Rixstep
 About | ACP | Buy | Industry Watch | Learning Curve | News | Search | Test
Home » Learning Curve » A Christmas Carol

A Christmas Carol:
A Day in the Life of Windows Losers

I surfed the Web today oh boy.
 - John Winston Yoko

'Twas the night before Christmas and all through the house not a creature was stirring - save two blokes discussing IT and a girl munching macadamia nuts and reading a book.

And out of nowhere the television starting bleating: it was an early morning movie. Smokey and the Bandit II.

'Hey weren't Sally Field and Burt Reynolds together once?' asks the one bloke of the girl.

The girl looks up. 'Together yes, but never married.'

'I think they were married', says the other bloke.

'Check it', says the girl, not looking up from her book.

The first bloke swivels on his chair and opens an Apple laptop, connects to the net, and hits Wikipedia. 'Nope, they weren't married', he says, 'although he proposed to her on a number of occasions.'

'That's what I said', says the girl, still reading intently.

'What this say here?' asks the other bloke, looking over the shoulder of the first. 'He was also together with Ingrid Stevens? Who's Ingrid Stevens?'

'She's the girl Richard Dreyfus is trying to catch in American Graffiti', says the girl. 'The blonde in the white convertible.'

'She's the one who sang Teach Me Tiger', says the first bloke.

The three all look at one another for a long silent moment, then say in unison:

'Look it up!'

On screen Burt Reynolds is confronting an elephant. It's quickly ascertained that the blonde in American Graffiti is Connie Stevens; who sang Teach Me Tiger is more difficult. They start a lyrics search.

'Whoa! What's this?' says the first bloke.

'Looks like fun', says the second bloke. 'Turn JavaScript on.'

The first bloke stares back in puzzlement.

'It's a MAC', says the first bloke. The second bloke seems to get it and hits command-comma to turn on JavaScript. 'This should be fun', he says, and clicks the banner.

The girl puts down her book and comes over, still munching her nuts. 'Wow! 47 system errors found! And it can detect OS X too! Fantastic!' she says sarcastically. They print the page as PDF for future reference and then it's time to click where it says 'click here'.

'WinFixer 2005!' someone adds sarcastically. 'Must be a great program!' They take a screen dump and then proceed by clicking OK - after all, they're on a Mac.

'It's looking better all the time!' says the second bloke.

The download's over in a matter of seconds. They open the package and drop it on a string scanner.

It looks fishy.

'So what does the Web say about WinFixer?' asks the second bloke.

In a matter of seconds they know.

Dear Friend,

I know by now WinFixer popups are driving you nuts. You've been infected with Internet's most annoying and almost impossible to remove spyware. I've put this free site together to educate, fight, prevent, and remove WinFixer.

The trouble is that this self-appointed hero is recommending a number of products to cure computers of all the ills of WinFixer - and they're all on the bad guys lists too. There's no telling who are real sheep for all the wolves.

'So how about this WinFixer person?' asks the one of them. Sally is yelling at Burt in the background.

Checking server [whois.opensrs.net]
Results:
Registrant:
 WinFixer
 P.O. Box 3
 Kiev, NA 04114
 UA

 Domain name: WINFIXER.COM

 Administrative Contact:
    Hostmaster, WinFixer  hostmaster@winfixer.com
    P.O. Box 3
    Kiev, NA 04114
    UA
    +(380) 97 939 09 44
 Technical Contact:
    Hostmaster, WinFixer  hostmaster@winfixer.com
    P.O. Box 3
    Kiev, NA 04114
    UA
    +(380) 97 939 09 44


 Registrar of Record: TUCOWS, INC.
 Record last updated on 13-Sep-2005.
 Record expires on 20-Aug-2006.
 Record created on 20-Aug-2002.

 Domain servers in listed order:
    NS8.NSCACHE.NET   66.244.254.8
    NS9.NSCACHE.NET   66.244.254.9

'How many people check this stuff first?' asks the one.

'Can't be many', says another. 'Look at all the references on the Web. There's even a site solely dedicated to its removal.'

The two blokes close down the computer and return to the movie. The girl goes back to her book.

Stockings by the Chimney

The next afternoon, as if in anticipation of a visit from Father Christmas, our trio decide to set up a honeybox - an unarmed PC no one minded bringing to the slaughter. Just to see how bad things have become.

Something like laying out the milk and cookies. Or hanging stockings by the chimney with care.

The idea is to connect to the Internet for all of ten minutes and do absolutely nothing except log the traffic. To log the traffic they use X-frame.

They stay online for ten minutes thirty seconds eight hundred ninety milliseconds and get hit by twelve rogue computers a total of seventy eight times.

The log is here.

And as they start going through the packets, they hit upon a gem.

'There's a lady around here running XP who's been complaining of these popping up on her screen', the girl says.

Off to pcspywarescan.com, and it's a long journey.

pcspywarescan.com
-----------------
Checking server [whois.godaddy.com]
Results:
 Registrant:
   Domains by Proxy, Inc.
   DomainsByProxy.com
   15111 N. Hayden Rd., Ste 160, PMB 353
   Scottsdale, Arizona 85260
   United States

   Registered through: GoDaddy.com
   Domain Name: PCSPYWARESCAN.COM
      Created on: 19-Nov-05
      Expires on: 19-Nov-06
      Last Updated on: 19-Nov-05

   Administrative Contact:
      Private, Registration  PCSPYWARESCAN.COM@domainsbyproxy.com
      Domains by Proxy, Inc.
      DomainsByProxy.com
      15111 N. Hayden Rd., Ste 160, PMB 353
      Scottsdale, Arizona 85260
      United States
      (480) 624-2599
   Technical Contact:
      Private, Registration  PCSPYWARESCAN.COM@domainsbyproxy.com
      Domains by Proxy, Inc.
      DomainsByProxy.com
      15111 N. Hayden Rd., Ste 160, PMB 353
      Scottsdale, Arizona 85260
      United States
      (480) 624-2599

   Domain servers in listed order:
      NS1.PCSPYWARESCAN.COM
      NS2.PCSPYWARESCAN.COM

HTTP/1.1 302 Found
Date: Sun, 25 Dec 2005 16:58:57 GMT
Server: Apache
X-Powered-By: PHP/4.3.9
Location: http://pcrepair05.mspyc.hop.clickbank.net
Connection: close
Content-Type: text/html

clickbank.net
-------------
Checking server [whois.dotregistrar.com]
Results:
Registrant:
   Click Sales, Inc. (CLICKBANK-NET-DOM)
   Domain Administrator
   915 W. Jefferson Street
   Boise, ID 83702
   USA
   +001.2083454245
   domains@keynetics.com

   Domain Name: CLICKBANK.NET
   Status: PROTECTED

   Administrative Contact:
      Click Sales, Inc. domains@keynetics.com
      Domain Administrator
      915 W. Jefferson Street
      Boise, ID 83702
      USA
      +001.2083454245

   Technical Contact, Zone Contact:
      Click Sales, Inc. domains@keynetics.com
      Domain Administrator
      915 W. Jefferson Street
      Boise, ID 83702
      USA
      +001.2083454245

   Record last updated on 22-Apr-2005.
   Record expires on 10-Jul-2014.
   Record created on 11-Jul-1997.

   Domain servers in listed order:

   Name Server: a-ns.clickbank.com
   Name Server: b-ns.clickbank.com
   Name Server: c-ns.clickbank.com

HTTP/1.1 301 Moved Permanently
Date: Sun, 25 Dec 2005 17:00:33 GMT
Server: Apache
P3P: CP="ADM OUR IND COM"
Set-Cookie: p=CcC90.l55ABcPlfP9PV54nI38.YPEJ.ybLeQ6;
expires=Sun, 18-Jun-2006 17:00:33 GMT; path=/; domain=.clickbank.net
Location: http://pcrepair05.mspyc.hop.clickbank.net/rehop.php?
Connection: close
Content-Type: text/html

HTTP/1.1 301 Moved Permanently
Date: Sun, 25 Dec 2005 17:01:02 GMT
Server: Apache
P3P: CP="ADM OUR IND COM"
Location: http://www.myspywarecleaner.com/?hop=pcrepair05
Connection: close
Content-Type: text/html

myspywarecleaner.com
--------------------
Checking server [whois.namesecure.com]
Results:
Registrant:
Gary Preston
Secure Computer, LLC
PO Box 583
Mamaroneck, NY  10538
US

Registrar: NameSecure.com
Domain: MYSPYWARECLEANER.COM
Created on 11-11-2004
Expires on 11-12-2007

Administrative Contact:
Gary Preston
Phone: 914-517-1382
E-mail: garypny@aol.com

Technical Contact:
Gary Preston
Phone: (914) 517-1382

Name Servers:
NS1.HOSTDEPOT.COM              66.242.128.2
NS2.HOSTDEPOT.COM              66.242.128.3

HTTP/1.1 302 Object moved
Server: Microsoft-IIS/5.0
Date: Sun, 25 Dec 2005 17:02:05 GMT
X-Powered-By: ASP.NET
Location: http://www.myspywarecleaner.com/sc/?hop=pcrepair05
Connection: Keep-Alive
Content-Length: 171
Content-Type: text/html
Set-Cookie: clickbank=flag=TRUE; expires=Thu, 01-Jan-2015 05:00:00 GMT; path=/
Set-Cookie: ASPSESSIONIDQSRTRRTR=HDJNMBPCIJBCEBKBFCDLOLBM; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found
<a HREF="http://www.myspywarecleaner.com/sc/?hop=pcrepair05">here</a>.</body>

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Sun, 25 Dec 2005 17:02:33 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 6815
Content-Type: text/html
Set-Cookie: mailinglist%5Fpromo=True; path=/
Set-Cookie: httpreferer=site=; expires=Thu, 01-Jan-2015 05:00:00 GMT; path=/
Set-Cookie: clickbank=visitor=TRUE&nickname=pcrepair05;
expires=Wed, 01-Jan-2020 05:00:00 GMT; path=/
Set-Cookie: ASPSESSIONIDQSRTRRTR=MLKNMBPCNGECFNDEBJDHKFKO; path=/
Cache-control: private

<script language="javascript">

Your computer may be infected with harmful spyware programs.

These spyware infections can lead to computer crashes, instability, slowness, and full system failure.

Immediate removal may be required.

Note: Your anti-virus or firewall program does not protect you from spyware.

Please try the following:

  • Click here to scan your computer for hidden spyware programs.

  • When you see a grey download box like the one shown below, click the Open button to download the free scanner.

  • After the download completes, scanner will automatically install and load and show you a list of spyware programs on your machine -- and tell you how to get rid of them.

If you get an error message when trying to download the software -- or the software does not open automatically on your computer after the download completes -- click here for help.

By downloading the free scanner, you agree to the Spyware Cleaner End User License Agreement.

© Copyright 2004-2005, Secure Computer, LLC. All Rights Reserved.
  Home | License Agreement | Privacy Policy | Affiliates | Contact Us

Hi has anyone out there had any experience of www.myspywarecleaner.com My brother downloaded it and it completely messed up his computer.now he cant connect to the net,and freeserve helpline thinks that this site is the problem.he cant remove this programme from the control panel,it just will not go.We are newbie silver surfers and would appreciate any info.
Thanks
mac

You can check out about the programme here.look under spyware cleaner.
http://www.spywarewarrior.com/rogue_anti-spyware.htm.

Spyware warrior is a list of hundreds - perhaps thousands - of 'rogue' anti-spyware programs for Microsoft Windows. Today the big game is scaring people into thinking they have spyware (a pretty good bet anyway) then offering them a solution which itself is spyware.

They're dropping like flies.

Afterword

This is April Stevens. She's the 'Stevens' who sang Teach Me Tiger.

She sang the song with her brother. April Stevens isn't her real name and the name her brother uses isn't his real name either. But they've won Grammies in their time.

Each year tens of thousands of new exploits are unleashed on Microsoft Windows. Our three friends proved that surviving even twenty four hours with Windows is impossible.

According to Windows losers, Apple's OS X - as all flavours of Linux and Unix - remains 'mostly virus free'. In fact none of these platforms have a single exploit.

To all a 'good night'.

About | ACP | Buy | Industry Watch | Learning Curve | News | Products | Search | Substack
Copyright © Rixstep. All rights reserved.