"Al Davis" <no-> wrote in message
news:...
> 1. How can a non-infected, straight-out-of-the-box browser behave
> this way .... seemingly allowing itself to be commanded from elsewhere
> to take users to unintended destinations?
> 3. Could it be that my friend's system is *already* infected somehow
> - even though we've barely got through the SvcPak 1 download? If so,
> how did it happen? If not, should I go ahead and continue with the
> umpteen other updates that are still out there?
Was the system connected to the Internet when you installed XP? If so
then the computer WAS infected; in fact it was infected by the second GUI
stage of the Windows install, that's right, it was infected before XP was
even finished installing. This began iirc with the Blaster virus. Around
that time either the Blaster virus itself or some other viruses/trojans
began infecting unprotected computers at an incredible rate. Today, if you
are connected to the Internet you will 99.9999% be infected within a minute.
It's a sad state of affairs but it is also a sign of the times. You would
do best to just wipe it and reinstall. This time however, keep the computer
disconnected from the Internet while installing. Once you have finished
installing Windows, you will need to install an antivirus program and a
firewall. If you do not already have these software available right now
then you may be able to download them even though the computer is currently
infected. If you DO download them with the infected system make sure to
verify the files; you will want to run a CRC or MD5 checker on them to make
sure the files you downloaded are in fact the correct files. Of course it
would be best to download them from an uninfected system since the antivirus
software website or firewall company's website may be spoofed and fake; no
to mention that you may be prevented from downloading them at all.
> 2. Where are these pop-ups coming from? How are they getting
> through? What happens to unsuspecting users who follow the
> instructions in them?
Once the system was infected the virus/trojan can alter the system to do
whatever it wants. In this case it was likely hijacking the browser so that
it can at it's whim send you here and there; display pop ups; prevent you
from downloading antivirus apps, updates, or firewalls; and tricking/forcing
you to download more malware. Apparently the trojan was tricky enough to
disguise itself so that you were not aware of it's actions so the behavior
appears to be random or caused by Microsoft. People who fall for the junk
will likely either introduce new malware into their systems further
compromising their computers, data, privacy, etc. or worse, transmit
personal information that can cause them a lot of trouble.
> 4. Given how tedious (and dangerous) it is to update this primitive
> version of XP, should my friend consider securing a newer release CD
> that already has the updates on it? Do we think Sony and Best Buy
> (not to mention Microsoft) are aware of how much grief their products
> are causing to unsuspecting end-users? If they do, has anyone heard
> of them commenting - or maybe issuing a "recall", a la the car
> companies? Do we think Sony or Best Buy would supply such a CD (say -
> for a nominal charge, or even freei) if you pointed out to them how
> badly their original stuff behaves? Wouldn't that be the right thing
> for to do for a conscientious, good citizen-type company?
Nope. The products in question did not behave so "badly" when they were
first released (I'm talking about security). The problems crop up little by
little as people do their best to destroy Microsoft. Windows may not be the
most perfect piece of software, especially given how complex (and old) it
is, but it is far from as bad as people keep complaining. The reason that
there are so many more viruses and other security threats for Windows as
opposed to Linux, Mac, etc. is because a lot more people hate Microsoft than
those other companies, and so hackers devote a Hell of a lot more time,
effort, resources, etc. to hacking Windows than those other OSes.
They cannot issue a recall for two reasons. First, the sheer scale of
the recall would be staggering, more so than for a car. If an automobile
company has a problem with it's car, it can recall it because there are only
so many cars in use, of those only so many from that company, and of those,
only so many of that specific model and year. This on the other hand is too
much; there are billions of computers in use around the world with about 94%
of them running Windows. A large chunk of that is XP, so the mere number of
XP installations discounts the possibility of recalling all Windows CDs.
The second reason is that Windows gets a new threat on a daily basis. If
there were a new problem found with a car daily, the company would not be
able to issue a recall. Microsoft certainly could not recall all copies
every day, week, month, or even year; that would just be too inefficient.
These are why Microsoft provides free updates online.
There is nothing wrong with the original XP. Many people still install XP
from the original release CDs followed by the updates and security software
(firewall, antivirus, etc) without problems. As long as you make sure to
update XP enough the original release is fine and you do not need to get a
new CD.
> Howdy: I'm helping a friend (novice user) update his Windows XP "Home
> Edition" on a Sony Vaio PC he purchased some time ago at Best Buy. The
> Sony OEM OS CD set he got had a very early ver. of XP - pre-Svc Pak1,
> circa 2000. He's had lock-up probs with his machine on-and-off, so we
> re-installed - wiping his hard drive. Very first thing we did after
> install was to go online to get the lastest updates from MS website.
> We're still going thru the steps (Service Pack 1 itself takes like 3
> hours to download on a dial-up line), but already we've seen some
> disturbing stuff:
The proper name for the service pack is either Service Pack 1, or SP1.
SvcPak1 is likely a fake update containing who knows what sorts/amounts of
malware. It may even be an actual copy of SP1 that someone infected with
stuff on purpose.
> o Went to [windowsupdate.microsoft.com] (typed in carefully).
> Downloaded the 2MB updater utility. Had to restart the OS. Next time
> we go to the update site, I interrupted the "scanning for updates"
> thing (33%, 66%, etc), by hitting the "Back" button in browser (I'm
> using whatever ver of IE came with the sys). When I did this, ANOTHER
> WEBSITE - TOTALLY DIFFERENT came up - displaying two or three
> independent window frames - including some invitations to X-rated
> site, some other crap. KEY POINT: The trigger for this invasion was
> simply my CLICKING THE BACK (left arrow) ICON IN IE. My reaction:
> Wow! But it gets worse - keep reading.
There is no updater 2MB or otherwise. The only "software" that you have
to download to install the update is an ActiveX control signed by Microsoft
which is required to allow Windows Update to function.
having ads (especially porn) pop up like that is likely a symptom of
either a trojan or a browser hijacker. You can get a hijack
detection/removal application to detect and repair it.
> o Killed those proceses. Restarted. Went again to [win ... com].
> Managed to get the 28 MB "install this before anything else" download
> of SVC Pak 1 going. While it was coming down we saw enticing
> spoof-type pop-ups appear periodically on the screen. Here's an
> example of one:
> ------------
> Note that I've also seen this and other popups show up in my own
> Windows 2000 system before I updated it. (AFter completing updates,
> they stopped. )
>
> o Here's the worst thing. After the 28 MB download completes, the
> updater says it's installing the files. Then it says it's running
> some "processes". There it hangs forever. So okay - I restart the
> system. (Note that Ctrl-Alt-Del does NOT work at this point - is it
> disabled I wonder?) When I come back up, I connect again using IE.
> Again I type carefully into browser window:
> [windowsupdate.microsoft.com] [Enter] and Lo and Behold ... THE SAME
> CRAP I SAW BEFORE WHEN I HIT THE BACK ICON COMES UP AGAIN!!! Multiple
> windows .... X-rated invitations ... Definitely NOT the Windows Update
> website. How can this be? How can a browser NOT take you to the URL
> you specifically request? I *think* the URL we went to was something
> like: http://www.tinyURL/MagNetsomething_or_other... I was so put
> off, I forgot to write down exactly what it said.
There is definitely no such "install this before anything else" download
at Microsoft. You were likely phished. You can research phising, but
basically it is when a phisher designs a website/email that looks like a
genuine site from a company, then tricks people into going to it. The web
site looks like a genuine site from that company and even shows the proper
URL, logos, and the links may even go to places on the company's real site
but the rest of the page is fake. The page will likely require some
information from you or provide you with software. In the end you end up
thinking that you gave this company that you trusted some
personal/financial/etc. information but you really gave it to a hacker; or
you thought you downloaded something from the company buy download it from
the hacker. So it does not matter that you carefully type the URL because
you were either at a site that LOOKED like the real site, or were at the
real site but still had bad stuff running in the background.
Unfortunately security these days is paramount due to the
ever-increasing number of unscrupulous people out there. You will want to
get yourself a host of security software: anti-virus, anti-trojan, firewall,
anti-spyware, anti-adware, anti-hijacking, anti-popup, anti-spam, and the
list keeps growing.
HTH and good luck
--
Alec S.
alec <@> synetech <.> cjb <.> net
Similar Threads
Linear Mode
