Suspected spyware pop-ups/URLs on mom's favorite site

[Saturos]

Well, what should I do? I let my mother use my PC when I'm at class or work, and I've laid out all the ground rules and techniques for her to help prevent spyware/adware from being installed on my machine and how to safely browse the interwebz. The website she visits often, which is spyware.com, err...I mean, Reunion.com has been procuring some odd happenings lately.

The latest is this URL from a website called "Performance Optimizer.com" that tried to hijack my browser (FireFox. Alt-F4 wouldn't close the pop-up. I had to close the internet connection completely to prevent accidental download) and a system warning dialogue that said my PC had perfomance issues (B*** F***ing S***! GTFO-utta my PC ad-spammer! :angry: ) and choice buttons to either install or cancel. I use AVG, a-squared, and Ad-aware (LavaSoft) and ran full system scans (while in safe-mode) using the latest definitions for each, but didn't find anything.

I have the URL bookmarked for future examination, but I'm afraid to open it a third time. I tried opening it again that second time, and of course, it attempted to hijack my browser again. That stuff sticks like some kind of evil venomous goo akin to that on Spiderman3. :O Surprisingly, I don't have these Adware issues with other sites I visit often. Just on Reunion.com my mother uses. As long as I or she closes these pop-ups before anything is clicked, I should be ok right? Problem is, they can be very deceptive and my mother is not exactly a computer Jedi. Far from it actually. Should I tell her to quit visiting that site?

 

[Emporius]

The site itself has probably become victim to the spyware, not you. A similar thing happened to a site I often go to. Eventually the hosts realized the problem and got around to fixing it. In the meantime, if you haven't already, download a pop-up blocker and 'Spybot Search and Destroy'.

 

[Saturos]

The site itself has probably become victim to the spyware, not you. A similar thing happened to a site I often go to. Eventually the hosts realized the problem and got around to fixing it. In the meantime, if you haven't already, download a pop-up blocker and 'Spybot Search and Destroy'.

I think you may be right, e-panda. I already have two other spyware/adware scanners though as well as a dedicated trojan and virus scanner. Would a third one really be that much more effective?

 

[DoctorPhyrexia]

Yeah, Spybot: S&D is a great tool. Might be worth a try, its not a hassle.

 

[Javert]

Tell your mom not to visit the site for a week, see if it pans out. If she insists, tell HER to fix the problems (which is when she realizes the errors of her ways).

 

[Raziaar]

*** Warning! Spyware has been detected in the vicinity of the compound. Please vacate to the nearest designated area of safety. Lock-down protocol procedures will be executed immediately. ***

*** Initiating lock-down and decontamination procedures. ***

*** Lock-down complete. ***

*** Threat neutralized. ***

*** Decontamination complete. ***

 

[Cavalry]

I get stupid shit like that all the time.

" Download spyware detector free for 10 seconds.......now downloading............"

Use AVG, as soon as it see's suspicious shit, it removes it.

 

[Saturos]

*** Warning! Spyware has been detected in the vicinity of the compound. Please vacate to the nearest designated area of safety. Lock-down protocol procedures will be executed immediately. ***

*** Initiating lock-down and decontamination procedures. ***

*** Lock-down complete. ***

*** Threat neutralized. ***

*** Decontamination complete. ***

Epic. I love you Raziaar, that was awesome! :cheese:

Tell your mom not to visit the site for a week, see if it pans out. If she insists, tell HER to fix the problems (which is when she realizes the errors of her ways).

Impossible. Several months ago, my mom didn't even know what spyware was. My PC would really be in a big mess if I let her try to fix things. She doesn't really have a desire to learn anything PC related beyond blogging anyways.

Spybot is free, and it's probably the best anti-malware program available. It even deals with some common trojan viruses.

However, it may be that you'll need to operate manually in order to get rid of this stuff. Some spyware is particularly hard to remove.

Firefox has a built in pop-up blocker and that site is the only one I or she frequently visits that has those crazy pop-up troubles without FireFox intervening. Emporious' theory is not all that far-fetched really. I suppose any web site or host server where spyware has significantly poliferated the systems it runs on could have these types of effects where pop-ups can still manifest themselves depite having pop-up and spam blockers. An example of a poorly hosted web service maybe? At any rate, maybe I should try downloading S&D to see If I can faind anything with that scanner. Or maybe download the manual version and search for the infected files myself? I already have three different reputable scanners though. How much is too much?

 

[Asus]

Could it be an ad on the site that has the spyware?

 

[Nemesis6]

You should try AdBlocker for firefox. Install it and get this list here - http://pierceive.com/filtersetg/2007-10-08a-MERGED.txt

After that, you should get this thing here - http://www.mvps.org/winhelp2002/hosts.zip
It's updated weekly and it's got so many badware sites blocked it's incredible. Team Adblocker up with that and you're pretty secure. They're especially good for stopping those annoying dialog boxes that just don't go away untill you install their crap.

 

[Emporius]

Emporious' theory is not all that far-fetched really. I suppose any web site or host server where spyware has significantly poliferated the systems it runs on could have these types of effects where pop-ups can still manifest themselves depite having pop-up and spam blockers.

:cheese:

Could it be an ad on the site that has the spyware?

I know that the site I mentioned (its very good, you should all use it) did have an 'infestation'. Whenever you clicked on the links, you would subjected to a fade in page about how 'this website is brought to you by *insert shitty site such as vidshadow here*'. Some users also complained of aggressive spyware that disguised itself in the form of updates. Needless to say, the hosts took notice and cleaned the site.

 

[Raziaar]

Epic. I love you Raziaar, that was awesome! :cheese:

Hehehe. <3

 

[Saturos]

You should try AdBlocker for firefox. Install it and get this list here - http://pierceive.com/filtersetg/2007-10-08a-MERGED.txt

After that, you should get this thing here - http://www.mvps.org/winhelp2002/hosts.zip
It's updated weekly and it's got so many badware sites blocked it's incredible. Team Adblocker up with that and you're pretty secure. They're especially good for stopping those annoying dialog boxes that just don't go away untill you install their crap.

Thanks. I bookmarked this thread so I can do just that later. :thumbs: I never tried any of the FireFox add-ons before. Maybe it's time I start thinking about it. How do the automatic updates works for these add-ons? Are they only active when I'm online with FireFox? I don't don't want anything too intrusive, being that I game on my PC and all.

 

[Nemesis6]

Yep, they're active only when in Firefox. Update-wise, if there's an update available, Firefox addons will tell you if a new version has been released, and you can choose if you want to download it.

 

[No Limit]

Set her up a new user account that doesn't have administrator rights. Should be simple enough. This will prevent her from making any system changes so spyware will not be able to install.

If you have XP professional or vista business you can even get more detailed by modifying the group policy to only allow her to do what she needs to do, which sounds like just browsing the internet and not installing any software. Just go to start, run and enter gpedit.msc

 

[Saturos]

Set her up a new user account that doesn't have administrator rights. Should be simple enough. This will prevent her from making any system changes so spyware will not be able to install.

I'll keep this in mind. However, I would imagine that many spywares aren't discriminating to user permissions, as many of them tend to piggyback on even the most common cookies, (thus the term, "drive-by-download") which I do keep a tight leash on btw. Plus, with home networks on the rise, many spyware programmers are probably finding ways everyday to undermine permissions. She knows not to install anything without my permission though but like I said, these lil' fuc**ers can be deceiving to the un-informed and there's no sense in welcoming crooks with open arms, so I'll try setting up a limited account anyways. Thanks Homer J. :thumbs:

If you have XP professional or vista business you can even get more detailed by modifying the group policy to only allow her to do what she needs to do, which sounds like just browsing the internet and not installing any software. Just go to start, run and enter gpedit.msc

Alas, I do not have either, only the Home edition of XP. D'oh!

 

[No Limit]

I'll keep this in mind. However, I would imagine that many spywares aren't discriminating to user permissions, as many of them tend to piggyback on even the most common cookies, (thus the term, "drive-by-download") which I do keep a tight leash on btw. Plus, with home networks on the rise, many spyware programmers are probably finding ways everyday to undermine permissions. She knows not to install anything without my permission though but like I said, these lil' fuc**ers can be deceiving to the un-informed and there's no sense in welcoming crooks with open arms, so I'll try setting up a limited account anyways. Thanks Homer J. :thumbs:

But you make it sound like spyware has a choice to go around the permissions, they don't. I have not seen any spyware that is able to go around it. Do they exist? Probably. But I'm sure they are extremely rare as something like that would be extremely difficult to exploit. Let me know how it works out, I've only set it up on Pro machines in a domain before, never on XP home but it should function similarly.