Aggressive pop-up ad with ErrorSafe SpyWare

Today's ad-banner for "Work Home Centre" very aggressively pushes the ErrorSafe Trojan/Spyware. I'm getting it on every forum page that I watch. Every ad spawns fewer than four Pop-up message boxes with their exaggerated nonsense. Upon pressing "cancel", each thread then pushed a signed installer download, two more message boxes, a pop-up window and finally pushes a download to your computer. That's at least 24 clicks to dismiss ErrorSafe per page on CivFanatics.

The URL to the offending ad is displayed is:
http://image.ugo.com/performance/whc_728x90_ugou4000_intl.swf

I added it to my block list immediately to see if I could at least use CivFanatics again, but so far no such luck. Temporarily blocking flash works for me.

Although I don't have this problem yet, this does sound serious.
I hope the admin will take an appropriate action this time.

Aye, its very bad! popup after popup

Took me a lot of work to get around the popups to post this even.

ERRORSAFE is such ugly crap!

Think that for a lot of people Civfanatics is not usable at all atm.

Hope you can remove it quickly.

I don't think that Thunderfall can make himself something very quick, AFAIK he can report the ad, but he can't remove it himself, since he isn't the one to decide what ads are shown in the forum. I might be wrong though.

if possible, take a screenshot of the dodgy ad.

Telefragged (our hosting company) needs a screenshot of the offending ad to help identify it.

(FWIW, I have had no problems with ads lately)

Mercade said:

The URL to the offending ad is displayed is:
http://image.ugo.com/performance/whc_728x90_ugou4000_intl.swf

Click to expand...

Putting this in my address bar and hitting enter gives me a '404 Page Not Found' error.

If/when this happens again, please include a screenie of the offending ad.

**** !!!!!!!!

I could access to this page only by unchecking the internet option "Contrôles Active X reconnus sûrs pour l'écriture de scripts."

Those guys should be shooted!

First I wish I know how this kind of **** is possible ??? Thanks for this time the trojan can be not downloaded, but one time it did alone and screwed all my PC!!! I had to reinstall the whole thing.

Come on, how come those guys are not arrested??? This is so ****ing annoying!

Ok now here are the screenshots, for the french version of the ****. each time i clicked on Cancel ("Annuler") or on the cross, and it brang me on the next step.

By the way, can anybody explain to me how such a nonsense is possible???

I have the same problem and I have spent the whole day trying to solve it. First I thought I had some piece of spyware in my computer which takes over civfanatics and redirects me to that site. After several hours scanning my system some friend in Poly told me some people in Civfanatics have the same problem as I. Thank you very much for the info.

This is unfortunately the work of a 3rd party ad. With the screenies Thunderfall and Telefragged will remove the offender. Thankfully I have Mozilla and Adblock which helps removes thesee problems.

What we need is a screenshot of the ad (top and bottom banner ads) that is causing these problems.

I can see that you are having a problem, but Thunderfall/Telefragged can't do a thing until they know which ad is bad.

How do we know it? The time to hear 4 little clicks and we are on the screens I showed you.

Does it close your CFC Browser Window? *That* is what we need pics from.

Yes it closes it. But you know, there's a time I'm on CFC, another one on my deskstop as I showed you above. How am I supposed to prove that it goes from the first to the second with a screenshot? By the way, I pressed Stop and managed to see this animated ad:

Thanks. I have reported the bad ad to Telefragged.

Naokaukodem said:

I could access to this page only by unchecking the internet option "Contrôles Active X reconnus sûrs pour l'écriture de scripts."

First I wish I know how this kind of **** is possible ??? Thanks for this time the trojan can be not downloaded, but one time it did alone and screwed all my PC!!! I had to reinstall the whole thing.

Click to expand...

The ActiveX mechanism has its uses. Unfortunately, what has uses can also be abused. The problem with internet is that many forms of abuse cannot easily be stopped other than pulling the plug on the service altogether.

In this case, the people making ErrorSafe rather unscrupulously and aggressively market their malware by making the innocent user believe there is a problem on their PC. They apparently do not care in the least that their methods make it totally impossible for a user to use his PC. Because it is apparently not technically illegal - and even if it was, under which country's law - and thus very difficult to prosecute, these companies get away with it. (As demonstrated in other cases, the US government generally doesn't care what US companies and the US government do to non-US citizens; it seems ErrorSafe only harasses non-US users to avoid US lawsuits).

To protect yourself, you could switch off ActiveX complete, or use a non-IE based browser. Alternatively (and that's what I did) you can change the IE options (security tab, custom level) to disallow any unsigned ActiveX and to prompt you on the use of signed ActiveX scripts. This way you can still allow scripts you trust, but doesn't let (signed) malware such as ErrorSafe to be executed automatically.

PS Thanks to Thunderfall to pass the message. Sorry I didn't include screenshots.

Thanks to have done this and thanks for the message above. Aren't there any means to fight locally (in each country) against this kind of crap by the way? Or nobody really cares. And yes, I swithced off the Active X controls or I simply couldn't enter those messages. The ad seems to have disappeared now.

I understand your frustration. Your question can easily spark a wide ranging debate on what could be illegal, what should be illegal, and whether or not you should be using IE in the first place. Even if people want to do something about it, from a practical point of view it is very difficult.

Imagine yourself walking down the street and someone shows you a poster advertising for Moulin Rouge. Fine. The next person tries to give you a leaflet, or talks to you about it. Fine. Then a group of five surrounds you to talk to you about great show, putting a brochure in your hand while they try to sell their tickets. They won't let you pass until you punch them in the face and run. Seriously annoying, but without a cop around, nobody to stop them. The next day you bring the gendarme and they just stand in the street, but don't assault you. No lawsuit.

You are using a French ISP to connect to a US site that displays ads from a(for instance) Nigerian company. Who should be sued? The ad may not be illegal in Nigeria. And if it was, sue a Nigerian company for displaying an ad on a US website that is visible in France? The French ISP is simply the transporter (the phone company isn't liable for what I talk about on the phone either). And the US website is cooperative in the sense that they remove unwanted ads from their site when people complain.

In this particular case we agree that the guillotine is suitable punishment for the ErrorSafe marketeers. But would we also agree if there was only one thread instead of four? Or if there was only one click to cancel a thread instead of six? That's very subjective.

What is illegal content in one country (e.g. sale of nazi propaganda) is considered free speech in another. Yahoo France was convicted for this and now has to try and bar such content on its US website from French users. An impossible task.

Mercade, thanks for this message. I'm really not familiar with law things, so I will not argue with you much. But while I agree with you that the only guilty in this is this Nigerian "society", I would say that their fault is major. Indeed, without desactivating the Active X controls, I just simply counld not access this site. But the worst is there: I'm sure that if I would not have updated Windows XP, the trojan would have downloaded itself alone and infect my computer, this already happened to me. So those bandits are IMO obviously guilty of a kind of crime I could not qualify, in english or even in french. So they should be arrested.

Yahoo France was convicted for this and now has to try and bar such content on its US website from French users. An impossible task.

Click to expand...

I didn't know that. Why have they been convicted exactly? Why is the task impossible?

I never get viruses, trojan or any other kind of malware. Whether its Firefox, the sites i go to or a combination of that (and more), im not sure.