weird popup

[Pepster]

The blue banner will indeed open a browser that leads to http://www.safer-networking.org/ , or, if you use a skin, a URL that is defined inside the skin. The cursor should change to a hand to show you there's a link behind it.
Old skins may point to http://security.kolla.de/ , but from there you'll get forwarded to http://www.safer-networking.org/ as well. There are only three skins that point to this old address (Reloaded, Cactus, Matrix). I'll have to ask the Team member who should have created a skin page on our own website months ago why it isn't there yet (probably because there have been more important things).

The difference:
* The method - clicking the logo is different from an automated popup.
* The cloaking - according to Despise_Spyware, the page didn't appear in the history - what a click on the logo would do would be a simple open of the page without any hiding. Or maybe he didn't find it
* The URL - unless you use one of these old skins (which are not even available currently), a click on the logo wouldn't get you to that page.


Suggestions:
* Check if you use one of those three skins (Reloaded, Cactus, Matrix)
* If this regularly happens, try to avoid clicking the logo at all cost and see if it still happens

I use just the default skin, the popup occurred when I was updating. So I figure that it was probably a miss-click on my part that caused it to happen. Still it is odd.

[Pietje]

For me the same problem with the default skin. Clicked the logo accidentally.

This sudden strange behaviour also seems to do something else.......

It tries to add: "csx.adservs.com" into your trusted sites list....
Be aware.....

Has anybody already found out what's going on?

[PepiMK]

@Pietje: let me guess? Microsoft AntiSpyware is telling you that thing about the trusted sites? Then you're using a veeeery old version of that. That was indeed a false complaint by MS AntiSpyware - Microsoft didn't know the difference between "trusted" and "restricted" sites :D

To those who have the problem with the default skin even: are you long-time Spybot users, and always have installed over previous versions? I'm just trying to think if there was some very old version that had the default skin with a bad URL still shipped as a file instead of having it integrated. Or did you test some beta in the past maybe ('cause I've just checked 1.0, 1.1, 1.1.3, 1.1.4, 1.2, 1.3 and 1.4 and they didn't)?

[Pietje]

@ pepiMK: No, its the latest version of Webroot Spy sweeper that's warning me........ The warning pops up directly after launching Spybot.

I included a screencap:


Furthermore, I first installed Spybot approx 2 months ago and kept it up-to-date. No participation in any beta releases.

[Capndon]

I got the same thing here too. O yea this is my first time on this forum but i've been using S&D for years now. Really love the software.

I've seen that the link is taking me to that website too. No adwares, malwares viruses..............nothing. Tried online scans, ad-aware, Bazooka, A2-Online & Personal, Microsoft Antispyware, Bit Defender, Housecall Antivirus scan, MCafee Online Scan, Jotti Online Scan & Just about every other online scan I could find & my system is clean. So I guess its the update to the skin at your end then


No website additions or no popups no nothing here. Clean & tidy desktop

-Regs
Capndon

[james_152]

on a clean-install - just booted up and only just plugged in to download updates for 2 minutes -
I have installed: Clamwin 0.88, MS AntiSpyware 1.0.701, and then I installed spybot 1.4, and poof - got that 'popup'...
Its funny, usually I install clamwin, spybotSD, then MS AntiSpyware, and I've never had a popup... but this time, I install MS BS first before SpyBotSD and get the popup?...

just thought I would share

[Pietje]

Interesting james_152........

However, the installation order does not seem to matter in my case.
In my case MS BS has been installed after installation of SpybotSD.

Anyway, It's not old.... it's new, the "problem" or whatever we are talking about....

[Despise_Spyware]

only started happening to me since january

[Pietje]

And it still happens..... but every time with another domain (see screencap)



Every time I start Spybot. :-(
No other program has this problem on my machine at this time.
Rootkitrevealer draws blanks, as does PC-cillin, Webroot spysweeper, Spybot, etc.

What's going on ? Any ideas?

[md usa spybot fan]

Pietje:

The site uvu-channel.com is added to the restricted zone by Spybot during immunization by adding the following Registry entry.

Code:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\uvu-channel.com]
*=dword:00000004

I don’t quite understand how Spy Sweeper:

1. Can misinterpret this entry as a possible threat.
   --- and ---
2. Why this pup-up is received "Every time I start Spybot." since that registry entry is only added when you "Immunize" within Spybot (SpybotSD.exe).

I suggest that you contact Webroot and report it as a false positive.

Incidentally Spybot also includes the following two HOSTS file entries in the "Advanced mode" "Hosts file" feature of Spybot) to prevent access to uvu-channel.com related sites:

• 127.0.0.1 www.uvu-channel.com
• 127.0.0.1 uvu-channel.com