Passthison: Worse Pop-Up Ever

Remove all ads!

This is worse than Gator, and I'm not sure I can keep coming to SP until its gone (getting right to the point, ain't I?)

One of the Pop-up ads changes the home page of my computer to www.passthison.com or such. Then there are 6-7 pop-up ads that follow, along with a Windows Messenger window that has a very scantily clad woman and a list of pornographic links. You cannot shut this window, only alt+tab away from it until it gets on top again.

Now you may be asking, "What so bad with pictures of scantily clad, nubile young women?" My answer, 1) I'm at work and this was sitting on my computer screen for an hour while I was in a meeting. 2) We just completed a round of sexual harassment training, and just displaying that sort of content is grounds for termination. I have a few snakes in the office who would love to work on my accounts, I don't need to give them ammo. 3) I'm married and *trying* to turn that situation around. If my wife happened upon a page like that ......

So Tal, I'm reaching out to you. Is there anything we can do about this? I've had problems with some Gold Casino adding links to my desk top and favorites, and didn't mind so much, but this is bad.

 

Ditto here. That's not a pop-up, it's a damned virus!

And here's the worst thing - where are the scantily clad young MEN?!

 

*Sending pic to Rallymama*

 

I was wondering where that was comming from.

Can you use ctrl+alt+del to force it to close?

Also quick way to change it back to your normal homepage is in IE goto tool/internet options. Then click "Use Default" Hope that helps until that goes away.

 

Yeah - I had that problem too - and at some rather untimely moments! I couldn't use IE for a week, until I figured out how to fix it!

 

@Mat: Do I get one with a SUIT, too? Pretty please?!

 

A suit is hardly scantily clad ... but I suppose I can accomidate you

 

@fade
Ctrl-Alt-Delete didn't work (it knocked out my whole browser).

I haven't downloaded a pop-up blocker yet, but all this stuff being distributed via popups now is seriously tempting me to.

 

Tal,

Have you forsaken us?

It is completley immoral for a pop-up to change your homepage without your permission.

There has to be someone you can complain to about this.

 

What about a healthy scan with Ad-aware and a virusscanner?

 

Thanks, Mathetais, for pointing this out - and thanks, Taluntain, for the temporary fix. I'll preorder Greyhawk through here as minor compensation. Thank goodness I had Lavasoft's Ad-Aware already installed. Others can pick up this marvelous utility, for free, at:

http://www.lavasoftusa.com/support/download/

Download it ASAP.

 

Sorry to point this out Tal. I'm a big fan of the site (obviously) and only did so to make it better.

Ad-aware did help alot.

 

Changing peoples homepages is an easy thing to do as Internet Explorer lets it be done. There is an IE key in the registry however that when set stop the homepage being changed by anyone (even the user) until the same key is reset. It takes just 2 minutes to do.

For Windows XP the Lock/Unlock Reg keys are in a zip file here;
http://www.gmpservices.com/articles/pufiles/HomePagelock-unlock.zip

Download the zip, extract it to somewhere safe and apply the lock or unlock by simply double clicking on the key and then OK.

This link is from an article here, with lots of other useful info.

(Unnecessary, but if you want to play it doubly safe (and you know how) first you should use regedit.exe to save your current registry, and then also create a system restore point (Check Win XP Help).

@Mat
Since you are at work, it is the responsiblity of your Network Techie (if you have one) to apply the Reg key and all other software upgrades to protect your machine.

It is also imperative that you use the Screensaver Password Protection built into Windows.

Right click on desktop -->Properties-->[Screen Saver]-->[On resume, password protect]-->Apply-->OK

As a website like Sorcerers Place uses cookies to automatically login users, anyone who gains access to your machine will be able to associate everything that you have posted here with the Real Life you. These posts have no consequences as we are not part of Real Life (in fact I am a robot), but your coworkers should not be given the opputunity too use anything you have said on these boards to undermine your position at work.

If you use a password to logon to your computer at work, then this is the password that will be needed to close the screensaver. Other users with other logon names and passwords will be unaffected (other than having their noseyness thwarted ).

__________________________
Word For The Day: Scumware

[ September 13, 2003, 02:50: Message edited by: Bluin ]

 

I tried to load that HomePageLock script and get the message "This is not a Registry script" and that was that--no dice.

 

My bad.

I'm guessing that you are running Windows 98 or ME as it works for XP but not Win 98, I'll try and hunt down the Win 98 version on the net right now.

 

Doesn't ad-aware have spyware on it itself?

 

It's possible Fade (the much respected Real Player did for a long time), but if it did it is very likely that the anti-spyware and Internet Security communities would have said so long before now.

What makes you think that it might contain spyware?

On the Reg key for Win 98 front, I have still had no luck, although I have found the instructions to do the Registry Edit manually (requires a bit of work to do).

The trawl I did for the Key on the net did actually throw up a different solution whereby all access to the Registry by external programs is prohibited.

This begs the question why didn't Microsoft make this default Windows behaviour. It's starting to look a bit like the 'Leaving deliberate security holes for Later Microsoft Access' debate that occurred with the advent of the Blaster Worm.

Anyway, I am going to do a bit more checking and do the manual Reg edit on my Win98 machine to make sure it works properly.

-------------------------------------------------

I'm back, and I've read stuff that has made me even more net-paranoid than before. Ignorance is bliss. Was bliss.

'Disclaimer: I'm not responsible for anything, unless it's good.'

Quote taken from a web page of a 'White Hat' hacker which includes the source code to hack an unprotected computer.


Hijackers and wizards and giants, oh my!

All my preliminary web searches appear to point to the same source of the problem, the glacially slow speed of the Microsoft Software Giant to fix the (deliberate) security holes within its software.

I'm going to have a bit of a rant, so those who want to can skip to the bold text and apply the (clumsy) fix.

Would everyone who is still reading please quietly sing 'Blame Microsoft' to the tune of South Park's 'Blame Canada'.

From what I have gleaned so far;

Away back before The Third Age (ie. before XP) a writer for a German computer magazine discovered that Windows 98 implanted a unique identity number in each Word document. He found that this number uniquely identified his computer as being the source of the document (think about the implications for material published on the net from dissenting voices in countries like China).

He found that the number was taken from his Registry and served up by an ActiveX control, regwizc.dll (registry wizard control module) to any program (including web scripts) that asked for it.

Now, he knew regwizc.dll was used to enable online registering of a new copy of Windows 98, and was understandably able to transmit his Registration Number to Microsoft, but he was a bit annoyed that his unique Computer ID was being so freely distributed, so he did a bit more investigating.

He found out that regwizc.dll could do more than just allow websites to read his Computer ID from the registry, it could also also allow websites to write a new Computer ID to his registry (D'ya need anybody framed?).

Naturally he informed the MS Giant, who denied any evil intent by its inclusion of a computer-use-tracking ID number in its operating system. The Win 98 patch removed the offending Registry Keys and, with the exception of RealPlayer trying the same stunt, all was well until the coming of the Third Age.

Time had caused the regwizc.dll gateway to be forgotten by righteous men. But a few evil men had not forgotten. Barely days into the Third Age swarms of these men blockaded their regwizc.dll gateways, which (as it bypassed the Registration process) allowed them to crack Win XP copy-protection wide open.

The righteous men kept their regwizc.dll gates open of course, trusting the MS Giant to protect the gate.

Then one evil man remembered the Second Age, he wondered if regwizc.dll could change more than just the Computer ID. He looked, and he found a multitude of Registry entries on almost every computer on the net was open to being changed as he pleased.

So he summoned a great host of immoral and barbaric script-kiddies and copy-cats to his side. In overwhelming numbers they assaulted the righteous, who found to their cost that the MS Giant had just been sleeping on his pile of gold.

The evil men who had blocked their regwizc.dll gateway long ago watched on as the righteous men were, um, accosted repeatedly from behind, by unseen attackers.

Microsoft still won't advise people to shut the regwizc.dll gateway. Why not? Because it is their (unprotected) point of access to the general population's machines. In theory it lets them snoop and change your Registry online. It will be an essential part of the registration-protected 'Software as a service' vision that they have for the Fourth Age (you 'rent' the software on a per use or per month basis). If they disable it now it will be too hard to justify its inclusion in future versions of Windows.

End of Rant.

---------------------------------------------------------------------------
The following is reproduced as it exists on the net:

It was posted by "Kleinkramer" at http://www.wilders.org/

Windows(98) has a built in bit that allows outsiders (any site) to read, write, and edit (in other words, to "hack") your Windows registry. This can cause many problems for you, such as making your browser behave strangely, changing your homepage, causing programs to hang up or not function, and launching programs you don't want to run.

The Windows program that allows the hacking is called REGWIZC.DLL (registry wizard control module).

The good news is that you can disable it so that it does not allow scripts on web sites you visit to hack your registry. Here is how to disable it:

1. Click on - taskbar/start menu/run

2. Copy and paste the following line into the run field:
regsvr32.exe -u cwindows\system\regwizc.dll

3. Click OK. You should get a popup message confirming the successful disabling of regwizc.dll.

It is also possible to re-enable regwizc.dll, if you should later decide to allow outsiders to get into your registry. I can't think of any reason why you should, but this is how to do it:

1. Click on - taskbar/start menu/run
2. Copy and paste the following line into the run field:
regsvr32.exe -c cwindows\system\regwizc.dll
3. Click OK. You should get a popup message confirming the successful reenabling of regwizc.dll

----------------------------------------------------------------------------

Me again:

I'm guessing, but I expect programs like Quicktime which already operate an 'install direct from the net' installation procedure would require regwizc.dll to be reactivated. I'll edit this when I have tried to reinstall it.

Other (very trustworthy) sites have advised that this procedure should be carried out on WinXP also, and it worked on my machine (and I also have the Remote Registry service disabled, which is another rant altogether).

----------------------------------------------------------------------------

The above should stop web pages changing you home page and screwing with your registry in as yet undreamt of ways (for now). It will not stop viruses, trojans and adware installed on you machine from changing your home page or other Registry entries. That is the job of Virus scanners and Ad-aware/Ad-watch programs.

The Lock/Unlock XP Reg key pair in my first post will stop viruses and trojans changing your homepage, but in hindsight I think most people would much rather know that a possible virus is there and deal with it than to live in blissful ignorance. Regardless, the details of the Reg Key edits is included in the next excerpt.
----------------------------------------------------------------------------

I can't change my home page - it keeps resetting

This advice covers three types of home page locking - hijacking (by web sites), hijacking (by viruses) and locking (by ISPs when you install their software, and computer manufacturers)

Hijacking

First, update to Internet Explorer 6. Most sites that try to hijack your home page will now trigger a 'do you want to do this' warning message that lets you stop the hijacking. The sneaky background activex downloads that are often used by hijack sites to install spyware will also trigger a 'do you want to do this' install window.

Some web sites try to change your home page or search engine options if you visit them. Some that have been mentioned in the newsgroups include gohip, sureseeker, webcombo, cybersearch and passthison.

PLEASE update your version of Internet Explorer:
http://support.microsoft.com/support/kb/articles/Q275/6/09.ASP

Microsoft links to problems with the above sites are as follows:

PassThisOn.com Home Page Appears When You Start Computer [Q309313]
http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q309313

[Me]: the above link appears to nolonger be working. Maybe MS is revising it?

Cannot Change Default Home Page Setting from Webcombo Site [Q302459]
http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q302459

Home Page Setting Changes Unexpectedly, or You Cannot Change Your Home Page Setting

http://support.microsoft.com/default.aspx?scid=kb;EN-US;320159

In addition, you may discover that browser.secondpower.com is being added to your homepage URL. This link has an Uninstaller: http://www.secondpower.com/customer.html

Also, there are some viruses that can reset your home page - so make sure that your antivirus is completely up to date.

There is a clever little shareware programme that can help stop your home page being changed; it seems to work well but tends to trigger when you change your home page manually the next time that you start IE - the programme makes it much easier to take back control of your home page settings:

http://download.cnet.com/downloads/0-10059-100-8571968.html?st.dl.10059-101-8571968.bc.10059-100-8571968

Locking

Some computer manufacturers and suppliers of internet access set IE to their home page and lock this setting via the registry. Hijackers use exactly the same trick. The locking is done using registry settings as per the following:

Home Page Setting Changes Unexpectedly, or You Cannot Change Your Home Page Setting (Q320159)
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q320159


Specific registry settings affected are:

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel] - DWORD "HomePage"=dword:00000001 (grays out the whole section)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] - DWORD "NoSetHomePage"=dword:00000001

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions] - DWORD "NoSetHomePage"=dword:00000001

If you are using "Free Surfer" turn off the home page lock. If using Spybot turn off "protect IE control panel".

[Me]: All this is is from here
http://209.68.48.119/inetexplorer/answers.htm

-----------------------------------------------------------------------------

Other stuff is from here;

http://www.zdnet.co.uk/help/tips/story/0,2802,e7107298,00.html
http://www.techweb.com/winmag/web/regwizoff.htm
http://www.computerbytesman.com/privacy/regwiz.htm
http://www.iol.ie/~link/Spyware%20Information.htm
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms99-032.asp

[ September 13, 2003, 09:48: Message edited by: Bluin ]