Here at the Internet Patrol we’ve been getting complaints of “Classmates.com email trying to take over my computer” and “I clicked a link in a Classmates .com email and my computer froze”… or “..and my computer told me I had a virus.”
All of this is because Classmates.com has fallen prey to spyware called XPOnlineScanner (XP Online Scanner). XPOnlineScanner claims to be an XP antivirus software, but is really spyware, and Classmates.com currently has some advertising banners which have become infected such that if someone visits a page with one of the infected banners, the infected banner advertisements on Classmates.com act as a conduit for XPOnlineScanner to download itself on to your Windows PC.
Here’s an example of what you will see on your PC if it becomes infected, in addition to your computer possibly freezing up:
So what to do?
First, as always, make sure that you are running an anti-virus program, and that it’s up-to-date.
Second, avoid Classmates.com until you have reason to believe that they have gotten rid of all of the infected advertising.
*Update! We were contacted by a representative of Classmates.com, who advised us that:
“Protecting our members is a top priority at Classmates. In the case of the XPOnlineScanner, on March 24, 2008 we became aware of potential abnormalities from an ad banner running on our site. Our Quality Assurance team investigated and the ad was suspended within an hour. Classmates Connections emails to members do not include any ads and did not take over any computers.
Read Internet Patrol Articles Right in Your Inbox as Soon as They are Published! Only $1 a Month!
Imagine being able to read full articles right in your email, or on your phone, without ever having to click through to the website unless you want to! Just $1 a month and you can cancel at any time!
Or get notified of new Internet Patrol articles for free!
[Ed. note: The XPOnlineScanner problem occurred when members clicked links in the email, and so were taken to pages at the Classmates site which were displaying the infected banner ads.]
After the March instance we refined our system that puts all of our flash ads through a tool that screens for potential security hacks. In the May instance, the ad received was coded differently. In both instances there were not any issues with email links, but rather bad ads which were identified and pulled from our site. Their respective characteristics were added to our screening systems, which are continually updated to reflect the latest known malware, so it can be identified and stopped before given a chance to run.
Our Member Care department worked with members who may have clicked the abnormal ad during the short time it was running to help them resolve their issues. Our team put additional Quality Assurance procedures in place as part of ongoing improvements we make to protect against the latest malware on the Internet.
We appreciate The Internet Patrol helping Classmates update people about how the situation was quickly resolved.”
Third, if you do find that your computer is exhibiting these symptoms, run your anti-virus program, and if that doesn’t work, you can manually remove all of it’s components by deleting the following files from your hard drive:
XPAntivirus on the Web.lnk
You will also need to remove this from your Windows registry:
No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free? Thank you!
|Get notified of new Internet Patrol articles!