
http://www.antionline.com/cgi-bin/features/ProductReview?date=10-08-1999

The history of the authors is a very interesting read.
Don't even bother testing this let alone buying it.
- LP Recorder

If you can't get a working serial from a keygen try this.
For the location enter a location such as a state then a comma. eg. Location,
- LviewPro

v2.8, you can't enter a serial in the demo from the website,
a patch is required.
- MacOpener

v5.0 maybe others, to get another trial period search for and delete the Dataviz/Macopener keys
from the registry. Then reinstall the demo.
- Magic Folders

Deletes the illegal registration file and warns that if you use it again,
it will uninstall and you won't "ever" be able to install it again.
It also states something about being able to delete the whole hard drive instead
of just one file. Last cracked version was a looooong time ago.
- Midpoint

v4.0, search the registry for 'midcore' & 'midpoint' and remove all entries.
Reboot and you should have another 20 days trial.

In v4.0...
HKEY_LOCAL_MACHINE/Software/Midcore/midpoint/Trial Warning="1"
Change to "0".
In v4.03...
HKEY_LOCAL_MACHINE/Software/Midcore/midpoint/Trial Warning="EXPIRED"
Change to "NO".
- Milkshape 3d

To renew the trial period...
Delete -
HKEY_LOCAL_MACHINE\Software\Classes\FileMoniker.Document\
Delete -
c:\windows\system\msvcrt.ddl
c:\windows\system\msvxddrv.ddl
** NOTE the file extension (DDL)
- Model E

Using an old crack results in every 7th note being missed.
- MS Office 2000

There is a special serial# floating around that overcomes the 50 uses limit.
The Corporate/Select/MSDN serials are preferred.
Apparently the serial# in the beta 2 Consumer Preview crack by Saltine fixes it too.

Some ppl are having problems with the SR1 update.
There is info on how to fix it out there, too big to add here.
After finding the fix and you are still having problems goto the MS site and search
for 'InstMsi.exe'.
- Multimedia Builder

v4.5, try CORE's older keygen putting in an email address as the username to
generate the key, eg. me@you.com.
- Music Collector from Collectorz.Com

When using the CDDB feature the prog phones home and if the reg info doesn't check
out you are added to a blacklist, which is aparently stored in the registry supposedly under
HKEY_Users\DEFAULT\SOFTWARE\COLLECTORZ

The user who reported this seems to have had a very interesting dialog with Collectorz.Com.

After being blacklisted he decided to buy the prog.
The authors were unable for some reason to remove his name from the blacklist, even after paying for it.
Eventually a different username was required for them to actually register it properly.
The authors were aggressive in their attitude until reminded about privacy issues related to
progs sending out data without knowledge or permission of the user.
- (*) MusicMatch

v5, ?.
After coming across an old install of this a user double-clicked the main exe.
A dialog popped and said a file was missing and did he want to recreate it.
After clicking 'no' it then proceeded to delete everything on the C drive.
This may have been the MM uninstaller going haywire.
MM was installed under winME but the exe was run under win2k.
- NameZero

There is really NO WAY to remove the framed banner if you want the browser to show
the url as 'www.domain.com'.
If that doesn't bother you then websearch for 'namezero script' or something similar.

Ok, so there is a way to do it BUT it only works in IE5+ & Netscape 6, NOT in Netscape 4.xx.
- (*) Nero

A v5.0.38 user reports problems after burning an audio CD using the MP3 feature.
ALL cd burning progs stopped being able to burn audio cd's when previously they worked flawlessly.

v5.0.13+ ?, a Zor reader reports that this creates c:\windows\tmpcpyis.bat, tmpdelis.bat,
and winstart.bat as well as c:\windows\temp\nero directory on install.
After the install reboot, the next time you restart, it will call these files and do something
in the registry. Not sure what it does, but if you register with a keygen it seems to create
25 to 50 extra kernel threads that increase your processor usage to 100%.
You can verify this using system monitor. This has an undesired effect of locking up your system.
Try deleting all these files after the install reboot and then register with a keygen.

The filenames mentioned above appear to just be installation files. The threads problem may not be
related to Nero at all.

v4.?? accepts an invalid serial for a while, at a later time tells you that the
serial number you are using has been pirated.
Doesn't cause any system damage, but it will ask you for a correct serial number
everytime you load it up until you give it a valid one.
- Net Detective 2000

Does nothing more than a few good search engines can do.
- Netinfo

Will contact it's home server upon startup or some network event even after
being registered.
- NetScan Tools

v4.03, to get another 30 days...
Goto -
HKEY_LOCAL_MACHINE\Software\The Silicon Realms Toolworks\Armadillo\{7440329136F20F33}
Delete the key {7440329136F20F33}
** backup your registry or export the Armadillo section for safety.
- Netscape

To stop NetCentre loading when you check your mail add the following line
to 'prefs.js' in each of your Netscape user profile directories or 'defaults'
directory if you don't use profiles.

user_pref("mailnews.start_page.enabled", false);
- (*) Netzero

Platnum v4 seems to detect attempts to remove the banner and tries to 'self distruct'.

To remove the banner and time limit goto your \netzero\bin\ folder.
Edit JPEG.dll, erase everything inside, save it, and exit.

That aparently does not work on the latest release of ZCast (the netzero window).
- NewsReactor

Pops a warning message on entering a bad serial.
- NewsRover

Since v3.8(?) name/serial is at least triple check, when first entered,
when retrieving newsgroup headers, and uses server authentication.
If the second check fails it will delete the data files from it's directory.
- NGB Clean Registry

The Keyfile they SEND you when you register the program is machine specific.
As a workaround, before the prog expires/times out delete the file 'NBGCleanR.nbgkey'
in the progs directory. This 'trial' key will be recreated on the next run.

Saw a report of a user using this. It 'cleans' the registry during bootup but something
went wrong and it kept going round in circles restarting the 'cleaning' process.
Maybe a bug in the prog.
- Norton Antivirus 200x

If you are having problems installing the virus updates try changing the extension to '.zip'
and open the file in WinZIP. Extract and install the files manually.

Has been reported that if you've used a cracked dll on the demo,
when you update the virus definitions you will get a message that
says you need to download a patch.
If you say yes and download the patch it will replace the "fixed" dll
and set the attribute to read only, making it difficult to "tamper with" again.

To get another 12 months worth of virus defs via LiveUpdate uninstall & reinstall it.

Or go into the registry...
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Norton AntiVirus\DefAnnuity
change the number under the 'FreeStart' key to a more recent date.

- NTmail

v5.0, Zor board reader reports that it phones home.
- Nuendo

v1.02, screwed up one users system, might just be very buggy.
- Offline Explorer

Contains a blacklist of usernames.
- Oil Change

Uses server authentication to confirm the users registration,
it's the Oil Change server that provides the list of updates.
- PCDJ

When you download PCDJ a program called Gator is included.
When you get rid of and click submit on the reason you got rid of Gator you download another program called Webhancer.
Uninstalling these extras caused registry problems and explorer crashes for one user.
- Personal Stock Monitor

Will contact it's home server upon startup or some network event even after
being registered.
- Pe-MU (Picture Exhibitor - MU)

If you have trouble generating a working key try using only 3 characters followed by 2 digits.
- PhotoBrush

Problems have been reported about a recent cracked.exe.
Pops a message on execution 'Thanks for helping the big software companies ...'
and some features pop 'Afile has been changed, check your system for viruses' message.
- PixShow

v7.83 - Raybiez mentions in his release for this that the serial routine in
the prog could be bogus, or buggy as it doesn't seem to accept valid serials.
- PGP

To edit the 'version' info open PGPsc.dll in a hex editor.
- Prudens (SpyWindows) Software
- ComSpy, ExeSpy, MemMonitor, ODBCSpy,
- Process Explorer, RegistryMonitor, SetupMonitor.

Was quite awhile ago, using a keygen'd/bad/older serial resulted in your
hard drive being wiped. Be very careful with recent releases and make
sure the keygen/crack/serial# is for the version you have.
- Quake 3

The newly released full version uses server authentication to allow you to play
online, either buy it or find yourself a cracked SERVER to play on.
Aparently ID Software generated something like 21,000,000,000,000 keys, give or take a few 100 million,
but only used about 10 million of them. The chance of hitting a good key using a keygen is very slim.
- QuarkXPress

If you see some kind of message about your keyboard being wrong goto control panel, keyboard,
and change it to English (U.S. American).
- Quick Books 2000

This may look like it's trying to phone home but it's not.
It includes an updates checking prog that is trying to do it's job.

Have received a conflicting report that it does phone home to register your copy.
After doing so you can turn off the phone home 'feature'.
- RankHigher

Quoted from website - 'A note to Crackers, Hackers and thieves: we are NOT
responsible for what this program does when using a cracked version,
stolen registration code or reg code generators! You've been warned...!'.
- RealNetworks is watching you

http://www5.zdnet.com/zdnn/stories/news/0,4586,2385034,00.html?chkpt=zdhpnews01
http://www.zdnet.com/zdnn/stories/news/0,4586,2573314,00.html
More privacy concerns for Real
http://www.msnbc.com/news/436070.asp
- RealPlayer

v6 update check triggers blacklisted serial nag.
v7.0 includes a prog called Comet Cursors which has recently been revealed to
send out info on your browsing habits.
- Receipe Manager

One user reported dll problems after running this.
- ReleaseRAM

There appears to be a timed check on the serial#.
Have seen reports that it will pop
'You are using an illegal...etc. Your IP has been logged.' type messages.
Confirmed by another user.
- Restorator

v2.50 bld 757, Aparently there is only ONE 100% cracks for this,
all others will trigger the prog to delete itself or cause other problems.

The author includes a little message in the docs that using a crack 'may'
result in serious problems.
- Sibelius

Received a one time report, 3 days after upgrading a pirate version to v1.3 data files became useless.
- Simple DNS

Phones home and permanently disables if the serial check is bad.
- Smaller Animals Thumbnailer

v6.3, to get another 30 or more days...
Uninstall, delete the fodler it was installed in, search the registry for 'smalleranimal'
and delete the entries found, set your system clock ahead a few months, re-install it,
set your system clock back to normal.
- SmartDraw

v4.22, to get another 30 days on the trial version..., might only work once tho.
Goto 'help' menu, click 'about', the 'about' box pops up, hold down Ctrl+Shift
and click the 'ok' button.
- SmartWhois

Uses a 'timestamp' DLL file that does not uninstall and does not show up in an install logger.
There are two files 'wsw2i.dll' and 'wsw2n.dll'.
- (*) Snadboy's Revelation

v2.0.1.100, wants to connect to the net.
- Sniffer Pro

Saw a brief mention that this phones home.
- Spector

Phones home.
- Starcraft's Battlenet

Collects data about you and sends to server.
- Stay Connected

Uses server authentication to confirm the users registration, maybe also a blacklist.
One user reported it deleting files and causing windows problems.
Collects data about you and sends to server.
- SuperServer

Received a report that this locked up after a very short time. Following a reboot some
important system files were missing, this behaviour repeated itself after restoring the
system from a backup. Could be some kind of crack detection.

You will also mysteriously start getting email from the author.
Fairly obviously phones home.
- Surething CD Labeler

v2.10.18, one user experienced strange changes to the hd MBR with this installed,
and as a normal trial, uncracked, for that matter.
- (*) System Mechanic

v3.5h, more problems reported.
After using a bad serial this wiped everything from the windows/system directory.

v3.5g, more problems reported.
Using the built-in update feature resulted in a nasty message about a pirate serial.
The prog stopped working but could be registered again with no further problems.

For another user it attempted to reboot after entering a keygened serial.
A longer name fixed the problem.

v3.5d problems confirmed.

Uses a blackList, checks the window title of other running processes,
CLOSE keygens before running & reg'ing this.

v3.5d, has been reported that this 'cleaned' out c:\ entirely.
Could be a bug in 'Clean Cache & Cookies For...' under Privacy\Scheduled Maintenance options.
Another report confirms this but suggests it's related to the Internet Security options.

Problems have also been reported in v3.5c.

v3.5b, received a report that on entering a wrong reg code the prog reboots your
machine and delete's critical system files.
Another user reported similar problems, it damaged system files twice within a 2 week period.
It might also pop 'you are using an illegal serial' type messages.
- Teleport Pro

v1.29, informs Tenmax of the site you are mirroring in a not so obvious way.
Requests the file 'robots.txt' with 'HOST: thesiteyouaredownloading' in the header.
(from a Fravia essay at searchlores that uses this document as it's basis, without proper kudos given)
- TextPad

v4.1.04, some info from an ORION release...
"the author got very tricky and added a hidden check that slows it down by like 1-2 seconds
via the sleep command in a loop, almost unnoticeable to the new user.
But for all you habitual textpad users, it was quite noticeable and annoying."

It is also noted to use an up to date crack/serial# on this as it might 'appear' to register
with old info but the 'slow down' will still take place.
- The Cleaner

Saw a sketchy report that it will disable itself but still appear to be working.
Received another report confirming this. It is the TCActive!(memory resident) part
that stops working.
- Time & Chaos

v5.3.9, Locks your data files in a bad serial is used.
BACKUP your data before trying this, if it fails go back to the last working version.

v5.xx maybe later, blacklist for pirate serials, on detecting pirate serial
locks the data files, prog may not run again.
- Timeworks DirectX Plugins

Demos can detect if you've used a cracked version before, threatens to erase
C: drive, seems to just be a scare tactic.
- ToDo'95

v4.14 maybe others, If the program is used beyond the 30 day evaluation period,
the author issues a "Doomsday warning". The message warns that the user must
uninstall the program immediately or the program will delete the host computer
Windows directory. The code for a DELTREE command on the host Windows
directory has been found within the executable.
- Total Recorder

v2.1 maybe others, v1.0 is ok, Seems to be a long standing often missed trick,
after 64 seconds a spoiler signal is inserted into the output file.
- Tracking the Eye

Uses server authentication to confirm the users registration.
- TranSoft
- (MailControl & others)
Contacts it's home server and checks your registration data against a few lists.
(http://www.transsoft.com/codes/) One list is 'legal' usernames,
other is 'illegal'.
Names on the Illegal list include - William McCurdy, Nambulu, forcekill,
MONTILLO, Montillo, Norway, SiraX/[DNG], CORE/JES, Bracco,
Nambulu/Survivors, BABYNET, SiraX/CORE, QuQ [FACTOR],
Black Thorne [PC'98], Phrozen Crew '98, SiraX/[CORE]-1998, TransSoft,
mRFANATIc [D4C], JellyTop, astaga [D4C], C4A Team, Doug Mchugh,
Karl Kachigan, Master Computer.
- Tweaki for Power Users

Serial is date dependant. Pops a warning message on bad serial.
If you get this try going to \HKEY_LOCAL_MACHINE\Software\Tweaki\
Find the 'RegName' key and change SPRITEX to SPRITEY.
Also reported to detect an old cracked version,
pop nasty messages and stop working.
Clean the old registry entries and also search for 'jermar','tweaki', and 'twk',
new version will then install without probs.
- UK Speaking Clock

Uses server authentication to confirm the users registration and
detects previous cracked installations, pops a warning message.
- Virtual Drive

v5.1 From Zor's Discussion board, a user used an old patch by Swat99
and his boot drive was totally nuked.
- Vopt99

Use a telephone number (xxx-xxx-xxxx) as the location when creating/entering a keygened serial#.
- Wave Corrector

If you get an "invalid PVI file" error message then it means you have used an invalid registration code.
- WaveLab

v3.03 exhibits a strange crashing problem.
Try loading a wav file before closing. Next start it will load the file and not crash anymore.
Also try switching a system dll, msvcrt.dll, back to v6.00.8397.0, or an earlier version than
the one installed by the prog.
- WebForms

In one version of it, the author had code to delete x:\windows\system\*.dll,
and in another he deleted x:\command.com, then displayed a goofy message.
There is a modified keymaker that gets posted now and again.
It still works, last time it was checked.
Has been advised against using it on a version above 2.5d, however.
- WebPosition

From a recent Damn release,
Set your firewall to block all connection attempts to www.webposition.com for WPGold.exe.
Delete some files and then re-register the program.
1. In WebPosition directory:
- webpos2.lic
- wpconfig2.cfg
2. In your Windows directory:
- webpos2.ini
- webpos2.lic
- wpuser2.cfg
- Wetsock 4

Will contact it's home server upon startup or some network event even after
being registered. .
- Where Is It?

Locks catalogs if blacklisted name/serial is used, due to continual updating (to
overcome the cracks) it's hard to find a correct version and matching keygen.
Core's v2.11 (2.1.1.1003) release of the app & keygen is known to be good.

When this happens in v2.12 it locks the catalog and overwrites the catalog name
with 'warez user'. I have some info on fixing this.
It get's worse as of v2.14, it doesn't lock the catalog but overwrites all
titles, folders, and file names in the catalog with 'warez user'.
If you get stuck in the 'warez user' trap do NOT save the catalog,
if it happens during updating the original catalog will be ok.

Have used v2.14 for awhile and eventually got trapped., seemed to be after
running it while online but could not catch it in the act.
To Robert's credit the protection scheme is very good, no doubt using multiple
triggers, timers and delays before the 'problems' start appearing.
- Willow Talk

Phones home reporting the serial# then stops working if it doesn't check out ok.
Can be blocked with your firewall.
- (*) WinAce

v2.02, seems to accept serials but may unreg itself at a later time.
- WinAmp

Have seen reports of this trying to connect to 205.188.132.70 (AOL).
Seems that it's reporting back to AOL what you are doing with it.
- Window Blinds

A user running WinME reports that after downloading the skin upgrades files in
windows/system were corrupted.
This might be a problem related to winME, maybe not.
- WinDownload

Pre v4.x, formatted hard drive, shut down windows when using blacklisted
name/serial, conflicting report that it only deletes the Program Files
directory.
- Windows 95

To install the 'upgrade version' as a full version to a clean drive...
Create a file on any floppy you can use. The contents of the file can be anything,
it doesn't matter. Make the name of the file: 'win.cn_' (NO quotes).
When the 95 install prompts you for the 3.1 Disk 1, point it to the drive with this file on it.
- Windows 98/SE

Using a full install as an upgrade...
Create a rescue disk under your current version of windows.
Boot the floppy and make sure you can access the cdrom.
Boot the floppy, rename c:\windows\win.com to winold.com
Now run setup from the CDROM.
Make sure to do a custom install and when the install program asks for
a directory, tell it where your existing copy of windows is.

If that doesn't work also try renaming/moving c:\msdos.sys & c:\io.sys.
- Windows 2000

You must TYPE the serial number, not copy/paste, when installing.
Do NOT use the caps lock, hold down shift for the upper case letters.

To extend the trial, BEFORE installing the eval set your BIOS date forward a few years.
- Windows ME

To overcome the trial timeout replace the file 'io.sys' with one from Win98SE(Dos7.1).

Format a bootable floppy under Win98.
Copy sys.com to that floppy.
Reboot using the floppy.
Use sys to transfer the non-timebombed files to your WinME system.
At the dos prompt enter 'sys /?' for the commandline help.
- Windows lotto 2000

The username can only contain the letters - Aa Bb Cc Dd Ee Ff.
- (*) WinOnCD

Received a sketchy report of this deleting the boot-drive partition table.

This has been confirmed by another user.

Another user suggested this might be related to the creation of the CD emulator 'partition'.
- Winproxy by Ositis

v3.0, uses server authentication and/or a blacklist,
on detecting a bad serial will pop 'gotcha' type messages.
v3.0rf1, maybe more, received a report about this removing DUN on using a bad serial#.
- WinRAR

v2.60+, the authenticity verification feature doesn't seem to work 100% on
any cracked version.
Aparently there is a FAKE Dsi version of this that cotains a new trojan.
WinRAR.v2.60.FINAL.incl.KeyGen-DSi.
- WinRescue98

v4.11, Be very carefull with this.
An a.b.c. regular reported that this deleted his windows directory twice in a row
on dec12. It had been running fine for many months on the 'christa' serial
until that date.
Another reader in a.b.c. confirms a problem with the 'christa' serial# and
also reports it deleting the files it was supposed to be backing up.

Yet another report came in on this one.
- WinRoute

When entering the serial make sure the letters (a-z) are in UPPER case.
The first time you login to the Adminstration Tool, leave the username as
set (Admin) and leave the password blank.
- Wise Installer

Beginning with Wise 5.0c, the /x command line switch allows you to extract files
from the install archive individually. Very few of the Wise 5.0c - 8.0 installers
are password protected, so 'setup /x' is all you need. If the setup file was
password protected, 'exwise' (found on any good cracking tools site) might work, untested.
- Wolf products by Trellian

Pops warnings when using blacklisted name/serial.
Phones home and pops scary messages.
Try setting the ini file to 'read only'.
- WOW Thing!

Tries to send data to 63.241.3.36.
- (*) Xara X

After changing options this might try to call home.
Cancelling the connection results in a strange warning message 'XXX', just 3 X's.
- YATS32

v8.0.xx, the author plays a joke on the crack user by shifting the time periodicly in small chunks then
by one whole year. It seems semi-random but there may be a pattern to it.

Way back in '97 (v4.3) Saltine reported the protection to be very good and a tough one to crack.
The exe contained an encrypted message - "Hey Zulu, Saltine, XLogic, are we having fun yet!!!"
- Yahoo Chat Banner

Open ypager.exe in a hex editor and search for the string 'http://chat.yahoo.com/c/msg/banad.html?spaceid='.
Replace the C (/c/) with another letter. The banner will then fail to load.
- (*) Zone Alarm

Alot of peeps are having problems with the new version of this.
Contact tech support. They will give you a loooong list of stuff to cleanup before upgrading.

If you have problems reinstalling, find iamdb.rdb in c:\windows\internet logs and delete it.
Reboot and try reinstalling again.
- Zmud
Uses server authentication to confirm the users registration.
If your system date does not match the zMUD server or it suspects you
are using a hacked serial or otherwise you may still play for an hour.
Then it sends the command "shout I AM A ZMUD HACKER!!!" to the MUD and
restarts your computer.
====================================================================
The information above has come from various sources,
some from me and alot from many other people.
Sources included newsgroup postings, crack/warez releases,
Zor's page and the kind people who contact me directly.
To one and all, thanks for your 'heads up' information.
====================================================================
This document as a compilation of data remains the copyright of LeoGetz.
All other copyrights are held by their respective owners.
====================================================================
© LeoGetz 2001