RE: Survey.exe

[Russ <Russ.Cooper () rc on ca>]

Survey.exe is the Microsoft Professional Support Services web survey
application. Its intended to take your feedback based on a site visit to
one of Microsoft's various web site sections.

Its installed into the %systemroot%\system32 subdirectory (typically
c:\winnt\system32). Its supposed to trigger when you leave the defined
web site. From what I can tell it leaves no other traces on your system
(other than the .dat file it creates if you actually do the survey, but
then you'd remember completing a survey, right?) and does not
re-execute.

It should have prompted you (as it did me, and I suspect does everyone)
to ask whether or not you wanted to install it. It also should have
prompted you whether or not you wanted to participate in the survey
(which you can cancel from).

Why it drove your CPU utilization to 100% is another story.

Its not an ActiveX control, its a regular executable downloaded and
installed outside of the browser (and left running in the System Tray
with a Pink Wizard's Hat as an icon while you're at the site they want
to survey you on).

FYI, http://www.cognitronix.com/xcavator.htm is, IMO, an excellent
resource tool for examining what web sites are doing to your IE
browser/MS OS environment. Of course in this case XCavator simply shows
that survey.exe isn't a control.

Unfortunately MS, in its inimitable fashion, doesn't place an uninstall
entry in Control Panel, Add/Remove Programs, nor do they delete their
stuff once the survey is completed (because as we all know, there's no
way anyone would ever try and clean up their \winnt\system32 directory
of all the useless leftover crud in there, would they...;-]). Its not
placed in Startup or any other Run registry keys, so its not going to be
automatically loaded again.

I'd say its not a DoS, just a buggy app. FYI, its version 2.0, so its
not the first time the thing has, um, misbehaved...;-]

Cheers,
Russ - NTBugtraq Editor