Re: Microsoft is running a disreputable spyware outfit
From: Susan Sharm (susanshaarm_at_yahoo.com)
Date: 10/31/05
- Next message: Rod Speed: "Re: Microsoft is running a disreputable spyware outfit"
- Previous message: Bigbruva: "Re: Virus?"
- Maybe in reply to: Alun Jones: "Re: Microsoft is running a disreputable spyware outfit"
- Next in thread: Daniel Crichton: "Re: Microsoft is running a disreputable spyware outfit"
- Reply: Daniel Crichton: "Re: Microsoft is running a disreputable spyware outfit"
- Reply: Catamount: "Re: Microsoft is running a disreputable spyware outfit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 31 Oct 2005 10:12:32 -0800
Daniel Crichton wrote:
> you have been infected by something else that has set up rad.msn.com
> in your hosts file to point to a non-MS site that attempts to download
> that DLL.
I added the 127.0.0.1 loopback back to my own machine to the Windowx XP
c:\winnt\system32\drivers\etc\hosts file based on well known advice
from a variety of sites such as
http://accs-net.com/hosts/how_to_use_hosts.html
The 127.0.0.1 is simply a way to redirect all requests to the Microsoft
Repeat Advertising Server (rad.msn.com) to the local machine so it
never gets to the Internet.
This is so common a workaround that almost every single hosts file on
the Internet has this "127.0.0.1 rad.msn.com" redirect as shown by the
following.
http://everythingisnt.com/hosts
http://tylercole.info/removeads.php
http://www.infonomicon.org/text/hosts
http://www.avidware.net/spyware/detection-in-host-file.asp
http://www.bleedingsnort.com/forum/viewtopic.php?forum=11&showtopic=98
http://www.genericgeek.com/index.php?q=node/538
http://www.erickson.stfrancisville.com/tools/index.htm
http://www.lurkhere.com/cgi-bin/forums/dcboard.cgi?az=printer_format&forum=DCForumID4&om=527&omm=44
http://www.mytechsupport.ca/helpwithpcs/topic.asp?TOPIC_ID=4586
Judging from all these attempts at BLOCKING the request TRANSPARENTLY,
this is a common as yet unsolved problem:
http://lamerkatz.com/forum/viewtopic.php?t=1337&sid=9bfc2adc1c25a45be1753fca27fbab6a
http://www.bleedingsnort.com/forum/viewtopic.php?forum=11&showtopic=98
http://www.darksun.ws/PHPBB2/viewtopic.php?t=60&view=previous
http://www.neilpwc.co.uk/neonblog/msn-im-advert-removal/
http://www.cableforum.co.uk/board/showthread.php?t=13548&page=2&pp=15
http://forums.techguy.org/archive/t-405673.html
http://outpostfirewall.com/forum/showpost.php?p=71746&postcount=3
http://www.msghelp.net/showthread.php?tid=34015&page=3
Maybe I'm wrong (Rod Speed will certainly provide the solution for us
since he is the world's best 14-year old expert on the Windows PC) but
it seems like:
1. This is a very common problem.
2. Nothing yet transparently blocks the request.
3. If you don't get the request, that means you are infected.
4. The best we can do (so far) is a workaround.
5. What we're asking is if there is an expert (greater than 14 years
old) who knows how to TRANSPARENTLY STOP this request from Microsoft
from infecting our systems.
Thank you in advance for your expert guidance,
Susan Harm
- Next message: Rod Speed: "Re: Microsoft is running a disreputable spyware outfit"
- Previous message: Bigbruva: "Re: Virus?"
- Maybe in reply to: Alun Jones: "Re: Microsoft is running a disreputable spyware outfit"
- Next in thread: Daniel Crichton: "Re: Microsoft is running a disreputable spyware outfit"
- Reply: Daniel Crichton: "Re: Microsoft is running a disreputable spyware outfit"
- Reply: Catamount: "Re: Microsoft is running a disreputable spyware outfit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
