Microsoft is running a disreputable spyware outfit

  • Thread starter Thread starter Susan Sharm
  • Start date Start date
S

Susan Sharm

By logging into hotmail on a new system I found out that Microsoft is
running a disreputable spyware program which pops up targeted adware on
your Windows PC some time AFTER you view web pages. HOW DO WE PREVENT
MICROSOFT FROM INFECTING OUR PC?

On a brand new PC, I noticed that EVERY time I visit a hotmail page the
message comes up (which I cancel every time):
---------------------------------------
Opening ADSAdClient31.dll
You have chosen to open
ADSAdClient31.dll
which is a: Application Extension
from http://rad.msn.com

What should Netscape do with this file?
(x) Open with dllfile (default)
( ) Save to Disk
----------------------------------------
I googled and found that this is a well-known Microsoft Ad Server
spyware advertising client dynamic linked library
(http://www.kuro5hin.org/story/2001/8/17/11541/1217)
but I did not find how to PREVENT it from installing! Apparently this
program pops up ads AFTER you view the web page! So it's a prime cause
of pop-up annoyances and is a known spyware program from Microsoft.

I tried putting 127.0.0.1 rad.msn.com into my hosts file but I STILL
get this annoying Microsoft Advertising Delivery Service dll download
attempt (which I cancel every time) when I visit any hotmail web page.

Someone out there must be an anti-spyware expert who can tell us how to
ELIMINATE the chance of this Microsoft-built adware/spyware?

PLEASE! If you are a Windows expert, you'll know how to stop this
program!

Thank you in advance,
Susan Sharm
 
Susan Sharm said:
By logging into hotmail on a new system I found out that Microsoft
is running a disreputable spyware program which pops up targeted
adware on your Windows PC some time AFTER you view web pages.
Bullshit.

HOW DO WE PREVENT MICROSOFT FROM INFECTING OUR PC?
Click to expand...

YOU SET FIRE TO YOURSELF IN 'PROTEST'

If you incinerate the PC, they wont be able to touch it, stupid.
On a brand new PC, I noticed that EVERY time I visit a hotmail
page the message comes up (which I cancel every time):
---------------------------------------
Opening ADSAdClient31.dll
You have chosen to open
ADSAdClient31.dll
which is a: Application Extension
from http://rad.msn.com

What should Netscape do with this file?
(x) Open with dllfile (default)
( ) Save to Disk
----------------------------------------
Click to expand...

Wota terminal ****wit.
I googled and found that this is a well-known Microsoft Ad Server
spyware advertising client dynamic linked library
(http://www.kuro5hin.org/story/2001/8/17/11541/1217)
but I did not find how to PREVENT it from installing!
Click to expand...

See above.
Apparently this program pops up ads AFTER you view the
web page! So it's a prime cause of pop-up annoyances
and is a known spyware program from Microsoft.
Click to expand...
I tried putting 127.0.0.1 rad.msn.com into my hosts file but I STILL
get this annoying Microsoft Advertising Delivery Service dll download
attempt (which I cancel every time) when I visit any hotmail web page.
Click to expand...

See above.
Someone out there must be an anti-spyware expert who can tell us how
to ELIMINATE the chance of this Microsoft-built adware/spyware?
Click to expand...

See above.
PLEASE! If you are a Windows expert,
you'll know how to stop this program!
Click to expand...

See above.
Thank you in advance,
Susan Sharm
Click to expand...

See above.
 
I do not have this problem when using I.E. to go to hotmail.

--

Regards,

Richard Urban
Microsoft MVP Windows Shell/User

Quote from George Ankner:
If you knew as much as you think you know,
You would realize that you don't know what you thought you knew!
 
Susan said:
By logging into hotmail on a new system I found out that Microsoft is
running a disreputable spyware program which pops up targeted adware
on your Windows PC some time AFTER you view web pages. HOW DO WE
PREVENT MICROSOFT FROM INFECTING OUR PC?

On a brand new PC, I noticed that EVERY time I visit a hotmail page
the message comes up (which I cancel every time):
---------------------------------------
Opening ADSAdClient31.dll
You have chosen to open
ADSAdClient31.dll
which is a: Application Extension
from http://rad.msn.com
Click to expand...
(snip long rant and ridiculous amount of cross-posted newsgroups)

I suspect you are a troll from the number of unrelated newsgroups to
which you crossposted your original post, but:

You don't mention what operating system you are using. If you are using
Windows XP, make sure you have Service Pack 2 installed. Since you say
you have a brand-new computer, I assume that you do have XPSP2. If this
is not the case, consider upgrading to a current operating system and
make sure you are up-to-date with security patches.

Since I don't get any popups on Hotmail using IE on any of my XPSP2
boxen, you've got something set up wrong on your machine or you are
already infected with malware. The fact that you have a new machine is
irrelevant; an improperly protected Windows machine can become infected
in literally minutes. If you insist on using IE, use the popup control
that comes with it. Or use another browser such as Firefox or Opera.

As for ads, you are apparently using the free version of Hotmail which
is ad-supported. Either pay for Hotmail or use another free email
service (which will also be ad-supported unless you pay for it). Make
sure your computer is clean and protected and practice Safe Hex:

http://www.elephantboycomputers.com/page2.html#Removing_Malware
http://www.claymania.com/safe-hex.html

Malke
 
Susan wrote on 31 Oct 2005 00:46:12 -0800:
By logging into hotmail on a new system I found out that Microsoft is
running a disreputable spyware program which pops up targeted adware on
your Windows PC some time AFTER you view web pages. HOW DO WE PREVENT
MICROSOFT FROM INFECTING OUR PC?

On a brand new PC, I noticed that EVERY time I visit a hotmail page the
message comes up (which I cancel every time):
---------------------------------------
Opening ADSAdClient31.dll
You have chosen to open
ADSAdClient31.dll
which is a: Application Extension
from http://rad.msn.com
Click to expand...

If you read the link that Karl Levinson provided, you should note the bold
text items. What has happened is that you have been infected by something
else that has set up rad.msn.com in your hosts file to point to a non-MS
site that attempts to download that DLL. MS isn't trying to force anything
on you - you're a victim of something else that takes advantage of anyone
who subsequently tries to access a Hotmail account.

Dan
 
Karl Levinson said:
Interesting, but unless I'm mistaken, Hotmail, like Google and a lot
of other free sites, is ad driven. If you don't want to see ads,
don't use Hotmail or those other sites.

I assume you've tried the instructions here?

http://forums.spywareinfo.com/lofiversion/index.php/t51627.html
Click to expand...

I don't get any ads from Hotmail. Also, very little spam lately.

--
Frank Saunders, MS-MVP OE
Please respond in Newsgroup only. Do not send email
http://www.fjsmjs.com
Protect your PC
http://www.microsoft.com./athome/security/protect/default.aspx
http://defendingyourmachine.blogspot.com/
 
From: "Susan Sharm" <[email protected]>

| By logging into hotmail on a new system I found out that Microsoft is
| running a disreputable spyware program which pops up targeted adware on
| your Windows PC some time AFTER you view web pages. HOW DO WE PREVENT
| MICROSOFT FROM INFECTING OUR PC?
|
| On a brand new PC, I noticed that EVERY time I visit a hotmail page the
| message comes up (which I cancel every time):
| ---------------------------------------
| Opening ADSAdClient31.dll
| You have chosen to open
| ADSAdClient31.dll
| which is a: Application Extension
| from http://rad.msn.com
|
| What should Netscape do with this file?
| (x) Open with dllfile (default)
| ( ) Save to Disk
| ----------------------------------------
| I googled and found that this is a well-known Microsoft Ad Server
| spyware advertising client dynamic linked library
| (http://www.kuro5hin.org/story/2001/8/17/11541/1217)
| but I did not find how to PREVENT it from installing! Apparently this
| program pops up ads AFTER you view the web page! So it's a prime cause
| of pop-up annoyances and is a known spyware program from Microsoft.
|
| I tried putting 127.0.0.1 rad.msn.com into my hosts file but I STILL
| get this annoying Microsoft Advertising Delivery Service dll download
| attempt (which I cancel every time) when I visit any hotmail web page.
|
| Someone out there must be an anti-spyware expert who can tell us how to
| ELIMINATE the chance of this Microsoft-built adware/spyware?
|
| PLEASE! If you are a Windows expert, you'll know how to stop this
| program!
|
| Thank you in advance,
| Susan Sharm

For non-viral malware...

Please download, install and update the following software...

Ad-aware SE v1.06
http://www.lavasoft.de/
http://www.lavasoftusa.com/

SpyBot Search and Destroy v1.4
http://security.kolla.de/

After the software is updated, I suggest scanning the system in Safe Mode.

I also suggest downloading, installing and updating BHODemon for any Browser Helper Objects
that may be on the PC.

BHODemon
http://www.definitivesolutions.com/bhodemon.htm

For viral malware...

Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

It is a self-extracting ZIP file that contains the Kixtart Script Interpreter {
http://kixtart.org Kixtart is CareWare } 4 batch files, 6 Kixtart scripts, one Link
(.LNK) file, a PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE. It will
simplify the process of using; Sophos, Trend, Kaspersky and McAfee Anti Virus Command
Line Scanners to remove viruses, Trojans and various other malware.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file.

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

* * * Please report back your results * * *
 
On 31 Oct 2005 00:46:12 -0800, "Susan Sharm" <[email protected]>
spewed forth :


Think that's bad? We use RoadRunner broadband and TW Cable. I
noticed about three months ago a preponderance of diabetes-related
commercials on the idiot box. This happened to coincide with my
diagnosis as a diabetic and my subsequent Googling for information.

My husband says the ads don't turn up on the idiot box when I'm using
my computer.

Coincidence? I think not.

The only way to nip that little datamining scheme is to change ISPs or
cable providers. Inertia is sometimes a horrible thing.

+++++++++++++

Reply to the list as I do not publish an email address to USENET.
This practice has cut my spam by more than 95%.
Of course, I did have to abandon a perfectly good email account...
 
From: "Wooly" <[email protected]>

| On 31 Oct 2005 00:46:12 -0800, "Susan Sharm" <[email protected]>
| spewed forth :
|
| Think that's bad? We use RoadRunner broadband and TW Cable. I
| noticed about three months ago a preponderance of diabetes-related
| commercials on the idiot box. This happened to coincide with my
| diagnosis as a diabetic and my subsequent Googling for information.
|
| My husband says the ads don't turn up on the idiot box when I'm using
| my computer.
|
| Coincidence? I think not.
|
| The only way to nip that little datamining scheme is to change ISPs or
| cable providers. Inertia is sometimes a horrible thing.
|
| +++++++++++++
|
| Reply to the list as I do not publish an email address to USENET.
| This practice has cut my spam by more than 95%.
| Of course, I did have to abandon a perfectly good email account...

Your computer is infected with adware. Sure its not a coincidence.
 
microsoft.public.security news group, David H. Lipman
From: "Wooly" <[email protected]>

| On 31 Oct 2005 00:46:12 -0800, "Susan Sharm" <[email protected]>
| spewed forth :
|
| Think that's bad? We use RoadRunner broadband and TW Cable. I
| noticed about three months ago a preponderance of diabetes-related
| commercials on the idiot box. This happened to coincide with my
| diagnosis as a diabetic and my subsequent Googling for information.
|
| My husband says the ads don't turn up on the idiot box when I'm using
| my computer.
|
| Coincidence? I think not.
|
| The only way to nip that little datamining scheme is to change ISPs or
| cable providers. Inertia is sometimes a horrible thing.
|
| +++++++++++++
|
| Reply to the list as I do not publish an email address to USENET.
| This practice has cut my spam by more than 95%.
| Of course, I did have to abandon a perfectly good email account...

Your computer is infected with adware. Sure its not a coincidence.
Click to expand...

He's talking about directed television ads based on his surfing habits
which is not only a coincidence, it is ridiculous and just doesn't
occur.

--
Paul Adare
MVP - Windows - Virtual Machine
http://www.identit.ca/blogs/paul/
"The English language, complete with irony, satire, and sarcasm, has
survived for centuries without smileys. Only the new crop of modern
computer geeks finds it impossible to detect a joke that is not clearly
labeled as such."
Ray Shea
 
He's talking about directed television ads based on his surfing habits
which is not only a coincidence, it is ridiculous and just doesn't
occur.
Click to expand...

Firstly, I'm a "she", not a "he". The word "husband" in my OP might
have tipped you to that little fact :)

Secondly - internet usage datamining and directed advertising
certainly do happen. It has been going on for years at the market
level (ie, your local car huckster, your local RTO furniture rip-off
joint, etc). Implementing such advertising schemes at the individual
subscriber level has been possible for several years and I think I'm
seeing the reality of it. Maybe it has been happening for a longer
period than I'm aware, but happening it is.

+++++++++++++

Reply to the list as I do not publish an email address to USENET.
This practice has cut my spam by more than 95%.
Of course, I did have to abandon a perfectly good email account...
 
Wooly said:
Firstly, I'm a "she", not a "he". The word "husband" in my OP might
have tipped you to that little fact :)

Secondly - internet usage datamining and directed advertising
certainly do happen. It has been going on for years at the market
level (ie, your local car huckster, your local RTO furniture rip-off
joint, etc). Implementing such advertising schemes at the individual
subscriber level has been possible for several years and I think I'm
seeing the reality of it. Maybe it has been happening for a longer
period than I'm aware, but happening it is.
Click to expand...

You are sooo right. In the three years since I was diagnosed with
testicular cancer (three years cancer-free this month! Woohoo!), I've
noticed that Lance Armstrong has been a strong television presence, as he
wins bike race after bike race. I can't believe that he's won the Tour de
France three times in a row now. I have no idea what he did before then.

Of course, what's really strange is that I've been seeing all these adverts
for diabetes supplies, so I'm wondering which member of our household is
about to receive that diagnosis.

Alun.
~~~~
[Please don't email posters, if a Usenet response is appropriate.]
 
I assume you've tried the instructions here?
http://forums.spywareinfo.com/lofiversion/index.php/t51627.html
What happens when you use IE? or Firefox? It may be a Netscape
problem, not Microsoft/Windows.
Click to expand...

Yes. I googled before I asked the question and found that this
Microsoft Ad Server problem is VERY COMMON and that the cleanup &
hijack & Ad-Aware & SpybotSD & SpywareBlaster programs all IDENTIFY &
REMOVE the problem dynamic linked libraries and the dozen or so files
installed by Microsoft if you say OK just once, but all these programs
are powerless to PREVENT the request from being transparent to the
millions of us poor users! :(

Following the helpful suggestions, I just doublechecked using the top
three web browsers (IE 6.0.2900.2180.spxp_sp2_gdr.050301-1519, Netscape
8.0.2, & Firefox 1.0.6) by logging into my hotmail email account and
clicking around. Here are the results for the many others with this
problem to help solve together.

NETSCAPE:
For each repeated attempt to connect to the onerous Microsoft
Advertising Server (rad.msn.com), Netscape 8.0.2 constantly pops up
forms saying "That domain name cannot be found", probably due to the
127.0.0.1 loopback interface I added to the WinXP hosts file for that
Microsoft Repeat Advertising Server "rad.msn.com". So this is a
workaround, but, not a good one.

INTERNET EXPLORER:
Instead of popping up a separate dialog box, IE displays an inline
warning for every repeated Microsoft ADSAdClient Advertising Delivery
Service attempt, saying:

"The page cannot be displayed. The page you are looking for is
currently unavailable. The Web site might be experiencing technical
difficulties, or you may need to adjust your browser settings."

Again, this is probably due to the hosts file localhost loopback I
added for the rad.msn.com repeate advertising server.

FIREFOX:
Only in Firefox (my preferred browser), does the separate request to
download the Microsoft Advertising Server dynamic linked library (dll)
repeatedly pop up as noted in the original posting (even though I have
the rad.msn.com site listed in my standard hosts file from
http://www.infonomicon.org/text/hosts

IMPORTANT NOTE:
This rad.msn.com (spyware adware trojan) is so very commonly a problem
for so many users that it is in almost all (if not all) hosts files I
could find on the Internet, for example all these have "rad.msn.com"
redirected to localhost!
http://forums.springheadmedia.com/PHPexamples/viewtopic.php?p=38
http://www.genericgeek.com/index.php?q=node/538
http://forums.us.dell.com/supportforums/board/message?board.id=si_hijack&message.id=16799

END RESULT:
1. This is a very well known problem which the spybot and others fail
to remove (according to my google searches) but which can be worked
around for all but the Firefox browser by redirecting the loopback for
the rad.msn.com repeat advertising server.

2. For now, I'm forced to use Netscape or (heaven forbid) IE as my
browser but I really really prefer Firfox (and so do many other people)
so I think this is still a problem that isn't solved yet (for Firefox).

3. Since this is so very well known, anyone who tested it who does NOT
see the problem is probably ALREADY infected! Apparently the standard
Ad-Aware, Spybot Search & Destroy, SpywareBlaster, etc programs can
REMOVE the problem but they can't PREVENT the annoyance each time
(which is the main intent) as noted in many google searches today.
http://defectivehw.blogspot.com/2005/04/msn-messenger-7-is-out.html
http://forums.serverlogistics.com/viewtopic.php?p=522&sid=82f7afe392df201533f5ec9d90873603
http://forums.spywareinfo.com/lofiversion/index.php/t45897.html

So, I think we STILL have a huge problem considering the millions of
hotmail users who also use any of the browsers above (Firefox is the
worst, but it's not transparent even on IE or Netscape).

I do very much thank you for the advice (which I've followed to a T,
having had all the spyware/adware scanners & blockers already
installed) that we still need is a Windows expert who can solve this
problem for the millions of us who use Hotmail and any of the three
browsers above.

Do experts know how to totally prevent the Microsoft Ad Delivery
Service from bothering the user EVERY time they log into their Hotmail
account on Firefox?

Thank you in advance, for all of us,
Susan Harm
 
Richard said:
I do not have this problem when using I.E. to go to hotmail.
Click to expand...

According to the google searches, then you are ALREADY INFECTED by the
Microsoft Ad Server (which is what they intended in the first place!)
so you're playing right along with Microsoft (which is OK as long as
you don't mind their spyware running on your system).

Since you are a victim just as much as I am, you may be interested in
helping out how to PREVENT this from occurring to the many of us who
aren't yet victims of the Microsoft Ad Delivery Service.

As far as I can tell from the extensive google record (both web and
groups), there is NO KNOWN WAY on the Internet to stop the request from
occurring (unless we give up on Hotmail altogether of course). All the
google searches show us is how to non-transparently redirect the
request on IE and Netscape to inline error windows (but not
transparently). Worse yet, for Firefox, a separate annoying dialog box
pops up.

In all three browsers the annoying requests and error windows go away
once you are infected (which is Microsoft's point all along).

We still need a solution (and it's not in the google record but I may
have missed something that experts are asked to point out except Rod
Speed who apparently is a 14-year old kid playing with is Mom's
computer).

Thank you in advance for helping all of us,
Susan Harm
 
Daniel said:
you have been infected by something else that has set up rad.msn.com
in your hosts file to point to a non-MS site that attempts to download
that DLL.
Click to expand...

I added the 127.0.0.1 loopback back to my own machine to the Windowx XP
c:\winnt\system32\drivers\etc\hosts file based on well known advice
from a variety of sites such as
http://accs-net.com/hosts/how_to_use_hosts.html

The 127.0.0.1 is simply a way to redirect all requests to the Microsoft
Repeat Advertising Server (rad.msn.com) to the local machine so it
never gets to the Internet.

This is so common a workaround that almost every single hosts file on
the Internet has this "127.0.0.1 rad.msn.com" redirect as shown by the
following.
http://everythingisnt.com/hosts
http://tylercole.info/removeads.php
http://www.infonomicon.org/text/hosts
http://www.avidware.net/spyware/detection-in-host-file.asp
http://www.bleedingsnort.com/forum/viewtopic.php?forum=11&showtopic=98
http://www.genericgeek.com/index.php?q=node/538
http://www.erickson.stfrancisville.com/tools/index.htm
http://www.lurkhere.com/cgi-bin/forums/dcboard.cgi?az=printer_format&forum=DCForumID4&om=527&omm=44
http://www.mytechsupport.ca/helpwithpcs/topic.asp?TOPIC_ID=4586

Judging from all these attempts at BLOCKING the request TRANSPARENTLY,
this is a common as yet unsolved problem:
http://lamerkatz.com/forum/viewtopic.php?t=1337&sid=9bfc2adc1c25a45be1753fca27fbab6a
http://www.bleedingsnort.com/forum/viewtopic.php?forum=11&showtopic=98
http://www.darksun.ws/PHPBB2/viewtopic.php?t=60&view=previous
http://www.neilpwc.co.uk/neonblog/msn-im-advert-removal/
http://www.cableforum.co.uk/board/showthread.php?t=13548&page=2&pp=15
http://forums.techguy.org/archive/t-405673.html
http://outpostfirewall.com/forum/showpost.php?p=71746&postcount=3
http://www.msghelp.net/showthread.php?tid=34015&page=3

Maybe I'm wrong (Rod Speed will certainly provide the solution for us
since he is the world's best 14-year old expert on the Windows PC) but
it seems like:
1. This is a very common problem.
2. Nothing yet transparently blocks the request.
3. If you don't get the request, that means you are infected.
4. The best we can do (so far) is a workaround.
5. What we're asking is if there is an expert (greater than 14 years
old) who knows how to TRANSPARENTLY STOP this request from Microsoft
from infecting our systems.

Thank you in advance for your expert guidance,
Susan Harm
 
Wooly said:
Firstly, I'm a "she", not a "he". The word "husband" in my OP might
have tipped you to that little fact :)

Secondly - internet usage datamining and directed advertising
certainly do happen. It has been going on for years at the market
level (ie, your local car huckster, your local RTO furniture rip-off
joint, etc). Implementing such advertising schemes at the individual
subscriber level has been possible for several years and I think I'm
seeing the reality of it. Maybe it has been happening for a longer
period than I'm aware, but happening it is.
Click to expand...

Just another utterly silly conspiracy theory.
 
in the said:
Firstly, I'm a "she", not a "he". The word "husband" in my OP might
have tipped you to that little fact :)
Click to expand...

Obviously I missed that, sorry.
Secondly - internet usage datamining and directed advertising
certainly do happen. It has been going on for years at the market
level (ie, your local car huckster, your local RTO furniture rip-off
joint, etc). Implementing such advertising schemes at the individual
subscriber level has been possible for several years and I think I'm
seeing the reality of it. Maybe it has been happening for a longer
period than I'm aware, but happening it is.
Click to expand...

If you think that your Internet usage is causing you to receive
personalized television advertising that say your neighbour, watching
the same channel at the same time, who has different Internet habits
doesn't receive then I'd say that your tinfoil hat is slipping and you
should probably readjust it.

Television broadcasters do not personally adjust television commercials
delivered to you based on your personal surfing habits. For one thing,
the technology to do this just doesn't exist. To think otherwise is
simply ludicrous.



--
Paul Adare
MVP - Windows - Virtual Machine
http://www.identit.ca/blogs/paul/
"The English language, complete with irony, satire, and sarcasm, has
survived for centuries without smileys. Only the new crop of modern
computer geeks finds it impossible to detect a joke that is not clearly
labeled as such."
Ray Shea
 
As far as I can tell from the extensive google record (both web and
groups), there is NO KNOWN WAY on the Internet to stop the request from
occurring (unless we give up on Hotmail altogether of course).
Click to expand...

that's what i did. hm won't let me log on unless i'm buckass naked.
all firewall shields must be down.
 
Back
Top