Is this a spyware? //@mail.mar@

[ferbar]

Hello,

My MS AntiSpyware has found 'ZoneMap\Domains\//@mail.mar'
trying to putting itself into the 'Trusted sites' folder.

It has been blocked, but should I do anything else?

Thanks!

FBM

 

[Guest]

I think it got someting to do with msn explorer 9, money
plus or MSN stuff. are u using one of this product?

-----Original Message-----
Hello,

My MS AntiSpyware has

found 'ZoneMap\Domains\//@mail.mar'

 

[ferbar]

Yes, I'm using msn...

Does this mean I sholdn't be worried..?

 

[Andre Da Costa]

Yep, you should not be worried.
--
Andre
Extended64 | http://www.extended64.com
Blog | http://www.extended64.com/blogs/andre
http://spaces.msn.com/members/adacosta
FAQ for MS AntiSpy http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm

 

[Bill Sanderson]

Just for reinforcement: Yes--this is essentially a bug in the beta
product--this url is associated with passport validation in several
products, as noted in this thread--it is fine to allow it.

--

 

[Guest]

how come when i ask msn support whats //@mail.mar@ there
not totally sure if it even belongs to msn service or
product. how did you find out that it belong to msn, msn
support isn't aware of this.

 

[Bill Sanderson]

I know that it is safe to allow, because, as I recall, there's a message
from Steve Dodson, of Microsoft, in these groups giving that information. I
guess the support folks at MSN aren't perfect--I'd suggest going back to
them and asking them to check further--this can't be the first time the
question has come up.


Here 'ya go:

_________________________
This is related to passport enabled applications. We are working on fixing
this in a future release.

--
-steve

Steve Dodson [MSFT]
MCSE, CISSP
PSS Security

--

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this
message are best directed to the newsgroup/thread from which they
originated.

 

[Stephen Boots MVP-MSN Client]

I know that it is safe to allow, because, as I recall, there's a message
from Steve Dodson, of Microsoft, in these groups giving that information. I
guess the support folks at MSN aren't perfect--I'd suggest going back to
them and asking them to check further--this can't be the first time the
question has come up.


Here 'ya go:

_________________________
This is related to passport enabled applications. We are working on fixing
this in a future release.

--
-steve

Steve Dodson [MSFT]
MCSE, CISSP
PSS Security

Thanks for finding this post, Bill. I was about to go digging for it.
It happens regularly with MSN Explorer at login to MSN, but not
always, by the way.
-steve

 

[Bill Sanderson]

Interesting--I don't know why it would vary. This came up quite often early
in the beta--that thread was from early February. Haven't heard much about
it more recently.

--

I know that it is safe to allow, because, as I recall, there's a message
from Steve Dodson, of Microsoft, in these groups giving that information.
I
guess the support folks at MSN aren't perfect--I'd suggest going back to
them and asking them to check further--this can't be the first time the
question has come up.


Here 'ya go:

_________________________
This is related to passport enabled applications. We are working on fixing
this in a future release.

--
-steve

Steve Dodson [MSFT]
MCSE, CISSP
PSS Security

Thanks for finding this post, Bill. I was about to go digging for it.
It happens regularly with MSN Explorer at login to MSN, but not
always, by the way.
-steve

 

[Andre Da Costa]

You may spot this in the Internet Explorer Local Intranet Zone (under
control panel->Security->Local Intranet->Sites->Advanced).

If you browse to that location, you'll find it starts Money. A couple of
examples of it's use are:

money://@surf.mar@/investing.htm

money://@surf.mar@/ols_accttype.htm?{7F136766-E2F1-43D7-9405-9529D9799376}

Because Money is built on IE, these appear to be mechanisms within the
program to launch pages from within itself, and it's not because something
external has infiltrated your machine.

You can delete the entry, but I have found that if you do so, it can
reappear when running Money again.

A similar item "//@signup.mar@" can also be displayed when running Money
(this has been witnessed in anti-spyware tools). This also seems to be part
of Money, but related more to login type procedures.
--
Andre
Extended64 | http://www.extended64.com
Blog | http://www.extended64.com/blogs/andre
http://spaces.msn.com/members/adacosta
FAQ for MS AntiSpy http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm

Interesting--I don't know why it would vary. This came up quite often
early in the beta--that thread was from early February. Haven't heard
much about it more recently.

--

I know that it is safe to allow, because, as I recall, there's a message
from Steve Dodson, of Microsoft, in these groups giving that information.
I
guess the support folks at MSN aren't perfect--I'd suggest going back to
them and asking them to check further--this can't be the first time the
question has come up.


Here 'ya go:

_________________________
This is related to passport enabled applications. We are working on
fixing
this in a future release.

--
-steve

Steve Dodson [MSFT]
MCSE, CISSP
PSS Security

Thanks for finding this post, Bill. I was about to go digging for it.
It happens regularly with MSN Explorer at login to MSN, but not
always, by the way.
-steve