How does z1.adserver.com popup get past Spybot, AdAware, & Firefox?

How does z1.adserver.com get past the spyware blockers?

Pop-up ads virtually disappeared on my WinXP SP2 box by running

- Ad-Aware SE Personal build 1.05

- Microsoft AntiSpyware beta 1.0.501

- SpyBot Search & Destroy 1.3

- Spyware Blaster 3.2

- Sygate Personal Firewall 5.5

- Firefox 1.0.4 (set to block all popups with no exceptions)

Every program above set to block all popups possible with no exceptions. But z1.adserver.com still gets through somehow.

Does this pop-up use something tricky the antispyware folks can't catch?

Reply to
octanicus
Loading thread data ...

It's not free, but Spysweeper (Webroot) has found adware that was missed on my machine by both Ad-Aware and Spybot S&D. Also, it checks both the registry, as well as cookie files.

Jack

Reply to
sandweiss

snipped-for-privacy@yahoo.com wrote in news:1116180292.496189.52190 @g14g2000cwa.googlegroups.com:

If the programs above don't stop this z1.adserver then maybe there is a virus on your system which is popping up the web site.

Or it could be that the adserver uses port 80, which is impossible to block because your web pages have to come up.

Lastly, it might be that one of the programs you use above as an antispyware is actually spyware! For example, I never heard of Spyware Blaster. Are you sure that's not spyware in disguise? I'd suggest deleting it and installing something like Intermix (

formatting link
).

The IntermixMedia antispyware works reasonably well but spyware still gets through (it always will).

Also, you didn't mention if you updated your spyware definitions files? Are they all up to date? Maybe it's as simple as the adserver is a new game in town.

Reply to
T. B. W.

SpywareBlaster's at v3.4 now.

Reply to
AvianFlux

It's an Active-X installation blocker. It is based on the premise that spyware gets in by allowing the intallation of malicious Active-X controls in a data base hey provide.

Reply to
Mungo

Put it in your HOSTS file:

127.0.0.1 z1.adserver.com

formatting link

Reply to
Beauregard T. Shagnasty

I've noticed this, too. I use TinyPic a lot to host photos, and every time I hit their main page , they somehow manage to slip in a pop-up ad even thouh I have them turned off in Firefox. I don't think it's spyware or a virus on my machine - I think they've found some kind of loophole and are ruthlessly exploiting it.

Reply to
Scott en Aztlán

Try adblock (an extension for firefox) -Dave

Reply to
Dave

From:

| How does z1.adserver.com get past the spyware blockers? | | Pop-up ads virtually disappeared on my WinXP SP2 box by running | - Ad-Aware SE Personal build 1.05 | - Microsoft AntiSpyware beta 1.0.501 | - SpyBot Search & Destroy 1.3 | - Spyware Blaster 3.2 | - Sygate Personal Firewall 5.5 | - Firefox 1.0.4 (set to block all popups with no exceptions) | | Every program above set to block all popups possible with no | exceptions. | But z1.adserver.com still gets through somehow. | | Does this pop-up use something tricky the antispyware folks can't catch?

Dump the contents of the IE Temporary Internet Folder cache (TIF) Start --> Settings --> Control Panel --> Internet Options --> Delete Files

Dump the contents of the Mozilla FireFox Cache { if you use FireFox } Tools --> Options --> Privacy --> Cache --> Clear

Download CLEAN.EXE from the URL --

formatting link
It is a self-extracting ZIP file that contains the Kixtart Script Interpreter {
formatting link
Kixtart is CareWare } three batch files, two Kixtart scripts, two Link (.lnk) files and a PDF instruction file.

GETFILES.BAT -- For downloading (FTP) the files needed to run the McAfee Command Line Scanner. If you are using Windows XP, you may have to disable the Windows XP FireWall to allow the FTP utility to download the needed files

CLEAN.BAT -- For running within Windows after running c:\\mcafee\\GetFiles.BAT. If you choose to scan again at a future date, run this batch file. It will automatically check the date of the McAfee DAT files and if it is a couple of days old, it will download (FTP) the latest signature files and install them before performing the scan.

DOSCLEAN.BAT -- For use on a Win9x/ME PC or on a Win2K/WinXP PC that is using FAT32 after you have booted from an Emergency Boot Disk or DOS disk and have already executed; c:\\mcafee\\GetFiles.BAT from within Windows. DOS disk boot images can be obtained from;

formatting link
I need you to perform the following...

Execute; CLEAN.EXE Choose; Unzip Choose; Close

Execute; c:\\mcafee\\GetFiles.BAT { or Double-click on 'GetFiles Link' in c:\\mcafee }

Reboot the PC into Safe Mode [F8 key during boot]

Shutdown as many applications as possible ! It would also help for you to read - "How to perform a clean boot in Windows XP"

formatting link
Execute; c:\\mcafee\\CLEAN.BAT { or Double-click on 'Clean Link' in c:\\mcafee }

A final report in HTML format called C:\\mcafee\\ScanReport.HTML will be generated. At the end of the scan, it will be displayed in your browser (Opera, FireFox or Internet Explorer). It is suggested that you move the report out of c:\\mcafee before performing another scan. It would be a good idea to scan in Safe Mode and in Normal Mode and save a copy of the HTML report for each session.

Reply to
David H. Lipman

These nice people have used several techniques. One is direct popup, another is using macromedia flash (.swf) with a popup, etc. Last I heard they set a cookie so they knew what they last served up to your PC.

They also try to stay below the radar by not flooding you with popups. Their script files are embedded in the web pages you are viewing, and they are considered as "legitimate" as any of the other mainsleeze advertising pimps.

Spyware? I don't think so. Annoying? Yea verily.

Kill them by setting them to 127.0.0.1 (or 0.0.0.0) in your hosts file (or name server if you have one) and they will vanish. Well, until they change their name to something besides adserver.com.

I have 4892 (as of today) entries which resolve to 127.0.0.1 in our name server, some mainsleeze and some just pernicious sleeze. And we still see new popups from time to time.

Reply to
Mungo

I'm still downloading the suggestions and trying stuff.

One thing I've done is created a WinXP C:\\WINDOWS\\SYSTEM32\\DRIVERS\\ETC\\HOSTS file with the thousands of entries from the combination of files from pgl.yoyo.org, home.rochester.rr.com, and

formatting link

As a quick experiment before heading off to bed, I went to the tinypic page you mentioned. Guess what. No pop ups (using Firefox 1.0.4) with that hosts file. I did update my Spyware Blaster and Spybot programs also though, so I'm not sure what prevented any popups from that site.

Heaven forbid I ask this question ... but are there "test" sites for testing if my pop-up stoppers are working properly? (Or, should I just update everything as noted in the replies above and wait to see if pop ups still occur)?

Reply to
octanicus

Try

formatting link
Note that Flash can open popups in Firefox.
formatting link

Reply to
Tim Messer

This is fantastic! At first I got popups galore from this site. Then I read this discussion and installed everything including adding hundreds of lines to my C:\\WINDOWS\\SYSTEM32\\DRIVERS\\ETC\\HOSTS dns loopback file based

formatting link
formatting link
formatting link
formatting link
Now I don't get a single popup from
formatting link
Yahoo!

Reply to
Susan Sifton

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.