Trusteer Rapport problems [OT in uk.d-i-y]

[Gene E. Bloch]

Anyone out there using this evil pernicious bit of software?

In case you haven't come across it, it is supposed to protect you when
using on-line banking by warning you if you inadvertently enter your
banking passwords into bogus sites, as used by phishing expeditions.
It's often provided free by banks "for your own good". Mine was provided
by Nationwide.

So far so good. Except that it uses a lot of system resources *and*
embeds itself into the kernel of your OS - like a rootkit virus - making
it difficult to get rid of.

I have had it installed on my (W7 32-bit SP1) system for a couple of
years without too much ado *but* it has just updated itself (to
v3.5.1205.20) and keeps crashing. Every time it crashes, it freezes my
browser (Firefox) for a few seconds. Then it attempts to re-start every
couple of minutes and crashes again . . .etc.

I decided that enough was enough and that its nuisance value exceeded
its usefulness - so I tried to get rid of it. Nothing I have tried so
far has worked. Although the application itself will not run, there are
remnant processes and services still running, and these refuse to be
stopped in Task Manager.

I've tried to uninstall the application in Control Panel/Programs and
Features. It goes through the motions but doesn't *actually* uninstall.

I've tried doing it in Safe Mode but that can't find the Installer
program to do the uninstalling.

I've tried restoring the system to a restore point prior to the update.
Again it goes through the motions but then reports that it was unable to
complete the restore - so nothing has been changed!

Anyone else had similar problems? Have you managed to sort it? If so, how?

TIA.

http://krebsonsecurity.com/2010/04/a-closer-look-at-rapport-from-trusteer/

"Our software integrates into the bank¢s site and communicates with the
[Rapport] software installed on customer machines, and the two of them
can work together so that the bank can effectively measure what the
software does on the customer¢s desktop. Whenever the customer logs
into the bank¢s site, the bank knows whether Rapport is there, whether
it¢s up to date, whether its been attacked or compromised."

"We¢re basically pushing updates almost on a weekly basis. These are
not signature updates, but updates to our security mechanisms to the
way the product works."

"Trusteer recently built a new component into Rapport called Flashlight,
which tries to give partner banks the ability to remotely check to see
if their customers¢ systems are infected with malicious software."

Simply, amazing.

What doesn't it do ?

Does the bank know my shoe size now ?

*******

It even uses a Captcha during removal

Apparently, you can also contact their support, and their support
offer to log into the machine, to "fix problems". I mean, they're
already inside your machine, so why shouldn't they be inside your
machine ?

http://www.trusteer.com/support/uninstalling-rapport-windows-vista-and-windows-7

The Krebs article indicates that eventually, the Rapport software will be
specifically attacked. Maybe the reason it is crashing, is the Rapport
software has been "tipped over" by something, rather than the Rapport
software having a bug.

Paul

What you quote above is in my mind rather terrifying...

 

[Robin Bignall]

Anyone out there using this evil pernicious bit of software?

Yes, with no noticeable problems so far. If I wanted to uninstall it
I'd use a good uninstaller program such as Revo Pro, which is not free.
Thanks for bringing up its potential problems.

 

[Andy Champ]

Mmmm. Another reason I'm glad I use a Mac. In any case, Safari
automatically warns me if I'm going to a suspicious site and gives me
the option of going there or not.

Yes, using a Mac gives you much better protection, because most viruses
are written for the most common platform.

Most, not all.

And Firefox on PC also warns about suspicious sites. I'd say it catches
3/4 of the ones I expect it to, and doesn't _often_ flag a good site as
positive.

Still, if you are sure that having a Mac makes you invulnerable who am I
to argue?

Andy

 

[F Murtz]

I suspect the only sure way would be to back up everything and reinstall
Windows.

You will have to learn how to use regedit.

 

[R. C. White]

Hi, Robin.

Yes, with no noticeable problems so far.

How far is "so far"? A year? Month? Day?

RC
--
R. C. White, CPA
San Marcos, TX
(e-mail address removed)
Microsoft Windows MVP (2002-2010)
Windows Live Mail 2012 (Build 16.4.3505.0912) in Win8 Pro


"Robin Bignall" wrote in message

Anyone out there using this evil pernicious bit of software?

Yes, with no noticeable problems so far. If I wanted to uninstall it
I'd use a good uninstaller program such as Revo Pro, which is not free.
Thanks for bringing up its potential problems.

 

[Robin Bignall]

"Robin Bignall" wrote in message


Yes, with no noticeable problems so far. If I wanted to uninstall it
I'd use a good uninstaller program such as Revo Pro, which is not free.
Thanks for bringing up its potential problems.

Hi, Robin.


How far is "so far"? A year? Month? Day?

Hi, RC. (I shifted your post around because most here practise bottom
posting -- just a convention.)

It's been installed since early last year. Like others have found, my
bank (a subsidiary of HSBC) was nagging me about it every time I
accessed my accounts.

 

[John Rumm]

I've tried to uninstall the application in Control Panel/Programs and
Features. It goes through the motions but doesn't *actually* uninstall.

I've tried doing it in Safe Mode but that can't find the Installer
program to do the uninstalling.

I've tried restoring the system to a restore point prior to the update.
Again it goes through the motions but then reports that it was unable to
complete the restore - so nothing has been changed!

Anyone else had similar problems? Have you managed to sort it? If so, how?

Reinstall and uninstall is worth trying. Failing that visit:

live.sysinternals.com (will simply give you a file listing) and click on
autoruns.exe

Wade through (a list of every conceivable way a program can be
automatically started), and untick all the likely components. Exist the
program, and reboot. See if that is better.

--
Cheers,

John.

/=================================================================\
| Internode Ltd - http://www.internode.co.uk |
|-----------------------------------------------------------------|
| John Rumm - john(at)internode(dot)co(dot)uk |
\=================================================================/

 

[Sjouke Burry]

Anyone out there using this evil pernicious bit of software?

Use revo uninstall, a very nice program, that kills
all remnants on disk and in the registry.

 

[Paul]

Use revo uninstall, a very nice program, that kills
all remnants on disk and in the registry.

http://www.trusteer.com/support/uninstall-troubleshooting

"Safe Uninstall Utility

Rapport includes anti-removal protection to prevent malware
from removing it from your computer. This is the reason for
the complex uninstall process. In some rare scenarios the
uninstaller is unable to shut down the anti-removal protection
and as a result fails to remove Rapport.

What's Next?

We have a special utility that safely removes Rapport from your
computer - for downloading the utility, please fill out the
following form. You will automatically receive an email with
the download link for the utility.

Click here for instructions to run this utility after it was
provided by our team."

Like a gift from the Gods

Probably comes complete with "small animal sacrifice".

Paul

 

[usenet2012]

http://www.trusteer.com/support/uninstall-troubleshooting

"Safe Uninstall Utility


Like a gift from the Gods

Probably comes complete with "small animal sacrifice".

Leaves loadsa Registry entries, (which CCleaner doesn't remove), and
folders on Program Files & Application Data.

 

[Brian Gaff]

Well I know a friend got rid of it on xp with revo uninstaller but I have
been warned to steer clear of it, but I do not use online banking.
Unfortunately some banks insist on its use or they wondt let you in. I
wonder how many of these have actually tested it. From what you say,
probably very few!

Brian

 

[Paul]

Leaves loadsa Registry entries, (which CCleaner doesn't remove), and
folders on Program Files & Application Data.

Their site is great. I stumbled on another article, that
provides instructions on cleanup of your list of items.

So their "Safe Uninstaller" works that way on purpose, along the
lines of "you're going to be installing our software again and
then any settings are preserved" (Ha!). The only exception, is the
last item in their list, where you remove RapportKELL.sys, which
is something that ran at driver level, and for some reason,
their fine uninstaller doesn't nab it. It's possible, that whatever
causes that to load, was simply disabled by the Safe Uninstaller.
Then the question would be, why leave that file sitting around ?

http://www.trusteer.com/support/remove-rapport-folders

Paul

 

[usenet2012]

The only exception, is the
last item in their list, where you remove RapportKELL.sys, which
is something that ran at driver level, and for some reason,
their fine uninstaller doesn't nab it. It's possible, that whatever
causes that to load, was simply disabled by the Safe Uninstaller.
Then the question would be, why leave that file sitting around ?

http://www.trusteer.com/support/remove-rapport-folders

Paul

In my case it removed that too.

 

[Jeff Layman]

It's been installed since early last year. Like others have found, my
bank (a subsidiary of HSBC) was nagging me about it every time I
accessed my accounts.

Well, banks nag you to do all sorts of things, like open their latest
all-singing and dancing account with the poorest interest rate
available. You wouldn't do that just because they nagged you, so why
install TR because they nag you? I haven't, and they've been nagging me
to do it since it came out several years ago.

 

[Ed Cryer]

Well, banks nag you to do all sorts of things, like open their latest
all-singing and dancing account with the poorest interest rate
available. You wouldn't do that just because they nagged you, so why
install TR because they nag you? I haven't, and they've been nagging me
to do it since it came out several years ago.

Yes, I resisted the constant nagging too. I'm not quite sure just why
but I bypassed their blackening of screen techniques and answered "no"
week after week.
They stopped doing their pestering some time back. I haven't lost a
penny from my account.

Ed

 

[tinnews]

Hi, Roger.


Yes, I remember Rapport - and not fondly. :^{

One bank, BBVA Compass, provided that application free so I used it for
perhaps a year, about 5 years ago. It was intrusive and created hassles
with few benefits, so far as I could tell. As I recall, it took some effort
to remove it, but I don't recall the details. I don't miss it!

That's basically my experience with *all* anti-virus, anti-spoof and
other software. They all do more harm than good in the long term.
Just use good practice as far as possible:-

Use a text mode E-Mail program that doesn't follow links
automatically and doesn't open attachments.

Always check the URL when following 'important' links in your
browser.

Don't install stuff without thinking fairly hard about it first
and checking as far as possible that the source is trustworthy.

Don't save *any* passwords, userids or similar sensitive
information on the computer (as in allowing your browser to save
them).

While I now run Linux on most of my systems I still do have a couple
of MS Windows based systems and, as far as I am able to tell (and I'm
not a complete idiot as regards computing) they haven't got any major
nasties in them.

 

[Mike Barnes]

(e-mail address removed):

Just use good practice as far as possible:-

Use a text mode E-Mail program that doesn't follow links
automatically and doesn't open attachments.
Agreed.

Always check the URL when following 'important' links in your
browser.
Agreed.

Don't install stuff without thinking fairly hard about it first
and checking as far as possible that the source is trustworthy.
Agreed.

Don't save *any* passwords, userids or similar sensitive
information on the computer (as in allowing your browser to save
them).

Most of my userids and passwords aren't sensitive information and I
encourage Firefox to save them.

For sensitive work (only) I use Google Chrome in stealth mode.

 

[trusteersupport]

Paul wrote on 03/04/2013 15:07 ET

Roger Mills wrote

Anyone out there using this evil pernicious bit of software

In case you haven't come across it, it is supposed to protect you whe
using on-line banking by warning you if you inadvertently enter you
banking passwords into bogus sites, as used by phishing expeditions
It's often provided free by banks "for your own good". Mine wa
provide
by Nationwide

So far so good. Except that it uses a lot of system resources *and
embeds itself into the kernel of your OS - like a rootkit virus - makin
it difficult to get rid of

I have had it installed on my (W7 32-bit SP1) system for a couple o
years without too much ado *but* it has just updated itself (t
v3.5.1205.20) and keeps crashing. Every time it crashes, it freezes m
browser (Firefox) for a few seconds. Then it attempts to re-start ever
couple of minutes and crashes again . . .etc

I decided that enough was enough and that its nuisance value exceede
its usefulness - so I tried to get rid of it. Nothing I have tried s
far has worked. Although the application itself will not run, there ar
remnant processes and services still running, and these refuse to b
stopped in Task Manager

I've tried to uninstall the application in Control Panel/Programs an
Features. It goes through the motions but doesn't *actually* uninstall

I've tried doing it in Safe Mode but that can't find the Installe
program to do the uninstalling

I've tried restoring the system to a restore point prior to the update
Again it goes through the motions but then reports that it was unable t
complete the restore - so nothing has been changed

Anyone else had similar problems? Have you managed to sort it? If so, how

TIA

http://krebsonsecurity.com/2010/04/a-closer-look-at-rapport-from-trusteer

"Our software integrates into the bank’s site and communicates wit
th
[Rapport] software installed on customer machines, and the two of the
can work together so that the bank can effectively measure what th
software does on the customer’s desktop. Whenever the customer log
into the bank’s site, the bank knows whether Rapport is there, whethe
it’s up to date, whether its been attacked or compromised.

"We’re basically pushing updates almost on a weekly basis. These ar
not signature updates, but updates to our security mechanisms to th
way the product works.

"Trusteer recently built a new component into Rapport called Flashlight
which tries to give partner banks the ability to remotely check to se
if their customers’ systems are infected with malicious software.

Simply, amazing

What doesn't it do

Does the bank know my shoe size now

******

It even uses a Captcha during removal :-

Apparently, you can also contact their support, and their suppor
offer to log into the machine, to "fix problems". I mean, they'r
already inside your machine, so why shouldn't they be inside you
machine

http://www.trusteer.com/support/uninstalling-rapport-windows-vista-and-windows-

The Krebs article indicates that eventually, the Rapport software will b
specifically attacked. Maybe the reason it is crashing, is the Rappor
software has been "tipped over" by something, rather than the Rappor
software having a bug

Pau

Hi Roger and others

I am sorry to hear that you have encountered problems with Rapport an
uninstalling it, I read all your comments and would like to offer our help

First of all, all users can contact our support at any time of the day an
week
https://www.trusteer.com/support/report-problem. Our tech support can instruc
you regarding uninstalling, uninstalling issues, other technical issues
removing folders and files, removing from the registry. All can be done, fo
free, without leaving a trace (if you have administrator privileges of course)

Here are a few tips and links that can help you to remove Rapport
- Uninstalling instructions (by OS)-
http://www.trusteer.com/support/uninstalling-rapport
- If you have failed to remove Rapport via the OS uninstall tool you can get
the
safe uninstall utility from our team, here-
http://www.trusteer.com/support/uninstall-troubleshooting
- After removing Rapport you can remove all related folders, instructions for
Windows OS (contact support for Mac OS)-
http://www.trusteer.com/support/remove-rapport-folders
-Removing Rapport traces from the registry should not be a problem using
CCleaner or Windows' tool- if Rapport was removed properly (and not via other
uninstallers)

Regarding
http://krebsonsecurity.com/2010/04/a-closer-look-at-rapport-from-trusteer/
It's really outdated, we changed so many mechanisms and features since.

I hope you find this comment helpful and I want to mention again that our
technical support team works 24/7 and can help with any issue.

Regards,
Alex Man
Trusteer Technical Support

 

[Robin Bignall]

Yes, I resisted the constant nagging too. I'm not quite sure just why
but I bypassed their blackening of screen techniques and answered "no"
week after week.
They stopped doing their pestering some time back. I haven't lost a
penny from my account.

Well, I've read the thread as far as Brian's post and have noted the
comments, including Paul's on uninstalling. I see Rapport is included
in Revo 3's program list, so if I ever have trouble with Rapport I'll
let you all know how Revo deals with it. But, so far, no problems.

 

[tinnews]

Most of my userids and passwords aren't sensitive information and I
encourage Firefox to save them.

Yes, I agree that lots of web passwords aren't sensitive (like forum
logins) and you can do that. I actually use a rather simple password
algorithm for these and don't save in Firefox but it comes to the same
thing really.