Greetings, 1936!
If you're like me, few things will make you madder than some sleazy
program hijacking your computer.
Let's see if there's anyone else out on the Internet complaining about
the same problem...
A search on Google News Groups ( http://groups.google.com )
http://groups.google.com/groups?q=www.SYSTEM-UPDATE.NET&hl=en&lr=&ie=UTF-8&oe=UTF-8&filter=0
reveals a couple of news/discussion forum threads:
THREAD #1
-----------------------------------------------------------
http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&frame=right&th=e3a03ca08f190635&seekm=v8es1318949p80%40corp.supernews.com#link1
-----------------------------------------------------------
From: Tom McElvy (tom@twblue.com)
Subject: New Type of Spam?
Newsgroups: alt.current-events.net-abuse.spam
Date: 2003-03-30 11:41:59 PST
Hello everyone. First, if I am slightly off-topic, please accept my
apologies...I just don't know where to turn to on this issue!
I have noticed that I am getting pop-up windows in MS EXPLORER, only
when I am using the program. The popups don't let me access the
source code, but the MS banner at the top say:
"http://www.system-update.net/popups followed with a filename. I have
tried deleting the cookies, Zone Alarm, etc, all to no avail.
Obviously something has gotten on my system, and is causing these
frigging popups to pop-up!
I tried contacting the owners of that domain, but the phone number
listed in whois is no good, and they don't answer email at the email
address listed.
Anyone have any ideas?
-----------------------------------------------------------
From: Canadian Cowboy (canadian.cowboy@sasktel.net)
Subject: Re: New Type of Spam?
Newsgroups: alt.current-events.net-abuse.spam
Date: 2003-03-30 14:32:07 PST
Hello Tom.
Have you installed ANYTHING, and I mean ANYTHING on your PC lately?
An type of 'free tool' that promises something (like improved network
connection speed).
It sounds to me like you have adware installed on your PC that is
causing the pop ups to appear. Some so called 'free tools' will
include such hidden software. You might find the following article to
be of interest.
http://www.cnet.com/software/0-3227886-8-8878468-1.html
As well as this article from LANGLIST
http://www.langa.com/newsletters/2002/2002-10-31.htm
If you have installed some 'free' version of a tool, it could be that
adware was included with that free version (which is specified in the
end user license agreement), and that might be what you are seeing.
-----------------------------------------------------------
-----------------------------------------------------------
Unfortunately, Thread #1 shows no resolution for the problem. However,
I recommend that you read the CNET article linked above, to help you
better understand the beasts that are "Ad-ware" and "Spyware" (also
known as "Scumware").
You may find the LangaList newsletter linked above helpful as well. If
you follow that link, you will be able to browse past issues, and to
subscribe to the newsletter if you wish.
THREAD #2
-----------------------------------------------------------
http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&frame=right&th=d07c27d34eadfb4b&seekm=3e855a77.116981840%40news.paradise.net.nz#link1
-----------------------------------------------------------
From: Craig Shore (craigshore@paradise.net.nz)
Subject: Registry
Newsgroups: nz.comp
Date: 2003-03-26 16:16:28 PST
How or where do I find in the registry what other programs will be
started when a program is started. The reason I ask is I have a friend
that has a problem with Internet Explorer. Once a www page is visited
(any, it doesn't matter what one) it is contineously opening new
windows to an advert site. So i'm guessing that something else must
be being run when IE is started up.
Any ideas where I can find this in the registry?
-----------------------------------------------------------
From: Gurble (gurbleREMOVE@THISclear.net.nz)
Subject: Re: Registry
Newsgroups: nz.comp
Date: 2003-03-26 16:24:02 PST
Nope, it is spyware.
Download ad-aware it's free, and will sort this out for you:
http://www.lavasoftusa.com/software/adaware/
He probably picked it up installing Kazaa. Try Kazaa Lite.
-----------------------------------------------------------
From: Craig Shore (craigshore@paradise.net.nz)
Subject: Re: Registry
Newsgroups: nz.comp
Date: 2003-03-27 03:44:02 PST
Been done. I spent hours tonight remote controlling the machine
trying to find a fix :-( Still IE keeps on popping up windows.
I put The Proxomitron in place, and told it to kill connections to the
site. It's still bringing up windows with "Connection Killed", which
leads me to think that something is opening the IE window that is
running on the machine. But i've killed all normal processes that I
thought it could be, unless it's a .dll running under svchost. Anyone
know how to get a list of what is running in svchost? the tasklist
/svc command doesn't work in Windows XP Home, so I guess that is only
available in the pro version.
The add site being contacted is system-update.net and
system-update.com
-----------------------------------------------------------
From: Bazzer (wellnow@hotmail.com)
Subject: Re: Registry
Newsgroups: nz.comp
Date: 2003-03-28 18:47:33 PST
> The add site being contacted is system-update.net and
> system-update.com
I'm being plagued by exactly the same thing here (system-update.net
only, in my case), and it's driving me bonkers. These blasted popups
are evading ZoneAlarm vPro (on the highest possible privacy settings),
Ad-Aware, cache purges, MSIE repairs, registry trawls, up-to-date
virus scans and everything else I can think of.
-----------------------------------------------------------
From: Bazzer (wellnow@hotmail.com)
Subject: Re: Registry
Newsgroups: nz.comp
Date: 2003-03-29 10:16:50 PST
I finally fixed this using the excellent "Spybot - Search and Destroy"
(http://security.kolla.de/), as recommended by The Other Craig
hereabouts (thanks a million). This quickly rooted out the parasite
concerned, which is known as Searchex and does indeed hijack certain
helper components of MSIE, the sneaky little bugger.
-----------------------------------------------------------
From: Bazzer (wellnow@hotmail.com)
Subject: Re: Registry
Newsgroups: nz.comp
Date: 2003-03-29 18:39:59 PST
> Any ideas where it came from or how it got in?
Not the foggiest, I'm afraid.
See www.doxdesk.com/parasite/Searchex.html for the most common
vectors, but I know that none of these was responsible in my case. I
had, however, been trying out quite a raggle-taggle variety of
downloaded software utilities over the couple of days prior to the
appearance of the problem (I can't even remember them all now, or I'd
gladly list them), so I daresay one of these was the culprit.
-----------------------------------------------------------
-----------------------------------------------------------
It sounds like SpyBot will fix your problem.
See the Searchex article linked above for a description of the
Scumware which is probably your culprit:
http://www.doxdesk.com/parasite/Searchex.html
I and a number of other Researchers use both the Scumware-busters
"AdAware" and "SpyBot" linked above. You can download and try these
for free.
Lavasoft's AdAware
http://www.lavasoftusa.com/software/adaware
"Spybot - Search and Destroy"
http://security.kolla.de
Bear in mind that these programs give you the option to delete
suspected scumware elements. BE VERY CAREFUL when doing this -- don't
just delete everything the programs flag as possible scumware
elements. Doing so may cause irreparable damage to your Operating
System, requiring you to reformat your hard drive and install
everything from scratch -- which you DON'T want to have to do. Read
each item carefully -- if you're not sure about it, don't delete it.
You can ask someone knowledgeable, or post a Question here, to be sure
you don't delete something important.
Another good, free tool is PC Magazine's "StartUp Cop", which helps
you disable the automatic startup of the spyware included in software
you really need to keep, such as Apple's QuickTime Player (QuickTime
Task), RealPlayer (TKBell.exe), and Quicken (QAgent).
StartUp Cop
http://www.pcmag.com/article2/0,4149,2173,00.asp
Some further excellent advice on how to reduce unwanted pop-ups can be
found on the "Recipe Goldmine" site:
"This should help cut down on those pop-ups and you don't even have to
download anything. In Internet Explorer, go to Tools, select Internet
Options. Select the Security tab. Click the Restricted Sites icon and
then the Sites button. Add this website to zone.
[type in exactly - including the *. part]
*.hightrafficads.com then hit the add button.
Use the same technique to block other common ones (these sites
actually log your movements on the web by "spying" on you!) such as:
*.doubleclick.com
*.doubleclick.net
*.valueclick.com
*.valueclick.net
*.phase2media.com
*.admonitor.com
*.admonitor.net
*.190.com
*.flycast.com
*.gator.com (only if you don't use Gator)
*.gohip.com
*.whenu.com
*.ad.trafficmp.com
*.mages.trafficmp.com
*.mailclicker.com
*.3.pokerroom.com
*.totalsurf.com
*.travelersadvantage.com
just keep adding them to the list as they come along we'll eventually
get them all"
http://denim.bbboy.net/recipegoldmine-viewthread?forum=7&thread=48
One of the BEST ways to protect yourself is to be VERY careful and
choosy about what software you choose to download and install.
From the EZBoard Help Forums, posted by Moderator "strangelets":
"SCUMWARE
It is a growing trend and a reflection of the market bust that many of
the "handy" free downloads on the internet these days such as
peer-to-peer file sharing programs such as kazaa and well known
programs such as Gator are seeking ways to raise new revenue. The way
to do this is to sell advertising. They don't however, put a banner ad
on your desktop or anything so obvious. No, what they do is try and
present you advertising in more subtle ways in hopes that you won't
notice, object, or even try to convince you they are doing a "service"
to you by replacing ads you aren't interested in with ads that are
"targeted" to your taste. Several things that may happen:
1) You will get pop-ups, even on pages that normally shouldn't give
you pop-ups. This usually (but not always) happens within the first 10
or so minutes when the program "senses" you are browsing the
internet...
2) You will get normal banner ads on a website replaced (covered)
perfectly by a banner ad of the program's chosing...
3) You will see strange yellow or green underlines of certain
"keywords" on ANY page on the internet you are viewing, these keywords
when clicked will take you to an advertisers website...
4) You will find a normal website link you click will be "highjacked"
and instead of going where you wanted to go, you will be given a menu
to chose to go to the advertiser's site or continue to the original
link...
5) You get redirected to third party websites...
6) You will have your favorites changed, or a new search bar added to
your browser, or a 'toolbar' that is full of links to advertiser's
sites..."
"Further reading:
www.freegraphics.com/zz-scumware/
www.ezula.com/news/media_coverage1.asp
forums.zdnet.com/group/
www.wired.com/news/technology/0,1282,49960,00.html
news.com.com/2100-1023-257592.html
www.wired.com/news/infostructure/0,1377,57467,00.html
www.doxdesk.com/parasite/Xupiter.html
You may find this interesting, Google.com, who does NOT use pop-ups at
this time, is also responding to complaints about pop-ups at their
site, which are not coming from them:
www.google.com/help/nopopupads.html
Other programs that will cause ads, either links, banners or pop-ups:
Gator
TOPText
WebHancer
mediasrv.exe
AdAvailable
IconPrizes
EasyLink
Tsadbot
onflow
http://www.vx2.cc
Network Essentials
Xupiter
file sharing programs that bundle ad programs with the download:
kazaa
iMesh
Morpheus
audio galaxy
grokster"
http://beta.ezboard.com/fezboardfrm73.showMessage?topicID=48.topic
Also be wary of the following scumware:
Precision Date/Time Manager
which will pop up and ask you to let it install itself when you visit
sites that have it running.
Search Strategy
interneteraser pop-ups
://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=interneteraser+pop-ups&btnG=Google+Search
"list of scumware"
://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=%22list+of+scumware%22&btnG=Google+Search
Before Rating my Answer, if you have any questions about the above
information, please post a Request for Clarification, and I will be
glad to see what I can do for you.
I hope that this Answer has provided you with exactly the information
that you needed, and that you soon have your computer system
disinfected and working smoothly again!
Regards,
aceresearcher |
