Microsoft is running a disreputable spyware outfit

Discussion in 'Virus Information' started by Susan Sharm, Oct 31, 2005.

  1. Susan Sharm

    Susan Sharm Guest

    By logging into hotmail on a new system I found out that Microsoft is
    running a disreputable spyware program which pops up targeted adware on
    your Windows PC some time AFTER you view web pages. HOW DO WE PREVENT
    MICROSOFT FROM INFECTING OUR PC?

    On a brand new PC, I noticed that EVERY time I visit a hotmail page the
    message comes up (which I cancel every time):
    ---------------------------------------
    Opening ADSAdClient31.dll
    You have chosen to open
    ADSAdClient31.dll
    which is a: Application Extension
    from http://rad.msn.com

    What should Netscape do with this file?
    (x) Open with dllfile (default)
    ( ) Save to Disk
    ----------------------------------------
    I googled and found that this is a well-known Microsoft Ad Server
    spyware advertising client dynamic linked library
    (http://www.kuro5hin.org/story/2001/8/17/11541/1217)
    but I did not find how to PREVENT it from installing! Apparently this
    program pops up ads AFTER you view the web page! So it's a prime cause
    of pop-up annoyances and is a known spyware program from Microsoft.

    I tried putting 127.0.0.1 rad.msn.com into my hosts file but I STILL
    get this annoying Microsoft Advertising Delivery Service dll download
    attempt (which I cancel every time) when I visit any hotmail web page.

    Someone out there must be an anti-spyware expert who can tell us how to
    ELIMINATE the chance of this Microsoft-built adware/spyware?

    PLEASE! If you are a Windows expert, you'll know how to stop this
    program!

    Thank you in advance,
    Susan Sharm
     
    Susan Sharm, Oct 31, 2005
    #1
    1. Advertisements

  2. Susan Sharm

    Rod Speed Guest

    YOU SET FIRE TO YOURSELF IN 'PROTEST'

    If you incinerate the PC, they wont be able to touch it, stupid.
    Wota terminal fuckwit.
    See above.
    See above.
    See above.
    See above.
    See above.
     
    Rod Speed, Oct 31, 2005
    #2
    1. Advertisements

  3. Interesting, but unless I'm mistaken, Hotmail, like Google and a lot of
    other free sites, is ad driven. If you don't want to see ads, don't use
    Hotmail or those other sites.

    I assume you've tried the instructions here?

    http://forums.spywareinfo.com/lofiversion/index.php/t51627.html
     
    Karl Levinson, mvp, Oct 31, 2005
    #3
  4. I do not have this problem when using I.E. to go to hotmail.

    --

    Regards,

    Richard Urban
    Microsoft MVP Windows Shell/User

    Quote from George Ankner:
    If you knew as much as you think you know,
    You would realize that you don't know what you thought you knew!
     
    Richard Urban, Oct 31, 2005
    #4
  5. Susan Sharm

    Malke Guest

    (snip long rant and ridiculous amount of cross-posted newsgroups)

    I suspect you are a troll from the number of unrelated newsgroups to
    which you crossposted your original post, but:

    You don't mention what operating system you are using. If you are using
    Windows XP, make sure you have Service Pack 2 installed. Since you say
    you have a brand-new computer, I assume that you do have XPSP2. If this
    is not the case, consider upgrading to a current operating system and
    make sure you are up-to-date with security patches.

    Since I don't get any popups on Hotmail using IE on any of my XPSP2
    boxen, you've got something set up wrong on your machine or you are
    already infected with malware. The fact that you have a new machine is
    irrelevant; an improperly protected Windows machine can become infected
    in literally minutes. If you insist on using IE, use the popup control
    that comes with it. Or use another browser such as Firefox or Opera.

    As for ads, you are apparently using the free version of Hotmail which
    is ad-supported. Either pay for Hotmail or use another free email
    service (which will also be ad-supported unless you pay for it). Make
    sure your computer is clean and protected and practice Safe Hex:

    http://www.elephantboycomputers.com/page2.html#Removing_Malware
    http://www.claymania.com/safe-hex.html

    Malke
     
    Malke, Oct 31, 2005
    #5
  6. Susan wrote on 31 Oct 2005 00:46:12 -0800:
    If you read the link that Karl Levinson provided, you should note the bold
    text items. What has happened is that you have been infected by something
    else that has set up rad.msn.com in your hosts file to point to a non-MS
    site that attempts to download that DLL. MS isn't trying to force anything
    on you - you're a victim of something else that takes advantage of anyone
    who subsequently tries to access a Hotmail account.

    Dan
     
    Daniel Crichton, Oct 31, 2005
    #6
  7. I don't get any ads from Hotmail. Also, very little spam lately.

    --
    Frank Saunders, MS-MVP OE
    Please respond in Newsgroup only. Do not send email
    http://www.fjsmjs.com
    Protect your PC
    http://www.microsoft.com./athome/security/protect/default.aspx
    http://defendingyourmachine.blogspot.com/
     
    Frank Saunders, MS-MVP OE, Oct 31, 2005
    #7
  8. From: "Susan Sharm" <>

    | By logging into hotmail on a new system I found out that Microsoft is
    | running a disreputable spyware program which pops up targeted adware on
    | your Windows PC some time AFTER you view web pages. HOW DO WE PREVENT
    | MICROSOFT FROM INFECTING OUR PC?
    |
    | On a brand new PC, I noticed that EVERY time I visit a hotmail page the
    | message comes up (which I cancel every time):
    | ---------------------------------------
    | Opening ADSAdClient31.dll
    | You have chosen to open
    | ADSAdClient31.dll
    | which is a: Application Extension
    | from http://rad.msn.com
    |
    | What should Netscape do with this file?
    | (x) Open with dllfile (default)
    | ( ) Save to Disk
    | ----------------------------------------
    | I googled and found that this is a well-known Microsoft Ad Server
    | spyware advertising client dynamic linked library
    | (http://www.kuro5hin.org/story/2001/8/17/11541/1217)
    | but I did not find how to PREVENT it from installing! Apparently this
    | program pops up ads AFTER you view the web page! So it's a prime cause
    | of pop-up annoyances and is a known spyware program from Microsoft.
    |
    | I tried putting 127.0.0.1 rad.msn.com into my hosts file but I STILL
    | get this annoying Microsoft Advertising Delivery Service dll download
    | attempt (which I cancel every time) when I visit any hotmail web page.
    |
    | Someone out there must be an anti-spyware expert who can tell us how to
    | ELIMINATE the chance of this Microsoft-built adware/spyware?
    |
    | PLEASE! If you are a Windows expert, you'll know how to stop this
    | program!
    |
    | Thank you in advance,
    | Susan Sharm

    For non-viral malware...

    Please download, install and update the following software...

    Ad-aware SE v1.06
    http://www.lavasoft.de/
    http://www.lavasoftusa.com/

    SpyBot Search and Destroy v1.4
    http://security.kolla.de/

    After the software is updated, I suggest scanning the system in Safe Mode.

    I also suggest downloading, installing and updating BHODemon for any Browser Helper Objects
    that may be on the PC.

    BHODemon
    http://www.definitivesolutions.com/bhodemon.htm

    For viral malware...

    Download MULTI_AV.EXE from the URL --
    http://www.ik-cs.com/programs/virtools/Multi_AV.exe

    It is a self-extracting ZIP file that contains the Kixtart Script Interpreter {
    http://kixtart.org Kixtart is CareWare } 4 batch files, 6 Kixtart scripts, one Link
    (.LNK) file, a PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE. It will
    simplify the process of using; Sophos, Trend, Kaspersky and McAfee Anti Virus Command
    Line Scanners to remove viruses, Trojans and various other malware.

    C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
    This will bring up the initial menu of choices and should be executed in Normal Mode.
    This way all the components can be downloaded from each AV vendor's web site.
    The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

    You can choose to go to each menu item and just download the needed files or you can
    download the files and perform a scan in Normal Mode. Once you have downloaded the files
    needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
    during boot] and re-run the menu again and choose which scanner you want to run in Safe
    Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

    When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
    file.

    To use this utility, perform the following...
    Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
    Choose; Unzip
    Choose; Close

    Execute; C:\AV-CLS\StartMenu.BAT
    { or Double-click on 'Start Menu' in C:\AV-CLS }

    NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
    FireWall to allow it to download the needed AV vendor related files.

    * * * Please report back your results * * *
     
    David H. Lipman, Oct 31, 2005
    #8
  9. Susan Sharm

    Wooly Guest

    On 31 Oct 2005 00:46:12 -0800, "Susan Sharm" <>
    spewed forth :


    Think that's bad? We use RoadRunner broadband and TW Cable. I
    noticed about three months ago a preponderance of diabetes-related
    commercials on the idiot box. This happened to coincide with my
    diagnosis as a diabetic and my subsequent Googling for information.

    My husband says the ads don't turn up on the idiot box when I'm using
    my computer.

    Coincidence? I think not.

    The only way to nip that little datamining scheme is to change ISPs or
    cable providers. Inertia is sometimes a horrible thing.

    +++++++++++++

    Reply to the list as I do not publish an email address to USENET.
    This practice has cut my spam by more than 95%.
    Of course, I did have to abandon a perfectly good email account...
     
    Wooly, Oct 31, 2005
    #9
  10. From: "Wooly" <>

    | On 31 Oct 2005 00:46:12 -0800, "Susan Sharm" <>
    | spewed forth :
    |
    | Think that's bad? We use RoadRunner broadband and TW Cable. I
    | noticed about three months ago a preponderance of diabetes-related
    | commercials on the idiot box. This happened to coincide with my
    | diagnosis as a diabetic and my subsequent Googling for information.
    |
    | My husband says the ads don't turn up on the idiot box when I'm using
    | my computer.
    |
    | Coincidence? I think not.
    |
    | The only way to nip that little datamining scheme is to change ISPs or
    | cable providers. Inertia is sometimes a horrible thing.
    |
    | +++++++++++++
    |
    | Reply to the list as I do not publish an email address to USENET.
    | This practice has cut my spam by more than 95%.
    | Of course, I did have to abandon a perfectly good email account...

    Your computer is infected with adware. Sure its not a coincidence.
     
    David H. Lipman, Oct 31, 2005
    #10
  11. Susan Sharm

    Paul Adare Guest

    microsoft.public.security news group, David H. Lipman
    He's talking about directed television ads based on his surfing habits
    which is not only a coincidence, it is ridiculous and just doesn't
    occur.

    --
    Paul Adare
    MVP - Windows - Virtual Machine
    http://www.identit.ca/blogs/paul/
    "The English language, complete with irony, satire, and sarcasm, has
    survived for centuries without smileys. Only the new crop of modern
    computer geeks finds it impossible to detect a joke that is not clearly
    labeled as such."
    Ray Shea
     
    Paul Adare, Oct 31, 2005
    #11
  12. Susan Sharm

    Wooly Guest

    Firstly, I'm a "she", not a "he". The word "husband" in my OP might
    have tipped you to that little fact :)

    Secondly - internet usage datamining and directed advertising
    certainly do happen. It has been going on for years at the market
    level (ie, your local car huckster, your local RTO furniture rip-off
    joint, etc). Implementing such advertising schemes at the individual
    subscriber level has been possible for several years and I think I'm
    seeing the reality of it. Maybe it has been happening for a longer
    period than I'm aware, but happening it is.

    +++++++++++++

    Reply to the list as I do not publish an email address to USENET.
    This practice has cut my spam by more than 95%.
    Of course, I did have to abandon a perfectly good email account...
     
    Wooly, Oct 31, 2005
    #12
  13. Susan Sharm

    Alun Jones Guest

    You are sooo right. In the three years since I was diagnosed with
    testicular cancer (three years cancer-free this month! Woohoo!), I've
    noticed that Lance Armstrong has been a strong television presence, as he
    wins bike race after bike race. I can't believe that he's won the Tour de
    France three times in a row now. I have no idea what he did before then.

    Of course, what's really strange is that I've been seeing all these adverts
    for diabetes supplies, so I'm wondering which member of our household is
    about to receive that diagnosis.

    Alun.
    ~~~~
    [Please don't email posters, if a Usenet response is appropriate.]
     
    Alun Jones, Oct 31, 2005
    #13
  14. Wooly

    Big Brother is watching you..
     
    Mike Hall \(MS-MVP\), Oct 31, 2005
    #14
  15. Susan Sharm

    Susan Sharm Guest

    Yes. I googled before I asked the question and found that this
    Microsoft Ad Server problem is VERY COMMON and that the cleanup &
    hijack & Ad-Aware & SpybotSD & SpywareBlaster programs all IDENTIFY &
    REMOVE the problem dynamic linked libraries and the dozen or so files
    installed by Microsoft if you say OK just once, but all these programs
    are powerless to PREVENT the request from being transparent to the
    millions of us poor users! :(

    Following the helpful suggestions, I just doublechecked using the top
    three web browsers (IE 6.0.2900.2180.spxp_sp2_gdr.050301-1519, Netscape
    8.0.2, & Firefox 1.0.6) by logging into my hotmail email account and
    clicking around. Here are the results for the many others with this
    problem to help solve together.

    NETSCAPE:
    For each repeated attempt to connect to the onerous Microsoft
    Advertising Server (rad.msn.com), Netscape 8.0.2 constantly pops up
    forms saying "That domain name cannot be found", probably due to the
    127.0.0.1 loopback interface I added to the WinXP hosts file for that
    Microsoft Repeat Advertising Server "rad.msn.com". So this is a
    workaround, but, not a good one.

    INTERNET EXPLORER:
    Instead of popping up a separate dialog box, IE displays an inline
    warning for every repeated Microsoft ADSAdClient Advertising Delivery
    Service attempt, saying:

    "The page cannot be displayed. The page you are looking for is
    currently unavailable. The Web site might be experiencing technical
    difficulties, or you may need to adjust your browser settings."

    Again, this is probably due to the hosts file localhost loopback I
    added for the rad.msn.com repeate advertising server.

    FIREFOX:
    Only in Firefox (my preferred browser), does the separate request to
    download the Microsoft Advertising Server dynamic linked library (dll)
    repeatedly pop up as noted in the original posting (even though I have
    the rad.msn.com site listed in my standard hosts file from
    http://www.infonomicon.org/text/hosts

    IMPORTANT NOTE:
    This rad.msn.com (spyware adware trojan) is so very commonly a problem
    for so many users that it is in almost all (if not all) hosts files I
    could find on the Internet, for example all these have "rad.msn.com"
    redirected to localhost!
    http://forums.springheadmedia.com/PHPexamples/viewtopic.php?p=38
    http://www.genericgeek.com/index.php?q=node/538
    http://forums.us.dell.com/supportforums/board/message?board.id=si_hijack&message.id=16799

    END RESULT:
    1. This is a very well known problem which the spybot and others fail
    to remove (according to my google searches) but which can be worked
    around for all but the Firefox browser by redirecting the loopback for
    the rad.msn.com repeat advertising server.

    2. For now, I'm forced to use Netscape or (heaven forbid) IE as my
    browser but I really really prefer Firfox (and so do many other people)
    so I think this is still a problem that isn't solved yet (for Firefox).

    3. Since this is so very well known, anyone who tested it who does NOT
    see the problem is probably ALREADY infected! Apparently the standard
    Ad-Aware, Spybot Search & Destroy, SpywareBlaster, etc programs can
    REMOVE the problem but they can't PREVENT the annoyance each time
    (which is the main intent) as noted in many google searches today.
    http://defectivehw.blogspot.com/2005/04/msn-messenger-7-is-out.html
    http://forums.serverlogistics.com/viewtopic.php?p=522&sid=82f7afe392df201533f5ec9d90873603
    http://forums.spywareinfo.com/lofiversion/index.php/t45897.html

    So, I think we STILL have a huge problem considering the millions of
    hotmail users who also use any of the browsers above (Firefox is the
    worst, but it's not transparent even on IE or Netscape).

    I do very much thank you for the advice (which I've followed to a T,
    having had all the spyware/adware scanners & blockers already
    installed) that we still need is a Windows expert who can solve this
    problem for the millions of us who use Hotmail and any of the three
    browsers above.

    Do experts know how to totally prevent the Microsoft Ad Delivery
    Service from bothering the user EVERY time they log into their Hotmail
    account on Firefox?

    Thank you in advance, for all of us,
    Susan Harm
     
    Susan Sharm, Oct 31, 2005
    #15
  16. Susan Sharm

    Susan Sharm Guest

    According to the google searches, then you are ALREADY INFECTED by the
    Microsoft Ad Server (which is what they intended in the first place!)
    so you're playing right along with Microsoft (which is OK as long as
    you don't mind their spyware running on your system).

    Since you are a victim just as much as I am, you may be interested in
    helping out how to PREVENT this from occurring to the many of us who
    aren't yet victims of the Microsoft Ad Delivery Service.

    As far as I can tell from the extensive google record (both web and
    groups), there is NO KNOWN WAY on the Internet to stop the request from
    occurring (unless we give up on Hotmail altogether of course). All the
    google searches show us is how to non-transparently redirect the
    request on IE and Netscape to inline error windows (but not
    transparently). Worse yet, for Firefox, a separate annoying dialog box
    pops up.

    In all three browsers the annoying requests and error windows go away
    once you are infected (which is Microsoft's point all along).

    We still need a solution (and it's not in the google record but I may
    have missed something that experts are asked to point out except Rod
    Speed who apparently is a 14-year old kid playing with is Mom's
    computer).

    Thank you in advance for helping all of us,
    Susan Harm
     
    Susan Sharm, Oct 31, 2005
    #16
  17. Susan Sharm

    Susan Sharm Guest

    I added the 127.0.0.1 loopback back to my own machine to the Windowx XP
    c:\winnt\system32\drivers\etc\hosts file based on well known advice
    from a variety of sites such as
    http://accs-net.com/hosts/how_to_use_hosts.html

    The 127.0.0.1 is simply a way to redirect all requests to the Microsoft
    Repeat Advertising Server (rad.msn.com) to the local machine so it
    never gets to the Internet.

    This is so common a workaround that almost every single hosts file on
    the Internet has this "127.0.0.1 rad.msn.com" redirect as shown by the
    following.
    http://everythingisnt.com/hosts
    http://tylercole.info/removeads.php
    http://www.infonomicon.org/text/hosts
    http://www.avidware.net/spyware/detection-in-host-file.asp
    http://www.bleedingsnort.com/forum/viewtopic.php?forum=11&showtopic=98
    http://www.genericgeek.com/index.php?q=node/538
    http://www.erickson.stfrancisville.com/tools/index.htm
    http://www.lurkhere.com/cgi-bin/forums/dcboard.cgi?az=printer_format&forum=DCForumID4&om=527&omm=44
    http://www.mytechsupport.ca/helpwithpcs/topic.asp?TOPIC_ID=4586

    Judging from all these attempts at BLOCKING the request TRANSPARENTLY,
    this is a common as yet unsolved problem:
    http://lamerkatz.com/forum/viewtopic.php?t=1337&sid=9bfc2adc1c25a45be1753fca27fbab6a
    http://www.bleedingsnort.com/forum/viewtopic.php?forum=11&showtopic=98
    http://www.darksun.ws/PHPBB2/viewtopic.php?t=60&view=previous
    http://www.neilpwc.co.uk/neonblog/msn-im-advert-removal/
    http://www.cableforum.co.uk/board/showthread.php?t=13548&page=2&pp=15
    http://forums.techguy.org/archive/t-405673.html
    http://outpostfirewall.com/forum/showpost.php?p=71746&postcount=3
    http://www.msghelp.net/showthread.php?tid=34015&page=3

    Maybe I'm wrong (Rod Speed will certainly provide the solution for us
    since he is the world's best 14-year old expert on the Windows PC) but
    it seems like:
    1. This is a very common problem.
    2. Nothing yet transparently blocks the request.
    3. If you don't get the request, that means you are infected.
    4. The best we can do (so far) is a workaround.
    5. What we're asking is if there is an expert (greater than 14 years
    old) who knows how to TRANSPARENTLY STOP this request from Microsoft
    from infecting our systems.

    Thank you in advance for your expert guidance,
    Susan Harm
     
    Susan Sharm, Oct 31, 2005
    #17
  18. Susan Sharm

    Rod Speed Guest

    Just another utterly silly conspiracy theory.
     
    Rod Speed, Oct 31, 2005
    #18
  19. Susan Sharm

    Paul Adare Guest

    Obviously I missed that, sorry.
    If you think that your Internet usage is causing you to receive
    personalized television advertising that say your neighbour, watching
    the same channel at the same time, who has different Internet habits
    doesn't receive then I'd say that your tinfoil hat is slipping and you
    should probably readjust it.

    Television broadcasters do not personally adjust television commercials
    delivered to you based on your personal surfing habits. For one thing,
    the technology to do this just doesn't exist. To think otherwise is
    simply ludicrous.



    --
    Paul Adare
    MVP - Windows - Virtual Machine
    http://www.identit.ca/blogs/paul/
    "The English language, complete with irony, satire, and sarcasm, has
    survived for centuries without smileys. Only the new crop of modern
    computer geeks finds it impossible to detect a joke that is not clearly
    labeled as such."
    Ray Shea
     
    Paul Adare, Oct 31, 2005
    #19
  20. that's what i did. hm won't let me log on unless i'm buckass naked.
    all firewall shields must be down.
     
    AllEmailDeletedImmediately, Oct 31, 2005
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.