1. SPS Accounts:
    Do you find yourself coming back time after time? Do you appreciate the ongoing hard work to keep this community focused and successful in its mission? Please consider supporting us by upgrading to an SPS Account. Besides the warm and fuzzy feeling that comes from supporting a good cause, you'll also get a significant number of ever-expanding perks and benefits on the site and the forums. Click here to find out more.
    Dismiss Notice
Dismiss Notice
You are currently viewing Boards o' Magick as a guest, but you can register an account here. Registration is fast, easy and free. Once registered you will have access to search the forums, create and respond to threads, PM other members, upload screenshots and access many other features unavailable to guests.

BoM cultivates a friendly and welcoming atmosphere. We have been aiming for quality over quantity with our forums from their inception, and believe that this distinction is truly tangible and valued by our members. We'd love to have you join us today!

(If you have any problems with the registration process or your account login, please contact us. If you've forgotten your username or password, click here.)

Passthison: Worse Pop-Up Ever

Discussion in 'Sorcerous Sundries' started by Mathetais, Sep 12, 2003.

Thread Status:
Not open for further replies.
  1. Mathetais Gems: 28/31
    Latest gem: Star Sapphire


    Joined:
    Apr 5, 2001
    Messages:
    2,767
    Likes Received:
    0
    [​IMG] This is worse than Gator, and I'm not sure I can keep coming to SP until its gone (getting right to the point, ain't I?)

    One of the Pop-up ads changes the home page of my computer to www.passthison.com or such. Then there are 6-7 pop-up ads that follow, along with a Windows Messenger window that has a very scantily clad woman and a list of pornographic links. You cannot shut this window, only alt+tab away from it until it gets on top again.

    Now you may be asking, "What so bad with pictures of scantily clad, nubile young women?" My answer, 1) I'm at work and this was sitting on my computer screen for an hour while I was in a meeting. 2) We just completed a round of sexual harassment training, and just displaying that sort of content is grounds for termination. I have a few snakes in the office who would love to work on my accounts, I don't need to give them ammo. 3) I'm married and *trying* to turn that situation around. If my wife happened upon a page like that ......

    So Tal, I'm reaching out to you. Is there anything we can do about this? I've had problems with some Gold Casino adding links to my desk top and favorites, and didn't mind so much, but this is bad.
     
  2. Rallymama Gems: 31/31
    Latest gem: Rogue Stone


    Joined:
    Oct 23, 2002
    Messages:
    4,329
    Media:
    2
    Likes Received:
    11
    Ditto here. That's not a pop-up, it's a damned virus!

    And here's the worst thing - where are the scantily clad young MEN?! ;) :roll:
     
  3. Mathetais Gems: 28/31
    Latest gem: Star Sapphire


    Joined:
    Apr 5, 2001
    Messages:
    2,767
    Likes Received:
    0
    *Sending pic to Rallymama*
     
  4. fade Gems: 13/31
    Latest gem: Ziose


    Joined:
    May 4, 2003
    Messages:
    544
    Likes Received:
    0
    I was wondering where that was comming from.

    Can you use ctrl+alt+del to force it to close?

    Also quick way to change it back to your normal homepage is in IE goto tool/internet options. Then click "Use Default" Hope that helps until that goes away.
     
  5. Falstaff

    Falstaff Sleep is for the Weak of Will Veteran

    Joined:
    Oct 25, 2002
    Messages:
    956
    Likes Received:
    8
    Gender:
    Male
    Yeah - I had that problem too - and at some rather untimely moments! I couldn't use IE for a week, until I figured out how to fix it!
     
  6. Rallymama Gems: 31/31
    Latest gem: Rogue Stone


    Joined:
    Oct 23, 2002
    Messages:
    4,329
    Media:
    2
    Likes Received:
    11
    @Mat: Do I get one with a SUIT, too? Pretty please?!

    :)
     
  7. Mathetais Gems: 28/31
    Latest gem: Star Sapphire


    Joined:
    Apr 5, 2001
    Messages:
    2,767
    Likes Received:
    0
    [​IMG] A suit is hardly scantily clad ... but I suppose I can accomidate you ;)
     
  8. Rastor Gems: 30/31
    Latest gem: King's Tears


    Joined:
    Jul 8, 2002
    Messages:
    3,533
    Likes Received:
    0
    @fade
    Ctrl-Alt-Delete didn't work (it knocked out my whole browser).

    I haven't downloaded a pop-up blocker yet, but all this stuff being distributed via popups now is seriously tempting me to.
     
  9. The Great Snook Gems: 31/31
    Latest gem: Rogue Stone


    Adored Veteran

    Joined:
    May 15, 2003
    Messages:
    4,117
    Media:
    28
    Likes Received:
    313
    Gender:
    Male
    Tal,

    Have you forsaken us?

    It is completley immoral for a pop-up to change your homepage without your permission.

    There has to be someone you can complain to about this.
     
  10. Morgoth

    Morgoth La lune ne garde aucune rancune Veteran

    Joined:
    Jul 21, 2002
    Messages:
    3,652
    Media:
    8
    Likes Received:
    86
    Gender:
    Male
    What about a healthy scan with Ad-aware and a virusscanner?
     
  11. Taluntain

    Taluntain Resident Alpha and Omega Staff Member ★ SPS Account Holder Resourceful Adored Veteran Pillars of Eternity SP Immortalizer (for helping immortalize Sorcerer's Place in the game!) New Server Contributor [2012] (for helping Sorcerer's Place lease a new, more powerful server!) Torment: Tides of Numenera SP Immortalizer (for helping immortalize Sorcerer's Place in the game!) BoM XenForo Migration Contributor [2015] (for helping support the migration to new forum software!)

    Joined:
    Jun 11, 2000
    Messages:
    23,299
    Media:
    494
    Likes Received:
    514
    Gender:
    Male
    [​IMG] Here is how things stand.

    1.) I cannot change the pop-up provider yet, because pop-ups are in actual html files on all pages of SP. Changing that would mean changing it on all pages (not realistic). I *will* change the pop-up provider as soon as the new design goes up, however. I've had enough of these pop-up filth servers.

    2. Complaining about the pop-ups served has proven totally ineffective and only a waste of my time. Their stance is take it or leave it - they don't care either way. These offensive pop-ups seem to show only for Americans, however - I haven't seen any yet.

    3. We have more or less finished the groundwork for the SP subscription system, but as it is integrated in the new SP design, it will not work for the pages of SP currently. However, one portion of SP - the boards - CAN have pop-ups removed with a login into the system as it is now. Catbert slapped together a temp login form all of you who are having problems with these pop-ups can use to log in and have pop-ups on the boards removed. This is just a temporary solution until the SP supporter subscription goes live, but it should help with the most pressing problem. Again, this will ONLY work to remove pop-ups on the boards. You NEED to have cookies enabled for this to work.

    Go to http://www.sorcerers.net/~upload/temp/

    username: SP
    pass: rocks

    Hit submit, and you're done. Go to http://www.sorcerers.net/cgi-bin/ultimatebb.cgi and see if anything pops up. It shouldn't.

    (Of course, I can't prevent anyone from logging in now and getting no pop-ups on the boards, since I made the login public, but I hope people who don't actually have the above mentioned pop-up problems won't exploit it. This login will be killed once the SP supporter subscription goes up anyway.)
     
  12. Grey Magistrate Gems: 14/31
    Latest gem: Chrysoberyl


    Joined:
    Aug 9, 2003
    Messages:
    632
    Likes Received:
    2
    Thanks, Mathetais, for pointing this out - and thanks, Taluntain, for the temporary fix. I'll preorder Greyhawk through here as minor compensation. Thank goodness I had Lavasoft's Ad-Aware already installed. Others can pick up this marvelous utility, for free, at:

    http://www.lavasoftusa.com/support/download/

    Download it ASAP.
     
  13. Mathetais Gems: 28/31
    Latest gem: Star Sapphire


    Joined:
    Apr 5, 2001
    Messages:
    2,767
    Likes Received:
    0
    Sorry to point this out Tal. I'm a big fan of the site (obviously) and only did so to make it better.

    Ad-aware did help alot.
     
  14. Taluntain

    Taluntain Resident Alpha and Omega Staff Member ★ SPS Account Holder Resourceful Adored Veteran Pillars of Eternity SP Immortalizer (for helping immortalize Sorcerer's Place in the game!) New Server Contributor [2012] (for helping Sorcerer's Place lease a new, more powerful server!) Torment: Tides of Numenera SP Immortalizer (for helping immortalize Sorcerer's Place in the game!) BoM XenForo Migration Contributor [2015] (for helping support the migration to new forum software!)

    Joined:
    Jun 11, 2000
    Messages:
    23,299
    Media:
    494
    Likes Received:
    514
    Gender:
    Male
    No problem, Mat. These pop-ups annoy me just as much, but SP needs them to survive. Not at the expense of losing visitors, however... So, as I said, I will get rid of them as soon as that becomes possible.
     
  15. Ahrontil Gems: 8/31
    Latest gem: Skydrop


    Joined:
    May 26, 2003
    Messages:
    272
    Likes Received:
    0
    Changing peoples homepages is an easy thing to do as Internet Explorer lets it be done. There is an IE key in the registry however that when set stop the homepage being changed by anyone (even the user) until the same key is reset. It takes just 2 minutes to do.

    For Windows XP the Lock/Unlock Reg keys are in a zip file here;
    http://www.gmpservices.com/articles/pufiles/HomePagelock-unlock.zip

    Download the zip, extract it to somewhere safe and apply the lock or unlock by simply double clicking on the key and then OK.

    This link is from an article here, with lots of other useful info.

    (Unnecessary, but if you want to play it doubly safe (and you know how) first you should use regedit.exe to save your current registry, and then also create a system restore point (Check Win XP Help).

    @Mat
    Since you are at work, it is the responsiblity of your Network Techie (if you have one) to apply the Reg key and all other software upgrades to protect your machine.

    It is also imperative that you use the Screensaver Password Protection built into Windows.

    Right click on desktop -->Properties-->[Screen Saver]-->[On resume, password protect]-->Apply-->OK

    As a website like Sorcerers Place uses cookies to automatically login users, anyone who gains access to your machine will be able to associate everything that you have posted here with the Real Life you. These posts have no consequences as we are not part of Real Life (in fact I am a robot), but your coworkers should not be given the opputunity too use anything you have said on these boards to undermine your position at work.

    If you use a password to logon to your computer at work, then this is the password that will be needed to close the screensaver. Other users with other logon names and passwords will be unaffected (other than having their noseyness thwarted :bang: :thumb: ).

    __________________________
    Word For The Day: Scumware

    [ September 13, 2003, 02:50: Message edited by: Bluin ]
     
  16. Spellbound

    Spellbound Fleur de Mystique Distinguished Member ★ SPS Account Holder Veteran

    Joined:
    May 2, 2002
    Messages:
    1,273
    Likes Received:
    8
    Gender:
    Female
    I tried to load that HomePageLock script and get the message "This is not a Registry script" and that was that--no dice.
     
  17. Ahrontil Gems: 8/31
    Latest gem: Skydrop


    Joined:
    May 26, 2003
    Messages:
    272
    Likes Received:
    0
    My bad.

    I'm guessing that you are running Windows 98 or ME as it works for XP but not Win 98, I'll try and hunt down the Win 98 version on the net right now.
     
  18. fade Gems: 13/31
    Latest gem: Ziose


    Joined:
    May 4, 2003
    Messages:
    544
    Likes Received:
    0
    Doesn't ad-aware have spyware on it itself?
     
  19. Ahrontil Gems: 8/31
    Latest gem: Skydrop


    Joined:
    May 26, 2003
    Messages:
    272
    Likes Received:
    0
    It's possible Fade (the much respected Real Player did for a long time), but if it did it is very likely that the anti-spyware and Internet Security communities would have said so long before now.

    What makes you think that it might contain spyware?

    On the Reg key for Win 98 front, I have still had no luck, although I have found the instructions to do the Registry Edit manually (requires a bit of work to do).

    The trawl I did for the Key on the net did actually throw up a different solution whereby all access to the Registry by external programs is prohibited.

    This begs the question why didn't Microsoft make this default Windows behaviour. It's starting to look a bit like the 'Leaving deliberate security holes for Later Microsoft Access' debate that occurred with the advent of the Blaster Worm.

    Anyway, I am going to do a bit more checking and do the manual Reg edit on my Win98 machine to make sure it works properly.

    -------------------------------------------------

    I'm back, and I've read stuff that has made me even more net-paranoid than before. Ignorance is bliss. Was bliss.

    'Disclaimer: I'm not responsible for anything, unless it's good.'

    Quote taken from a web page of a 'White Hat' hacker which includes the source code to hack an unprotected computer.


    Hijackers and wizards and giants, oh my!

    All my preliminary web searches appear to point to the same source of the problem, the glacially slow speed of the Microsoft Software Giant to fix the (deliberate) security holes within its software.

    I'm going to have a bit of a rant, so those who want to can skip to the bold text and apply the (clumsy) fix.

    Would everyone who is still reading please quietly sing 'Blame Microsoft' to the tune of South Park's 'Blame Canada'.

    From what I have gleaned so far;

    Away back before The Third Age (ie. before XP) a writer for a German computer magazine discovered that Windows 98 implanted a unique identity number in each Word document. He found that this number uniquely identified his computer as being the source of the document (think about the implications for material published on the net from dissenting voices in countries like China).

    He found that the number was taken from his Registry and served up by an ActiveX control, regwizc.dll (registry wizard control module) to any program (including web scripts) that asked for it.

    Now, he knew regwizc.dll was used to enable online registering of a new copy of Windows 98, and was understandably able to transmit his Registration Number to Microsoft, but he was a bit annoyed that his unique Computer ID was being so freely distributed, so he did a bit more investigating.

    He found out that regwizc.dll could do more than just allow websites to read his Computer ID from the registry, it could also also allow websites to write a new Computer ID to his registry (D'ya need anybody framed?).

    Naturally he informed the MS Giant, who denied any evil intent by its inclusion of a computer-use-tracking ID number in its operating system. The Win 98 patch removed the offending Registry Keys and, with the exception of RealPlayer trying the same stunt, all was well until the coming of the Third Age.

    Time had caused the regwizc.dll gateway to be forgotten by righteous men. But a few evil men had not forgotten. Barely days into the Third Age swarms of these men blockaded their regwizc.dll gateways, which (as it bypassed the Registration process) allowed them to crack Win XP copy-protection wide open.

    The righteous men kept their regwizc.dll gates open of course, trusting the MS Giant to protect the gate.

    Then one evil man remembered the Second Age, he wondered if regwizc.dll could change more than just the Computer ID. He looked, and he found a multitude of Registry entries on almost every computer on the net was open to being changed as he pleased.

    So he summoned a great host of immoral and barbaric script-kiddies and copy-cats to his side. In overwhelming numbers they assaulted the righteous, who found to their cost that the MS Giant had just been sleeping on his pile of gold.

    The evil men who had blocked their regwizc.dll gateway long ago watched on as the righteous men were, um, accosted repeatedly from behind, by unseen attackers.

    Microsoft still won't advise people to shut the regwizc.dll gateway. Why not? Because it is their (unprotected) point of access to the general population's machines. In theory it lets them snoop and change your Registry online. It will be an essential part of the registration-protected 'Software as a service' vision that they have for the Fourth Age (you 'rent' the software on a per use or per month basis). If they disable it now it will be too hard to justify its inclusion in future versions of Windows.

    End of Rant.

    ---------------------------------------------------------------------------
    The following is reproduced as it exists on the net:

    It was posted by "Kleinkramer" at http://www.wilders.org/

    Windows(98) has a built in bit that allows outsiders (any site) to read, write, and edit (in other words, to "hack") your Windows registry. This can cause many problems for you, such as making your browser behave strangely, changing your homepage, causing programs to hang up or not function, and launching programs you don't want to run.

    The Windows program that allows the hacking is called REGWIZC.DLL (registry wizard control module).

    The good news is that you can disable it so that it does not allow scripts on web sites you visit to hack your registry. Here is how to disable it:

    1. Click on - taskbar/start menu/run

    2. Copy and paste the following line into the run field:
    regsvr32.exe -u c:bad:windows\system\regwizc.dll

    3. Click OK. You should get a popup message confirming the successful disabling of regwizc.dll.

    It is also possible to re-enable regwizc.dll, if you should later decide to allow outsiders to get into your registry. I can't think of any reason why you should, but this is how to do it:

    1. Click on - taskbar/start menu/run
    2. Copy and paste the following line into the run field:
    regsvr32.exe -c c:bad:windows\system\regwizc.dll
    3. Click OK. You should get a popup message confirming the successful reenabling of regwizc.dll


    ----------------------------------------------------------------------------

    Me again:

    I'm guessing, but I expect programs like Quicktime which already operate an 'install direct from the net' installation procedure would require regwizc.dll to be reactivated. I'll edit this when I have tried to reinstall it.

    Other (very trustworthy) sites have advised that this procedure should be carried out on WinXP also, and it worked on my machine (and I also have the Remote Registry service disabled, which is another rant altogether).

    ----------------------------------------------------------------------------

    The above should stop web pages changing you home page and screwing with your registry in as yet undreamt of ways (for now). It will not stop viruses, trojans and adware installed on you machine from changing your home page or other Registry entries. That is the job of Virus scanners and Ad-aware/Ad-watch programs.

    The Lock/Unlock XP Reg key pair in my first post will stop viruses and trojans changing your homepage, but in hindsight I think most people would much rather know that a possible virus is there and deal with it than to live in blissful ignorance. Regardless, the details of the Reg Key edits is included in the next excerpt.
    ----------------------------------------------------------------------------

    I can't change my home page - it keeps resetting

    This advice covers three types of home page locking - hijacking (by web sites), hijacking (by viruses) and locking (by ISPs when you install their software, and computer manufacturers)

    Hijacking

    First, update to Internet Explorer 6. Most sites that try to hijack your home page will now trigger a 'do you want to do this' warning message that lets you stop the hijacking. The sneaky background activex downloads that are often used by hijack sites to install spyware will also trigger a 'do you want to do this' install window.

    Some web sites try to change your home page or search engine options if you visit them. Some that have been mentioned in the newsgroups include gohip, sureseeker, webcombo, cybersearch and passthison.

    PLEASE update your version of Internet Explorer:
    http://support.microsoft.com/support/kb/articles/Q275/6/09.ASP

    Microsoft links to problems with the above sites are as follows:

    PassThisOn.com Home Page Appears When You Start Computer [Q309313]
    http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q309313

    [Me]: the above link appears to nolonger be working. Maybe MS is revising it?

    Cannot Change Default Home Page Setting from Webcombo Site [Q302459]
    http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q302459

    Home Page Setting Changes Unexpectedly, or You Cannot Change Your Home Page Setting

    http://support.microsoft.com/default.aspx?scid=kb;EN-US;320159

    In addition, you may discover that browser.secondpower.com is being added to your homepage URL. This link has an Uninstaller: http://www.secondpower.com/customer.html

    Also, there are some viruses that can reset your home page - so make sure that your antivirus is completely up to date.

    There is a clever little shareware programme that can help stop your home page being changed; it seems to work well but tends to trigger when you change your home page manually the next time that you start IE - the programme makes it much easier to take back control of your home page settings:

    http://download.cnet.com/downloads/0-10059-100-8571968.html?st.dl.10059-101-8571968.bc.10059-100-8571968

    Locking

    Some computer manufacturers and suppliers of internet access set IE to their home page and lock this setting via the registry. Hijackers use exactly the same trick. The locking is done using registry settings as per the following:

    Home Page Setting Changes Unexpectedly, or You Cannot Change Your Home Page Setting (Q320159)
    http://support.microsoft.com/default.aspx?scid=kb;EN-US;q320159


    Specific registry settings affected are:

    [HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel] - DWORD "HomePage"=dword:00000001 (grays out the whole section)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] - DWORD "NoSetHomePage"=dword:00000001

    [HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions] - DWORD "NoSetHomePage"=dword:00000001

    If you are using "Free Surfer" turn off the home page lock. If using Spybot turn off "protect IE control panel".

    [Me]: All this is is from here
    http://209.68.48.119/inetexplorer/answers.htm

    -----------------------------------------------------------------------------

    Other stuff is from here;

    http://www.zdnet.co.uk/help/tips/story/0,2802,e7107298,00.html
    http://www.techweb.com/winmag/web/regwizoff.htm
    http://www.computerbytesman.com/privacy/regwiz.htm
    http://www.iol.ie/~link/Spyware%20Information.htm
    http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms99-032.asp

    [ September 13, 2003, 09:48: Message edited by: Bluin ]
     
  20. Taluntain

    Taluntain Resident Alpha and Omega Staff Member ★ SPS Account Holder Resourceful Adored Veteran Pillars of Eternity SP Immortalizer (for helping immortalize Sorcerer's Place in the game!) New Server Contributor [2012] (for helping Sorcerer's Place lease a new, more powerful server!) Torment: Tides of Numenera SP Immortalizer (for helping immortalize Sorcerer's Place in the game!) BoM XenForo Migration Contributor [2015] (for helping support the migration to new forum software!)

    Joined:
    Jun 11, 2000
    Messages:
    23,299
    Media:
    494
    Likes Received:
    514
    Gender:
    Male
    [​IMG] Ok, this has gone way, way off topic now, and I'm closing it. If you want to discuss security holes in M$ operating systems and how to fix them, make a new topic in Whatnots.
     
Thread Status:
Not open for further replies.
Sorcerer's Place is a project run entirely by fans and for fans. Maintaining Sorcerer's Place and a stable environment for all our hosted sites requires a substantial amount of our time and funds on a regular basis, so please consider supporting us to keep the site up & running smoothly. Thank you!

Sorcerers.net is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to products on amazon.com, amazon.ca and amazon.co.uk. Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or its affiliates.