Bogus Warning Message @DataSheetCatalog.com

[Watson A.Name - Watt Sun, Dark Remover]

I went to this website to get a dat sheet, and came acrtoss this
warning message about having spyware on my PC.
http://www.datasheetcatalog.com/datasheet/B/BC328.shtml

Well, I've run Spybot Search & Destroy, and it says that I don't have
any spyware, other than the IE vulnerability which is Microsloth's
fault, not spyware.[1]

So I suggest you ignore the warning as long as you're doing the same,
making sure that there is no spyware on your PC. Spybot Search &
Destroy is free, he just asks for a donation. We use it at work
without problems, so don't go clicking on that ad for some junk that's
probably not free.

[1] At one time I had Ezula or somesuch, but it's part of some
Microsoft package or whatever, and it's long gone. Also, Spybot S&D
checks for wayward cookies, like the double cilck crap.


--
@@F@r@o@m@@O@r@a@n@g@e@@C@o@u@n@t@y@,@@C@a@l@,@@w@h@e@r@e@@
###Got a Question about ELECTRONICS? Check HERE First:###
http://users.pandora.be/educypedia/electronics/databank.htm
My email address is whitelisted. *All* email sent to it
goes directly to the trash unless you add NOSPAM in the
Subject: line with other stuff. alondra101 <at> hotmail.com
Don't be ripped off by the big book dealers. Go to the URL
that will give you a choice and save you money(up to half).
http://www.everybookstore.com You'll be glad you did!
Just when you thought you had all this figured out, the gov't
changed it: http://physics.nist.gov/cuu/Units/binary.html
@@t@h@e@@a@f@f@l@u@e@n@t@@m@e@e@t@@t@h@e@@E@f@f@l@u@e@n@t@@

 

[Richard Crowley]

"Watson A.Name wrote ...

I went to this website to get a dat sheet, and came acrtoss this
warning message about having spyware on my PC.
http://www.datasheetcatalog.com/datasheet/B/BC328.shtml

.....

You haven't seen that scam before? Its been going around for
months. Usually seen in pop-up (or pop-under) form. Just
another sleazy and obvious (to most of us, at least) hoax to
try to suck you into clicking and going to God knows where.

Even worse, on the same page is the pop-up installation request
for "FREE on-line games and special offers from Netpal &
Partners..." . THIS is the very spywhere the other thing is warning
against! Unbelievable. No wonder viruses and other mal-ware
spread like wild fire if people actually click on these things.

And then when I closed it (NEVER even click on their "No"
or ANYWHERE in their window!) I got YET ANNOTHER
pop up window "To install latest Netpal Games update,
please click Yes." Not a chance, suckers.

I won't be going back to "datasheetCatalog.com" again. It
appears to be completely "sponsored" by malware of various
types Its only possible value appears to be to those who don't
know how to use conventional search engines since all the
actual data is hosted by the manufacturers' websites and is
indexed by safer methods.

Watson, I really thought you knew better than that!

 

[Watson A.Name - Watt Sun, Dark Remover]

"Watson A.Name wrote ...
....

You haven't seen that scam before? Its been going around for
months. Usually seen in pop-up (or pop-under) form. Just
another sleazy and obvious (to most of us, at least) hoax to
try to suck you into clicking and going to God knows where.

Even worse, on the same page is the pop-up installation request
for "FREE on-line games and special offers from Netpal &
Partners..." . THIS is the very spywhere the other thing is warning
against! Unbelievable. No wonder viruses and other mal-ware
spread like wild fire if people actually click on these things.

And then when I closed it (NEVER even click on their "No"
or ANYWHERE in their window!) I got YET ANNOTHER
pop up window "To install latest Netpal Games update,
please click Yes." Not a chance, suckers.

I won't be going back to "datasheetCatalog.com" again. It
appears to be completely "sponsored" by malware of various
types Its only possible value appears to be to those who don't
know how to use conventional search engines since all the
actual data is hosted by the manufacturers' websites and is
indexed by safer methods.

Watson, I really thought you knew better than that!

Well, I don't get pop-ups etc, because I use Mozilla with them turned
off, so I haven't seen any pop-ups in quite a while, maybe I've
forgotten how obnoxious they are. And I _did_ find ths site using
Google. And yes, I knew better, that's why I was warning people not
to believe them. Sorry, tho, for not knowing how bad they are. P.S.
judging from the amount of this stuff we deal with at work, this is
minor.

As for getting data sheets off the makers sites, I've found that that
just doesn't work. I've been trying to get Hitachi transistor specs
off Renesas, without any luck. Then I go to Dial Electronics in the
U.K. and I found the stuff that should've been on Renesas!

http://www.dialelec.com/index.html#m

--
@@F@r@o@m@@O@r@a@n@g@e@@C@o@u@n@t@y@,@@C@a@l@,@@w@h@e@r@e@@
###Got a Question about ELECTRONICS? Check HERE First:###
http://users.pandora.be/educypedia/electronics/databank.htm
My email address is whitelisted. *All* email sent to it
goes directly to the trash unless you add NOSPAM in the
Subject: line with other stuff. alondra101 <at> hotmail.com
Don't be ripped off by the big book dealers. Go to the URL
that will give you a choice and save you money(up to half).
http://www.everybookstore.com You'll be glad you did!
Just when you thought you had all this figured out, the gov't
changed it: http://physics.nist.gov/cuu/Units/binary.html
@@t@h@e@@a@f@f@l@u@e@n@t@@m@e@e@t@@t@h@e@@E@f@f@l@u@e@n@t@@

 

[Bill Garber]

"Watson A.Name - Watt Sun, Dark Remover" <[email protected]>
wrote in message
:
: I went to this website to get a dat sheet, and came acrtoss
this
: warning message about having spyware on my PC.
: http://www.datasheetcatalog.com/datasheet/B/BC328.shtml

Check the source code on that page. It's not a warning.
It's a damned banner ad. ;-)

Bill @ GarberStreet Enterprizez };-)
Web Site - http://garberstreet.netfirms.com
Email - [email protected]
Remove - SPAM and X to contact me



: Well, I've run Spybot Search & Destroy, and it says that I
don't have
: any spyware, other than the IE vulnerability which is
Microsloth's
: fault, not spyware.[1]
:
: So I suggest you ignore the warning as long as you're doing the
same,
: making sure that there is no spyware on your PC. Spybot Search
&
: Destroy is free, he just asks for a donation. We use it at
work
: without problems, so don't go clicking on that ad for some junk
that's
: probably not free.
:
: [1] At one time I had Ezula or somesuch, but it's part of some
: Microsoft package or whatever, and it's long gone. Also,
Spybot S&D
: checks for wayward cookies, like the double cilck crap.
:
:
: --
: @@F@r@o@m@@O@r@a@n@g@e@@C@o@u@n@t@y@,@@C@a@l@,@@w@h@e@r@e@@
: ###Got a Question about ELECTRONICS? Check HERE First:###
: http://users.pandora.be/educypedia/electronics/databank.htm
: My email address is whitelisted. *All* email sent to it
: goes directly to the trash unless you add NOSPAM in the
: Subject: line with other stuff. alondra101 <at> hotmail.com
: Don't be ripped off by the big book dealers. Go to the URL
: that will give you a choice and save you money(up to half).
: http://www.everybookstore.com You'll be glad you did!
: Just when you thought you had all this figured out, the gov't
: changed it: http://physics.nist.gov/cuu/Units/binary.html
: @@t@h@e@@a@f@f@l@u@e@n@t@@m@e@e@t@@t@h@e@@E@f@f@l@u@e@n@t@@

 

[Mark Jones]

In (Watson A.Name -
Watt Sun, Dark Remover):

Well, I don't get pop-ups etc, because I use Mozilla with them turned
off, so I haven't seen any pop-ups in quite a while, maybe I've
forgotten how obnoxious they are. And I _did_ find ths site using
Google. And yes, I knew better, that's why I was warning people not
to believe them. Sorry, tho, for not knowing how bad they are. P.S.
judging from the amount of this stuff we deal with at work, this is
minor.

As for getting data sheets off the makers sites, I've found that that
just doesn't work. I've been trying to get Hitachi transistor specs
off Renesas, without any luck. Then I go to Dial Electronics in the
U.K. and I found the stuff that should've been on Renesas!

http://www.dialelec.com/index.html#m

When I opened the page in IE with ZoneAlarm firewall, it didn't show me the
graphic because it was flagged as an "ad", which I then told it to display
anyways, which revealed your message about spyware.

Then the truly interesting thing happened: a ZA alert window popped up; a
new program (as of 1/3/2003) called ClrSchP058.exe was asking for access to
the internet. This was apparently scripted from the original page link,
because I've never seen this program before.

So I tracked down the .exe file, which was present in the windows\system32
folder. It is made by a company called ClearSearch, with no other
information available. Upon examining the code, it references a large number
of windows functions like registry and file manipulaton. There are also a
ton of ASCII error messages present in the 80kb file, such as "successfully
read %ld bytes from input file, allocated %ld bytes for storing file, Error
retrieving control set version, Error response from installaton URL," etc.
Important note: script blocking is ENABLED on this PC and nowhere did I
authorise this .EXE file to be downloaded AND run...

I did manage to rip out an internally-used URL from the application:

http://status.clrsch.com/loader (which gives a cryptic error message)

I suppose it's no wonder the http://clrsch.com/ homepage gives no contact
info and requires a login to proceed...

NAV says it is not a virus and the file does not appear to be compressed.

I advise EXTREME caution in going to any of these URL's! I have seen a rash
of malware over the past 1-2 months and this could be one of the culprits...

 

[Mark Jones]

Also it tried to run a "bundle.exe" program. Beware!

 

[Mark Jones]

In news:[email protected] (Mark Jones):

Also it tried to run a "bundle.exe" program. Beware!

Continuing, I found a "ClrSchLoader" key in my registry under the Run key.

There is one other thing this could be. I did upgrade my version of Nero
buring ROM yesterday. Perhaps that installed all this crap?

Happy new year...

 

[Greg Pierce]

In (Watson A.Name -
Watt Sun, Dark Remover):



When I opened the page in IE with ZoneAlarm firewall, it didn't show me
the
graphic because it was flagged as an "ad", which I then told it to display
anyways, which revealed your message about spyware.

Then the truly interesting thing happened: a ZA alert window popped up; a
new program (as of 1/3/2003) called ClrSchP058.exe was asking for access
to the internet. This was apparently scripted from the original page link,
because I've never seen this program before.

So I tracked down the .exe file, which was present in the
windows\system32
folder. It is made by a company called ClearSearch, with no other
information available. Upon examining the code, it references a large
number of windows functions like registry and file manipulaton. There are
also a ton of ASCII error messages present in the 80kb file, such as
"successfully read %ld bytes from input file, allocated %ld bytes for
storing file, Error retrieving control set version, Error response from
installaton URL," etc. Important note: script blocking is ENABLED on this
PC and nowhere did I authorise this .EXE file to be downloaded AND run...

I did manage to rip out an internally-used URL from the application:

http://status.clrsch.com/loader (which gives a cryptic error message)

I suppose it's no wonder the http://clrsch.com/ homepage gives no contact
info and requires a login to proceed...

NAV says it is not a virus and the file does not appear to be compressed.

I advise EXTREME caution in going to any of these URL's! I have seen a
rash
of malware over the past 1-2 months and this could be one of the
culprits...

I did get a Javascript alert that said "Sorry, your browser isn't Win32
compatable". Aww, too bad ;-)

Mozilla did put a little icon in the lower right corner of the browser
that I hadn't noticed on earlier versions (I'm currently using version
1.4.1 that was included when I upgraded from Red Hat 9 to Fedora
Core 1 - if you don't know what Fedora is, it is what the new name for
the standard non-enterprise Red Hat Linux - see http://fedora.redhat.com/
for the info). When I passed my mouse over it to get the details, it said
"Click here to enable this page's pop-ups". Yeah, I'll get right on that...

 

[Mark Jones]

In news:[email protected] (Mark Jones):

In (Mark Jones):



Continuing, I found a "ClrSchLoader" key in my registry under the Run
key.

There is one other thing this could be. I did upgrade my version of
Nero buring ROM yesterday. Perhaps that installed all this crap?

Happy new year...

Add a "SAHBundle" key to that, pointing to the file "Bundle.exe" in the
windows temporary directory. It looks like some kind of installation took
place there, an INF file called "BIINI.INF" loaded another so-called INI
file named BI.INI, although this file contained a large amount of
gobledygook resembling the following:

?éâêòü?æìƒ

ÿü?æìƒ

Öïò_îìƒ

ƒ?Æ?+îìƒ

ëƒìÇÄòì?ƒ-ü?ƒ

ÖÄÉé??ûü+îìƒ?ï

ÿÜ?_îìƒ

âÄè?ò-ü?ƒ

ƒùü?Äè?æìƒ

ƒ?ÉôPè?æòé?ï

òÄæ?ëîâüôüì_ÖÇÅîï

?Ä?æòé?ï

?éçÇôîâàƒ?û_ÖÇÅîï

ÖÇîåôüç?ÄÄÄ_ÖÇÅîï (etc...)


Further searching found the following, apparently the malware is called
"BI" and has something to do with a "host.dll" file:

http://www.lavasoftsupport.com/index.php?showtopic=9903

Sorry for the long trail of messages, but now you know the rest of the
story.

 

[Adrian]

Greg Pierce wrote:
[snip]

I did get a Javascript alert that said "Sorry, your browser isn't Win32
compatable". Aww, too bad ;-)

Hehe, I got the same thing... I feel SOOOOO bad about not being "Win32"
compatible...

Adrian

 

[Adrian]

Mark Jones wrote:
[snip]

When I opened the page in IE with ZoneAlarm firewall, it didn't show me the
graphic because it was flagged as an "ad", which I then told it to display
anyways, which revealed your message about spyware.

Then the truly interesting thing happened: a ZA alert window popped up; a
new program (as of 1/3/2003) called ClrSchP058.exe was asking for access to
the internet. This was apparently scripted from the original page link,
because I've never seen this program before.

Note: You appear to have been infected somewhere else. I have no doubt
that the embedded image
(http://www2.enigmasoftwaregroup.com/spyware_warning2.gif) is a complete
scam and would infect your computer with spyware, but it doesn;t
appear to have any local or referenced scripting that would
autofetch/download executables (the fact that your Winblows machine
would automatically oblige and install is another matter all together).

Adrian

 

[DarkMatter]

Greg Pierce wrote:
[snip]

I did get a Javascript alert that said "Sorry, your browser isn't Win32
compatable". Aww, too bad ;-)

Hehe, I got the same thing... I feel SOOOOO bad about not being "Win32"
compatible...

Billy stole his bastardized version of Java from Sun anyway.

 

[Chuck Harris]

Greg Pierce wrote:
[snip]

I did get a Javascript alert that said "Sorry, your browser isn't Win32
compatable". Aww, too bad ;-)

Hehe, I got the same thing... I feel SOOOOO bad about not being "Win32"
compatible...

Billy stole his bastardized version of Java from Sun anyway.

Javascript has nothing to do with Java. Talk to Mozilla/Netscape about
their creation of the confusing name.

-Chuck Harris

 

[Active8]

"Watson A.Name wrote ...
....

You haven't seen that scam before? Its been going around for
months.

More like a year at least.

Usually seen in pop-up (or pop-under) form. Just
another sleazy and obvious (to most of us, at least) hoax to
try to suck you into clicking and going to God knows where.

Usually to a site where you get the hype sales letter about
WebWasher, Evidence eliminator, or maybe something like Ad-Aware
which is another good one.

Those first 2 apps *do* work BTW. You can find info on the hidden
files at www.fuckmicrosoft.com

I have the logs from the cleanup apps so I could write my own (back
burner.) You Basically have to check the registry to find the
directory the user's hidden files are in and write a batch file to
delete them after reboot so you can get them before file protection
kicks in. And you have to get the .DAT files which Microshaft uses
to reconstruct your Favorites folder, etc.

Best place to read about this and verify what I've said is
www.grc.com and his (Steve's) discussion groups at news.grc.com
Just set up a new news server in your reader.

There's your security/privacy tip for the day

Even worse, on the same page is the pop-up installation request
for "FREE on-line games and special offers from Netpal &
Partners..." . THIS is the very spywhere the other thing is warning
against! Unbelievable. No wonder viruses and other mal-ware
spread like wild fire if people actually click on these things.

And then when I closed it (NEVER even click on their "No"
or ANYWHERE in their window!) Yup.

I got YET ANNOTHER
pop up window "To install latest Netpal Games update,
please click Yes." Not a chance, suckers.

JavaScipt onExit() function or maybe onPageExit()

 

[Active8]

On Fri, 2 Jan 2004 20:27:24 -0800, Watson A.Name - "Watt Sun, Dark

Well, I don't get pop-ups etc, because I use Mozilla

http://poxomitron.cjb.net a proxy filter is what I use, but someone
last month posted

www.privoxy.org which is open, source, has a winders build, and
looks like a better product albeit not as user friendly (text file
configured, no GUI)

Not sure what you can do with Mozilla, but proxy filters are pretty
cool and you can run your browser, readers, IM clients, p2p, any
web app with proxy settings through the filter and if there's a
site that uses popups like TV guide (close ups), you can exclude
that URL or domain.

with them turned
off, so I haven't seen any pop-ups in quite a while, maybe I've
forgotten how obnoxious they are. And I _did_ find ths site using
Google. And yes, I knew better, that's why I was warning people not
to believe them. Sorry, tho, for not knowing how bad they are.

It's those .cab files that you get permission messages on (assuming
your security level is set right) that you have to really whatch
out for. Clicking a link might take you to a hype sales letter or
it might start a download of a cab. But if you're ActiveX and all
security setting are set to "Ask for Permission", you'll get a
warning along with info whether the program author's digital
signature is valid or if it's not even signed.

 

[Active8]

Well, I don't get pop-ups etc, because I use Mozilla with them turned
off, so I haven't seen any pop-ups in quite a while, maybe I've
forgotten how obnoxious they are. And I _did_ find ths site using
Google. And yes, I knew better, that's why I was warning people not
to believe them. Sorry, tho, for not knowing how bad they are. P.S.
judging from the amount of this stuff we deal with at work, this is
minor.

As for getting data sheets off the makers sites, I've found that that
just doesn't work. I've been trying to get Hitachi transistor specs
off Renesas, without any luck. Then I go to Dial Electronics in the
U.K. and I found the stuff that should've been on Renesas!

http://www.dialelec.com/index.html#m

When I opened the page in IE with ZoneAlarm firewall, it didn't show me the
graphic because it was flagged as an "ad", which I then told it to display
anyways, which revealed your message about spyware.

Then the truly interesting thing happened: a ZA alert window popped up; a
new program (as of 1/3/2003) called ClrSchP058.exe was asking for access to
the internet. This was apparently scripted from the original page link,
because I've never seen this program before.

So I tracked down the .exe file, which was present in the windows\system32
folder. It is made by a company called ClearSearch, with no other
information available. Upon examining the code, it references a large number
of windows functions like registry and file manipulaton. There are also a
ton of ASCII error messages present in the 80kb file, such as "successfully
read %ld bytes from input file, allocated %ld bytes for storing file, Error
retrieving control set version, Error response from installaton URL," etc.
Important note: script blocking is ENABLED on this PC and nowhere did I
authorise this .EXE file to be downloaded AND run...

I did manage to rip out an internally-used URL from the application:

http://status.clrsch.com/loader (which gives a cryptic error message)[/QUOTE]

It probably defaults to a CGI page on the server so when the
spyware has got your info, it tacks a query string onto that URL
(which will be the info) and sends it as an http POST command.

I suppose it's no wonder the http://clrsch.com/ homepage gives no contact
info and requires a login to proceed...

NAV says it is not a virus and the file does not appear to be compressed.

NAV just doesn't have the definitions for spyware. NAV won't alert
you that Real Player is sending your info to akamai corp, either,
but Ad-Aware will find the spyware which is called Radiate and/or
Aureate.

I advise EXTREME caution in going to any of these URL's! I have seen a rash
of malware over the past 1-2 months and this could be one of the culprits...

Gotta set those security settings in MSIE Internet Options or NS
Preferences, and get the stinkin' service packs which, BTW, won't
fix a Netscrap vulnerability. I don't dislike NS, either. In fact I
like their sidebar which I can load with net developer references.

 

[Active8]

In (Mark Jones):

[/QUOTE]

Further searching found the following, apparently the malware is called
"BI" and has something to do with a "host.dll" file:

I may have seen that as a pat of another app, but can't remember.
It scared me though since the host file is used to redirect URLs to
IP addys. so if I have a popup ad coming from ads.craphead.com

I can redirect to 127.0.0.1 and it won't be found.

http://www.lavasoftsupport.com/index.php?showtopic=9903

Sorry for the long trail of messages, but now you know the rest of the
story.

You're a good detective. You can run this by the guys at
news.grc.com and see what they know. They may have a discussion on
this already.

 

[Active8]

"Watson A.Name - Watt Sun, Dark Remover" <[email protected]>
wrote in message
:
: I went to this website to get a dat sheet, and came acrtoss
this
: warning message about having spyware on my PC.
: http://www.datasheetcatalog.com/datasheet/B/BC328.shtml

Check the source code on that page. It's not a warning.
It's a damned banner ad. ;-)

Bill @ GarberStreet Enterprizez };-)
Web Site - http://garberstreet.netfirms.com
Email - [email protected]
Remove - SPAM and X to contact me

yeah. the dead givaway is when you can click it anywhere and
clicking a button doesn't make the buton look like it's been
pressed. Trick use of CSS to prevent the mouse pointer from
indicating a link. The other way is to give the image object or
table cell an onClick() handler.

 

[DarkMatter]

Javascript has nothing to do with Java. Talk to Mozilla/Netscape about
their creation of the confusing name.

You should check your history. Sun made JAVA. Billy took it, and
changed it. Now, there are two forms.

Mozilla, and Netscape stayed true to the EULA of SUN and use THEIR
JAVA, the correct one.

Billy uses his, the one he screwed with such that it is incompatible
with the original author's product.

 

[Mark Jones]

In news:[email protected] (Active8):

Further searching found the following, apparently the malware is
called "BI" and has something to do with a "host.dll" file:

I may have seen that as a pat of another app, but can't remember.
It scared me though since the host file is used to redirect URLs to
IP addys. so if I have a popup ad coming from ads.craphead.com

I can redirect to 127.0.0.1 and it won't be found.

http://www.lavasoftsupport.com/index.php?showtopic=9903

Sorry for the long trail of messages, but now you know the rest of the
story.

You're a good detective. You can run this by the guys at
news.grc.com and see what they know. They may have a discussion on
this already.[/QUOTE]


Thanks, I wouldn't doubt it if there is a thread already. I hope so
anyways, because another .EXE file just downloaded and executed itself! I
have no idea what can possibly be allowing these seemingly random executable
files to be (apparently downloaded) and ran - there are no unusual
processes, scheduled tasks, registry "run" keys, nothing. I just checked
spyware again, 37 new spyware components... "NCase", "Hijacker.nCase",
"tribalfusion", "bluestreak", etc... all new.

How in the bloody hell? It's almost as if I've been "hacked," as impossible
as that sounds. Very devious, whatever is going on. I've searched and there
are no new anti-virus updates or spyware updates and no new threats listed.
I'm uber-careful about this sort of thing and always clean up all spyware
after installing anything... perhaps a legitimate program has been hijacked,
and keeps re-infecting the system? Wish I knew more about what was going on.
Thanks for the link, I'll let us know if this is just an isolated incident
or if someone has found yet another nasty backdoor in M$ winblows.

P.S. I did find a nifty website for info on this sort of thing... check out
this amazing site: http://www.pestpatrol.com

Regards,
Mark