A program called MSBB.exe somehow wormed it's way into my system today and installed itself. Luckily Zone Alarm popped up letting me know this program wanted in and out on the Internet. I did a quick search and turned up a couple of kids running a Company out of Kirkland Washington doing this. It is a Ad delivery and web monitoring program. They call themselves 180 Solutions and the program is called N-case or Nview. People have been talking about by evidence of multiple websites and they didn't know how to uninstall it or stop it from re-installing itself. I did manage to get it purged but you have to go to at least 6 differemt locations around windows to fully purge it or it will come back and re-install itself. This should be classified as a Virus, a Hack and Theft.
OT: Anyone else have PC Invaded by MSBB?
- Thread starter dmcowen674
- Start date
Man I hate those spyware programs!:| I wonder if adaware would of found it and removed it? It is a great program for detecting and removing spyware!
That's why I use the strong combination of NIS2002/Mozilla/Ad-Aware...
Only got 5 cookies on my puter right now and 3 r from these forums
RaySun2Be
Lifer
- Oct 10, 1999
- 16,565
- 6
- 71
I'm not sure if AdAware would catch it or not. Like antivirus apps, AdAware comes out with new update files everyonce in awhile, updating with new known "ad/spyware" programs. If this is brand new, their algorithms may not detect it. :Q
But you can bet they will add it to their file and do an update.
Thanks for the heads up on this, Dave!
One more thing to add to the list of stuff to check when doing PC support.
But you can bet they will add it to their file and do an update.
Thanks for the heads up on this, Dave!
One more thing to add to the list of stuff to check when doing PC support.
Umm tongue in cheek he wonders if the Georgia Attorney General's Office are interested in "this" kind of invasive behaviour? Way too thick to grasp the irony of it all I would hazard!
You don't remember where the six places were that you had to clear it from by any chance Dave?
You don't remember where the six places were that you had to clear it from by any chance Dave?
<FONT size=1>> One more thing to add to the list of stuff to check when doing PC support.
</FONT>
It literally takes over the PC in so many ways. It replaces the True search results of a search engine like google with bogus results from their website pointing to the wares of their "sponsors" AKA clients that have bought into this idea of what the Internet should be. Talk about altering a PC! I don't mean to beat a drum folks but this is something zealous prosecutors should be going after, this is a clear case of very bad computing and infringing on the rights of everyone.
I would also be suspicious of Adaware Companies putting out this stuff (This 180 garbage could be a front) to further their Cottage Industry just as many people have suspected of the Anti-Virus Companies. Or even looking forward and can see how this would get out of hand and the Federal Govt would use it as an excuse for a National Operations Center (NOC) that was recently proposed by the President.
</FONT>
It literally takes over the PC in so many ways. It replaces the True search results of a search engine like google with bogus results from their website pointing to the wares of their "sponsors" AKA clients that have bought into this idea of what the Internet should be. Talk about altering a PC! I don't mean to beat a drum folks but this is something zealous prosecutors should be going after, this is a clear case of very bad computing and infringing on the rights of everyone.
I would also be suspicious of Adaware Companies putting out this stuff (This 180 garbage could be a front) to further their Cottage Industry just as many people have suspected of the Anti-Virus Companies. Or even looking forward and can see how this would get out of hand and the Federal Govt would use it as an excuse for a National Operations Center (NOC) that was recently proposed by the President.
Thanks for the heads-up, Dave. I'll keep an eye out for this thing.
I think some mod maker needs to release something that allows us to shoot spammers and telemarketers!
I think some mod maker needs to release something that allows us to shoot spammers and telemarketers!
Hi Robor,
I was so angry at the time that I just went in autopilot and did everything I know to get rid of it so I didn't write down the steps I had to take to pitch it for good. If I run into it again I will slow down and type it all out and post the how to. I had to purge it the same way as when manually getting rid of a virus but they tout it as a legimate program and blantantly put lies on their website that they do not alter your computer and this is a "Opt in" program. Out and Out lies to your face, that has to be 110% illegal and all of those involved should be locked up and severly fined to discourage anyone else from doing this.
I was so angry at the time that I just went in autopilot and did everything I know to get rid of it so I didn't write down the steps I had to take to pitch it for good. If I run into it again I will slow down and type it all out and post the how to. I had to purge it the same way as when manually getting rid of a virus but they tout it as a legimate program and blantantly put lies on their website that they do not alter your computer and this is a "Opt in" program. Out and Out lies to your face, that has to be 110% illegal and all of those involved should be locked up and severly fined to discourage anyone else from doing this.
Definately should be classified as a virus. I have seen ad-aware pick this out, it will detect and remove it.
Assimilator1
Elite Member
- Nov 4, 1999
- 24,165
- 524
- 126
Has anyone heard of this virus which can also install SETI unknowingly? :|
And yes the cheaters account is still active!
And yes the cheaters account is still active!
Assimilator1
Elite Member
- Nov 4, 1999
- 24,165
- 524
- 126
Dantoo
It was added as a service under the name Nview or N-case. It also added itself to windows\system32. There were multiple locations in the registry for it. I just kept hitting F3 and delete. It also added itself to the Startup. If you don't delete the original file that put itself in Internet Temp then it replicates itself all over again. That is probably why people are saying it is impossible to get rid of all over the boards. The average person is really screwed by this. I've seen enough of this that their computer finally gives up and can't surf anymore especially over a modem. Then I get the call, I go Windows cleaning and they think I did some sort of magic
It was added as a service under the name Nview or N-case. It also added itself to windows\system32. There were multiple locations in the registry for it. I just kept hitting F3 and delete. It also added itself to the Startup. If you don't delete the original file that put itself in Internet Temp then it replicates itself all over again. That is probably why people are saying it is impossible to get rid of all over the boards. The average person is really screwed by this. I've seen enough of this that their computer finally gives up and can't surf anymore especially over a modem. Then I get the call, I go Windows cleaning and they think I did some sort of magic
Assimilator1
Elite Member
- Nov 4, 1999
- 24,165
- 524
- 126
They send it via cookies through Pop ups. They say on their site it is easy using standard 26K Pop Ups to deliver the payload. :|
ZA at least let me know that something was up when the program attempted to send data it had collected from my PC up to their servers.
ZA at least let me know that something was up when the program attempted to send data it had collected from my PC up to their servers.
Well on a related note:
I had a callout this morning to a machine on which Outlook Express 5.5 would no longer work. A quick look in the MS database and I see the error is associated with a program called "gator". Some quick searches and this turns out to be another of the same ilk - scumware!!!
I was able to remove it using adaware and restore functionality to OE. The user did not give permission for this thing and its associated programs (time update) to be installed on the machine. It obviously just flys in past the firewall through its "popup" disguise. A whole new brand of invasive cyber-thievery.
Intelligent good looking readers of these pages need read no further as the following is just cheap cynical humour at the expense of public servants etc etc..
<Private note to anonymous Georgia spook> OK Thurbert - start searching the machines around your Dept of Scarycyberthuggeekwannabecoppermugs. It cost my client a callout fee plus time. I am willing to get it off the machines in your Dept. for say about 900k </Private note to anonymous Georgia spook>
I had a callout this morning to a machine on which Outlook Express 5.5 would no longer work. A quick look in the MS database and I see the error is associated with a program called "gator". Some quick searches and this turns out to be another of the same ilk - scumware!!!
I was able to remove it using adaware and restore functionality to OE. The user did not give permission for this thing and its associated programs (time update) to be installed on the machine. It obviously just flys in past the firewall through its "popup" disguise. A whole new brand of invasive cyber-thievery.
Intelligent good looking readers of these pages need read no further as the following is just cheap cynical humour at the expense of public servants etc etc..
<Private note to anonymous Georgia spook> OK Thurbert - start searching the machines around your Dept of Scarycyberthuggeekwannabecoppermugs. It cost my client a callout fee plus time. I am willing to get it off the machines in your Dept. for say about 900k
</Private note to anonymous Georgia spook>
deerslayer
Lifer
- Jan 15, 2001
- 10,153
- 0
- 76
Those b@$tards. I found this "gator" file on my computer last week after running adaware. No wonder my email wouldn't work for ages. I couldn't figure out what was wrong with my email. I could receive emails but I couldn't send anything out.
I don't recall seeing the physical address for them but I'm sure it would be under the Investor's pages. There is more to deal with now. Spammers are now loading Pop ups and Spam mail that fire directly into the sound card spewing out voice and music. This is going to force all of us to keep on machines in Mute mode :| :disgust:
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 23K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter