Transponder is an IE Browser Helper Object. It monitors web pages requested and data entered into forms, sends this information to its home server, and opens pop-up advertisement windows. It also has the capability to update itself and install other software.
Transponder is an IE Browser Helper Object. It monitors web pages requested and data entered into forms, sends this information to its home server, and opens pop-up advertisement windows. It also has the capability to update itself and install other software.
Transponder/Blackstone is controlled by blackstonedata.net; Transponder/VX2 is controlled by vx2.cc; Transponder/TPS108 is controlled by tps108.org. All work very similarly.
Transponder/MSView is an updated version. Its controlling server is still tps108.org, but SSL is now used to communicate with it.
Transponder/Host and Transponder/BI are newer releases under the company name “Better Internet”, a new name for the same operators and software. These variants are controlled by stop-popup-ads-now.com and abetterinternet.com respectively.
Transponder/SiteHlpr is a variant the behaves similarly to TPS108, but which seems to have been considerably rewritten by another company. Its controlling server is www.bc777.com.
IPInsight/Ipinsigt is another parasite adapted from the Transponder/VX2 codebase.
Transponder/Blackstone was distributed under the name NetPal by netpalnow.com, but the software now available there is the newer NetPal parasite, which isn't really the same code.
Transponder/VX2 has the internal name RespondMiter, and is sometimes marketed as Sputnik.
The VX2 variant was stealth-installed by version 0.608W of the AudioGalaxy Satellite up until some time in November 2001, when after public outcry it was removed. It is widespread mainly from this source, but it has also been installed by the FavoriteMan parasite.
The Blackstone variant was installed with all software from Mindset Interactive, which is the company behind Transponder and its variants' fascia companies.
Transponder/TPS108 is bundled with subscriptions to porn sites run by WebDream/Digital Rooster. On installation it misleadingly describes itself as a viewer for adult video content. It may also be installed by porn-related pop-up ads through a security hole in Internet Explorer. It is also installed by vCatch KazBlock.
Transponder/Host is distributed by stop-popup-ads-now.com under the pretence that it is a pop-up advertisement killer. But Transponder/Host and Transponder/BI are installed by ActiveX drive-by download on pop-up adverts under a variety of names, eg. 'Internet Accelerator', 'NetTurbo', 'Clean Get-away'.
Methods of distribution for SiteHlpr are not yet known, but it is expected it is spread in the same way as TPS108. WebDream altered and control this variant.
Yes. Transponder opens pop-up adverts depending on targeted URLs being browsed, targeted terms being entrered into forms (this is aimed at search engines), and how much browsing is being done - the software tries to hide by not opening adverts when little is happening.
Yes. Transponder reports back to its servers with URLs you have visited, things you have entered into web forms (even 'secure' ones), your computer configuration and software you have installed. If your e-mail address is set up in Outlook Express it will be sent to Mindset Interactive to be sold to spammers.
Yes. The software updates itself silently and the License available on Mindset's sites specially reserves the right to have it automatically install any other "third party software" at all.
In some cases (in combination with other BHOs?), IE crashes can occur.
Contrary to the continual claims at Transponder web sites there has never been an option to remove the software in the standard "Add/Remove Programs" Control Panel item. Spybot S&D and Ad-Aware 6 should be able to remove most variants of Transponder.
Transponder is a DLL file called IEHelper.dll (Blackstone variant), VX2.dll (VX2 variant), TPS108.dll (TPS108 variant) or MSView.dll (MSView variant). This can be found in the Windows folder.
Before the file can be deleted, it must be deregistered. Open a DOS command prompt window (from Start->Programs->Accessories) and enter the following commands, for the Blackstone variant:
cd "%WinDir%\System"
regsvr32 /u ..\IEHelper.dll
Or, for the VX2 variant:
cd "%WinDir%\System"
regsvr32 /u ..\VX2.dll
Or, for the TPS108 variant:
cd "%WinDir%\System"
regsvr32 /u ..\TPS108.dll
Or, for the MSView variant:
cd "%WinDir%\System"
regsvr32 /u ..\MSView.dll
Or, for the Host variant:
cd "%WinDir%\System"
regsvr32 /u ..\host.dll
Or, for the BI variant:
cd "%WinDir%\System"
regsvr32 /u ..\BI.dll
Or, for the SiteHlpr variant:
cd "%WinDir%\System"
regsvr32 /u ..\SiteHlpr.dll
After doing this and restarting the computer you can delete the DLL file from the Windows folder. In the MSView variant you can also delete MSView.ini in the same place; in the Blackstone variant domlst.cch can be deleted. The Host variant may leave 'hostprep.exe'.
In the TPS108 variant there may be a tps108.htm file in the root of the C:\ drive; in the SiteHlpr variant it may be called bc777.htm. These can be deleted to clean up.
If you want, you can also clean up the registry (Start->Run->regedit) by deleting the 'Transponder' (Blackstone variant), 'RespondMiter' (VX2 variant), 'TPS108' (TPS108 variant), 'HostDll' (Host variant), 'MSView' (MSView variant) or 'SiteHlpr' (SiteHlpr variant) subkey of HKEY_LOCAL_MACHINE\Software.