General discussion

Locked

This bug is **NOT** a feature!

By VAXenGuy ·
I realize that the "Windows Error Reporting" feature found on Windows XP has a purpose, and I applaud that. However, someone has found a method to subvert this feature to their own ends.

My sister-in-law called me and reported getting multiple WERs about a worm. I thought that was odd, and looked at her machine. I found
a window popping up, three times in succession. If it was connected to the net (broadband/cable), the "routine" would pop up every 30 minutes; if physically disconnected from the mode, the routine would repeat every 10 minutes.

I installed Adaware, Spybot S&D, AVG (6), & ZoneAlarm in an effort to block it but that didn't work (it did, however, remove over 4000 instances of worms, virii, & trojans!).

The window that pops up is titled "Windows Error Report" or "Windows Error Reporting". In the body of the message, is a big red ball with a white "X" centered, and the message "We detected I-Worm.Mydoom worm on this PC, Click to Download I-Worm.Mydoom Remover." and then two buttons, one marked "OK" and the other "Cancel".

When clicking "OK", the user is taken to:
http://www.palsol.com/er/?hop=21project
via Internet Explorer (I have made sure that the latest patches have been installed on XP & IE). And for a modest fee of $19.99, the software may be obtained.

I haven't found the software that is triggering this stuff.

I ran bhocop and found nothing unusual.

I checked for MyDoom and found nothing.

And, naturally, Office Depot/HP did not include the Windows Home XP disc when they sold the product, so an "fdsk & re-install" is out of the question.

Any ideas?

This conversation is currently closed to new comments.

6 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Some options

by gralfus In reply to This bug is **NOT** a fea ...

If you really don't want to wipe it and start over, which may be the best approach since it was so severely compromised, you can download "HiJack This" which will show you what kinds of things may be doing this.

Also, make sure you have the latest data updates to the programs you installed, and use the immunize function in Spybot.

Have you also run Windows Update to make sure you are patched?

HiJack This: http://www.tomcoyote.com/hjt/

Collapse -

More options

by Mark W. Kaelin Editor In reply to This bug is **NOT** a fea ...

Some other ideas:

Have you disabled the Windows Error Reporting system via the Control Panel? Have you edited the Registry in addition to the normal Control Panel switches?

I had an HP a few years ago and while I didn't get a Windows disk, I did get a Restore Disk that would wipe the hard drive clean and reinstall everything to the way it was configured when I bought it.

(BTW, I hate Restore Disks and won't buy another computer that comes that way!)

Collapse -

HP Windows re-install

by wcollens In reply to More options

the Windows "disk" is actually in a separate partition on your hard drive.

I believe in an HP, when you see the logo at boot up, you can press F12 for options to repair or re-install Windows

this is described in your user's guide

Collapse -

Another option - product to try

by sfhend In reply to This bug is **NOT** a fea ...

Another product you might try for removal is Pest Patrol.

Collapse -

Slimeware

by HardwareGuy In reply to This bug is **NOT** a fea ...

The people behind Palsol have a rather disgusting history and you are not the first to be blackmailed like this. You can find some additional information and perhaps a solution to your problem at:
http://www.themediadesk.com/newfiles/slimeware.htm
Hope this helps

Collapse -

Me, too and more

by nowingnutz In reply to This bug is **NOT** a fea ...

I have been having the same problem on my Fujitsu laptop so will try some of your suggestions.

I have been having two other problems and am wondering if they are all related:

1 - I Keep getting a full screen popup ad for winantivirus.com software. The only way to get rid of it is alt-ctrl-del - it covers the entire screen. Anyone know how to block it? (my only blocker software is the Google one).


2 - Lately I keep getting other regular sites opening in a new IE screen when I'm browsing. Sometimes the screen I'm in just clicks and goes right to a new site.....sites like overstock.com and sharperimage. It's like IE has a mind of it's own. Sometimes it's in a new IE window and other times it takes me there from the one I'm in. New browser screens, I just close but when it goes to these sites from the site I'm in it's annoying to have to hit the back key to get back to where I was. Does that make sense?

Thanks for any help here. Will let you know if I can stop the I-Worm.mydoom popup.

Back to Software Forum
6 total posts (Page 1 of 1)  

Related Discussions

Related Forums