Backweb LDM and IE6 Hijacking Removal Problem

[PeterLander]

I have tracked a number of problems (games crashes; jittery GIFs; Icon
cache errors; 100% cpu usage; and lockups) to Logitech's Desktop
Messenger (LDM).
I know that Spybot can be used to eliminate the Backweb component of
LDM.
My problem runs a little deeper than that and I can see no successful
removal documentation in this group or any other. Nor is there
anything in either Logitech's support or any of the various spyware
sites such as PestPatrol.

LDM came with my cordless optical mouse six months ago. The main
component is Backweb. However, it also injects itself into the system
with helper object hooks, start up steps and amendments both basic and
run-time to my Win98 system DLLs.

I will devote today to compiling a complete documentation of the stuff
that I think that I must do to get rid of this pest. If successful
(and if it appears to be worthwhile) I will publish the full details
for others with the same problem.
This posting is to ask if anybody has any knowledge that will help me
beat this little bit of nastiness?

 

[Frank Saunders, MS-MVP]

I have tracked a number of problems (games crashes; jittery GIFs; Icon
cache errors; 100% cpu usage; and lockups) to Logitech's Desktop
Messenger (LDM).
I know that Spybot can be used to eliminate the Backweb component of
LDM.
My problem runs a little deeper than that and I can see no successful
removal documentation in this group or any other. Nor is there
anything in either Logitech's support or any of the various spyware
sites such as PestPatrol.

LDM came with my cordless optical mouse six months ago. The main
component is Backweb. However, it also injects itself into the system
with helper object hooks, start up steps and amendments both basic and
run-time to my Win98 system DLLs.

I will devote today to compiling a complete documentation of the stuff
that I think that I must do to get rid of this pest. If successful
(and if it appears to be worthwhile) I will publish the full details
for others with the same problem.
This posting is to ask if anybody has any knowledge that will help me
beat this little bit of nastiness?

First eliminate any scumware.
See
Dealing with Unwanted Spyware, Parasites, Toolbars and Search Engines
http://mvps.org/winhelp2002/unwanted.htm

Note that AdAware and SpyBot S & D will each catch some things the other
won't. Also, each needs to be updated before every use, even when just
downloaded. There's also a lot more to do than just those two programs.
CWShredder is also available here:
http://www.kellys-korner-xp.com/regs_edits/cwshredder.zip
**Post your HijackThis log to
http://forums.spywareinfo.com/ or the Spyware forum at
http://forum.aumha.org/ for expert analysis, not here.**
Alternative download pages for Ad-Aware, Spybot, HijackThis and CWShredder
may be found on this page:
http://aumha.org/a/parasite.htm.
If trying everything at that site does not fix the problem please post back
in the same thread.

--
Frank Saunders, MS-MVP, IE/OE
Please respond in Newsgroup. Do not send email
http://www.fjsmjs.com
Protect your PC
http://www.microsoft.com/security/protect/

 

[PeterLander]

First eliminate any scumware.
See
Dealing with Unwanted Spyware, Parasites, Toolbars and Search Engines
http://mvps.org/winhelp2002/unwanted.htm

Note that AdAware and SpyBot S & D will each catch some things the other
won't. Also, each needs to be updated before every use, even when just
downloaded. There's also a lot more to do than just those two programs.
CWShredder is also available here:
http://www.kellys-korner-xp.com/regs_edits/cwshredder.zip
**Post your HijackThis log to
http://forums.spywareinfo.com/ or the Spyware forum at
http://forum.aumha.org/ for expert analysis, not here.**
Alternative download pages for Ad-Aware, Spybot, HijackThis and CWShredder
may be found on this page:
http://aumha.org/a/parasite.htm.
If trying everything at that site does not fix the problem please post back
in the same thread.

Dear Frank,
Firstly Thank you ... BUT ...
My problem is not Backweb as such .. It is LDM "Logitech's Desktop
Messenger".
I may not have stated the problem sufficiently clearly ... so ...
* LDM is added with cordless optical mouse software without a proper
"do you want this?" warning from Logitech ... making it spyware in my
opinion.
* LDM is huuuuge ... 11.2 mB, 27 folders, 142 files, an as yet unknown
number of DLLs, so far found more than 300 registry entries, and an
unknown number of code changes to Win98 system DLLs
* LDM is pervasive ... file open/create/delete; web page access;
scripts and god-alone-knows what else including dynamic DLL
modification.
* Logitech barely acknowledges LDMs existence; has changed its name (I
think); and gives no information re removal and misleading information
re disablement.
* Literally thousands of postings and spyware sites have been searched
for help but as far as I can tell nobody has succeeded in getting rid
of it.
* A frontal attack on Backweb (which is but a minor component) is
unlikely to be very fruitful because (a) it is but a part of a much
bigger problem and (b) Logitech has re-badged it to look like one of
its own.
So, for you and anyone else interested, is there anybody who can help
me get rid of this "thing" that has taken over my life ?
Thank you.

 

[Mike Burgess]

PeterLander,

"I can see no successful removal documentation in this group or any other"

Why you would expect to find any here in a MS newsgroup for IE?

Why don't you simply deny it access to the Internet from your firewall?
That would be a better solution than trying to remove file, registry entries
that may possibly trash your machine.
____________________________________________________________
Mike Burgess [MVP Windows Shell\User] http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 02-18-04]
Please post replies to this Newsgroup, email address is invalid
--

 

[PeterLander]

Mike Burgess says ...

PeterLander,
Why you would expect to find any here in a MS newsgroup for IE?

I spent many, many days inspecting groups before selecting this group.
Problems, questions, answers, and skill levels all pointed me here.

Why don't you simply deny it access to the Internet from your firewall?
That would be a better solution than trying to remove file, registry entries
that may possibly trash your machine.

The short answer is NIS 2004 ... been there, done that.
The long answer is contained in my reply to Frank Saunders, viz ...
* LDM's main task is the recording of my systems activity
* via amended basic system DLL's (DLL mods and runtime hooks)
* eliminating (Frank) or blocking (yourself) the Backweb component is
secondary
The problem is LDM ... not Backweb.
Once LDM is removed, the (re-badged) Backweb will go away with it.

Uninstall LDM ?
From my earlier posting ...

* Logitech barely acknowledges LDMs existence; has changed its name (I
think); and gives no information re removal and misleading information
re disablement.

This has been a very long road. It all began with the failure of a
number of 16-bit applications ... most visibly the Msoft games
(Freecell et al). It continued through to aberrant behaviour from my
IE6 and Win98 upgrades. I am living with icon cache problems, system
freezes, KERNEL32 crashes, locked Explorer behaviour, constant IE6
re-boots, GIF jitters, dancing mouse pointers, lost keystrokes,
sluggish running, slow boots, and aberrent shut-downs.

My immediate problem is the registry analysis phase of getting rid of
this stuff. Is there such a thing as a registry analyzer ? I searched
in vain for days. Right now some 40 hrs of work has yielded 347
entries to be deleted or modified. It is very, very tedious.

Thank you for your interest.
PS Being a newbie, I am unsure of the etiquette.
I am snipping out excessive repetition of previous posts after
acknowledging them.

 

[Mike Burgess]

PeterLander,
I'm not sure what you want to accomplish, but if I ever had
so much trouble with a device I would remove it ........
____________________________________________________________
Mike Burgess [MVP Windows Shell\User] http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 02-18-04]
Please post replies to this Newsgroup, email address is invalid

 

[PeterLander]

PeterLander,
I'm not sure what you want to accomplish, but if I ever had
so much trouble with a device I would remove it ........

Dear Mike,
The Logitech cordless optical mouse and its driver/mouseware stuff is
just marvellous. Works fine ... no problems.

The automatic, web-communicating, similar to NIS's LiveUpdate and
Microsoft's enterprise management style of update notification &
implementation called "Logitech Desktop Messenger" (LDM) is not
marvellous.
It is an ugliness implemented by stealth and seems almost unremovable.

What do I want to do ? I want to get rid of the thing.

Why not just get rid of the device ?
As near as I can fathom, once it is there, LDM has a life of its own.
It dwells independently of the device and its software.
It becomes a free-standing interference to my peace of mind.

Because of the way it hooks into everything that moves, I spent some
months believing that all of my 16-bit apps were stuffed ... when all
along it is a "well-known fact" that LDM only breaks some of them.
And I want my Freecell back. I want Explorer to behave. And all those
other things I mentioned.

The problem has become a generic one. Clearly stated it is this ...

What help is available for someone who wants to analyze an
undocumented application's components to a sufficient level to delete
it without damaging anything else ?

Regards,
Peter Lander

 

[Mike Burgess]

PeterLander,

And I want my Freecell back"

In every case that I've seen it was caused by a 3rd party software install
that conflicts with FreeCell. Restart in Safe Mode and see if FreeCell
operates correctly, if so then you have a conflict with another program
running in the background.

1) Virus software (PC-Cillin)
2) Iomega parallel Zip drive with IMGICON loading at startup
3) Ami Scroll\4DMain.exe
4) It may be possible one of the 2 FreeCell files are corrupt\damaged
freecell.exe, cards.dll. Use Msconfig to extract a fresh version.
--

What help is available for someone who wants to analyze"

No idea ... it's unethical for me to advise on altering OEM software.
____________________________________________________________
Mike Burgess [MVP Windows Shell\User] http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 02-24-04]
Please post replies to this Newsgroup, email address is invalid
--

 

[PeterLander]

Dear Mike,
Comments are inserted below.

PeterLander,
In every case that I've seen it was caused by a 3rd party software install
that conflicts with FreeCell. Restart in Safe Mode and see if FreeCell
operates correctly, if so then you have a conflict with another program
running in the background.

1) Virus software (PC-Cillin)
2) Iomega parallel Zip drive with IMGICON loading at startup
3) Ami Scroll\4DMain.exe

This PC has been anti-virused exhaustively ... and I do mean
exhaustively. Not only by an up-to-the-minute NAV but also by several
online scanners and three different anti-spyware applications
(Ad_Aware being automatic and SpyBot being the main back-up). All
varieties of virus and other malware can be ruled out as a problem for
Freecell (and others).

4) It may be possible one of the 2 FreeCell files are corrupt\damaged
freecell.exe, cards.dll. Use Msconfig to extract a fresh version.
--

Exactly.
And the manner of the damage is that LDM makes both permanent and
dynamic changes to basic system software. As I understand it from my
research into this, the point of these changes is to allow LDM to
monitor system activity ... so that this can be reported back to home
base (via BackWeb).
I believe that the dynamic hooks cause same kind of stack overflow in
any older (esp 16-bit) apps which cannot cope with this kind of
expansion.
I am using Freecell (and the other Microsoft games) as a bellwether. I
will know that LDM has been eliminated root and branch when these
start working again. In other words, I have no wish to fix Freecell
specifically ... I want that program to function as a diagnostic tool
for the work in hand.

No idea ... it's unethical for me to advise on altering OEM software.

The problem is "Remove LDM".
I have no wish to amend OEM software ... merely to get rid of it.
Even more to the point, the reference to "analyze" concerned tools for
easing the tedium of ploughing through the registry (am up to 1075
keys to be deleted).
I am aware of (and will probably purchase) "Registry Tool". This seems
to be as good as there is.
Recommending a registry analyzer tool ought not compromise one's
professional integrity too much, should it ?

I now believe that your first question of me was the most pertinent
.... what am I doing here in this group? Given the care with which I
selected it, I have little hope that any other group will do any
better.
Do you have one to suggest?

Regards,
Peter Lander

 

[Mike Burgess]

PeterLander,

" I have no wish to fix Freecell specifically"

I simply asked if it operated in Safe Mode, as this would indicate
that something loading at Startup is the culprit. If it was your
mouse software everyone else would be complaining and this
does not appear to be the case. Freecell complaints are rare.

Do you have one to suggest"

Perhaps one of the Hardware Groups?
news://msnews.microsoft.com/microsoft.public.windowsxp.hardware
____________________________________________________________
Mike Burgess [MVP Windows Shell\User] http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 02-24-04]
Please post replies to this Newsgroup, email address is invalid

 

[PeterLander]

Dear Mike,
Thank you for your help.
I will follow your suggestion and take this request to that WindowsXP
hardware forum. I do so hope that they are not too rude to people
asking Windows98 Software questions.
Regards,
Peter Lander

PeterLander,

" I have no wish to fix Freecell specifically"

I simply asked if it operated in Safe Mode, as this would indicate
that something loading at Startup is the culprit. If it was your
mouse software everyone else would be complaining and this
does not appear to be the case. Freecell complaints are rare.

Do you have one to suggest"

Perhaps one of the Hardware Groups?
news://msnews.microsoft.com/microsoft.public.windowsxp.hardware
____________________________________________________________
Mike Burgess [MVP Windows Shell\User] http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 02-24-04]
Please post replies to this Newsgroup, email address is invalid
--

"Mike Burgess" <[email protected]> wrote in message

Dear Mike,
Comments are inserted below.


This PC has been anti-virused exhaustively ... and I do mean
exhaustively. Not only by an up-to-the-minute NAV but also by several
online scanners and three different anti-spyware applications
(Ad_Aware being automatic and SpyBot being the main back-up). All
varieties of virus and other malware can be ruled out as a problem for
Freecell (and others).


Exactly.
And the manner of the damage is that LDM makes both permanent and
dynamic changes to basic system software. As I understand it from my
research into this, the point of these changes is to allow LDM to
monitor system activity ... so that this can be reported back to home
base (via BackWeb).
I believe that the dynamic hooks cause same kind of stack overflow in
any older (esp 16-bit) apps which cannot cope with this kind of
expansion.
I am using Freecell (and the other Microsoft games) as a bellwether. I
will know that LDM has been eliminated root and branch when these
start working again. In other words, I have no wish to fix Freecell
specifically ... I want that program to function as a diagnostic tool
for the work in hand.


The problem is "Remove LDM".
I have no wish to amend OEM software ... merely to get rid of it.
Even more to the point, the reference to "analyze" concerned tools for
easing the tedium of ploughing through the registry (am up to 1075
keys to be deleted).
I am aware of (and will probably purchase) "Registry Tool". This seems
to be as good as there is.
Recommending a registry analyzer tool ought not compromise one's
professional integrity too much, should it ?

I now believe that your first question of me was the most pertinent
... what am I doing here in this group? Given the care with which I
selected it, I have little hope that any other group will do any
better.
Do you have one to suggest?

Regards,
Peter Lander

 

[Mike Burgess]

Peter,
You shouldn't find the Hardware MVPs rude ......
There are also several other Hardware groups that you may
want to try .... via Google Groups
____________________________________________________________
Mike Burgess [MVP Windows Shell\User] http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 02-24-04]
Please post replies to this Newsgroup, email address is invalid
--

Dear Mike,
Thank you for your help.
I will follow your suggestion and take this request to that WindowsXP
hardware forum. I do so hope that they are not too rude to people
asking Windows98 Software questions.
Regards,
Peter Lander

PeterLander,
" I have no wish to fix Freecell specifically"

I simply asked if it operated in Safe Mode, as this would indicate
that something loading at Startup is the culprit. If it was your
mouse software everyone else would be complaining and this
does not appear to be the case. Freecell complaints are rare.

Do you have one to suggest"

Perhaps one of the Hardware Groups?
news://msnews.microsoft.com/microsoft.public.windowsxp.hardware
____________________________________________________________
Mike Burgess [MVP Windows Shell\User] http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 02-24-04]
Please post replies to this Newsgroup, email address is invalid
--

"Mike Burgess" <[email protected]> wrote in message

Dear Mike,
Comments are inserted below.

PeterLander,
And I want my Freecell back"
In every case that I've seen it was caused by a 3rd party software install
that conflicts with FreeCell. Restart in Safe Mode and see if FreeCell
operates correctly, if so then you have a conflict with another program
running in the background.

1) Virus software (PC-Cillin)
2) Iomega parallel Zip drive with IMGICON loading at startup
3) Ami Scroll\4DMain.exe

This PC has been anti-virused exhaustively ... and I do mean
exhaustively. Not only by an up-to-the-minute NAV but also by several
online scanners and three different anti-spyware applications
(Ad_Aware being automatic and SpyBot being the main back-up). All
varieties of virus and other malware can be ruled out as a problem for
Freecell (and others).

4) It may be possible one of the 2 FreeCell files are corrupt\damaged
freecell.exe, cards.dll. Use Msconfig to extract a fresh version.
--

Exactly.
And the manner of the damage is that LDM makes both permanent and
dynamic changes to basic system software. As I understand it from my
research into this, the point of these changes is to allow LDM to
monitor system activity ... so that this can be reported back to home
base (via BackWeb).
I believe that the dynamic hooks cause same kind of stack overflow in
any older (esp 16-bit) apps which cannot cope with this kind of
expansion.
I am using Freecell (and the other Microsoft games) as a bellwether. I
will know that LDM has been eliminated root and branch when these
start working again. In other words, I have no wish to fix Freecell
specifically ... I want that program to function as a diagnostic tool
for the work in hand.

What help is available for someone who wants to analyze"
No idea ... it's unethical for me to advise on altering OEM software.

The problem is "Remove LDM".
I have no wish to amend OEM software ... merely to get rid of it.
Even more to the point, the reference to "analyze" concerned tools for
easing the tedium of ploughing through the registry (am up to 1075
keys to be deleted).
I am aware of (and will probably purchase) "Registry Tool". This seems
to be as good as there is.
Recommending a registry analyzer tool ought not compromise one's
professional integrity too much, should it ?

I now believe that your first question of me was the most pertinent
... what am I doing here in this group? Given the care with which I
selected it, I have little hope that any other group will do any
better.
Do you have one to suggest?

Regards,
Peter Lander

[/QUOTE]