It's attached to my post on the previous page of this thread.

Thanks guys
I should be near 100% on Monday...or close to it. As I mentioned the past few days, I am really sick. I will get in touch with both of you about adding them to adwaresucks.com
We have seemed to have caught the medias attention. I received an email from a mainstream scumware fighting site asking for an interview and a few others.

We are going to have to come up with something easily editable where we can add new programs as they surface. Cookie stuffing is the worst thing we will see happen and it is coming on us like a train. Imagine, someone with this software installed will click on a ccbill link and someone else will be credited with the sale. And nobody will see this happening.

Do you think maybe you could drag ccBill, and some of these sponsors out to explain what they are doing to fix this.|huh

I would like to see a list of sponsors that have made an effort to fight this theftware.

Awesome, thanks man!

Its nice to see a lot of us banding together on this effort, it helps everyone in the long run (well everyone except scumware companies).

Hey zman, nice script!
Haven't tried running it but I know that taskkill is not available for Windows XP *Home* Edition (and probably not for Windows versions before that either). Which means it won't work for most surfers and they'll end up getting a "not a valid Win32 program" - message.

pskill might be an option though it means you'd have to include it in the zip
http://www.sysinternals.com/Utilities/PsKill.html

Also, you might wanna add the "/-p" parameter to your dir commands in case the user has the DIRCMD variable set.

Thanks for pointing that out. I can easily integrate pskill into the batch file.

The DIR command does not work that way with the /-p parameter. I'll just set the DIRCMD variable to nothing like this: set dircmd=

Thanks

The whole program or script thing is tough. I found out yesterday that if you are not using a particular brand of windows or your PCs directory structure is not setup the same, it just won't work correctly.

I am almost thinking of educating surfers on the benefits of cookies and possibly suggesting a good anti-adware program. Of course, I will not change any pages. I may add a page with that suggestion and offer it to anyone that wants to use it. So far, the only way to get rid of this is to follow the instructions to the letter.

I think it may be just too big of a job to make a script and/or program that will work for all surfers suffering from this scumware.

But please, since I am no programer, if anyone has anything that will work with everyone, let me know.

Since I am a simple person, I may be over simplifying a bit, but if as I understand correct, Spybot Search & Destroy(I don't think it kills cookies) checks for Zango and a kazillion other scumware types why not just put a link as to where the surfer can download and install?

I only use SS&D as an example. There are probably other scanners that might do the job.

Ok, now I am ready to hear the faults in my thinking. :-)

I am concerned about this plague, but I am not astute enough to offer any real solutions.

I've used and suggested SS&D for a few years now. I haven't heard, or experienced any problems with it either. However, things may change in the future, and relying on someone else's program to do only the specific task you intend is a bit of a risk. That being said, I wouldn't have a problem directing surfers to a page that links to SS&D. :)

The problem is that Jim (and I) don't even want to appear that we're making money off of this, so by sending them to a program that costs money, it'd come off as a scam.

Getting rid of it isn't that much of a prob, and blocking the IP
for the actual download isn't that hard either, block 66.152.93.119
with your firewall and you'll never get the XXXtoolbar, block
216.130.187.150 and you'll never get the isearch toolbar for example..

When Zango was LoudCash before 180Solutions bought
them U.S. prosecutors charged Jeanson James Ancheta of
Los Angeles,as well as an unnamed co-conspirator,that they
used a botnet to disseminate and install adware from
two firms: Loudcash and Gammacash!
Enter once again Gammacash!!!
|yawn|

I certainly understand you folks not wanting to come off as trying to make $$$ off of this. The Spybot thing is freeware and I'm sure others are also. There is a donation page on the SS&D website but it is an option not a mandatory thing. It was just an example I chose to use.

For Mr/Ms Surfer to edit their Registry is kind of scary tho. Heck, when I have done it, it makes me a bit shaky and I started in the computer biz back in '62. 1962 not 1862 a some would have you believe. ha!

Some time, someday someone will come up with a cure. I'm almost positive of that.

I understand the importance of credability in this situation, and I completely agree. It's important to keep the surfer's trust through all this.

But I believe SS&D is free to use and download, though they will accept donations. Tis why I agreed to the use of SS&D. :)

Would it be possible/easy to have two pages side by side, one that links to a single, suggested program, and one that's completely clean? It should be easy enough to pass a single argument through the url, make it switch between different types of content... but keeping track of that content is more work.

I know I wouldn't have a problem directing surfers to a site that links to SS&D, but I'm sure not everyone feels the same way.

I'm not sure we'd (Jim) would want to do that at this time, but feel free to set it up like that on your own domain.

All we're (Jim) doing is giving people the option to use the page on our server, but you can easily set it up to go to a page on your domain as well :)

The PCs directory structure does not need to be set up in the standard way (C:Windows; C:\Program Files; etc.). The script I wrote is pretty simple but it does search for zango executables and dlls, unregisters and deletes those files. It also deletes known zango registry entries and zango cookies. I've made some minor changes since I uploaded it and I've also integrated the free process kill utility from symantec because as MightyMidget said the taskkill command is unavailable in Windows XP Home Edition. But the script still does not work under Win95/98/ME.

Of course the easiest and most effective way would be to recommend to the surfer a commercial adware/spyware remover, but as Greenie said they might think we want to make money off them.

My script does the same thing with a double-click of a button. I'll email you Jim with the latest version to your GGJ mail address. I've tested it out on quite a few computers and it worked fine. If it still has some flaws I should be able to make a few improvements.

Well it's not easy but it can be done. I believe it might take a week or so to write a good remover that will work under all Windows OS's. The software should also be easy to adapt to new scumware like zango.

I was just trying to look out for the webmasters who aren't as geeky as me. ;)

But you're right, now that Jim has shown the way, I could easily build my own set up. :)

I would rather use an own page, easier to keep track of how many it really is then :) I send around 6-700/day to my page from my sites

Not that I want to sway anyone away from doing it themselves, but if you use the css option & send it to adwaresucks.com, you can tell how many hit the page each day by how many times the css file was loaded.

You guys would not believe some of the crap I have learned over the past couple of days. A person that has been fighting zango for almost 3 years contacted me and he has taught me a lot about zango. These guys are some of the most devious we have ever been up against. The crap they are doing with cookies, iframes and even javascript is crazy. We have barely touched the surface with the popups. But, some of the stuff they are doing is illegal. And, they should be going to court in a few days. The illegal stuff may be their downfall... Cross your fingers.

Looks like they got a bit of a spanking...

http://blog.wired.com/27bstroke6/200...sage_to_i.html

Small potatoes for the fuckers, but at least it's a start |thumb

Shit, I just posted a link to cnet saying the same thing. The important part is they have to clearly let the surfer know they are installing pop ups and provide an easy removal tool.

Great stuff...
thanks for sharing this with us...

Thanks for the htaccess file.

http://www.vnunet.com/vnunet/news/21...-targets-zango

Zango spokesperson Steve Stratz called the Zango Warning site "blatant lies and scare tactics", and provided vnunet.com with a copy of an ad that the company will soon be running.

The ad, which is set to appear every time a user is re-directed to the Zango Warning site, tells the user "The Web page in question is designed to 'scare the surfer', as its 'creator' has confessed.

The makers Greenguy and Jim did not return a request for comment.

|popcorn| good find eman
Makes me proud to be a member of GGandJ |thumb

These zango people are slippery bastards (:

DAMN SPAN FOLDERS! Not to worry, I know Jim will have a comment for them tomorrow :)

I've already come up with a possible solution - assuming they are detecting it based on the domain adwaresucks.com (how else would they be detecting it?) all you really have to do is put it on a different domain.

Each of us is going to have to host it on our own domains. And yes, they'll eventually get a list of domains that are doing it together & pop-up the anti-ad every time a user goes to those domains, but they won't get every domain if everyone uses a different one

Yes, this will take time on our parts & yes, it does seem like work you've already done, but think of the workload they'll have surfing around to all our sites seeing if the ad pops up :D

How about a speedy redirect with htaccess that's set to point to one of many recently designated "info" pages?

Kind of a shame this is turning into a pissing match. As they adapt, we're forced to do so. Seems to me fighting with these people with code, and web tricks seems like a battle of wasted efforts. We need to fight them on a level on which they can't easily compete.

Find something in their documentation and harass them legally through the judicial system... maybe even a class action lawsuit for stolen revenues?

Holy Shit..I was never asked for a comment about what any zango spokesman said. Maybe Sparky can come up with some way to stop their warning from blocking our warning :) I do have to wonder, what lies did I say in the warning? I quoted Zone Alarm and I said that what zango was doing was not illegal since the user agreed to it in their terms and conditions. Maybe that was the lie :)

Oh yeah...I have a funny story, speaking of zango. Saturday, my daughter brought over her laptop because she has been running without any virus protection. So, I go and search for Pccillan..I forgot the domain. I find it and go to the site. I am about to click on buy and a window pops up with another buy in it. So, I start to move my mouse to it to click and then look at the bottom of the browser. "Browser brought to you by Zango" :)

I would like to collect stats on my server to see how many surfers are infected with ZANGO. There must be an easy way.

You could use the htaccess code that we have, redirect it to a copy of your main page on your server & see how many people have it by watching the stats for the mirror page.

Sparky looked thru the log files last night & no email from vnunet.com came thru the servers in the last 2 weeks.

I think you need to write them a strongly worded letter!

That was easy.

Thank you

OH! I thought of another possible solution for this - on the adwaresucks.com page, where they will be popping up the anti-ad, we can add some text along the lines of: "The pop-up you just saw is proof that Zango is tracking where you are surfing - how else would they know that you were on the our website? Please read......"

I really hope that when we see what they have done, Sparky will come up with an answer for us. Like I just told Greenie, they could have something as easy as if the word zango is on a page, they popup the window calling me a lier using scare tactics. Since they have included themselves on their exclusion list, they really don't want to use their browser when zango is mentioned anyway. I think we have to fight this with software and not just moving it. But, if we could pop somethig on top of their popup like Greenie mentioned that might work as well.

Oh yeah, anyone redirecting to the adwaresucks page...if you would like to know how many surfers you have sent, just ask me and I will let you know.

Hey Jim, you could always put an looping auto-focus on your page to bring it to the top. Even if they do the same it will drive the surfers nuts with the page flipping.

Well here the details direct from MetricsDirect(Zango) page on how they deliver ads.
http://www.metricsdirect.com/whatwed...ngyourads.aspx
"a woman types in “women’s discount shoes” on Google. Google delivers a page with its usual list of search results and sponsored listings. Zango delivers a new browser window above this listing, displaying the advertiser’s landing web page."

I forgot that since we are sending traffic using an htaccess file, I am only able to see the sites that send traffic to you. The numbers are crazy. So far for the month of November, that page has gotten 153434 visits. :)