Is Wincustomize supported by spyware?

To the best of my knowledge as a WC user myself no spyware comes from WC. It is spyware free. Maybe you got that from another site?

Do you remember the page where you were when you recieve this message?

There is probably somesort of problem with Add Server ... !!!

I asure you that this IS a server glitch ... WC was, is, and will never be supported by SPYWARE ... !!!!

To the best of my knowledge as a WC user myself no spyware comes from WC. It is spyware free. Maybe you got that from another site?

It's from WC! I know this, because the same thing happens at the office, where the computers are 100% spyware-free and the only site i saw these popups is WC.

Do you remember the page where you were when you recieve this message? There is probably somesort of problem with Add Server ... !!!

It came up when i visited the homepage.

I asure you that this IS a server glitch ... WC was, is, and will never be supported by SPYWARE ... !!!!

Well, ok! Glad to see that it isn't the intention of WC to cooperate with that kind of garbage! I'd appreciate it that WC looks in to this and post the results here.

Popup advertising, banners and the like as found on websites, etc. are not individually proscribed but are a product of out-sourcing...where an advertising 'provider' may inadvertently have a 'less than desirable' advertisement linked/associated to a website who would rather NOT have such an association.

This can even be a simple lack of awareness on the part of the 'provider' as to what exactly is the nature of the advertisement or its owner.

If you can quote specifics...eg. site page links, advertised product detail info, etc.....it can be looked into.

On a side note....a Wincustomize.com subscription is the ideal ticket to avoid any and ALL extraneous advertising....a bit of a win-win situation, really...

I tried to post a message on this very subject yesterday but it appears to have disappeared in to the ether.

Not to worry because in a perverse way I feel better that someone else is thinking that spyware is originating from the WinCustomize site.

In my case the spyware is WinFixer which purports to do the same thing as ErrorSafe.

I am a industry accredited professional software tester currently working in an area that requires high level security so I do know a thing or two about the matter and coupled with working in computers for 33 years means I am not new to this game.

Take my word for it the spyware is orginating from WinCustomize and nowhere else. I have backups that can prove the point so if anyone wishes to dispute my assertion they are welcome to visit me here in England and see for themselves. I've just finished cleaning this PC and backed it up ready to test my assertions for the fourth time in as many days.

Simple summary of what is happening:-

1. Visit as may websites of all sorts of persuasion as I want as long as its not WinCustomize. This PC is battle hardened against untrusted websites and unfortunately I have been bitten by an intruder from a trusted site of many years - WinCustomize.

2. Move around the WinCustomize website to my heart's content as long as I don't click on a link in the Gallery frame on the left of the screen. For instance I'm in the forums pages to submit this comment and thus far no grief.

3. Go back to the home page and click on a gallery link. At which point all hell breaks loose. The Web browser window switches to appear like a warning messagebox advertising the virtue of WinFixer. I am now infected. Clicking anywhere in the "messagebox" takes you to the WinFixer website where you get fleeced for something you definitely don't want.

4. A restore of a clean image pre-infection restores sanity but as of now WinCustomize is on my untrusted list until such times as someone can prove me wrong on this PC.

As I say above I am a professional software tester so I like think I know what I'm saying is based on professional investigation of the circumstances before making a pronouncement. I could be wrong and anyone is entitled to say so but my response would be show me, not tell me. If this WinFixer is coming from somewhere other than WinCustomize and is resident on this PC as I write then the creator of it deserves a gold medal because I've got defences like you wouldn't believe against the nasty things coming in from the Internet but like anyone else I'm vulnerable to those I trust.

Here's hoping this message appears where it should.

David John Bird

P.S. If you don't hear from me for a couple of days its because I'm still trying to prove that its not WinCustomize.

WC can not control what the ad provider shows. It is the ad provider which is randomly sending the popups to WC.

I’m not as experienced as Mr. Bird but I can tell you all that you should set your cookies to be approved before they're installed. I have come to discover that even if I go to a new site and except their cookie I get a few pop ups asking about others that have nothing to do with the site and they are surly rogue sites trying to mine data they just don't need or add companies looking for new victims. Yes, it can be a pain to have to approve each and every cookie but Adaware rarely finds anything to remove!

---

I use Firefox mostly but internet explorer still deals with cookies.

Open IE and go to... Tools > internet options and select the privacy tab.

Under settings select the advanced button. This opens the advanced privacy settings dialog window. Check the box for, Override automatic cookie handling. then set both first and third party cookie handling to prompt.
the allow session cookies should remain unchecked.

Read every pop up about new cookies to make sure they are from the site you’re going to. If not then don't except them! And make sure you check the box to remember how to deal with the cookie in question or you'll keep getting the pop up window!

I use the top three recommended spyware scanners/blockers. None of the three provide me with any results incriminating WC. There are more than just a few anti spyware programs that say they work, and do not. Here is a nice bit of reading: http://www.spywarewarrior.com/rogue_anti-spyware.htm

I have tested some of these programs myself, comparing scan results. It's good reading, and enlightening, no matter what experience you have in security...

As for the ads you speak of, ad blocker/pop-up blocker that is built into SP2 works well enough that I do not see whatever it is you see, navigating ANYWHERE in WC territories. You might take Nicked Blade's advice on cookie handling also.

 David Bird ...when Advertising is out-sourced, that means not written by or for the site itself its content has the POTENTIAL to be uncertain.  From time to time something undesirable 'may' be advertised,is unfortunate, but, as you are aware [as an IT Pro] proper 'safe-surfing' means you should be wary of any links to advertising for that very reason.

This spyware is NOT on Wincustomize.com but if accessed VIA here was through an offsite link.  I'm here virtually 24/7....and not always 'logged in' but have yet to be beset by any nasties, so the Jury must be considered to be 'out' on the veracity of your 'defences' and yes, you also 'could be wrong'.

The Step #1 in your 4 steps could even be where it all went wrong for you....."Visit as many sites...".  Drive-bys and browser Hijacks can be had by just 'visiting'....even without 'clicking'.

Go back to the home page and click on a gallery link. At which point all hell breaks loose. The Web browser window switches to appear like a warning messagebox advertising the virtue of WinFixer. I am now infected.

 

That's usually an indicator you were already infected....

Anyway....when they are onboard [office hours], I'm certain T-Man and his crew will investigate and determine the reality of it all...

I saw the same kind of thing on another computer. A friend's computer had MSN Search set as the start page, but the links underneath all pointed to things like breast enlargement, vicoden, viagra, online gambling, etc. When he did a search, the search would tag in items like the one in the links. No other site seemed to be effected. I didn't see what it was called specifically because we just bulldozed the system. No point in spending hours fishing off spyware when you can have a fresh install in less time.

People don't understand that browser extensions and spyware can play man-in-the-middle and cause lots of different problems. Another friend of the family swore that Ebay was putting porn popups on their site. It ended up being yet another such app, and his current spyware definitions didn't pick it up because said spyware had infiltrated the exculsion list on his protection.

Ok then 12 hours later and after much messing about with making and restoring disk partition images sacrificed to exposure to the problem I think I have a solution and also the cause.

I'll start with the cause.

The WinCustomize website is not the cause but the trigger. The cause is a rogue Firefox extension that does nothing as long as I visit websites other than WinCustomize. On accessing the WinCustomize website as described in my previous post the WinFixer debacle begins. Interestingly enough I set a watch on this thread and this morning got an email notification of additions to it. The email contained a link to the WinCustomize website and clicking the link also engaged WinFixer. This action identified the conduit as Firefox because it is set as my default web browser and has been since version 0.2 and now we're up to version 1.5 although the problems surface with version 1.0.7.

The solution:-

1. Totally obliterate Firefox including all extensions from the PC and test with Internet Explorer. The result was no WinFixer problems with the WinCustomize website.

2. Install Firefox version 1.5 with no added extensions. Thus far no WinFixer problems with the WinCustomize website.

3. What I will do is add extensions 1 at a time to figure out the rogue although I already have my suspicions based on the fact that Firefox adds extensions to the bottom of its list rather than order them alphabetically by name. I will also move the discussion over to the Firefox forums but will keep you posted in this thread. If anyone here wants to check out my latest findings the list of Firefox extensions to experiment with is - LiveLines, Bloglines Toolkit, Spoofstick, TabBrowser Preferences, netcrafttoolbar, AdBlock, CookieButton, Google Toolbar for Firefox, Fasterfox, Clipmarks, Tab X, IE Tab. It is not my fault or that of anyone associated with WinCustomize if you acquire WinFixer as a result of emulating my situation.

That's it for now but I will watch this thread to see if anyone else confirms or disputes my findings. I'm not infallible and being proven wrong can improve me as much as being proven right.

As of now WinCustomize is now back on my trusted list. What is on my blacklist for now are Firefox extensions even if they do come from the secure Mozilla addons website.

Fasterfox

i use most of the extension that you do, but have never had a problem with spyware from wincustomize...

i would hazard a guess that fasterfox is the problem, as it caches all links on a page you are visiting, so that if you click on a link firefox will get there 'faster', so it may have already accessed the spyware site without you realising it...it is also not very nice for small companies that have to pay for their website's bandwidth as it can actually hurt the site you're viewing by sucking down boatloads of extra bandwidth and causing more load on the server...you don't get anything for free

Thanks for the info.

Fasterfox goes on the "Suspicious" list until I can prove it one way or another.

Just out of curiosity, have you googled WinFixer? Heres a link of interest. http://research.sunbelt-software.com/threat_display.cfm?name=misc.winsoftware.winfixer&threatid=40196

My father has been trying to remove it for awhile. I rather suspect he got infected with another program he downloaded, and I suspect this is the case with David Bird as well. WinCustomize never has, and never will support spyware, trojans, malware, or information profiteering. I would suggest you review your installations over the last while to determine what program WinFixer may have piggy-backed in with. I wish you the best of luck removing it... I tried for 2 hours and only managed to make a small dent in it. Distractions and time contraints probably led to my failure, but I still consider this to be a fairly strong-will program.

Based on the perveyance of ads on the site, the little word filters that promote ad links, the fact that more than a few images/links are blocked by anti-spyware apps (CounterSpy/Spy Sweeper active at this posting), and, and this one is the one that disappoints me in Wincustomize, the fact that certain links on Wincustomize cause my antispyware to report blocks against 'gator.com' forwarding/rerouting, I have to believe that the site has a sommewhat dubious 'alter-ego'.

Just commenting on what I am seeing, not making an accusation. Less than professional presentation, imo, especially for a site that promotes aesthetic modification/improvement/customization. I know that sites can make their money off ads, but some degree of discretion would be nice.

This was my first visit to Wincustomize in quite some time, and I do not recall it having this sort 'ad whore' appearance before. What happened when I blinked?