Spyware installer hides in Messenger ad banner

The banner itself appears to advertise and link to a download called Free PC-Secure (which is unfamiliar to us) but the real problem is that its appearance automatically launches a Windows dialog box telling you that "Your system is not clean" and asking you if "you want to download System Doctor to improve it." You know, the typical hoax message that tries to download a malicious ActiveX control even though you click "Cancel" in a fruitless attempt to ignore it.

The conclusion here is that a nasty spyware ad seems to have infiltrated into Microsoft's banner advertising network because one of their clients is making use of some html code trickery.

We advise everyone to pay strict attention when they receive such a message window out of the blue. Cancel any initiated downloads and close the pop-ups/browser instances it launches. The animated banner in the screenshot below (showing two random frames) is the cause of the unsolicited Windows prompt. The bottom image shows the deceitful message on the page that is automatically opened no matter your choice in the dialog window.

News source: Mess.be

Report a problem with article
Previous Story

DriverMax 2.0

Next Story

Jade Empire Special Edition available on Steam!


Commenting is disabled on this article.

Note: be careful when thinking that those various advertisement patches protect you against this flaw. Many of these patches just hide the advertisement in the contact list. The associated IE control is still there so you'll still get the same issues as the Winfixer popups will still be invoked from the IE control and those won't be hidden.

From mess.be:

While this would be an excellent opportunity to promote our Mess Patch for its ad-removal option, it is unfortunately no cure against the automated pop-up. Sandi recommends that MSN/Windows Live Messenger users download and install Mike Burgess's HOSTS file to help block Winfixer and other scum.

I've been using the HOSTS file from MVPS for several years now, and I use it on all of my family members' machines (none of them have a clue about safe surfing). I consider it the single most important part of my security bulkhead...even more important than an anti-virus program.

Note that Messenger's ads banner will change into a 404 page after modifying your HOSTS file. After this, I suppose it's safe to use an add-on program to remove the banner section entirely.

If using an NT-based operating system, be sure to shut down and disable the DNS Client...otherwise, you may see a very significant decrease in system performance (no problemo with 9x-based systems).

Decision time! Which is the better patch? Mess Patch, or A-Patch? I can't decide which one to use. But since I don't really use WLM, I'm not really in any hurry.


Well, maybe if MS would stop planting ads in their god damned messenger this wouldn't be a problem!

That has bugged me since day one. It's sort of funny that it's caused a problem now.

This reminds me of something that happend last year... Only now there is no status to revoke...will those/that MVP(s) respond the same this time round....and will Microsoft love that MVP for it? Is this the end of the WLM sponsor?

Laser_iCE said,
Thank you... I'll be able to sleep much easier tonight now that I know this. :)

I will sleep much easier tonight knowing that you cannot interpret such facts as some sort of unforced advice.

Yeah, why haven't people removed the banners yet anyways?? But it seems like Microsoft has got a problem on their hands if this wrecks a bunch of people's computers.

Hm... I was hoping there was a tool to do this, but I've never heard of one.

I think I'll go find this mythical 'A-Patch.'


Edit: Man, that's bangin' and rad! Thanks for mentioning the utility

Helba said,
Hm... I was hoping there was a tool to do this, but I've never heard of one.

I think I'll go find this mythical 'A-Patch.'


Edit: Man, that's bangin' and rad! Thanks for mentioning the utility :)

www.mess.be has a lot of stuff for WLM