Acer may be bugging its computers

http://yro.slashdot.org/yro/07/01/08/0515200.shtml

Ouch... why would they do this?

For those who didn't read it's an ActiveX control that can has the ability to execute anything through a command line.

 

Ouch... this could get bad...

And a good question, why WOULD they do this... think that entry gets removed

Edit: Confirmed found on my 8204

 

It's part of the Launch Manager application...

Oh, no, the sky is falling...

You shouldn't be using IE6 anyway... upgrade to IE7 or better yet go with Firefox/Opera and don't worry about it.

 

Yes, part of Launch Manager, however given what it allows it's not exactly something "safe".

If Microsoft had a control that allowed anyone to run anything they want on your PC (at any time) do you THINK it would get a post of "but it's just part of the OS".

As for using IE6, well I need to for work, admittedly I use Firefox for almost everything I can, but for a few websites I have to use IE6.

 

Copied from the slashdot post:

To remove this from your machine.

Goto Start > Run and type:
regsvr32 -u lunchapp.ocx

 

Thanks all for the warning!

I tested the demo exploit - it starts calculator.exe from an IE window.

I must say that I am AMAZED that this kind of thing still works in this day and age. How stupid is it that IE allows a web page to start a random app, no matter what an ActiveX control allows or not. It's just brain-dead.

IE did warn me about 3 times before it did this but still.

To test if you have this problem, unpack the attached HTML file, and open it in IE. Look at the source first to confirm it doesn't do anything bad. If you click yes on all the security dialogs, it will start calculator.exe. But remember it could also have installed some trojan or virus.

I can also confirm that after running the command fastcarr posted, the problem does not occur anymore.

I generally only use Firefox... and things like this are the reason. Inherently unsafe design of IE.

 

I do not believe this is part of the Launch Manager (LaunchApp.exe as opposed to L unchApp.ocx....the sneaky active-x control.
That's "LUNCH", not "Launch".

This appears to be a serious possible exploit and should probably be taken seriously.

Anyone who uses IE should check out the above links and information.

I un-registered the file on mine as per the instructions above.


Here's another link with a built in 'test' and similar instructions for unregistering the file as in posts above.

Don't be alarmed if Calculator launches....Or you may just get the warning bar if using IE7.
Just follow the instructions.
http://www.futt.org/?p=97#more-97

 

It could easily still be part of Launch Manager (8 character DOS file limits might make someone use lunchapp as the name since launchapp is too long)

HOWEVER, that being said,

I would STRONGLY recommend anyone who has an Acer check they don't have this running because it is a large exploit hole and definately potential area people to inflict malicious attacks on your PC.

 

Confirmed in my pc after a fresh install of windows (it's the software not the version). I don't use IE6 or IE7 for ANYTHING except for updating windows.


I prefer to use protection personally



Use firefox or opera and you'll save yourself a headache.

--ssx--

 

Yes.....I'm not entirely sure if it's still somehow related to the launch Manager or not.
Nor can I imagine why something like this would be needed for Launch Manager. (Regardless, it's potential is BAD).

I do know that after unregistering the file, and then removing it, my Launch Manager Utility still works fine.

I use Opera, but tried IE7 just to test the exploit (All I got was a warning bar that the Active-X control wanted to be run...of course I declined).

And zx10guy....yes, I simply went to Start/Search "all files and Folders" and searched for this exact file:

LunchApp.ocx

You can copy and paste the above to be sure.
Mine was found in my Windows\System folder.

After unregistering the file, no more warnings from the tests.

I'd LOVE to know why it was put there (and especially why it's been left intact since 1998), but it's a very serious hole as you can see from the simple test that was written to launch Calculator.

Think of the other possibilities.

 

confirm it is one my Ferrari... Bye, Bye

not no more
the location in the Acer OEM is:
C:\Windows\System\

i just deleted even though i use firefox.

 

Or, reinstall your system every 6 months and get a VERY secure hardware firewall.