E
Earl F Glynn
The winfixer.com and winantispyware2005.com deceptive popups initiate
software downloads when you click on the red "x" to close the window.
Luckily, there's one more cancel available that really does work. I have no
idea where these things are coming from.
These ads are driving me nuts. I've run Spybot. I've run Microsoft's
AntiSpyware Beta -- it see's nothing. I've started using FireFox and
avoiding IE. I can't get rid of these annoying popups and have no idea
where they're coming from. No unusual process seems to be running. I can't
find any registry entry that explain these things.
Google found these folks with the same problem:
http://www.cybertechhelp.com/forums/showthread.php?t=87171
http://forum.hijackthis.de/showthread.php?t=8485
This report is especially troubling:
http://forums.spywareinfo.com/index.php?showtopic=55203
I have the opposite problem. I've noticed at times I cannot go into standby
mode and then wake up. My notebook is "on" and dormant, but it won't wake
up -- the fan is on at times, so it seems to be 100% CPU busy. I have to
force it to shutdown before it can be used. At other times Windows Explorer
starts running at 99% CPU and my machine is also sluggish until I reboot.
There's no explanation as to why Explorer needs to run at 99% CPU on an idle
machine.
The registration of these sites is troubling:
from http://www.coolwhois.com/
==============================================
Registrar: TUCOWS INC.
Nameservers: NS9.NSCACHE.NET, NS8.NSCACHE.NET
Status: REGISTRAR-LOCK
Expires: 20-aug-2006
IP Addresses: 66.244.254.64 (rr-grp1.yyz1.cl1.setupahost.net), 66.244.254.63
(rr-grp1.yyz1.cl1.setupahost.net)
Whois results from whois.opensrs.net:
Registrant:
WinFixer
P.O. Box 3
Kiev, NA 04114
UA
Domain name: WINFIXER.COM
Administrative Contact:
Hostmaster, WinFixer (e-mail address removed)
P.O. Box 3
Kiev, NA 04114
UA
+(380) 97 939 09 44 Fax: +(380) 97 939 09 44
Technical Contact:
Hostmaster, WinFixer (e-mail address removed)
P.O. Box 3
Kiev, NA 04114
UA
+(380) 97 939 09 44 Fax: +(380) 97 939 09 44
Registrar of Record: TUCOWS, INC.
Record last updated on 02-Aug-2005.
Record expires on 20-Aug-2006.
Record created on 20-Aug-2002.=============================================
Registrar: TUCOWS INC.Nameservers: NS9.NSCACHE.NET, NS8.NSCACHE.NETStatus:
ACTIVEExpires: 03-mar-2006IP Addresses: 66.244.254.64
(rr-grp1.yyz1.cl1.setupahost.net), 66.244.254.63
(rr-grp1.yyz1.cl1.setupahost.net)Whois results from
whois.opensrs.net:Registrant:
Innovative Marketing, Inc.
1876 Hutson Street
Belize City, NA
BZ
Domain name: WINANTISPYWARE.COM
Administrative Contact:
Hostmaster, Innovative (e-mail address removed)
1876 Hutson Street
Belize City, NA
BZ
555-123-1234 Fax: 555-123-1234
Technical Contact:
Hostmaster, Innovative Marketing, Inc.
(e-mail address removed)
1876 Hutson Street
Belize, NA 12345
BZ
+1.5551231234 Fax: +1.5551231234
Registrar of Record: TUCOWS, INC.
Record last updated on 08-Apr-2005.
Record expires on 03-Mar-2006.
Record created on 03-Mar-2004.
Domain servers in listed order:
NS8.NSCACHE.NET 66.244.254.8
NS9.NSCACHE.NET
66.244.254.9======================================================What can
be done to get rid of this malware?efg
software downloads when you click on the red "x" to close the window.
Luckily, there's one more cancel available that really does work. I have no
idea where these things are coming from.
These ads are driving me nuts. I've run Spybot. I've run Microsoft's
AntiSpyware Beta -- it see's nothing. I've started using FireFox and
avoiding IE. I can't get rid of these annoying popups and have no idea
where they're coming from. No unusual process seems to be running. I can't
find any registry entry that explain these things.
Google found these folks with the same problem:
http://www.cybertechhelp.com/forums/showthread.php?t=87171
http://forum.hijackthis.de/showthread.php?t=8485
This report is especially troubling:
http://forums.spywareinfo.com/index.php?showtopic=55203
I have the opposite problem. I've noticed at times I cannot go into standby
mode and then wake up. My notebook is "on" and dormant, but it won't wake
up -- the fan is on at times, so it seems to be 100% CPU busy. I have to
force it to shutdown before it can be used. At other times Windows Explorer
starts running at 99% CPU and my machine is also sluggish until I reboot.
There's no explanation as to why Explorer needs to run at 99% CPU on an idle
machine.
The registration of these sites is troubling:
from http://www.coolwhois.com/
==============================================
Registrar: TUCOWS INC.
Nameservers: NS9.NSCACHE.NET, NS8.NSCACHE.NET
Status: REGISTRAR-LOCK
Expires: 20-aug-2006
IP Addresses: 66.244.254.64 (rr-grp1.yyz1.cl1.setupahost.net), 66.244.254.63
(rr-grp1.yyz1.cl1.setupahost.net)
Whois results from whois.opensrs.net:
Registrant:
WinFixer
P.O. Box 3
Kiev, NA 04114
UA
Domain name: WINFIXER.COM
Administrative Contact:
Hostmaster, WinFixer (e-mail address removed)
P.O. Box 3
Kiev, NA 04114
UA
+(380) 97 939 09 44 Fax: +(380) 97 939 09 44
Technical Contact:
Hostmaster, WinFixer (e-mail address removed)
P.O. Box 3
Kiev, NA 04114
UA
+(380) 97 939 09 44 Fax: +(380) 97 939 09 44
Registrar of Record: TUCOWS, INC.
Record last updated on 02-Aug-2005.
Record expires on 20-Aug-2006.
Record created on 20-Aug-2002.=============================================
Registrar: TUCOWS INC.Nameservers: NS9.NSCACHE.NET, NS8.NSCACHE.NETStatus:
ACTIVEExpires: 03-mar-2006IP Addresses: 66.244.254.64
(rr-grp1.yyz1.cl1.setupahost.net), 66.244.254.63
(rr-grp1.yyz1.cl1.setupahost.net)Whois results from
whois.opensrs.net:Registrant:
Innovative Marketing, Inc.
1876 Hutson Street
Belize City, NA
BZ
Domain name: WINANTISPYWARE.COM
Administrative Contact:
Hostmaster, Innovative (e-mail address removed)
1876 Hutson Street
Belize City, NA
BZ
555-123-1234 Fax: 555-123-1234
Technical Contact:
Hostmaster, Innovative Marketing, Inc.
(e-mail address removed)
1876 Hutson Street
Belize, NA 12345
BZ
+1.5551231234 Fax: +1.5551231234
Registrar of Record: TUCOWS, INC.
Record last updated on 08-Apr-2005.
Record expires on 03-Mar-2006.
Record created on 03-Mar-2004.
Domain servers in listed order:
NS8.NSCACHE.NET 66.244.254.8
NS9.NSCACHE.NET
66.244.254.9======================================================What can
be done to get rid of this malware?efg