Winfixer 2005 & A2K

And here's a link to my other thread if you're interested:

http://www.able2know.com/forums/viewtopic.php?t=60491&postdays=0&postorder=asc&start=0

msolga,

What makes you think that you contracted spyware from one of A2K's advertisers? What makes you think that we approved any winfixer ad (we did not) as you have been saying? You say you and others got it this way and I would like to know what evidence you have to support this accusation.

I suspect it's nothing other than an erroneous guess framed as certainty, and if so I certainly don't appreciate that.

If not, I would like to know more so that I can speak to the advertising agencies. Contrary to your perception I do not approve all ads. Most ad agencies do not even have the mechanisms through which I can elect to do so and if they did I would still not have time to go over each and every one of the several hundred thousand advertisers these agencies represent.

In order to prevent malicious advertising I am very selective about what agencies we work with and hold them responsible for keeping the ads clean. They do a fine job at this and if you are alleging otherwise I think you should subtantiate it with information that can help them.

So if you are correct, then I will have to take it up with the responsible agency and/or sever the relationship with them.

Thing is, I don't think you are. I think you saw ads that may or may not be related to your spyware and that may or may not have been actually caused by your spyware (spyware will often insert ads in pages). You assumed that out of the sites you visit A2K was your vector and probalbly don't even know that the overwhelming majority of spyware does not come from visiting websites and that your spyware problems may well have nothing to do with any site you visited.

Lastly, the only way spyware can be contracted from an ad is if your computer contains serious remote vulnerabilities that allow anyone to control it. A patched computer can't have software installed from viewing an ad without being asked for user-input and having to agree to the software installation. So if you were, in fact, a victim of drive-by spyware your computer is exploitable and you should look to fix this.

I don't think Msolga is saying, as such, that one of A2k's advertisers gave her spyware.

She is reporting the same Winfixer popup problem I did a week or so back.

I am aware from discussions you have had with other members in the past that (if I have it right) that spyware can cause popups, and cause them to appear only in one website, as this one does for me also, so I framed my report of the popup problem differently (ie informing you of a possible pop up problem, which I understand you like to know about, while also wondering if I had a spyware problem.)

Prior to reading the discussions I mentioned above, I would have had no idea that such problems might be related to spyware in situ on my computer, and that reporting them might be seen as saying that an ad had given me spyware.


The pop ups continue for me as well whenever the Winfixer ad appears in the rotation. (Unless you are saying there is no Winfixer ad in the rotation, and spyware on our computers is making one appear? I would have thought that would mean it would happen all the time?????)


I take it your opinion is the ad is not, in itself, creating the pop up problem, but it does, to me, appear to trigger it on my computer, ie the popups occur when the ad tries to appear at the top of an A2k page. When I say "tries to appear" I mean that it partially forms, but never fully does, and the pop ups go crazy.

Since the ad appears fully formed on my work computer, but does not trigger popups, (whereas other advertising popups DO appear) I have assumed I have spyware I cannot get rid of until I find the oomph to do a hijack this log, and I have simply set Opera to allow no popups.


But surely all popups are not due to spyware?

When it happens with the Winfixer ad, it does not simply pop up, it "forces" the browser to open a new page, and takes you there. The level of annoyance Msolga is expressing is, I think, due to the fact that it does this not once, but multiple times. Her browser was blocking numerous popups, then throwing her out of A2k. I have had to close my browser to stop it, before I blocked all popups.



If you have time to comment about it, where DO we get the damn spyware, that I assume is causing this problem?

BTW, it hasn't happened to me for several days now.

She said that her problems and that of others is "directly as a result of visiting A2K" and the problem she is experiencing is spyware on her machine.

Elsewhere she has expressed frustration that her problems were "avoidable" and pretty much faulted A2K for having allowed it.

Whatever the specifics may be, that she is faulting me for her problems in various places is clear enough. And I don't think her report is accurate.



I understand the frustration, as it becomes a frustration for me to solve in situations like this. Thing is, she has malicous code on her machine, and that is the problem.

I can do very little to help with this. I can't fix her computer for her remotely and can only advise on it if she can collect the necessary information.

Even when all goes well it can take hours of work over days to get it off. I infected a test box with Winfixer a while ago and it was a beast to remove even with direct access to the box.



The most common vector is the user. I would bet that over 90% of spyware on any user's machine is let in my a user. The user will often be allowing installation of a program that had adware or spyware bundled in by a distributor.

If the user does not allow the spyware either through explicit consent or through consent given after a social engineering exploit (e.g. fooling the user into allowing it ala the Trojan Horse) then the computer in question is usually remote exploitable.

That means that it is running insecure spyware somewhere (people usually think OS but the greatest surface of attack comes from other apps installed on the OS) or there are incorrect settings (e.g. allowing all Active X or equivalent browser plugins to run) or security (no recent virus definitions means it can come in a virus payload).

Fair enough. I understand.

Hopefully all is clear now.


Timber has directed both of us to how to try and fix it, 'tis a matter of finding the energy and girding one's Luddite loins!


Nasty li'l beast.


I actually clicked on the first damn popup, (I was half asleep) because it happened when A2k was very slow and weird. The beast had made itself look exactly like an A2k popup, you know, as for accessing stuff, asking for passwords etc.


I thought (cursing myself even as I did it, but too late, had already clicked) it was an actual A2k advisory about something. As if they come in that form!


Anyhoo, I am sure I tripled my problems by doing such a dumb thing.


Interesting about where the stuff comes from. Sigh, I prolly trust my Norton (which I keep fully updated all the time) too much.

I know there's no such animal as a perfectly secure computer but I am scrupulous about security on my machine. I too had this bloody Winfix thing pop up on Opera when I was on A2K. Opera had so many multiple tabs opening that the top toolbar looked like a picket fence. Every single tab was a Winfix pop-up. I closed Opera and opened Firefox and no problem noted. I ran my a-v and various spyware programmes but nothing was reported. That was a week to ten days ago. Anyway I'm using IE, Firefox and Opera (I know, I know, compulsive browser disorder) and haven't seen Winfix anywhere.

For info only.

Craven

As I thought I made clear, I'm a Luddite when it comes to these things. I'm not too clued up with terminology like vectors, malicious codes, remote vulnerabilities, etc., .... Maybe I should know more, but until recently I haven't experienced such persistent & disruptive problems as the Winfixer one.
Anyway, to me, it seemed a reasonable deduction that the A2K Winfixer ad. had *something* to do with the problem I was experiencing. It was not just my own experience but that of others who shared their Winfixer experiences on my How to Remove the Winfixer Pop-up thread. And it seemed (to me) a reasonable deduction that if the ad. was removed that the problems would cease. Truly, I only ever experience the problem when that ad. appears on A2K. And it is a fairly recent problem.

I've read what you have to say & I'm in no position to disagree with you. I will pass on the information that both you & timber have supplied to my tech. (who I have to see fairly soon for other reasons, anyway.) Hopefully, this will direct him on how to fix the problem of my computer's suspected remote vulnerabilities. I expect that these disruptions will cease after that.

Oh my!!!



Hopeful news for Luddites?



My Norton ran a risk check last night, and told me I had Winfixer......did I wish to delete it?

I did.


It said it was deleted.


May I hope?


Are our virus protection programs now able to fix the beast?

Several of the major AV and Antispyware apps have, over the past couple months, been adding detection and removal for a number of WinFixer variants. That's pretty much to be expected.

Of course, also to be expected are newly-engineered variants that evade the known detection and removal routines


Safe operation is the best defense.

I should wear a condom, you say?

I dunno as that would be all that practical - I think the condom should be on the machine.

Can we just get it over with and put a huge condom around the planet?

I think most of the problems are ON the planet, jespah.


It might help the rest of the universe, though.

Well, it's something.

<insert Uranus joke here>

<< and be sure to include the word "probe" for any and all uranus jokes >>

And, of course, do it slickly.