3dguru.com + spyware

[Tazman]

How low would a tech site stoop to generate income?

See it here. Select the download for Sandra 2004 and agree and you will be highjacked.

I just did this on a customers computer and couldn't beleive it. A full size window opened taking me away from any active windows. I alt+F4'ed and installed Sandra. Then I opened IE to d/l Zone Alarm and instead of yahoo as the homepage it took me to a spyware removal site and ejected the CD drive. Unreal. From a freakin' tech site.

In denial, I fired up my laptop which is up to my standards with security and went back to 3DGuru.com and sure enough it did it again (minus the CD thingy and the home page).

I understand a site needing to put ads up to generate income / pay for bandwidth and don't want to open the old discussions of a few years back, but that's nuts. To give an example, techimo has been my homepage since it was created. I've purchased probably $25K worth of merchandise from newegg this year and never typed the url in the address bar, nor is it in my favorites. I always click on the small logo here.

Maybe 3DGuru needs to host Adaware with the rest of the downloads.

/rant

Mike

[TOAD6147]

You just never know anymore who's going to zap you with spy/mal-ware. It is a shame but most of these sites are trying to hang on by their fingernails. Not an excuse to be sure but just suggestive reasoning.
BTW, have you sent a complaint to their admin yet? It's definetly something that needs to be done ASAP.

[TOAD6147]

Quote:

...it took me to a spyware removal site and ejected the CD drive.

Not sure I understand exactly what you're saying it did.

[Siliconjunkie]

Worked like normal for me. Perhaps you had already been infected elsewhere.

[Tazman]

Quote:

...it took me to a spyware removal site and ejected the CD drive.

.

Sorry I didn't get in too much detail. I forgot what site it was it took me to when I reopened IE (I already removed the spyware). What happend was it changed IE's homepage from yahoo.com to the one of the spyware removal site (something like scansecurity ) and the CD in the CD drive popped out. Then the page said something to the effect that if the CD drive just opened, your computer needs to be cleaned from spyware and prompted me to download the site's program.

Funny thing is, I just spent the last hour trying to duplicate the same thing on 5 other computers. I disabled NAV, google popup blocker, set IE's security to almost nil and I can't get it to do it again .

The CD drive opening from a website had to be done via a script I assume? I know the computer is clean because I just finished formatting / reinstalling XP (that's why I was downloading Sandra). I didn't have Norton installed yet.

I'm holding off on the complaint until I figure out how this happened. The site is set so I can't view the source code so I can't see if there something funky there.

I'm going to finish installing all of the proggies on the computer and tweaking it, then ghost it. I'm then going to restore the computer to an image I took of it just before this happened and see if it does it again. I should just forget about it because I have pleanty to be doing but this was the strangest thing I've seen.


Mike

[F/A-18 MechDood]

Contact 3dguru and let them know what happened. I have downloaded about 5 files from them in the past 2 weeks (Sandra included) and haven't had a problem.

[Tazman]

I tinkered around with this over the weekend. Here's my take (I'm guessing).

I was in a hurry and working on a computer that was freshly formatted. I usually do all of my tweaks, etc. before installing any benchmarking / diagnostic software. One of them is removing Windows messenger (RunDll32 advpack.dll,LaunchINFSection %windir%\INF\msmsgs.inf,BLC.Remove). Because I was in a hurry and got ahead of myself, I'm wondering if I was a victim of the dreaded Windows Messenger Spamming and, in my click-happy hurry, I clicked on a popup.

So I apologize to Guru3D, seems it wasn't thier fault as I've tried to replicate it on a total of 10 different computers now and it never happened again. I'm just glad I was dyslexic when I posted this rant .

Lesson learned: don't surf the net without getting rid of the annoying Windows messenger, install Google popup blocker, A/V. Oh, and be real sure that you know what you are talking about before accusing someone of wrongdoing. I'm glad I didn't contact them, I feel like a moron enough .

Now, off to the confessional to repent for my moronic ways .

Thanks y'all!

Mike

[TOAD6147]

I didn't know they could say "y'all" in NY. I thought it was against the law or something. Anyway, glad you figured it out.

[bailey]

would please explaine to me what you mean by getting rid of windows messenger
what is wrong with it ?

[Tazman]

Bailey -

This explains it better than I can .

Toad - there probably is a law here about saying "y'all" but I'm exempt because of all the years I lived down south . Hard to get rid of the twang I picked up.

Mike