MT's spy division/unit?

page 1 of 1 21 total items

Lunstar

Lunstar

Formatted...and learning

Cancel

Hi all!

Recently i installed a new anti-spyware program and realized things i did not noe of in the past.

I'll get straight to the pt, its about MT containing spyware.

If u dun believe me here is some evidence.

Ok this is the scan i ran on my com to remove spyware.
http://img473.imageshack.us/img473/7145/initialscan8kw.th.jpg

And a 2nd scan 2 ensure tat spyware does not duplicate or anything.Looks like my system is clean :)
http://img104.imageshack.us/img104/1109/2ndscan6vv.th.jpg

Ok now i go to MT, n i get this warning :o
http://img107.imageshack.us/img107/368/harmfulcontent9pp.th.jpg

After browsing just MT awhile i scan my com again.
http://img137.imageshack.us/img137/7012/results6dy.th.jpg

Seems tat i got spyware and its the same one as before :\ Spyware getting into my system just after moments of browsing. Is tat gd?

Ok i understand tat Mt is making the place "family safe" and "worksafe" ny cleaning up scans etc. And the ads placed around MT are for continued funding from sponsors etc. Googling sponsoring MT etc.

All tat is understandable, but some qns popped in my mind. :o

Why is there spyware or malware in MT?
Wat is its purpose? and why should it be there?
Is google sponsoring MT to infect our systems with spyware? If not why is it there? Or issit MT has spyware from the beginning?
Is it ok for a "family" friendly site to have spyware, wats does it show then?

I believe MT users ought to know about this, tat is there is spyware on this site. Wat it does and why issit there is something only its creators would noe. This post is not meant to insult Mt or anything, but i just feel tat some appriopiate answers are needed for the presence of such malicious files and such a "policy". Or could MT tell us wat the spyware does? Harmless spyware? I have doubts.. :\ Unless we noe wats is does, its a threat..

Assuming MT has no clue about it, maybe some spyware got into the server and started spreading. If so i urge mods to fix the problem.

Tama-Neko

Tama-Neko

Invisible

Cancel

Can you provide more information?
Software:
Which browser are you using? Do you have popup blockers, ad blockers, or other software installed for this browser or not? Are you running behind any firewall software, and do you have any concurrently running antivirus software that may block spyware? Do you have any other things installed on your computer (ie a HOSTS file, which by the way, if you don't have one installed I would highly recommend; SpyBot Search and Destroy has a tool to autopopulate your HOSTS file to block a lot of common ad sites) that you use to try and block spyware?
Location:
Which pages on MT were you browsing? (Gallery pages, forum pages, userpages, group pages - note that for userpages and group pages, a user may be linking to some items offsite that might include links to spyware infected sites)
Page Content:
Do you recall which ads were being served? (Google ads, specific image banner ads?)

Why all the questions? Well, if we can pinpoint which pages are serving up the spyware we can figure out what to eliminate.

merged: 05-12-2006 ~ 02:02pm
Also, I see that your spyware program has issues with CPXInteractive which is one of the image banner ad providers. Did the program has problems any of the other ad providers (ie Google Ads, Fastclick?) If it only has issues with CPX Interactive, perhaps it is a good idea to drop that provider in favor of the others.
Oh, and as an employee of Google who has to deal with Google Ads on a fairly regular basis, I can assure you, we don't serve spyware. I have no idea about the other ad providers MT uses, though.

Lunstar

Lunstar

Formatted...and learning

Cancel

Quote by Tama-NekoCan you provide more information?
Software:
Which browser are you using? Do you have popup blockers, ad blockers, or other software installed for this browser or not? Are you running behind any firewall software, and do you have any concurrently running antivirus software that may block spyware? Do you have any other things installed on your computer (ie a HOSTS file, which by the way, if you don't have one installed I would highly recommend; SpyBot Search and Destroy has a tool to autopopulate your HOSTS file to block a lot of common ad sites) that you use to try and block spyware?
Location:
Which pages on MT were you browsing? (Gallery pages, forum pages, userpages, group pages - note that for userpages and group pages, a user may be linking to some items offsite that might include links to spyware infected sites)
Page Content:
Do you recall which ads were being served? (Google ads, specific image banner ads?)

Why all the questions? Well, if we can pinpoint which pages are serving up the spyware we can figure out what to eliminate.

merged: 05-12-2006 ~ 02:02pm
Also, I see that your spyware program has issues with CPXInteractive which is one of the image banner ad providers. Did the program has problems any of the other ad providers (ie Google Ads, Fastclick?) If it only has issues with CPX Interactive, perhaps it is a good idea to drop that provider in favor of the others.
Oh, and as an employee of Google who has to deal with Google Ads on a fairly regular basis, I can assure you, we don't serve spyware. I have no idea about the other ad providers MT uses, though.

Software:
My current firewall is Zonealarm, anti-virus is Avast!.I have Ad-Aware(Ad-Watch) which blocks pop ups as with as Spyware Doctor. As for Spybot i would not reconmend it as its scanning capability is too low. The Spyware Doctor i recently installed detected 196 problems during its first full system scan whereas SpyBot zero. :sweat:

Location:
I was browsing my own notifications and some gallery pages. can't remember the exact one.

Page Content: I did't bother to see the ads placed, but i saw PcTools spyware Doctor which i felt was kind contradictory to the problem. :\

No my program only displayed the alert for the CPXInteractive and it occured when i clicked the MT homepage. (Entering MT)

PS:Eh sorri but i gotta sleep now, i will clean my system later and the get infected again to get more evidence to answer yr qns ^_^'

Tama-Neko

Tama-Neko

Invisible

Cancel

For the time being, I would use a HOSTS file or some other method to block the URL adserving.cpxinteractive.com as this is the ad server your spyware detector is having problems with. I just did that, and am browsing MT with IE (usually I'm a Firefix gal) but am not yet getting any popups.

Lunstar

Lunstar

Formatted...and learning

Cancel

Well I dun get any problems with the pop-ups because I have Ad-Adware to block it. Its just that i believe that Spyware leaks into my system from one of the urls. Most likely the adserving.cpxinteractive.com Because the problem i stated was spyware not pop-ups

Btw can you tell me how to use the HOSTS file with Spybot?

littlejonny100

Retired Moderator

littlejonny100

Rusty Slave

Cancel

Firstly I'll say the moment you connect to the internet you should expect to be getting some sort of spyware or adware, however I myself have never had spyware doctor alert me of any threats from MT.

I saw your problem and decided to check my own system, I've been surfing MT more than daily for a while since my last spyware test and decided to run spywaredoctor and look closely at the results, picked up 2 ad cookies and 6 harmless things which I dont think were from here anyways. It didn't seem to pick up the problem you did.

Surfed MT for a short while and ran the test again and the results came back completly clean. Very possible I didn't run across the same ad but I should also add I'm running on firefox, which is said to be cleaner than IE, guess this might prove it.

I would confidently say that even if that was from MT it would be harmless, and the result display you posted did say 'suspicious' files. e.g. Anything I see in my inbox with the word 'free' or 'enlarge' is suspicious to me.....I'm sure spyware doctor thinks anything with the word ad is suspicious.

You said spybot picked up zero where spyware doctor picked up 196. I've been working for a uni qualified computer technician recently and heard from many others that there is nothing wrong with spybot and that it is probably the best free scanner you can get. My conclusion would be spybot picks out what is actually dangerous, where spyware doctor will pick out suspicious things as well, hence the extra 196.

"Do upon others as they would do upon you......except do it sooner, more often and better! "

Lunstar

Lunstar

Formatted...and learning

Cancel

Quote by littlejonny100Firstly I'll say the moment you connect to the internet you should expect to be getting some sort of spyware or adware, however I myself have never had spyware doctor alert me of any threats from MT.

I saw your problem and decided to check my own system, I've been surfing MT more than daily for a while since my last spyware test and decided to run spywaredoctor and look closely at the results, picked up 2 ad cookies and 6 harmless things which I dont think were from here anyways. It didn't seem to pick up the problem you did.

Surfed MT for a short while and ran the test again and the results came back completly clean. Very possible I didn't run across the same ad but I should also add I'm running on firefox, which is said to be cleaner than IE, guess this might prove it.

I would confidently say that even if that was from MT it would be harmless, and the result display you posted did say 'suspicious' files. e.g. Anything I see in my inbox with the word 'free' or 'enlarge' is suspicious to me.....I'm sure spyware doctor thinks anything with the word ad is suspicious.

You said spybot picked up zero where spyware doctor picked up 196. I've been working for a uni qualified computer technician recently and heard from many others that there is nothing wrong with spybot and that it is probably the best free scanner you can get. My conclusion would be spybot picks out what is actually dangerous, where spyware doctor will pick out suspicious things as well, hence the extra 196.

I would like to say that i get the spyware called Elite Bar everytime i surf MT.

And about the Spybot, firstly I would like to say that there is definitely a difference in the standard between a free and a commercial-based program. If not it would't be free..and hearing and actually using the software itself gives you two entirely different results. I scanned my system twice with SpyBot which both ende up with zero results. Furthermore, among the "extra" 196 was a Backdoor Trojan (GrayBird or something), alot of rogue anti-spyware and a dialler which i do not think is something minor. This proves to show the scanning depth and capability of Spyware Doctor and SpyBot is largely different. Spyware Doctor being able to fish out Backdoor Trojan and SpyBot not.

Being something like "consumers" we would't know for sure whether or not its harmless unless we know exactly wat it does.

I have to run a couple more tests to ensure tat MT infects my com with Spyware..

Spystreak

Retired Moderator

Spystreak

The Grim Reaper

Cancel

I must step in and defend spybot. I haven't had much problems with it. You need to Immunize your systems in order to prevent further intrusions of spyware. I have over 9967 spyware currently being blocked with spybot through immunization of my comp so I don't think there is anything wrong with spybot.

Fools You Can't Escape from The Grim Reaper. Your Only Chance for Escape Is Death. Bye Bye Now
Signature
	Image
Your Ignorance Will Be Your Own Downfall.

Lunstar

Lunstar

Formatted...and learning

Cancel

Quote by SpystreakI must step in and defend spybot. I haven't had much problems with it. You need to Immunize your systems in order to prevent further intrusions of spyware. I have over 9967 spyware currently being blocked with spybot through immunization of my comp so I don't think there is anything wrong with spybot.

:sweat: Its not reallly the immunization part, i never really used tat feature of SpyBot, its SpyBot's scanning capabillity which as i have mentioned is note as good as Spyware Doctor's by a..rather large margin. Furthermore no matter how you block there is surely still some spyware that may leak in and if SpyBot is unable to detect that Spyware tat has leaked in it is no very good. Prevention is good, but what's prevention without a cure.

I dun know about how good SpyBot Immunization is or anything..but one thing i can say for scan is that its scanning capability is not that gd. Serious, i ran two scans and no errors showed which led me to think...thats too good to be true thats why i got Spyware Doctor which gave me a "revelation".. OX

Eh...but the issue is not on SpyBot but rather Spyware on MT ^_^'

EternalParadox

Retired Moderator

EternalParadox

.:Enigma Mod:.

Cancel

You still have not provided us with exact details of what this spyware is. Have you also tried scanning with Adaware? It also seems that no other member is reporting this issue. Are you sure that you do not have other pre-existing spyware on your machine that is opening the backdoor to allow other spyware in? This is often the case and where you think a certain spyware is coming from isn't actually its real point of origin.

If you are certain that MT's CPXInteractive ad is putting spyware onto your computer and that it is not because you have preexisting spyware that is opening the doorway for other spyware to enter, then you can go to

Windows >> system32 >> drivers >> etc

and open up the HOSTS file with notepad.

Then add "127.0.0.1 localhost" as the first line of your host file. Then append

127.0.0.1 *insert domain of ad in question*

Then save.

You should have it in the following format, here provided with an example:

127.0.0.1 localhost
127.0.0.1 ad.doubleclick.net

This will redirect the connection attempts back to your local machine, thereby preventing access to the ad and any spyware therein.

As a side note, that you paid for something never is in itself an indication that it is better. Think Windows versus Linux. Spybot is one of the best spyware scanners, alone with adaware and spyware doctor. Each will find something that the other two does not. That's simply the rule of the game with spyware. Don't take your Spyware Doctor, even the paid-for professional edition, to be the end-all-be-all of spyware prevention.

EternalParadox
Previously the Forum, Vector Art, and Policy Moderator

  • May 16, 2006

Lunstar

Lunstar

Formatted...and learning

Cancel

Adaware also provided zero results which is the reason why i decided to get Spyware Doctor. My system was cleaned by Spyware Doctor so it should be Backdoor Trojan free.

Btw i can't open the file u mentioned...Its the hosts.ics file right?

I get this error...

http://img126.imageshack.us/img126/7763/error1rq.th.jpg

Not a gd sigh obviously...:sweat:

The spyware is EliteBar i dun know what it does but its definitely not good to have Spyware on yr system. I will run a test by just browsing the internet site like Google and Yahoo. And scanning, and then proceed to MT. To ensure that the Spyware does not leak in when i connect to the internet but rather from MT.

Here's the spyware i mentioned.
http://img230.imageshack.us/img230/8484/elitebar8um.th.jpg

Tama-Neko

Tama-Neko

Invisible

Cancel

Have you tried going to other places before MT and seeing if you get the Elitebar? Because after looking up information on Elitebar it appears to be a very persistant piece of malware that can be difficult to remove. Try visiting sties that are not going to be malware infected, like cnn.com or another reputable news site (Reuters, etc.) Elitebar may just need several minutes of IE open to reinstall itself regardless of the sites you are visiting.
Also, the HOSTS file is called exactly that, HOSTS in all capitals, no extension.

Lunstar

Lunstar

Formatted...and learning

Cancel

I went to Yahoo and afked for 10mins, and scanned my PC. And there was zero infections. Whereas,i went to MT and afked for 10mins and after that i scanned and there was an infection which was 1 EliteBar. This shows that the Spyware leaked from MT or something.

Btw here's my HOST file, I dun noe where to do the editing.

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

# eXeem Lite - http://www.exlite.pl/
62.75.224.159 www.bns3.net
62.75.224.159 www.bns4.net
62.75.224.159 www.bns5.net
62.75.224.159 www.bns6.net
62.75.224.159 www.bns7.net
62.75.224.159 www.bns8.net
62.75.224.159 www.cms3.net
62.75.224.159 www.cms4.net
62.75.224.159 www.cms5.net
62.75.224.159 www.cms6.net
62.75.224.159 www.cms7.net
62.75.224.159 www.cms8.net
62.75.224.159 www.rg1.com
62.75.224.159 www.rg2.com
62.75.224.159 www.rg3.com
62.75.224.159 www.rg4.com
62.75.224.159 www.rg5.com
62.75.224.159 www.rg6.com
62.75.224.159 www.rg7.com
62.75.224.159 www.rg8.com
62.75.224.159 bns3.net
62.75.224.159 bns4.net
62.75.224.159 bns5.net
62.75.224.159 bns6.net
62.75.224.159 bns7.net
62.75.224.159 bns8.net
62.75.224.159 cms3.net
62.75.224.159 cms4.net
62.75.224.159 cms5.net
62.75.224.159 cms6.net
62.75.224.159 cms7.net
62.75.224.159 cms8.net
62.75.224.159 rg1.com
62.75.224.159 rg2.com
62.75.224.159 rg3.com
62.75.224.159 rg4.com
62.75.224.159 rg5.com
62.75.224.159 rg6.com
62.75.224.159 rg7.com
62.75.224.159 rg8.com
62.75.224.159 www.m7z.net
62.75.224.159 m7z.net
62.75.224.159 jcontent.bns1.m7z.net
62.75.224.159 2004CMS.com
62.75.224.159 bns1.m7z.net
62.75.224.159 client.exeem.com
62.75.224.159 exeem.com
62.75.224.159 www.exeem.com
# eXeem Lite - http://www.exlite.pl/

EternalParadox

Retired Moderator

EternalParadox

.:Enigma Mod:.

Cancel

Looking at what you have in your host file, you probably got your spyware not from MT but from Exeem.

Unless you added all of these sites and are directing them to the same location...

I have no idea what bns1-9.com etc is, but by the looks of it, it's not something you want to visit. Any site that numerically increments its entries in your HOSTS file should be cause of suspicion and investigation.

Doing a little research on Exeem, it seems that it is a P2P full of ads like Kazaa, and we all know that such programs are the nesting grounds for spyware.

Anyways, you already have 127.0.0.1 localhost at the top. So add the other section to block ad servers anywhere below it.

EternalParadox
Previously the Forum, Vector Art, and Policy Moderator

  • May 17, 2006

Tama-Neko

Tama-Neko

Invisible

Cancel

Quote by EternalParadoxAnyways, you already have 127.0.0.1 localhost at the top. So add the other section to block ad servers anywhere below it.


In other words, change the 62.75.224.159 to 127.0.0.1
Aftwards I would lock the HOSTS file to prevent malware from hijacking it again.

Lunstar

Lunstar

Formatted...and learning

Cancel

Eh... can i noe if i will be fine after just deleting all the 62.75.224.159 stuff instead or just changing it to my own IP?

But i have never used Exeem nor heard of it, then how did it infect my system?...hmm...maybe some other source before that infect my com...

EternalParadox

Retired Moderator

EternalParadox

.:Enigma Mod:.

Cancel

Yea, I should have been more clear about the directions. Yes, what tama said. If you edit your HOSTS file, then lock it, you should be safe from most general spyware from those sites. The purpose of this HOSTS edit is to redirect all connection attempts to those adservers back to your PC. So long as your HOSTS file is not changed again or those server addresses change, these redirects will be in place.

Googling Exeem tells me that Exeem has ads from Cydoor, a know spyware pest, and all of the sites from your HOSTS file are edits made by Cydoor. Since you've never used Exeem, that means that you have had spyware on your system before this episode of seeming spyware from MT.

So edit your hosts file, lock it, then clean out you system, and then try browsing MT again to see what happens.

EternalParadox
Previously the Forum, Vector Art, and Policy Moderator

  • May 18, 2006

Lunstar

Lunstar

Formatted...and learning

Cancel

Can I know if my HOSTS file would be locked the moment i click the selection as stated by Tama-Neko or do I have to keep SpyBot running in order to lock my HOSTS file. If i have to, is there a way to minimize SpyBot to the system tray?

Tama-Neko

Tama-Neko

Invisible

Cancel

The link I provided is just a Google search to pages explaining how to lock your HOSTS file.

Cancel

My PC is clean. I suggest you to:

1. Change the browser: Use Mozilla Firefox or, if you really want security, Opera. I have both installed in my PC (Mozilla Firefox 1.5.0.3 and Opera 9 Beta), and I use both.

2. Know the sites you are going to: I browse Minitokyo site every day, with other 25 to 50 sites (more in the weekends). My PC never got any kind of malware from Minitokyo site. Always from download, hackers' and xxx sites.

3. Keep your PC protected with firewall and antivirus software: Mine are Windows Firewall and Norton AntiVirus 2004 Professional. Period. I never had the need to install an antispyware software.

4. Backup: I backup my files at least one time in a week. If a malware destroys my PC partition, all I have to do is to reinstall everything and restore the backup.

5. Get good Internet habit: Don't install Internet offered apps of any kind. Search bars, toolbars, ActiveX controls... You don't need to have it installed in your PC in order to browse good sites, except for Adobe/Macromedia Flash/Shockwave Players and Apple QuickTime (maybe).

6. Last but not least, P2P APPS ARE GREAT FOR GETTING ALL KIND OF MALWARES INTO YOUR PC.

Mene, mene, tekel, parsin

  • May 21, 2006

Lunstar

Lunstar

Formatted...and learning

Cancel

I locked my HOSTS file, cleaned my system and finally realized the cause of the Spyware. CPXInteractive keeps spreading the spyware into my system, because when I blocked CPXInteractive in my HOSTS file and ran two full system scans and my system was clean. Whereas when i unblocked it, the spyware Elitebar infected my com after just moments of browsing MT.

Basically, it shows that CPXInteractive spreads spyware and perhaps MT should consider dropping it as a provider to prevent it from spreading spyware.

page 1 of 1 21 total items

Back to Minitokyo Discussions | Active Threads | Forum Index

Only members can post replies, please register.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read more.