Results 1 to 9 of 9
  1. #1
    Kung Fu Master Eathan's Avatar
    Join Date
    January 18th, 2005
    Posts
    1,833
    I'm normally pretty savvy on this stuff, but I recently cought something that is popping a variety of grey ads.

    It pops about one an hour regardless of what I'm doing. So basically I wake up to a bunch of pops. I come home to a bunch of pops. I kill all the extraneous processess I have access to and I get a bunch of pops.

    One irritating little trick this one does is pop different sizes and shapes every time, so you have to look at the ad to see where to mouse to to close it.

    I've looked in the registry. I've run Ad-Aware 6 with the most recent update, Tren Micro's houscall tool and Pandasoftware's online tool. I scrubbed a ton of stuff, but not this little bastard.

    Anyone have any ideas?

    I believe it was a drive-by, though it could've been something from an email, though I never open anything that I'm not expecting.

    It could be a process that I'm denied access to, or it could have attached itself to an existing app to run piggy back. I have no idea, but it's really pissing me off!

    Any help appreciated!

    Affiliate Manager - Pharmical.com
    affiliates@pharmical.com

  2. #2
    Defender of Truth, Justice and the Affiliate Way
    Join Date
    January 18th, 2005
    Location
    The Swamp
    Posts
    7,503
    Try going to http://www.parasiteware.com and seeing if the detection script there picks up which one this may be. Be sure to allow the Active X to run...that's the detection script (if you have your Active X set to prompt or block)

    Keep Your Hands Off My Cookies

  3. #3
    Kung Fu Master Eathan's Avatar
    Join Date
    January 18th, 2005
    Posts
    1,833
    Thanks, but I don't see a scanner, just a trial download. Am I missing the link?

    Affiliate Manager - Pharmical.com
    affiliates@pharmical.com

  4. #4
    Member
    Join Date
    January 18th, 2005
    Posts
    110
    Try this site:
    http://www.doxdesk.com/

    Always works for me, and if it finds something, it also includes removal instructions.

  5. #5
    ABW Ambassador buy_online's Avatar
    Join Date
    January 18th, 2005
    Location
    Richmond, VA
    Posts
    3,234
    Actually, this is the URL you should try:http://www.doxdesk.com/parasite/

    This will check your browser only, but would be a good start. I think the key to your problems is in your registry.

    Fred

    "Those who deny freedom to others, deserve it not for themselves; and, under a just God, can not long retain it." Abraham Lincoln

  6. #6
    Resident Genius and Staunch Capitalist Leader's Avatar
    Join Date
    January 18th, 2005
    Location
    Florida
    Posts
    12,817
    I checked this out on Google a while ago after being barraged with these d*mn things. Seems to be some sort of thing which takes advantage of instant messenger. Check the second link in this post for some ways to stop 'em.

    (I Checked Google again just now for most recent info...)

    Yep--It's THIS blight!

    An excerpt:
    quote:
    The Messenger service, not to be confused with Microsoft's MSN Messenger chat client, is enabled by default on Windows 2000, NT and XP systems, according to Lawrence Baldwin, operator of the myNetWatchman computer intrusion reporting service. Baldwin said potentially millions of systems may be vulnerable to the pop-ups, also known as "NetBIOS Spam." ~Wired.com


    This is apparently generated OFF the target computer, and is not a scum/parasiteware action (in the normally understood sense)--so NO anti-adware program is going to pick it up. Save your $$$...the bad program here is on the spammER's computer, not the recipient's.

    At THIS site, there is a bit more detail. (This link goes right to the "how to stop it" section of the page, but scroll up for what appears to be a thorough rundown on how these infernal popups work.)

    Disclaimer: I haven't tried any of the methods on these pages (YET! I'm sick to death of those pops so I will be testing soon). So I can't guarantee effectiveness, etc.

    Any spammers reading this, know that your site will be cursed by those afflicted with this most infernal spam!

    -I've been a king, and I've been a pauper, and everything there is in between ~fairly old country song

  7. #7
    Kung Fu Master Eathan's Avatar
    Join Date
    January 18th, 2005
    Posts
    1,833
    Ugh! Leader, that's the one!

    They have "Messenger Service" as the header, but no mention of webpopup. And like I said, I couldn't find it in the registry or procs, but I'm ready to try the preventative measures.

    I'll let you know how that goes.

    Affiliate Manager - Pharmical.com
    affiliates@pharmical.com

  8. #8
    Kung Fu Master Eathan's Avatar
    Join Date
    January 18th, 2005
    Posts
    1,833
    Well, I can't force messages on myself anymore, so we'll see...

    Affiliate Manager - Pharmical.com
    affiliates@pharmical.com

  9. #9
    2005 Linkshare Golden Link Award Winner  ecomcity's Avatar
    Join Date
    January 18th, 2005
    Location
    St Clair Shores MI.
    Posts
    17,328
    Could the next Ted Bundy kindly take this guy for a stroll on the beach and feeds some hungry Florida sharks.

    "Zoltan Kovacs, founder of DirectAdvertiser.com, said the company has sold about 200 copies of the program since launching two months ago. According to Kovacs, the software is ideal for advertising 900-number and other telephone services.

    "I have customers who call me back and tell me they love it and it generates hundreds of calls right away," said Kovacs, who noted that Direct Advertiser is a good alternative to bulk e-mail because its messages are not regulated by spam laws.

    According to Flynn, many network administrators are puzzled over how the ads have weaseled through firewalls onto users' computers. While Windows Messenger traditionally uses commonly protected ports 137 and 139, Flynn said the recent pop-ups appear to use port 135, which is often left unprotected by a firewall because it's a vital conduit for communicating with a Microsoft service called RPC.

    Since mid-September, numerous myNetWatchman participants have received repeated probes on port 135 from a handful of Internet protocol addresses assigned to Everyones Internet (EV1.net), an Internet service provider in Houston, according to Baldwin. The numeric addresses translate into "NetBIOS machine names" that begin with WEBPOPUP and that have appeared in several recent ads, he said.

    EV1.net officials, who did not respond to interview requests, are investigating the issue, according to Baldwin.

    Now that spammers have pioneered the Windows Messenger technology, worm writers may be next to target the service, according to Harlan Carvey, a security engineer with a financial services firm.

    "I'm sure we're going to see spyware or malware that makes use of this," Carvey said."

    The guy makes software to enable SPAMMERS to hide from the billions of folks who get daily contact from the cesspool of the Internet. Some merchants regard this as effective advertising since they too are scammers.

    Charlie ...

    If they won't adopt and feed a bird ..flip them one! BBQ some Gator and remember to flush WhenU..

  10. Newsletter Signup

+ Reply to Thread

Similar Threads

  1. Drive By Hello
    By Uncle Rico in forum Virtual Family and Off-Topic
    Replies: 3
    Last Post: March 11th, 2008, 02:10 PM
  2. How to Drive Traffic ???
    By cecil1123 in forum Midnight Cafe'
    Replies: 9
    Last Post: November 5th, 2007, 03:51 PM
  3. What do you do on a long drive?
    By StephenB in forum Virtual Family and Off-Topic
    Replies: 27
    Last Post: May 24th, 2007, 11:34 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •