Full Disclosure mailing list archives
Careless User = New Popup Issue
From: "James Patterson Wicks" <pwicks () oxygen com>
Date: Thu, 16 Sep 2004 18:52:49 -0400
One of our users went to a vacation web site and decided to download a "new" video viewer to look at the beach. She immediately started getting pop-up ads. The user knew that this download caused the issue, but she did not tell the help desk about it for two weeks. The user has a Windows XP Pro system using IE 6.0.2. When the popup became unbearable, the help desk was eventually called. The help desk team did the usual stuff to try to eliminate the popups: - Made sure all of the latest patches were installed (Service Pack 2 has not been approved for the enterprise yet, so it was the only patch not installed). - Ran anti-virus scan with latest definitions - Ran Ad-Aware and Spybot - Cleaned out the object in IE - Removed all strange entries in the RUN folder of the registry - Ran MSCONFIG and removed unknown entries from the Startup folder - Looked in task manager and identified all running applications - Looked through the history to find the site but the history had been erased by the user Everything looked clean, but the popups kept coming. I was called in since the senior desktop support dude was out sick. I noticed that there was a brief period between browser activation and when the popup appeared. I looked at the network connections and noticed connections to 'akamaitechnologies.com'. Tried to look up 'akamaitechnologies.com' and encountered the message " IP Address 216.21.228.13 - Maximum Daily connection limit reached. Lookup refused." I created a host entry to send 'akamaitechnologies.com' traffic to 127.0.0.1 and it stopped the popups. That seemed strange since creating the same sort of records for companies like 'adclick.com' usually results in a popup with a "Cannot find server or DNS Error" message in the popup window. I finished the host entry around 5:00, so I typed up a report and sent it to senior desktop dude to finish up in the morning. I recommended that he remove the host entry and run a Regmon and Filemon to find the application(s) creating the popups. Has anyone encountered this type of problem? Don't know if it's new, but I have never encountered it before. I understand that since the user voluntarily installed the application, finding the exact application might be a tedious process. Thanks in advance. - JPW This e-mail is the property of Oxygen Media, LLC. It is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential, or otherwise protected from disclosure. Distribution or copying of this e-mail or the information contained herein by anyone other than the intended recipient is prohibited. If you have received this e-mail in error, please immediately notify us by sending an e-mail to postmaster () oxygen com and destroy all electronic and paper copies of this e-mail. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Careless User = New Popup Issue James Patterson Wicks (Sep 16)
- Re: Careless User = New Popup Issue James Tucker (Sep 16)