Classmates.com Links Infected with Spyware from XPOnlineScanner.com 5/29/2008 - 2,487 views, 1 Comment
|
Previous Article « New Windows IE7 Cross-Scripting Problem Discovered
Read Next Article » Social Networking Site Bans Anyone Over 36 as “Likely Sex Offenders”
Here at the Internet Patrol we’ve been getting complaints of “Classmates.com email trying to take over my computer” and “I clicked a link in a Classmates .com email and my computer froze”… or “..and my computer told me I had a virus.” All of this is because Classmates.com has fallen prey to spyware called XPOnlineScanner (XP Online Scanner). XPOnlineScanner claims to be an XP antivirus software, but is really spyware, and Classmates.com currently has some advertising banners which have become infected such that if someone visits a page with one of the infected banners, the infected banner advertisements on Classmates.com act as a conduit for XPOnlineScanner to download itself on to your Windows PC. Here’s an example of what you will see on your PC if it becomes infected, in addition to your computer possibly freezing up: So what to do? First, as always, make sure that you are running an anti-virus program, and that it’s up-to-date. Second, avoid Classmates.com until you have reason to believe that they have gotten rid of all of the infected advertising. *Update! We were contacted by a representative of Classmates.com, who advised us that:
“Protecting our members is a top priority at Classmates. In the case of the XPOnlineScanner, on March 24, 2008 we became aware of potential abnormalities from an ad banner running on our site. Our Quality Assurance team investigated and the ad was suspended within an hour. Classmates Connections emails to members do not include any ads and did not take over any computers.
[Ed. note: The XPOnlineScanner problem occurred when members clicked links in the email, and so were taken to pages at the Classmates site which were displaying the infected banner ads.]
After the March instance we refined our system that puts all of our flash ads through a tool that screens for potential security hacks. In the May instance, the ad received was coded differently. In both instances there were not any issues with email links, but rather bad ads which were identified and pulled from our site. Their respective characteristics were added to our screening systems, which are continually updated to reflect the latest known malware, so it can be identified and stopped before given a chance to run. Our Member Care department worked with members who may have clicked the abnormal ad during the short time it was running to help them resolve their issues. Our team put additional Quality Assurance procedures in place as part of ongoing improvements we make to protect against the latest malware on the Internet. We appreciate The Internet Patrol helping Classmates update people about how the situation was quickly resolved.” Third, if you do find that your computer is exhibiting these symptoms, run your anti-virus program, and if that doesn’t work, you can manually remove all of it’s components by deleting the following files from your hard drive: xpa.exe You will also need to remove this from your Windows registry: HKEY_USERS\Software\XP antivirus
xpa2008.exe
XPAntivirus.exe
XPAntivirusUpdate.exe
Uninstall XPAntivirus.lnk
XPAntivirus on the Web.lnk
XPAntivirus.lnk
XPOnlinescanner.com.lnk
Uninstall XPOnlinescanner.com.lnk
XPAntivirus.url
shlwapi.dll
wininet.dll
XP antivirus
|
|
Email the link for this page to a friend! |
Read more:
» MySpace Ads Infect Millions with Spyware
» Play Along with Aunty! Do Cookies Count As Spyware?
» Critical Update! Free Tool to Remove the CoolWebSearch Trojan Keylogger!
For additional similar stories check out our archives on Spyware & Adware, Virus & AntiVirus
According to my research shlwapi.dll and wininet.dll are legitimate Windows files. It might be a good idea not to remove them.
AG
Comment by AG — 5/30/2008 @ 9:06 am