R.S RomanService

  • Thread starter Thread starter Quest
  • Start date Start date
Q

Quest

I was getting a dialog box :

Do you want to install and run "VIRUS FREE. CLICK ON "YES"
in order TO accept the terms and conditions of use. The
connection will be immediate. The program will terminate
the connection with your ISP, and will connect to our
server giving full access to the restricted area! The cost
of the service is simply the cost of international phone
call. NOW CLICK ON "YES" and enjoy our Value Added
CONTENTS!" signed on an unknown date and distributed by:

R.S. RomanService di Ionel Sabadac **(<<that's a link)**

Publisher authenticity verified by Thawte Code Signing CA

Is this a spyware ?
 
Quest said:
I was getting a dialog box :

Do you want to install and run "VIRUS FREE. CLICK ON "YES"
in order TO accept the terms and conditions of use. The
connection will be immediate. The program will terminate
the connection with your ISP, and will connect to our
server giving full access to the restricted area! The cost
of the service is simply the cost of international phone
call. NOW CLICK ON "YES" and enjoy our Value Added
CONTENTS!" signed on an unknown date and distributed by:

R.S. RomanService di Ionel Sabadac **(<<that's a link)**

Publisher authenticity verified by Thawte Code Signing CA

Is this a spyware ?
Click to expand...

Search with www.google.com with "romanservice" and decide for yourself.....
I won't click on "yes" !

Gr. Jan
 
Hi Quest,
I wouldn't touch that with a 10' pole.

Sometimes this junk means 'yes' when you say 'no' etc. and I would suggest
closing it by hitting the red X.
The 'simply iinternational phone call' gunk may well result ina modem
hijacking and huge telco bills if one is still on dial up.


Ron Chamberlin
MS-MVP
 
This is a way bad things happen on your computer. If you are not expecting
to install an application, click no to the active x dialog box.

--
-steve

Steve Dodson [MSFT]
MCSE, CISSP
PSS Security

--

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

Note: For the benefit of the community-at-large, all responses to this
message are best directed to the newsgroup/thread from which they
originated.
 
Nobody's answered the basic question though:

Was this popup a result of spyware or not?

We can't tell--the popup is definitely a Bad Thing--stay as far away from it
as possible. However, we can't tell at this distance whether the popup was
the result of an injudicious web site visit, or active spyware on your
machine bringing you bad things.

The best course of action is to have Microsoft Antispyware and a good
antivirus application installed, have updated definitions, and do full scans
with both of them to check out the situation.
 
Steve said:
This is a way bad things happen on your computer. If you are not expecting
to install an application, click no to the active x dialog box.
Click to expand...

Well, the challenge with this is how one unexperienced user
should handle "Publisher authenticity verified by Thawte
Code Signing CA"
Sounds good this user thinks and click "Yes"................
booooom.... caputt IE. ;(

I think MS must lock for all BHO,s also from MSN and make
IE7 to a total
closed browser that only accept minor user defined GUI changes.
 
He sent me his HijackThis log. Nothing obvious on it
except this:

O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)

appears to be just another search webpage but one that
somehow manages to get in the Trusted Zone on a lot of
computers. It should go away with check/Fix Checked. Had
him run ccleaner. Next step is silentrunners.vbs


Ron
 
More paranoid than you, with such a dialog box, I kill it with taskmanage. I
don't rely on the button which can be hiding over the red-X
 
Back
Top