Some åsshølë took over my computer last night.
To be more specific, some åsshølë wrote some software and published it on the object.passthison.com subdomain — which then took over my computer. While Googling for some information for some fellow notaries public, I came across a notary website that displayed the ad that the åsshølë created. Despite the tight firewall, up-to-date antivirus definitions, anti-popup addons, and current anti-spyware software, my machine started freaking out.
The first sign was that everything on my computer screen went blank except for an instruction to “press the enter key.” Well, of course, that wasn’t going to be the first thing I tried — like I’m going to blindly follow some åsshølë’s instructions! Needless to say, after trying many other things, pressing enter was the only viable option. An ad then popped up, saying that I had spyware on my machine and that if I didn’t want it, then I had to buy a particular package of anti-spyware.
Blackmail! Extortion! Ãsshølës! Oh, my!
This morning I opened up Internet Explorer and my screen went black. Seconds later, my Empire Earth CD was ejected from my D: drive, accompanied by a message that said if my CD drives opened, then I had spyware on my machine. As before, if I didn’t want the spyware, then I had to buy a particular package of anti-spyware software.
Right. Like I’m going to send that guy ANY money!
Who is PassThisOn?
Passthison.com is registered to SmartBot.NET, Inc. at 3 Cobblestone Court, Richboro, PA 18954, phone: 215-953-7291, fax: 215-942-4338, with the name server as smartbotpro.net. Whois for smartbotpro.net also lists the phone number 603-817-0902. Through other sources, I get the name Stanford (although his real name is “Sanford”) Adam Wallace, phone: 215-628-9780. There’s also default-homepage-network.com, registered to a Mike Cayer at Seismic Entertainment Productions, Inc., a known spamming friend of Sanford’s. Their ISPs are ServInt Internet Services (passthison.com), Excalibur Internet (default-homepage-network.com) and Service Telematique Service Internet de Montreal (smartbotpro.net). More info on the åsshølë from AnnOnline and a cornucopia of knowledge about Sanford Wallace at Tired of Spam.
I found that most people (including an official representative from PassThisOn) blame the peer-to-peer file sharing system, Kazaa. PassThisOn also states in a quoted email that they “[use] banners on other participating networks in accordance to their own and PassThisOn.com’s terms of service.”
Yeah, that’s fair. If it’s OK with us, and OK with the websites on which we advertise, it’s OK for us to mess with your computer. Not! I somehow doubt that the notary whose website I visited would condone PassThisOn’s actions. (Of note, I don’t have Kazaa installed on my computer.)
According to the åsshølës themselves, “PassThisOn.com prompts and changes consumers’ browser behaviors to offer a better user experience and a more targeted advertiser-to-consumer communication system… PassThisOn.com utilizes several technical and business methods to change users’ default homepage to one that PassThisOn.com controls… Some users do not wish to see pop-ups on their web browsers. It is easy to install ‘pop blockers’ which will dissallow that feature. PassThisOn.com does not attempt to cause any damage or harm in any way. It will, however, use NON-DESTRUCTIVE ‘scare tactics’… to demonstrate the importance that users secure their computers from malicious hackers, and then PassThisOn.com attempts to sell products designed to secure users’ computers. PassThisOn.com enforces a zero-tolerance anti-spam policy.”
Sanford’s definition of a “better user experience” is far different than mine — thanks, but I think I am the most qualified person to decide how I want my own browser to behave.
Solution
Well, if you’ve read this far, it’s probably because you want to know how to get rid of this annoyance. So far, their latest version is really easy to disable since it doesn’t install anything in the StartUp directory like it used to. Previous versions installed files called reg.vbs, reg.hta, or reg2.hta in your StartUp folder, but PassItOn (same group as PassThisOn) claims to have stopped doing that.
Turn off JavaScript support (if you can), then reset your home page in Internet Explorer using Tools -> Internet Options. When everything seems OK, tentatively re-enable JavaScript.
I’m just glad the åsshølës at PassThisOn didn’t do anything worse this time.
I’d like to track Spamford down and bìtçh-slåp him into non-existence! I managed to get his crap onto my computer and I didn’t even know about it! (Probably an affiliate.) I also picked up another, more virilent(sp?), spy-ware concoction called Look2Me that wouldn’t die! like Dracula or Dr. Phibes, it just kept rising from the grave. I suspect that Look2Me has something to do with Spamford, but I haven’t found a link. After messing with the usual Spybot S&D, AdAware programs (without success) I found “SpySweeper”. I was amazed! It found *several* spywares on my system that the others missed. Now, I just have wait and see if SpySweeper is spyware as well. But everything seems to be on the level. BTW – SpySweeper is a free trial download and will run out in 30 days. I’m wondering if after the 30 days, will all the spyware be re-installed?!?
I have the horrible Enter Here hijacker that blocks everything and keeps coming back…it is a nightmare…this and other stupid things are deeply embedded in my system and as quickly as I rid myself of them they come back…these people must be totally insane to think that anyone is going to have anything to do with any of their associates…I have reset my homepage countless times and it keeps being hijacked…do you have a recommendation? Thanks..
Has anyone verified the address in PA? I have shot a few complaints to the Attorney Gen of PA.
First, install Ad-Aware. Upon first launching it, update the definitions, everyone fscking forgets to do this. Then scan. Then right click, select all, quarantine, and, more than likely, it’ll say you need to reboot to clean the last bûggërs off. Second, try running Bazooka. Update it’s defs, though it prompts you. It may find some stuff that doesn’t exist, but read the pages thoroughly and follow the removal instructions to the letter. It’s not a hand-holder like Ad-aware but it’s very thorough and their database is first-rate. If you’re still screwed, you could always give up on IE. Install Mozilla. It works just as good for 99% of the sites out there and doesn’t have any of the spyware (or auto-installing virus) problems. Of course, I’d really like to tell you to buy a Mac, since it there’s 0 virii and 0 spyware, but hey, Mozilla is a good first step. Remember, even more than these scumsucking spyware båstårds, Microsoft is the problem. If they didn’t design a habadash browser that let these things auto-install based on the spyware’s whim then you’d never have gotten infected in the first place. Getting Microsoft out of the equation as much as humanly possible is the only long-term solution. Everything else is just a band-aid.
Hey I just got a message from my firewall that these guys were scanning my computer as well. The program found (apparently) the tech’s info that scanned my computer: TechHandle: PR229-ARIN TechName: Roussil, Pierre TechPhone: +1-514-993-8496 TechEmail: pierre@roussil.com Is it real? Do we have any legit legal action to take on these people? I, too, do not have KaaZa on my computer. I learned that mistake long ago!
i was searching the web and somehow got this crap on my computer at work im in the military and it was a government computer these guys better hope i can get rid of it or they are going to be in a world of hurt
I dont have kazaa installed either and my internet option settings still say “default” but I keep getting this jerk’s shìt. What do we need to do to shut him down? The other problem is I don’t know where it came from and I put some links on my site – I DONT WANT TO PASSTHISON to my users. I am really pìssëd øff- I cant use explorer and I cant get rid of him! GL to all you other sufferers – the kid in Germany is in prison for the last Trojan – why is this guy still operating after at least 2 years?
Found your site whilst searching for info on this exact problem — yeah, it’s a bìtçh to get out of the system. It’s almost encouraging though to know others are in the same boat. Spybot S&D worked for a while but it eventually came back, Adaware seems to be much more thorough (so far so good). How is this even legal? If info is known about the creator’s names or whereabouts, the fact that they’re invading privacy online should be no different than a “real life” similar incrimination. Sheesh. (Do they REALLY think pìssìng people royally off will get them more business?) Oh well, at least nothing on the system is altered other than IE…. ::as I knock on wood::
one other thing, apparently PassThisOn installs a ‘reg’ file (I think in Start Up), or a variation of that file name. Does anyone know more about this or how to delete it?
Thanks for posting this info. Now I know who to take a contract out on. . . I got my IE6 messed up good and proper when I visited a site to try and get hold of a Vredir bug patch for W98SE (seeing as MS want to SELL me the bloody bugfix!). Checking thro’ my History afterwards showed that the guilty site was probably members.tripod.com/erpman1/w98seupd.html It wasted a couple of hours while I tried to clear the mess up. Note: McAfee VScan didn’t find any spyware (sometimes it does, sometimes it doesn’t. . .), and nothing new was in the Startup or Run keys of the Regsistry. I removed the data from the Start Page, Search Bar and Homepage values in the IE Main key. This just stopped IE6 from working. It took several cycles of uninstalling and re-installing IE6 unsuccessfully (IE6 is always a pig to re-install or remove – good old MS!) before I decided to just delete the (now empty) values from the Registry. This did the trick.
Thanks to you for the heads-up. Of course, in my case, it’s too late but I appreciate the help just the same. I agree with the all the angry messages here. Bravo for your forum.
Here’s an oddity. The splash screen at passthison.com asserts that the site has ceased operations. Yet, on July 22, some wånkër from that domain attempted to penetrate my website. Ineffectual script-kiddie work, but a criminal act nonetheless. At the risk of fanning flames, I have to point out that passthison and a gazillion other pests _flourish_ in the IT monoculture that has been created by individuals and corporations who fail to see technology as an ecosystem. Computers: 4 (2 Mac, 1 Linux, 1 Windows); Microsoft, Linux, & Cisco Certified; viruses: none; spyware: none; paranoia level: very, very high. Cheers, Bob
computers: 10 (6 Windows, 4 Linux)
viruses: none
spyware: none
paranoia level: just as high as yours
knowing that people read my ramblings and learn something from them: priceless.
I got a chain letter from my friends. It said to click on this site and i did. I got this please press enter thing and i couldn’t get rid of it so i pressed enter. My cd and dvd drives popped open and it sed if my cd drive had opened it meant i had spyware. i desperately tried to close the window but it wouldn’t so i rebooted the computer. everything seemed normal but when i went on the net, my homepage said this thing about if you’re net had been slower or you’d been getting more popups, which i had, you had spyware. it had this download spyware deleter thing as well. suddenly the page changed and i was downloading the spy deleter. i was panicking cos the net window wouldn’t close. finally the window closed and my antivirus program alerted me of about 5 trojan horses cause by the ####### site. so the spy deleter was a trojan horse. i fell like killing the ########.
I have been forwarded this passthison email over and over, but they use a different URL this time: www . passthison . com / fortune-cookie / (DO NOT VISIT THIS URL!!!) The main URL has been shutdown, but they still keep this one open and active.
this dosnt work i set it to 17 people and it would’ntlet meclick on this link. so I had to go to http://www.askjeeves.com and typed this email address.
Use Firefox and all these problems will go away…
ppl like that should die and burn in hëll. they do not deserve to have a computer. the bìtçhës can die for all i care