Adware on Neowin

[john smith 1924 Veteran]

Firefox - yay or nay?

yay :D

[SOOPAH256]

a SS for ya ;)

[Xylene]

yay :D

No way in hell I'm using Firefox. I'd rather just remove the adware crap when I get it than use that. I just plain don't like it.

[PseudoRandomDragon]

Shame on you all for not turning off ActiveX.

[mAcOdIn Veteran]

This is for you guys that got this spyware from that page.

My IE didn't even get infected by it and this was with my anti-virus and spyware guard programs disabled(I was trying to get it infected hoping it was a trojan because I wanted to add it to my collection), so I think my Internet Explorer settings are pretty solid. This post is more of a preventive measure than a fix and will harden internet explorers security but at the same time retaining the functionality that IE has.

First in tools, internet options, advanced uncheck "Enable Install On Demand (Internet Explorer)" and "Enable Install On Demand (Other)" and "Enable Third-Party Browser Extensions (Requires Restart)" and choose apply and ok. Also ensure your internet security setting is at least medium(unless you know what you are doing and have made it custom).

Goto http://www.windowsupdate.com and make sure you have all the latest updates.

Then download Suns Java JRE from http://java.com/en/index.jsp (the link you want to hit is the "get it now" in the top right). Running Suns Java protects you because it has less exploited vulnerabilities than microsofts Java. Lots of spyware use holes in Microsofts java to install thier spyware so switching to Sun's closes a lot of holes.

Then download Spybot Search and Destroy from http://www.safer-networking.org/ run it and make sure to let it download the newest updates. Now goto Spybots immunize function and under "permanent internet explorer immunity" choose immunize, then under "permanently running bad download blocker for internet explorer" select "ask for blocking confermation and choose install.

Now download spyware blaster from http://www.javacoolsoftware.com/spywareblaster.html run it and ensure it's fully updated. Now choose "select all" and then hit "Protect Against Checked Items". Just for reference all the items that are in red are items that Spybots immunize doesn't protect you against that's why you should use both programs.

Both Spybot search and destroy's immunize function and spyware blaster are one time set things, these programs no longer have to be running to keep you from getting infected with the stuff the block against. What they do is disallow any activeX program that's was known to them at the time you immunized from even running. With both Spybot and Spyware Blaster it is important that you check for updates every two weeks or so and re-immunize yourself when new updates are released to stay current. Spybot's other immunize function ("permanently running bad download blocker for internet explorer") installs a BHO that will ask you for permission to block other known bad BHO's from installing. BHO's are really not needed and fairly rare and most people only have the adobe acrobat BHO. You could have set this option to always block but I chose "ask for blocking confirmation" for those people that use something that I do not that uses a BHO.

Now download both DSOstop2 and HTAstop2003 from http://www.nsclean.com/freebies.html and run both of those.

In addition there's another great free utility that you can run but unlike everything above it has to always be open just like an antivirus called spywareguard from javacool. You can download it and run it as well to further increase your security against spyware if you choose. It's available here: http://www.wilderssecurity.net/spywareguard.html

That should beef things up considerably. Having a good antivirus is also helpful because many of them are starting to add spyware to thier definitions, for instance my McAfee 8 caught that spyware trying to install.

I hope this helsp you guys because these settings are pretty solid but at the same time loose enough that you can still have active scripting enabled and activeX. Granted you could disable those as well but at that point you might as well go download an old version of Mosiac browser because it isn't worth using IE with everything disabled.

[OptiPlex]

After visiting Neowin, some virus/adware/trojan crap was installed on this test PC. (I'm testing AP2000, using IE/default security settings)

What kind of ads are ya running here? :blink:

[mAcOdIn Veteran]

They(Neowin) don't really run the ads themself, they lease the adspace to ad companies who then run thier own ads.

Now granted since the ad is on neowin's site the responsibility is primarily thiers, but I hope everyone understand they can't just drop thier ad company altogether because that's how Neowin stays up, so I hope everyone sees that they need to know the actual ad doing this so they can have it removed while keeping the other ads in place.

[xplatinum]

I get something completely different.

I've been trying to post but whenever I click "submit modified post" it opens this page > http://www.proxyconn.com/best.asp

[canadian397]

Ok, i have been on the post latly and when i am going to reply or start a new topic as soon as i finish and click Post this site comes up: http://www.proxyconn.com/best.asp . Does anyone know why? It is really bugging me and i'm sure it has other people. You can't even add a post or post, it just keeps coming up everytime you click it.

Help i guess...?

[H5N]

It didn't happen when you added this thread? What browser are you using?

[Cara Veteran]

Topics Merged

[Emon]

this is ****** up .. the admins/mods should do something about this issue. I just reinstalled Windows XP, got all the updates then got on neowin ( no other sites .. just neowin!!) ..and see what ad-ware 6.0 came up with.

Edited March 19, 2004 by Emon

[Emon]

and this SS is from next day .. after cleanning those spyware entries.

[HipHopaholic]

^^ hey what browser are you running, looks like avant

I have had the yellow box from the post above also....hhhhhhhhmmmmmmmmmmm

Heres a topic on passthison crap

http://www.lecour.net/richard/archives/001042.html

this suck, hopefully i have rid my computer of smartbotpro and alll that other crap

mAcOdIn

They(Neowin) don't really run the ads themself, they lease the adspace to ad companies who then run thier own ads.

Now granted since the ad is on neowin's site the responsibility is primarily thiers, but I hope everyone understand they can't just drop thier ad company altogether because that's how Neowin stays up, so I hope everyone sees that they need to know the actual ad doing this so they can have it removed while keeping the other ads in place.

[Rascally]

mAcOdIn's post on page 4 is probably one of the best "how to kill Spyware dead in it's tracks for dummies (and not so dummies)" I've seen ever. Awesome post, man.

[OptiPlex]

this is ****** up .. the admins/mods should do something about this issue. I just reinstalled Windows XP, got all the updates then got on neowin ( no other sites .. just neowin!!) ..and see what ad-ware 6.0 came up with.

Yea man, I was browsing Neowin in school and guess what!

Changed home page and search page

Lots of popups

Installed virus/cookies/trojan (yeah, the AV kicked in)

Change it ASAP! :angry:

[digitalslacker]

it's not neowin it's the people that are leasing the ad space from neowin

just get adaware and take it off

:p

[maplecookie Veteran]

could someone PLEASE find a way to get it off the computer without having to install anything? my work computer has this and you know, i TRIED but am unable to downlaod anything to get it off

please help find another way!

[sbweb77]

Found this, dont know how well it works.

_____________________________

Online Spyware Removal

Description: Detect and removes spyware online without installing software on your desktop.

http://www.auditmypc.com/freescan/gui.asp

[Farchord]

Well I got the same crap, and I'm sorry, but I activated my NIS 2004 Banner blocking, and I activated the popup blocker on neowin.... :s

No way I'm gonna infect my computer by coming here...

[john smith 1924 Veteran]

No offense guys, but there is no point in getting angry about this. We are looking into it. We havent done this intentionaly, its the ad server people. if you dont want to come to neowin, then fine, but dont let it be over some adverts that you can easily block out.

[the evn show]

No offense guys, but there is no point in getting angry about this. We are looking into it. We havent done this intentionaly, its the ad server people. if you dont want to come to neowin, then fine, but dont let it be over some adverts that you can easily block out.

I'm not blocking ads because I realize that (at least part of) the way neowin stays afloat and free. Are you saying that it doesn't really matter if we block these or not?

[john smith 1924 Veteran]

No, but i'm saying if you cant live with it, then its a better alternative than you not coming atall. Of course neowin lives off ad revenue, but at the end of the day, we also live of you guys- the members. You know we haven't done this intentionally, and you know we'll try and provide the best site for you guys as possible. Just give us a chance.

[the evn show]

Thanx for clearing that up. Neowin will remain in my list of exempt sites for pithhelmet until you offer an ad-free subscription service.

[Briandl79]

Why hasn't this issue been corrected yet ? While I understand this is not a problem created by Neowin but rather their advertisers it's still unacceptable that it has not been remedied.