Become a part of the TranceAddict community!Frequently Asked Questions - Please read this if you haven'tSearch the forums
TranceAddict Forums > Main Forums > Chill Out Room > Oh well, I tried...
Pages (2): « 1 [2]   Last Thread   Next Thread
Share
Author
Thread    Post A Reply
FogJuice
tranceaddict in training



Registered: Sep 2006
Location:

I made it pretty clear (at least I thought) that paypopup.com/clicksor.com and one of it's 3rd party advertisers were the offenders.

I'm curious, what were your findings?

I had it work on 2 computers (well 1 computer and 1 Virtual PC instance) running Windows XP and SP2 the other day. The machines were both updated with all of the current patches from Windows Update, but the patch for the 0-day VML exploit had not yet been released and therefore installed. [1] [2]

I apologize if I did not see that the thread was moved. I thought the first thread was deleted. There was no indication that it was moved (that I could see at least). Some forum software continues to display the topic in it's original place with the word 'moved' next to it for a period of time.

Like I said before, I was only trying to save someone a bit of time over the weekend that I am sure they'd rather spend outdoors, in the club, listening to music, etc -- instead of rebuilding their computer. It's entirely possible that all of the TA vistors use Firefox or a browser other than IE. Or maybe they all use an anti-virus program that detected the page from paypopup.com and stopped the trojan in it's tracks. That would be awesome!

Personally, I avoid sites who use paypopup.com. While they claim that they don't cater to 3rd party advertisers who use trojans and browser exploits to install spyware, adware, keyloggers, and viruses, it does happen quite often and they are aware of it. Google for paypopup.com or clicksor.com and you'll see what I mean.

So my advice... first off ditch IE. It's not that Firefox is inherently more secure (google for 'firefox security'), it's just (for the moment) that writing an exploit for IE has a much better chance of causing an infection (more people use IE than Firefox). To be completely fair though, the ActiveX control host implementation in IE has been the source of numerous exploits and it seems that you more or less move your mouse in IE and it becomes infected.

Second... run an anti-virus program. I use AVG because it's free. The user interface isn't the prettiest or most functional, but it seems to do a decent job detecting viruses and virus signatures are updated daily. I bought my parents the Microsoft Live Care service for 20 bucks a year (installs on 3 computers). It's OK (seems to do the job), but it installs a bunch of programs and services and takes up a fair amount of RAM. I'd recommend AVG over just about any other "suite", because it seems to be the least invasive and has the best detection ratio that I've seen. There are also non-free versions of AVG for corporate use.

Third... either don't visit sites that use paypopup.com/clicksor.com or install the AdBlock plug-in in Firefox [3] or edit your hosts file to redirect access to 127.0.0.1 effectively blocking the ads. [4]

I understand it costs something to run a heavily-trafficked site like TA, but at what expense do you risk alienating your user base?

Here was an interesting review of a couple of advertising sponsors [5]. Note what was said about paypopup.com:

quote:
I have also had 2-3 problems with their pop-unders causing Trojans to be downloaded. I complained every single time and this was dealt with but the problem still persists therefore I have taken down the pop-unders they provide





[1] http://weblogs.macromedia.com/jd/ar...vml_exploit.cfm
[2] http://www.f-secure.com/weblog/arch...6.html#00000980
[3] http://adblock.mozdev.org/
[4] http://www.mvps.org/winhelp2002/hosts.htm
[5] http://forums.digitalpoint.com/showthread.php?t=118160

Old Post Sep-30-2006 18:08  United States
Click Here to See the Profile for FogJuice Click here to Send FogJuice a Private Message Add FogJuice to your buddy list Report this Post Reply w/Quote Edit/Delete Message
XoxidE
Senior tranceaddict



Registered: Aug 2004
Location: TX TXTA: #79

quote:
Originally posted by FogJuice
I made it pretty clear (at least I thought) that paypopup.com/clicksor.com and one of it's 3rd party advertisers were the offenders.

I'm curious, what were your findings?

I had it work on 2 computers (well 1 computer and 1 Virtual PC instance) running Windows XP and SP2 the other day. The machines were both updated with all of the current patches from Windows Update, but the patch for the 0-day VML exploit had not yet been released and therefore installed. [1] [2]

I apologize if I did not see that the thread was moved. I thought the first thread was deleted. There was no indication that it was moved (that I could see at least). Some forum software continues to display the topic in it's original place with the word 'moved' next to it for a period of time.

Like I said before, I was only trying to save someone a bit of time over the weekend that I am sure they'd rather spend outdoors, in the club, listening to music, etc -- instead of rebuilding their computer. It's entirely possible that all of the TA vistors use Firefox or a browser other than IE. Or maybe they all use an anti-virus program that detected the page from paypopup.com and stopped the trojan in it's tracks. That would be awesome!

Personally, I avoid sites who use paypopup.com. While they claim that they don't cater to 3rd party advertisers who use trojans and browser exploits to install spyware, adware, keyloggers, and viruses, it does happen quite often and they are aware of it. Google for paypopup.com or clicksor.com and you'll see what I mean.

So my advice... first off ditch IE. It's not that Firefox is inherently more secure (google for 'firefox security'), it's just (for the moment) that writing an exploit for IE has a much better chance of causing an infection (more people use IE than Firefox). To be completely fair though, the ActiveX control host implementation in IE has been the source of numerous exploits and it seems that you more or less move your mouse in IE and it becomes infected.

Second... run an anti-virus program. I use AVG because it's free. The user interface isn't the prettiest or most functional, but it seems to do a decent job detecting viruses and virus signatures are updated daily. I bought my parents the Microsoft Live Care service for 20 bucks a year (installs on 3 computers). It's OK (seems to do the job), but it installs a bunch of programs and services and takes up a fair amount of RAM. I'd recommend AVG over just about any other "suite", because it seems to be the least invasive and has the best detection ratio that I've seen. There are also non-free versions of AVG for corporate use.

Third... either don't visit sites that use paypopup.com/clicksor.com or install the AdBlock plug-in in Firefox [3] or edit your hosts file to redirect access to 127.0.0.1 effectively blocking the ads. [4]

I understand it costs something to run a heavily-trafficked site like TA, but at what expense do you risk alienating your user base?

Here was an interesting review of a couple of advertising sponsors [5]. Note what was said about paypopup.com:






[1] http://weblogs.macromedia.com/jd/ar...vml_exploit.cfm
[2] http://www.f-secure.com/weblog/arch...6.html#00000980
[3] http://adblock.mozdev.org/
[4] http://www.mvps.org/winhelp2002/hosts.htm
[5] http://forums.digitalpoint.com/showthread.php?t=118160


so do you like trance? or any form of techno???


___________________

Old Post Sep-30-2006 18:20  United States
Click Here to See the Profile for XoxidE Click here to Send XoxidE a Private Message Visit XoxidE's homepage! Add XoxidE to your buddy list Report this Post Reply w/Quote Edit/Delete Message
FogJuice
tranceaddict in training



Registered: Sep 2006
Location:

After re-reading my post (to make sure that I didn't come off as a dickhead), I came to the realization that you could listen to music and re-install your OS at the same time. You could also do it outside if you had a laptop...

ps. I pretty much like all electronic music: trance, house, ambient, electro, techno, breaks, garage, dnb, happy hardcore, etc. It really depends on what mood I'm in.

Old Post Sep-30-2006 18:26  United States
Click Here to See the Profile for FogJuice Click here to Send FogJuice a Private Message Add FogJuice to your buddy list Report this Post Reply w/Quote Edit/Delete Message
XoxidE
Senior tranceaddict



Registered: Aug 2004
Location: TX TXTA: #79

oh well thats good then, cause i thought you were here just to advertise some website to remove adwares or whatever...


___________________

Old Post Sep-30-2006 18:29  United States
Click Here to See the Profile for XoxidE Click here to Send XoxidE a Private Message Visit XoxidE's homepage! Add XoxidE to your buddy list Report this Post Reply w/Quote Edit/Delete Message
FogJuice
tranceaddict in training



Registered: Sep 2006
Location:

Yeah, I'd recommend using a program of some sort over trying to do it manually.

I can't recommend a single program because it's been a while since I've used one. I used to use CWShredder (free) to clean off friends and families computers, but now it has gotten to the point where once you are infected, you might as well back up your documents, pictures and music files and just re-install.

I tried to do it manually using the sysinternals tools [1] ActiveRuns, Process Explorer & File Monitor, and I came somewhat close, but in the end I gave up and just shut down Virtual PC and deleted the virtual hard drive instance.

Some of those trojans/adware/spyware programs install some pretty crazy shit! Windows Services, Browser Helper Objects, hooks into Windows Explorer, programs set to run at startup, etc.

I can't believe people get paid to write those programs, but they do...


[1] www.sysinternals.com

Old Post Sep-30-2006 18:36  United States
Click Here to See the Profile for FogJuice Click here to Send FogJuice a Private Message Add FogJuice to your buddy list Report this Post Reply w/Quote Edit/Delete Message
FogJuice
tranceaddict in training



Registered: Sep 2006
Location:

quote:
Originally posted by XoxidE
oh well thats good then, cause i thought you were here just to advertise some website to remove adwares or whatever...


Why doesn't anybody know how to read for comprehension anymore?



eh, I'm done.

Swamper, if you did disable the pop-unders from paypopup.com (I'm back using FF with Adblock so I can't tell), thanks man. Appreciated.

I see you already have Adsense, but how about an affiliate program with Amazon? You have a targeted audience (trance lovers) and Amazon has a pretty decent collection of trance CDs. I'm not sure what the impressions, click-thru and referall payouts are, but I've heard good things from friends who use it.

Does iTunes have a similar program? What about djdownload.com or some of the other online mp3 retailers?

Old Post Sep-30-2006 18:44  United States
Click Here to See the Profile for FogJuice Click here to Send FogJuice a Private Message Add FogJuice to your buddy list Report this Post Reply w/Quote Edit/Delete Message
XoxidE
Senior tranceaddict



Registered: Aug 2004
Location: TX TXTA: #79

quote:
Originally posted by nchs09


omg u theif! stay out of my album!


___________________

Old Post Sep-30-2006 18:48  United States
Click Here to See the Profile for XoxidE Click here to Send XoxidE a Private Message Visit XoxidE's homepage! Add XoxidE to your buddy list Report this Post Reply w/Quote Edit/Delete Message

TranceAddict Forums > Main Forums > Chill Out Room > Oh well, I tried...
Post New Thread    Post A Reply

Pages (2): « 1 [2]  
Last Thread   Next Thread
Click here to listen to the sample!Pause playbacktry to id this! [2004] [0]

Click here to listen to the sample!Pause playbackOrion - "See Me Here" [2002]

Show Printable Version | Subscribe to this Thread
Forum Jump:

All times are GMT. The time now is 15:48.

Forum Rules:
You may not post new threads
You may not post replies
You may not edit your posts
HTML code is ON
vB code is ON
[IMG] code is ON
 
Search this Thread:

 
Contact Us - return to tranceaddict

Powered by: Trance Music & vBulletin Forums
Copyright ©2000-2026, Jelsoft Enterprises Ltd.
Privacy Statement / DMCA
Support TA!