Spyware?

Discussion in 'other security issues & news' started by Col Colt, Jan 8, 2005.

Thread Status:
Not open for further replies.
  1. Col Colt

    Col Colt Registered Member

    Joined:
    Jan 8, 2005
    Posts:
    23
    I subscribe to a service that sends a Newsletter sometimes twice a week. This particular service is a well known and reputable place and the occurances that have taken place recently have put that trust in jeopardy. For the last couple of months, each time I would click on a link in the newsletter, which was suppose to take you to another area of that same company, instead-I never could get there because of a box that would pop up telling me that the connection failed. The place was server-us.imrworldwide.com...this particular URL is on the hosts files list as a nasty and also AdAware has it listed as well. And, I believe Spybot has it as well. Could this in anyway be a false positive or has this company changed it's tactics and now is trying to track my surfing habits, etc?

    BTW-I use to be able to navigate that Newsletter with no problem and it wouldn't take me to the above. I switched to Firefox not long ago and I thought perhaps that was the problem but, I found out when I went back to IE, I got the same thing.
     
    Last edited: Jan 8, 2005
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,722
    Location:
    Texas
    Did you contact the newsletter provider?
     
  3. Col Colt

    Col Colt Registered Member

    Joined:
    Jan 8, 2005
    Posts:
    23
    As a matter of fact I did and I was told (even though i sent it to Customrer Services) that it would be sent to Tech Support. I emailed them twice with a screenshot of what the box looked like each time I would try to gain access to a link and I never got a reply?? Think that should tell me something. The box basically said the connection was refused when attempting to contact server-us.imrworldwide.com. I don't know where the alert came from as it didn't say Spybot, AdAware, Spy Sweeper or anything else. I did a Google search on this place and it seems "Red Sheriff" is bundled with it. That's not good. Anyway, here's the actual URL that comes up whenever I click a link in the newsletter....what do you think? Use to when I clicked on a link it would just go to http//:www.gaithernet.com. Not anymore.

    <removed>/cgi-bin/b?cg=gaither_emai...et.com/help/faqAnswer.php3?faqID=111&catID=11
     
    Last edited by a moderator: Jan 8, 2005
  4. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    I would be willing to bet that it has something to do with their advertisers. You never know when an advertiser is going to get a bad client that might pull something. It will probably take them a little while to track down the problem/offender and get it resolved. It's been my experience that when you don't get a response it's because they're busy working on it. Sometimes they remember to get back to you about it, sometimes they don't.

    I wish that more companies would remember to take the time to give a quick reply saying "we're looking into it", but they're only human after all.. alarming news can distract the best of us :)

    In the meantime you might check out Proxomitron with Kye-Us filters, that will remove most ads and malicious javascripts.
     
  5. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,722
    Location:
    Texas
    The link is highly modified. If they don't fix it, speaking for myself, I would drop the site.
     
  6. Col Colt

    Col Colt Registered Member

    Joined:
    Jan 8, 2005
    Posts:
    23
    I really think I've given them ample opportunity to at least say they're sorry but are looking into it. This subscription cost me $65/yr and of course, the Newsletter is part of it. I sort of gave them an ultamatum to contact me or I ws going to pull my membership, stop buying their videos, CD's and cancel all my upcoming concert attendance, etc. Still, no reply.

    It seems I've seen something somewhere that Proxomitron has went belly up...I'll find out.

    Yes, I am considering that. I hate to because I've enjoyed them for the past six years. Don't know what's happened.
     
  7. Col Colt

    Col Colt Registered Member

    Joined:
    Jan 8, 2005
    Posts:
    23
  8. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,722
    Location:
    Texas
  9. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    Yes, Proxomitron is no longer under development, but it's still one of the best out there. There is still support from the user community, who also still make filters (such as Kye-Us filters, which are all security related, and not available in any other filter.)

    Proximodo is an open-source take off, but it's still in the alpha stage (early development.) It does look very promising, however, and I can't wait for it to hit at least beta :)
    http://sourceforge.net/projects/proximodo/
     
  10. Col Colt

    Col Colt Registered Member

    Joined:
    Jan 8, 2005
    Posts:
    23
    Well-that's good...never tried it but I'm always open to something different. I guess I'm another one of those software junkies. I like my toys. So, the bottom line of this problem is that imrworldwide.com is spyware? From all indications it is but, I just can't figure how or why they've resorted to it. Strangely enough, I can access those links at work but, not at home. Of course, I'm a bit overgunned with protection at home. Probably much more that whatever they have at work and that may be the reason for the refusal to connect here. I don't know if they use hosts files at work or not. The only thing I know is that they use Trend Micro and that's about it. At first I thought my browser had been hijacked but, Mozilla/Firefox doesn't use Active X so, I had to figure out another reason. for being directed to where I hadn't heard of before. o_O
     
  11. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,722
    Location:
    Texas
    It's an odd link. Because the site is on the upside of things so to speak, I would continue to try and find out where the problem is located.
     
  12. Col Colt

    Col Colt Registered Member

    Joined:
    Jan 8, 2005
    Posts:
    23
    ronjor...belileve me I have-to no avail. I'm still puzzled at their lack of response as to why this is happening. Maybe they know and just decided to ignore me thinking most folks won't find what I did anyway. A good majority of people won't have anything more than, perhaps a firewall (if that) and an anit virus program. I just wish I knew what/who brought that box up. Right clicking on it brings up nothing. Oh, well-in the words of Scarlet O'Hara, I think "I'll worry about that tomorrow."

    Thanks guys, for your time on this. Maybe we'll come up with something as to where it's coming from. I sure don't know...yet.
     
  13. nadirah

    nadirah Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    3,647
    Excuse me, that server-us.imrworldwide thing, I know that site, its a spyware advertising site. I've seen many of its ads, and I've got that site blocked in my firefox adblock filter. Just tell me, why did you join that newsletter? Didn't you read their site very carefully? I guess you're now another victim of spyware. You're just one of those computer users who just click on anything they see on the internet without thinking of the consequences.
    Regarding your question about whether that company has changed their tactics and is now trying to track you, my answer to you is YES. Its very obvious.
    The dialog box that comes out is telling you that the connection failed because the website has been blocked, the site is BLOCKED because its a SPYWARE advertising website!
     
  14. Col Colt

    Col Colt Registered Member

    Joined:
    Jan 8, 2005
    Posts:
    23
    nadirah, let me explain something to you. I don't surf the internet and click on just anything I see. That's not a fair assumption since you obviously don't know me or what you're talking about. I didn't JOIN that newsletter, it came as part of joining GaitherNet when I paid for the services of being able to get advanced tickets to Bill Gaither's concerts, free shipping on any DVD's, videos, etc that I ordered. It also provided insight into upcoming concerts that I could get tickets for in advance and get close to the stage rather than sit seventy five yards back with a pair of binoculars. There are other features of being a member that caused me to join in the first place. The subscription to the newsletter kept me informed of all the goings on in the Southern Gospel network, newly released videos, and a host of other niceties. That stopped not long ago when I found that when I clicked on just about any link in the newsletter, I no longer looked at the address bar and saw http://www.gaithernet.com but, rather ther imrworldwide.com address. It wasn't always like that.

    So, to suggest that I click on anything is not a proper assessment of why I came here looking for help. I'm not a victim of spyware or anything else for that matter. I have enought protection of this computer to counter just about anything anyone could throw my way. I am far from being a novice at this. I just had never heard of imrworldwide.com and didn't know why I suddenly couldn't go where I had always been able to go before in the newsletter. Know what and why before you start blasting someone. I CAME HERE FOR HELP-NOT CHASTISEMENT.
     
    Last edited: Jan 9, 2005
  15. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651

    Hi Nadirah, I think you are a bit tooo quick with your thoughts here.

    how do you know if Colt is clickin on every link he sees. that would be impossible...:D

    @ Colt: if you want you can post a hjt log here

    http://spyblocker-software.com/IPB/index.php?showforum=20

    and I'll see if you are infected with spyware/malware


    cheers

    Inf.


    edited to add quote tags to make msg clearer - hope ya don't mind - Detox
     
    Last edited by a moderator: Jan 9, 2005
  16. Detox

    Detox Retired Moderator

    Joined:
    Feb 9, 2002
    Posts:
    8,507
    Location:
    Texas, USA
    I think Col Colt has managed to make his point very well and with restraint. Let's not be too quick to make assumptions and judge the other posters too quickly. In addition, if a poster has no help to offer or anything of value to add in a thread such as this, perhaps discretion should be excersized.

    Now, let's get back on-topic here after I offer Col Colt a warm welcome to Wilder's.
     
  17. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    @ Detox

    no prb, thanx problem is FFX :D not figured out yet...

    @ Col Colt

    welcome on board :D


    Inf.
     
  18. Col Colt

    Col Colt Registered Member

    Joined:
    Jan 8, 2005
    Posts:
    23
    INFINITY...it's there, many thanks for the insight and welcome, guys! :)
     
  19. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    ok Colt, your system (how could it be :D) is clean. like I said, sometimes to visit a site we cannot enter just because the internet settings are too high, or some programs (like the host, cookieblocker,...) are not letting us to visit that particular site.

    but I rather have a clean system then dealing with problems after setting the restrictions too low.

    Regarding that site you cannot enter...yes you paid the amount...at least wait for an email, hopefully they answer and can explain what is going.

    well you have some options, like stopping your subscription, but I would wait for an email. if not like Ron said: I would drop it too.

    and like Notok said: sometimes a host/server is ok but they do change clients and could be some of them is questionned and therefor putted in the host/spybot/ad-aware

    Inf.
     
  20. Col Colt

    Col Colt Registered Member

    Joined:
    Jan 8, 2005
    Posts:
    23
    I think this is probably the case because before, I had no trouble with this site until recently. I'm still waiting on a reply but, after sending two different messages and attaching the image of that box I had pop up, I have yet to hear anything and that was about three weeks back. I haven't changed any settings as far as security is concerned.Maybe they're still checking things out or perchance they know all about it and just don't want to answer. I'll be patient, however. Many thanks for reading the log and for all taking time with this. ;)
     
  21. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    you're welcome, prob solved


    Inf.
     
    Last edited: Jan 9, 2005
Loading...
Thread Status:
Not open for further replies.