More Awesome Than You!

I am setting up a second boot drive, and doing lots of installing. I have several spyware catchers and a new firewall. They were all on as I double clicked on the SimPE setup exe to install the SimPE that works with OFB.

Setup started by asking me to choose a language. But right at that point,a warning window came onscreen, telling me that WorldAntiSpy had been quarantined. Then the setup canceled itself because "a file could not be found."

It was the Earthlink Protection Center that found the WorldAntiSpy file. They listed it as a Homepage Hijacker.

I went to the SimsPe site I had bookmarked to ask about this, but I get a "suspended" splash screen instead of the site.

So, my question is, can everyone else get to the normal SimPE site? Has anyone else run into this spyware file being activated upon using the SimPE setup exe that works with OFB?

Can spyware be inserted "after the fact" into an existing exe on someone's computer,, or would it have to come with the exe? This whole thing has me very disturbed.

Installers are evil. I hate installers and use only the RAR editions.

I would be happy to get the RAR edition, if I could get on the site ....

I haven't been able to access SimPe website for a couple of days now.  As for the spyware thing - I personally haven't noticed it...

Quaxi posted today on MTS2 that "The Site itself is down for security Reasons. Someone tried to hijack the Server with a Bufferoverflow, which triggered the security Mechanisms of the Server. Will take at least until afternoon tomorrow (CET) for the Server to be back online. I have to find the leak first"

Thank you for letting me know that. At least it is not just my PC having trouble getting the site.

I tried clicking on the setup exe again, several times. Each time, the same Worldantispy file is quarantied. And each time the exe won't complete setup because a file is missing. I also tried it on my other boot drive. Same thing. There is definitely a connection between the OFB SimPE setup exe and the file Earthlink is quarantining.

I've had problems with spyware on my PC. Could another spyware piggyback on an existing exe? Or is this something that Quaxi should be told?

I don't want to be alarmist, but it has me worried.

You may want to try a different spyware scanner; it is possible that what you are using is flagging something as a particular sort of spyware because it has a few similar behaviours, but isn't actually that spyware or spyware at all. Spybot - Search and Destroy and AdAware personal edition are good programs.

Alternatively, track down Quaxi and ask I guess.

I've got a persistent spyware that is disabling AdAware and Spybot, and reinstalling itself, even after uninstalling and reinstalling all the scanners on a PC unplugged from broadband connections. It happens after all spyware has been cleaned offline, but the first time I reboot after reconnecting to broadband, it reinstaalls. My firewall is blocking portscan attacks, but obviously the resident spyware is "calling home to mama."

I've been tearing my hair out trying to find the location of the hidden reinstall instructions. That is why I wanted to know if a clever spyware can hide itself in existing exe, or if something has to be in an exe from inception.

I'm definitely not accusing Quaxi of purposefully doing anything. Don't get me wrong on that, please. I'm just trying to figure this out, and wanted to know if others are experiencing it or if it is just on my computer. I sure don't want to add to Quaxi's problems. Sounds like he has enough to handle with the site. But if there is something he should know, well, I'm sure he would want to address the fact that Earthlink is flagging his product.

This sounds incredibly annoying - you poor thing!

I googled & found this site - perhaps it might help as it lists where the virus installs itself (just in case you might have missed one) http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?lst=sol&idvirus=91569

This lists another option to try (from http://www.2-spyware.com/review-worldantispy.html)

"Here is how to remove the desktop background hijack that the Teslaplus WorldAntispy software can cause: 1. From your desktop, click the Start button, then select "Control Panel" 2. Click the "Appearance and Themes" link 3. Click on "Change the Desktp background" 4. In the "Display properties" window, make sure that the tab that is selected is the "Display" tab. If not, click the "Display" tab to switch to it. 5. Click the "Customize Desktop" button 6. Click the "Web" tab 7. In the "Web Pages" box, highlight all entries that do not state "My Current Home Page" and select the Delete button. 8. Once you have only the "My Current Home Page" option, ensure that it does not have a checkmark in the box to the immediate left. If it does have a checkmark, click it to make the checkmark disappear. 9. Click the "OK" button. Congratulation! Your desktop should no longer show the teslaplus.com web page."

Thank you a thousand times. I'm off to try ....

My copy certainly was Spyware free, my system is uber picky about that stuff and it picked up nothing.

Ah. The ultra annoying spywares. I know - I've gotten them too. I had to manually pull them out using HijackThis, I think it was, with a little help from the internet. Google is your friend. There are lots of forums online w/ pple who specialize in this stuff.

Do you have a bidirectional firewall that can block outgoing communications, like ZoneAlarm?  Also, here's an ActiveX-based spyware scanner you can run from online: http://www.xblock.com/download/xclean_micro.exe  And the Symantec web site has an online virus scanner you could try.   Good luck!

Oh dear; I'm sorry. :( I haven't kept up much with the stuff since I've gotten out of computer repair and have my computer locked down pretty tightly so I wasn't aware some of it was that bad. I'm glad other people had better advice! I wish you the best of luck with getting rid of it.

If you'r using XP, try msconfig.exe. On the last tab vitually all of them can be unchecked.

Yes, Start>Run>msconfig>Startup is your friend. Also Start>Run>regedit and then Edit <name of spyware program>