Beware of pop.rfwnad.com

[Ancient Medicine]

If you are expieriencing a nasty bug with IE, where you're constantly
being bombarded with a forced file download that originates from
pop.rfwnad.com...

You're the victim of a nasty spyware script. Ignore all other advice -
you don't need to take your computer back. You got this from visiting
a website (probably porn, hacking or illicit site) that infected you
with the spyware. Web surfers beware!

Go download the Adaware 6.0 program from lavasoft.
http://www.lavasoftusa.com

This will solve your current problem and will also eradicate any other
nasties from your system. I run it once a week to make sure I'm not
infected with spyware. However, even after using adaware, Go to
C:\Program Files and look for a dir named ddm.

This directory has the following files:
ddmp.dll
dir.ddm
gm.exe
optimize.exe
winpup.exe

delete all of them and reboot.

If you do a search on google, http://www.google.com and go to the
'groups' tab, you'll find very few discussions on the search string,
"rfwnad." (the domain name of the offender.) Although Adaware does
find the offending spyware component, this must be a new scheme since
the domain name is so hard to find on the search engines. Good luck
with it!

A fellow victim, ~Ancient

 

[The Unknown P]

SpyBot Search and Destroy is better in my opinion. Keep
smiling.

 

[Steve Nielsen]

Best to have a firewall installed, too.

Also, drive-by downloads of malware are not just limited to porn/illicit
website visits, my co-worker's fully patched and up-to-date a/v and
spyware protected PC got hit with an automatic download of a trojan by
visiting a technical info site from a search result. The only thing he
was missing was a firewall at the time.

Steve

 

[Ancient Medicine]

...my co-worker's fully patched and up-to-date a/v and

spyware protected PC got hit with an automatic download of a trojan by
visiting a technical info site from a search result.
Ouch.

The only thing he
was missing was a firewall at the time.

Good advice.

~Ancient