DealPly Live fakes itself as a Google Software Update service!

While cleaning a customers computer I found the following.

Service: dealplylive
Name: “DealPly Live Service (dealplylive)”
Description: “Keeps your Google software up to date. If this service is disabled or stopped your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work.”
Path: “c:\Program Files\DealPlyLive\Update\DealPlyLive.exe /svc”

Awful that companies / junkware can get away with this. It has added a dealplylive service that is claiming, in its description, to be Google software update service. (In this screen shot I’ve disabled and stopped the service but it was set to auto start and was running).

Shocking behaviour.

Edit: I’ve found another customer infected with BonanzaDeals.. with folders containing similar structures to the DealPly and DealPlyLive folders.. (in this case BonanzaDeals and BonanzaDealsLive).
They seem to have changed tactic and now use Scheduled Tasks to load their program rather than services.. The computer in question also didn’t have the program in the uninstall list. The only way to uninstall was to kill the process BonanzaDealsLive.exe using task manager and then delete the Bonanza* folders from the Program Files directory.

Once again they fake the filenames to look like Google Updater (in this case npGoogleUpdate3.dll).

Enraging stuff.

This entry was posted in Uncategorized. Bookmark the permalink.

Comment on this topic

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s