DownloadWare is a process that runs on Windows startup. If a network connection is available it will connect to its servers, which can direct it to download and install software from advertisers.
It may be installed through an ActiveX control called ActiveInstall, which decodes and runs a built-in executable and then (tries to) remove itself. This executable can include DownloadWare and often a 'MediaCharger' dialler from Movie Networks, Movie Place, SwimSuitNetworks, Popcorn.net, MVPNetworks or Real-Tens [sic].
The parasite detection script on this site can only detect the ActiveInstall control. When DownloadWare is loaded and running, this site cannot detect it. If you have ActiveInstall, DownloadWare is probably not yet fully installed; see 'Partial removal' to deal with this case.
MediaLoads or ClipGenie. This is actually an application loaded by DownloadWare which shows any videos or pictures DW has downloaded. However DownloadWare is also now being marketed under both these names as well as its own.
Installed by ActiveX drive-by-download using the ActiveInstall control on web pages, usually pop-up advertisements displayed through internetfuel.
Is more recently also distributed with the KaZaA Media Desktop (in later versions you can opt out of this install by unticking the 'MediaLoads' option), and with Grokster (no opt-out). There is no ActiveInstall control in either of these cases.
No. (But much of the software it installs when running is advertising.)
No. (Again, in itself.)
Yes. The software is designed to execute arbitrary code from advertisers. There is no code-signing so systems are vulnerable to DNS poisoning attacks and attacks on the controlling servers, but the code it deliberately installs is so disreputable anyway that this probably isn't too big a deal.
Many users have reported crashes on Windows start-up caused by Dw.exe.
The EULA, when found, claims that it may clash with various other software and so if it finds any it will remove it. (!)
There is an Add/Remove Programs entry, for 'DownloadWare', but it may sometimes not work (at least it failed for me in Windows 2000). Spybot S&D v0.95 upwards and Ad-Aware reflist 005-29-04-02 upwards can remove DownloadWare.
As well as removing DownloadWare you should check your system for other things it has installed and get rid of them too. This may include:
Network Essentials (or its variant 'MediaLoads Enhanced') - spyware/adware
PAgent - scans your hard drive for the popular P2P file-sharing
applications bearshare.exe, grokster.exe, kazaa.exe, limewire.exe and
morpheus.exe. After searching the entire local filesystem for any files
with those names it connects to the DownloadWare servers and tells it
what, if anything, it found. To remove, run regedit and go to:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
and remove the "PAgent" value. Open the Task Manager (Ctrl-Alt-Delete)
and kill PAgent if it is still running. You can now delete the 'PAgent'
folder in your Program Files directory. You can also clean up the key HKEY_CURRENT_USER\Software\PAgent if you like.
Casino games (Vegas Palms, Royal Vegas) - large installation of
gambling games. Use Add/Remove Programs to remove it. A key will be
left in the registry under HKLM\Software\MicroGaming which you can remove if you wish.
KFH or MLH - lurks in the background and every so often launches a very large Flash advert, for Vegas Palms, Ryal Vegas or Five Roses casinos. Go to Add/Remove Programs and get rid of the entry with the name of the casino followed by '- Launcher'. Kill the task (Task Manager) and you can delete the 'KFH' or 'MLH' folder in your Program Files directory. You can also clean up the 'KFH' or 'MLH' subkey of HKEY_LOCAL_MACHINE\Software in the registry if you like.
MediaLoads - downloads various pointless pictures and videos in the
background if you ask it to, otherwise harmless. Remove from Add/Remove
Programs. An empty Program Files folder and an entry in your Start menu
will be left which you can delete if you want, along with the HKEY_CURRENT_USER\Software\MediaLoads registry key.
WinEME - purpose unknown. It has mail-sending capability, and can send through any mail server set up in Outlook Express, but what it sends and when is so far a mystery.
Finally, check for a folder called 'MedCh', along with 'MovieNetworks', 'Popcorn.net' and 'Real-Tens' folders in Program Files - one of these or others may have come with the original ActiveInstall. If you find one of these, delete it and check your Dial-up Networking connections for a 'dialer' entry. Remove it - if you dial it it will cost you a lot of money.
Load regedit and go to:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Remove the 'DownloadWare' value. Open the Task Manager (Ctrl-Alt-Del)
and kill the task called 'Dw' if it is still running. Now you can
delete the 'DownloadWare' folder in the Program Files directory. You
can also clean up the 'DownloadWare' and 'WebInstall' keys in HKEY_CURRENT_USER\Software\.
On Windows NT/2000/XP the ActiveInstall executable may get stuck trying to remove itself. If this happens there will be an entry called something like 'insNNNN.tmp' (NNNN being a number) in the registry 'Run' key above. You should delete this, and the temporary file it points to.
On Windows 95/98/Me, the removal is instead done by adding a 'rename' section to 'WININIT.INI' in the Windows directory - try checking for and removing this section if you have a partial install. Again, the insNNNN.tmp file it mentions will be sitting in the Temp directory which you can clean out whilst you're there.