WARNING: Winfixer and Errorsafe being distributed via WL/MSN Messenger banner ads

X-post to WL Messenger, MSN Messenger, and MSN Discussion newsgroups

WARNING: Winfixer and Errorsafe [AKA Vundo] being distributed via MSN
Messenger banner advertisements
http://msmvps.com/blogs/spywaresucks/archive/2007/02/18/591493.aspx

<QP>
I strongly recommend that all users of MSN Messenger ensure that their
anti-virus and anti-spyware applications are up to date. Do not click on
any buttons in pop-up windows that you may see, and do not believe Web sites
that report that they have found a problem on your computer - seriously, how
the hell would they be able to tell?

Do not click on OK or Cancel buttons in the pop-up windows. Close the
window using the red x close button.

I also strongly recommend that MSN Messenger users download and install Mike
Burgess's HOSTS file to help block winfixer and other bad guys. You can
find Mike's famous HOSTS file here:
http://www.mvps.org/winhelp2002/hosts.htm
</QP>

How To Remove Winfixer (Vundo) variants
http://www.bleepingcomputer.com/forums/topic18610.html

When all else fails, HijackThis v1.99.1
(http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware with
assistance from an expert. **Post your log to
http://forums.spybot.info/forumdisplay.php?f=22,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7,
http://aumha.net/viewforum.php?f=30, or other appropriate forums for expert
analysis, not here.**
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE, OE, Security, Shell/User)

TheCroW
Sun Feb 18 10:45:22 CST 2007

==< snip

>
> I also strongly recommend that MSN Messenger users download and install
> Mike Burgess's HOSTS file to help block winfixer and other bad guys. You
> can find Mike's famous HOSTS file here:
> http://www.mvps.org/winhelp2002/hosts.htm
> </QP>
>

Mmm ... and how do we (the general public) know that that hosts file thing
is not just another bad something? ;-)
Seriously, you can add and type whatever you want ... but how to check that
this is really what it says what it is? No attack :-) but just observing ...
I can imagine the public in general will have suspision when they read
phrases like "strongly recommend" and "you must use this to use
Messenger/Internet/whatever safely!!" .... in other words: what garantuees
that this is for real? ;-)

Menno

MenthiX
Sun Feb 18 13:18:05 CST 2007

That's pretty easy to be honest. Read the information on the site.
Also, the download that is recommended is just a HOST file and a .bat
file to copy the HOSTS file to the proper location. You can view both
files in for example notepad and see exactly what it does.

Of course there will be users that don't know how to do this or have
no idea what they're looking at when viewing it in notepad. But let me
ask you this, how do those people know Live Messenger itself is/isn't
bad? There will always be groups of people who haven't got much more
choice than to just believe people's word for it, if they don't want
to spend the time learning and researching it themselves.


On Sun, 18 Feb 2007 17:45:22 +0100, "TheCroW" <news@nospam3dart4u.com>
wrote:

>
>Mmm ... and how do we (the general public) know that that hosts file thing
>is not just another bad something? ;-)
>Seriously, you can add and type whatever you want ... but how to check that
>this is really what it says what it is? No attack :-) but just observing ...
>I can imagine the public in general will have suspision when they read
>phrases like "strongly recommend" and "you must use this to use
>Messenger/Internet/whatever safely!!" .... in other words: what garantuees
>that this is for real? ;-)
>
>Menno
>

TheCroW
Sun Feb 18 13:55:53 CST 2007

> That's pretty easy to be honest. Read the information on the site.
> Also, the download that is recommended is just a HOST file and a .bat
> file to copy the HOSTS file to the proper location. You can view both
> files in for example notepad and see exactly what it does.
>
> Of course there will be users that don't know how to do this or have
> no idea what they're looking at when viewing it in notepad. But let me
> ask you this, how do those people know Live Messenger itself is/isn't
> bad? There will always be groups of people who haven't got much more
> choice than to just believe people's word for it, if they don't want
> to spend the time learning and researching it themselves.
>

Ha, that's easy too ... all the Live stuff is bad ;-) Well, not in the
sence that it does harm (Ithink) ... but the whole Live concept is
questionable, way too much online shit ... IMO offcourse ;-)
But you are right: we buy/download software and use it trusting that it is
not bad. Never my, was just venting a bit of thoughts :-)

Menno

floppyremovalman
Sun Feb 18 14:38:08 CST 2007

All postings from the so called MVPs are always written as if they are from
the god and Joe public is required to "strongly follow" the orders from GOD
all for that matter from his lordship aka Sir Bill Gates!!!

In my opinion, postings from MVPs aren't worth the paper they are written
on. They are designed to get the votes for their renewal of their MVP status.

Just my bit to throw a punch below the belt to alert other MVPs to have a go
at me!!! they always do but I won'tbe hanging around here for long!!

"TheCroW" wrote:


> I can imagine the public in general will have suspision when they read
> phrases like "strongly recommend" and "you must use this to use
> Messenger/Internet/whatever safely!!" .... in other words: what garantuees
> that this is for real? ;-)
>
> Menno
>
>
>

floppyremovalman
Sun Feb 18 14:43:05 CST 2007



"MenthiX (Johan B.)" wrote:

> That's pretty easy to be honest. Read the information on the site.
> Also, the download that is recommended is just a HOST file and a .bat
> file to copy the HOSTS file to the proper location.

So this is what everything is all about? The downloads of hosts file has
gone down so what better ways to increase the downloads of the file than by
scarring everybody to death so that downloads increases at an exponential
rate!

TheCroW
Sun Feb 18 15:24:59 CST 2007

> All postings from the so called MVPs are always written as if they are
> from
> the god and Joe public is required to "strongly follow" the orders from
> GOD
> all for that matter from his lordship aka Sir Bill Gates!!!
>
> In my opinion, postings from MVPs aren't worth the paper they are written
> on. They are designed to get the votes for their renewal of their MVP
> status.
>
> Just my bit to throw a punch below the belt to alert other MVPs to have a
> go
> at me!!! they always do but I won'tbe hanging around here for long!!
>

My oppinion is not as strong as yours ... but it says in small why I indeed
did react te way I did. Sometimes it's hard to find the right words/lines in
English :-)
Don't get me wrong .. people like mr Kay in here are a big help and MVPs in
general are too. But it's indeed some kind of panic football sometimes:
"this is what is wrong and this is what you should do!" .... well, what is
wrong is that Messenger (in this case) is the bad thing: way too easy
obviously to spread some other bad thing in a banner ad. Making Live and
Vista, making that all online or at least a lot of online dependend, is just
asking for troubles ... knowing the way M$ is bringing things into the
market that are not save (yet).

MenthiX
Sun Feb 18 15:39:02 CST 2007

Uhm...I really don't think anybody providing a HOSTS file cares about
how much it gets downloaded. I can imagine that people want as much
downloads as possible when they created some software, but a HOSTS
file is different. It's not like the owner of the site
created/invented this file or like he's gaining anything from it. It's
just a general method to block your PC from accessing sites, in this
case blocking sites that do nothing else than spreading
spyware/viruses.

Nobody forces you to do anything, if you don't like/trust the HOSTS
file, then don't download it. If you don't want to be informed about a
potential risk in using Messenger, then ignore the news.

I agree there are some MVPs that sometimes seem to do actions just
because of their status... but how on earth will talking badly about
Microsoft help them getting picked as MVP next year?


This news was just put out to make people aware and alert (like people
should be on the internet these days anyway). The goal is to inform
people that 1 specific banner being displayed in MSN / Live Messenger
contact lists is trying to install spyware. People who would otherwise
maybe have had no clue might have clicked and installed the spyware
and get infected, but now at least some people are aware and have
methods to block it when they want to.

It's not caring people or making them stop Messenger, it's informing
them.



On Sun, 18 Feb 2007 12:43:05 -0800, floppy removal man
<floppyremovalman@discussions.microsoft.com> wrote:

>
>
>"MenthiX (Johan B.)" wrote:
>
>> That's pretty easy to be honest. Read the information on the site.
>> Also, the download that is recommended is just a HOST file and a .bat
>> file to copy the HOSTS file to the proper location.
>
>So this is what everything is all about? The downloads of hosts file has
>gone down so what better ways to increase the downloads of the file than by
>scarring everybody to death so that downloads increases at an exponential
>rate!

winston
Sun Feb 18 16:43:24 CST 2007

User choice on how to address a potential problem is still up to the =
individual.
In many cases when a new variant appears a proactive approach may be =
better than a reactive..though safe surfing and proper software use =
still remains the best 'gold standard' best defense..
Since not everyone is a devotee of the 'gold standard' with behavior =
driven computing habits any information that can help even one =
individual prevent a problem imo, is almost always worthy of suggestion.
..winston


"TheCroW" <news@nospam3dart4u.com> wrote in message =
news:12thh1g7fmdgj92@corp.supernews.com...
:> All postings from the so called MVPs are always written as if they =
are=20
: > from
: > the god and Joe public is required to "strongly follow" the orders =
from=20
: > GOD
: > all for that matter from his lordship aka Sir Bill Gates!!!
: >
: > In my opinion, postings from MVPs aren't worth the paper they are =
written
: > on. They are designed to get the votes for their renewal of their =
MVP=20
: > status.
: >
: > Just my bit to throw a punch below the belt to alert other MVPs to =
have a=20
: > go
: > at me!!! they always do but I won'tbe hanging around here for =
long!!
: >
:=20
: My oppinion is not as strong as yours ... but it says in small why I =
indeed=20
: did react te way I did. Sometimes it's hard to find the right =
words/lines in=20
: English :-)
: Don't get me wrong .. people like mr Kay in here are a big help and =
MVPs in=20
: general are too. But it's indeed some kind of panic football =
sometimes:=20
: "this is what is wrong and this is what you should do!" .... well, =
what is=20
: wrong is that Messenger (in this case) is the bad thing: way too easy=20
: obviously to spread some other bad thing in a banner ad. Making Live =
and=20
: Vista, making that all online or at least a lot of online dependend, =
is just=20
: asking for troubles ... knowing the way M$ is bringing things into the =

: market that are not save (yet).=20
:=20
:

Shane
Sun Feb 18 16:45:57 CST 2007

The reason MVP's are MVP's is because they are helpful individuals who
contribute actual useful tidbits of information to the community. That is
why they are MVP's.

They are regular people who take the time to help others and as such are
recognized for it.

So by your standard every human being should never take the time to help one
another because by doing so we are only proving that the only reason we help
others is to get something out of it.

Very well then, perhaps you should stop posting, we wouldn't want someone to
ever find something that you say helpful, now would we? ;)


"floppy removal man" <floppyremovalman@discussions.microsoft.com> wrote in
message news:9AB19CD0-ACF1-4C3F-9716-8ECAFFF1E6B5@microsoft.com...
> All postings from the so called MVPs are always written as if they are
> from
> the god and Joe public is required to "strongly follow" the orders from
> GOD
> all for that matter from his lordship aka Sir Bill Gates!!!
>
> In my opinion, postings from MVPs aren't worth the paper they are written
> on. They are designed to get the votes for their renewal of their MVP
> status.
>
> Just my bit to throw a punch below the belt to alert other MVPs to have a
> go
> at me!!! they always do but I won'tbe hanging around here for long!!
>
> "TheCroW" wrote:
>
>
>> I can imagine the public in general will have suspision when they read
>> phrases like "strongly recommend" and "you must use this to use
>> Messenger/Internet/whatever safely!!" .... in other words: what
>> garantuees
>> that this is for real? ;-)
>>
>> Menno
>>
>>
>>

Peter
Sun Feb 18 19:20:51 CST 2007

Shows how much knowledge you have in computers.

--=20
Peter

Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.

"floppy removal man" <floppyremovalman@discussions.microsoft.com> wrote =
in message news:9AB19CD0-ACF1-4C3F-9716-8ECAFFF1E6B5@microsoft.com...
> All postings from the so called MVPs are always written as if they are =
from=20
> the god and Joe public is required to "strongly follow" the orders =
from GOD=20
> all for that matter from his lordship aka Sir Bill Gates!!!
>=20
> In my opinion, postings from MVPs aren't worth the paper they are =
written=20
> on. They are designed to get the votes for their renewal of their MVP =
status.
>=20
> Just my bit to throw a punch below the belt to alert other MVPs to =
have a go=20
> at me!!! they always do but I won'tbe hanging around here for long!!
>=20
> "TheCroW" wrote:
>=20
>=20
>> I can imagine the public in general will have suspision when they =
read=20
>> phrases like "strongly recommend" and "you must use this to use=20
>> Messenger/Internet/whatever safely!!" .... in other words: what =
garantuees=20
>> that this is for real? ;-)
>>=20
>> Menno=20
>>=20
>>=20
>>

Earle
Sun Feb 18 21:00:51 CST 2007

One should be grateful to MVPs and the information that they provide, as
well as a little sorry for them. They are, after all, still involved in the
Rat Race.

Earle

"...winston" <merlin@druid9#.com> wrote in message
news:%23ECJ226UHHA.972@TK2MSFTNGP04.phx.gbl...
User choice on how to address a potential problem is still up to the
individual.
In many cases when a new variant appears a proactive approach may be better
than a reactive..though safe surfing and proper software use still remains
the best 'gold standard' best defense..
Since not everyone is a devotee of the 'gold standard' with behavior driven
computing habits any information that can help even one individual prevent a
problem imo, is almost always worthy of suggestion.
..winston


"TheCroW" <news@nospam3dart4u.com> wrote in message
news:12thh1g7fmdgj92@corp.supernews.com...
:> All postings from the so called MVPs are always written as if they are
: > from
: > the god and Joe public is required to "strongly follow" the orders from
: > GOD
: > all for that matter from his lordship aka Sir Bill Gates!!!
: >
: > In my opinion, postings from MVPs aren't worth the paper they are
written
: > on. They are designed to get the votes for their renewal of their MVP
: > status.
: >
: > Just my bit to throw a punch below the belt to alert other MVPs to have
a
: > go
: > at me!!! they always do but I won'tbe hanging around here for long!!
: >
:
: My oppinion is not as strong as yours ... but it says in small why I
indeed
: did react te way I did. Sometimes it's hard to find the right words/lines
in
: English :-)
: Don't get me wrong .. people like mr Kay in here are a big help and MVPs
in
: general are too. But it's indeed some kind of panic football sometimes:
: "this is what is wrong and this is what you should do!" .... well, what is
: wrong is that Messenger (in this case) is the bad thing: way too easy
: obviously to spread some other bad thing in a banner ad. Making Live and
: Vista, making that all online or at least a lot of online dependend, is
just
: asking for troubles ... knowing the way M$ is bringing things into the
: market that are not save (yet).
:
:

PA
Sun Feb 18 21:19:25 CST 2007

TheCroW wrote:
> ==< snip
>
>>
>> I also strongly recommend that MSN Messenger users download and install
>> Mike Burgess's HOSTS file to help block winfixer and other bad guys. You
>> can find Mike's famous HOSTS file here:
>> http://www.mvps.org/winhelp2002/hosts.htm
>> </QP>
>>
>
> Mmm ... and how do we (the general public) know that that hosts file thing
> is not just another bad something? ;-)
> Seriously, you can add and type whatever you want ... but how to check
> that
> this is really what it says what it is? No attack :-) but just observing
> ...
> I can imagine the public in general will have suspision when they read
> phrases like "strongly recommend" and "you must use this to use
> Messenger/Internet/whatever safely!!" .... in other words: what garantuees
> that this is for real? ;-)

You can take the advice or leave it, CroW. My post was simply an FYI.
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE, OE, Security, Shell/User)
http://mvp.support.microsoft.com
AumHa VSOP & Admin
http://aumha.org/vsop.php

PA
Sun Feb 18 21:20:39 CST 2007

PS: Please don't feed the trolls.
--
~PA Bear