every time I start up spybot SD, an internet explorer page pops up that leads to this strange website in german. The website is labeled "Patrick Kolla's Website"
I was wondering if this was normal or if there is something wrong...
weird popup
every time I start up spybot SD, an internet explorer page pops up that leads to this strange website in german. The website is labeled "Patrick Kolla's Website"
I was wondering if this was normal or if there is something wrong...
Hello,
from which site did you get your version of Spybot-S&D?
Also please tell us the exact url of this site.
I got my version of spybot from download.com..which I think was a legit site
also..spybot worked fine for a while..now it doesn't
it's version 1.4
unfortunately..I don't know the exactly name of the website..I didn't really check..and the website doesn't appear on my history list..I dunno why
I can describe the website though..it's a green website..with the spybot logo on it and on the side is a picture of a man's face
the entire webpage is in german. on the top it says "patrick kolla's website"
this used to only happen on one of my computers, but now it's happening on both
okay..I finally got the url of the website
http://patrick.kolla.de/spybotsd.html
That's really weird :(
* patrick.kolla.de is my private webseite.
* that logo is my private logo, not the spybot one
* this thing is probably at least a few weeks old - I do not have any Spybot-S&D related page on my website any more. The page you saw was a standard "404" (page not found) error page. I've now replaced it with a page telling people that there's something wrong.
* why would I put a popup to my private site into Spybot? That would be useless - it's even in German so most people wouldn't be able to read anything!
My suspicion:
Some malware is showing those popups when Spybot-S&D is running. This should make people believe that the popup was coming from Spybot-S&D, thus causing them to uninstall Spybot-S&D (to get rid of the popup), so that this malware can run free without being removed by us.
My suggestion:
Find that piece of malware. Either here (e.g. by posting a RunAlyzer or HJT log), or if you don't trust us, at some other respectable place. But in any way, please keep us up to date!
Just remember, love is life, and hate is living death.
Treat your life for what it's worth, and live for every breath
(Black Sabbath: A National Acrobat)
well I ran spybot and it found a bunch of tracking cookies and things like that...
after deleting those tracking cookies, the website hasn't popped up...yet
however, it was happening on both of my computers, and it hasn't stopped on the other computer
I'll scan the other comp with HJT soon as possible...
Same thing here on Windows NT
I have the same thing. Using Windows NT 4 SP6. Firefox 1.5. The Spybot application was installed when the latest version was released. Only saw it start firefox once. I attached a hijackthis log if that will help.
i just got this error too..
fresh winxp install on a machine, avg, then windows rego, then mobo drivers, then ad-aware and spybot, all off the same disc ive been using for the last 2 months or so... first time ive seen it..
Thanks for the HJT log! It shows C:\CodeRed\CodeRed.exe as a running process. Now I'm not sure which CodeRed this is (that's probably why I prefer RunAlyzer logs - they may be longer if you do not hide the legit entries - but their checksums help *g*)... but the popular meaning of CodeRed is a trojan!
Do you know this file, is this something you intentionally installed?
If you don't know it, it would be nice to mail it to detections@spybot.info . Choose "patrick.kolla.de/spybotsd.html" or something like that as the subject so we'll be able to pick it out asap. There's also a CodeRed removal tool by Symantec (we don't like those guys, but it was the first removal tool I found :D ).
By the way, did you say it started Firefox for that popup even? Hmmm. I've checked my code. http://patrick.kolla.de/spybotsd.html hasn't been used as a link for Spybot-S&D since eonsIf you intentionally click on my logo, it'll show the main page - but you may have noticed my logo is quite hidden, so you'll never click it by accident.
@Despise_Spyware & bigmoe: please check if you've got the probable CodeRed trojan as well! Just look on the Processes tab of the Windows Taskmanager for a CodeRed.exe.
Just remember, love is life, and hate is living death.
Treat your life for what it's worth, and live for every breath
(Black Sabbath: A National Acrobat)
After getting this mysterious popup and not finding CodeRed.exe in my running processes.
I noted this popup also occurs when the blue banner/link shown on the initial screen of spybot version 1.4 is clicked, is this intentional? or a simple cause for this mysterious popup?
Posting Permissions
Reply With Quote