What happened to the Messenger Plus! forums on msghelp.net?
Shoutbox » MsgHelp Archive » Messenger Plus! for Live Messenger » WLM Plus! Help » ihaterogers.ca toast popup

Pages: (2): « First [ 1 ] 2 » Last »
ihaterogers.ca toast popup
Author: Message:
Nestea80
New Member
*


Posts: 1
Joined: Dec 2009
O.P. ihaterogers.ca toast popup
I (along with some friends and other people), got a toast popup that says "Frustrated with Rogers?  You're not alone ... "  And if you click it, it directs you to www.ihaterogers.ca website.

I did not agree to participate in the sponsor program.  I went to modify the installation to make sure, and indeed the sponsor tick is greyed out.

This is the forum where it is being discussed:
http://www.redflagdeals.com/forums/merged-ihatero...dom-pop-up-821977/

All of us have one thing in common.  We all use Messenger Plus.  I've only seen this pop up once, and it doesn't concern me much as long as it isn't harming my computer.  But, I was just curious as to how it popped up when I didn't participate in the sponsor thing.
12-07-2009 03:52 AM
Profile E-Mail PM Find Quote Report
Rolando
Veteran Member
*****

Avatar
Santasend

Posts: 1325
Reputation: 52
34 / Male / Flag
Joined: Feb 2006
RE: ihaterogers.ca toast popup
I've never seen this popup, and I've always used MP!L. Do you have any scripts installed? Though I'm sure scripts won't advertise either.

I'm pretty sure it's not Plus! though
[Image: sigxmascopy.png]
12-07-2009 06:40 AM
Profile PM Find Quote Report
Spunky
Former Super Mod
*****

Avatar

Posts: 3658
Reputation: 61
36 / Male / Flag
Joined: Aug 2006
RE: ihaterogers.ca toast popup
It is not Messenger Plus! Live from what I can tell unless a malicious script has somehow been placed on your PC to allow it.

It sounds like the users of that forum know a fair bit about what they're doing. A couple have mentioned they did install the sponsor, which completely rules that out. MP!L is completely transparent about what it installs (which I know believe is just an Ask Toolbar and home page change).

<Eljay> "Problems encountered: shit blew up" :zippy:
12-07-2009 11:54 AM
Profile PM Find Quote Report
CookieRevised
Elite Member
*****

Avatar

Posts: 15517
Reputation: 173
– / Male / Flag
Joined: Jul 2003
Status: Away
RE: ihaterogers.ca toast popup
quote:
Originally posted by Spunky
It sounds like the users of that forum know a fair bit about what they're doing
I don't entirly agree though! At least not those guys in those latest posts in that thread who linked all this to Messenger Plus!, at least in the way they linked it to Plus!.

If you read that thread a bit better, you'll notice that they very quickly jump to the conclusion it is Messenger Plus!, but mostly based on assumptions like:
- "Plus! installs spyware, and ...."
- "The popup's close button is the same as the close button used on a Plus! toast."
- The other guy said so

But those assumptions are seriously wrong and mostly fueled by other/old heresay about Plus! and its sponsor and not at all based upon actual facts. eg: A same close button (which is actually just a standard image) doesn't say a thing, not in the slightest way, about the relationship between the two. A lot of programs use that close button image because it is a standard image. And many programs use such kind of popups/toasts too.

On NeoWin, the guy who claims it is a Plus! toast because "the close button matches up", even says the close button is actually NOT exactly the same. So...

But people do not read all the posts in detail and only see what they want to see. As a result, everybody now seems to jump on the bandwagon of Plus! "having a big secuity hole", "the setup has a bug in it" and it is "Plus!'s sponsor fault" (all quotes from those threads) and all the old heresay comes boiling up again. While the popup certainly does not come from the Messenger Plus! addon itself or its old depricted sponsor.

The claim by ji_hyun_junthat it is useless to have a screenshot of the popup is not correct either. For stuff like this, having a screenshot of the popup can help a great deal to help identify the culprint. Especially if it can not be reproduced on demand.

Not to mention that he finds it "mysterious" that "scans didn't showed up anything" and that they are all "quite security aware" seriously raises my eyebrows. No offense though, but if they are "quite security aware" and "know what they are talking about" they should know that scans quite often do not show up stuff (an quite often give false positives too). Especially when it comes down to such popups, as they can not be distinguished from normal programs. People way too often rely on such scans and popup killers and swear by them. And that is quite the opposite of being "quite security aware" , but that is imho.


-----------------


What might have happened, related to Messenger Plus!, is that all those people downloaded and installed some malicious Messenger Plus! script from somewhere by visiting some malicious url, as mentioned before (which in a way tells something about them being "quite security aware" and "knowing what they do" to come back to ji_hyun_junthat's quote). And if that is the unfortunate case, they should check out their scripts and uninstall that script (after sending it to Patchou so steps can maybe be taken).

But it certainly is worth noting that it seems that it is mostly people on the RedFlagDeals forum who have experienced this (except for SonicSam (EDIT: and roflmao456 :p), but we all know what dodgy sites he visits in his spare time :D).

But again, its not Messenger Plus! itself or its sponsor which is responsible for the popup though!!!


-----------------

A way to realy see what the culprint is, is to use a program like Spy++ and Process Explorer to check out the process which creates that popup window. And then try to link that process with an installed program or whatever. Although it is also possible that this popup is actually created by a website.

Anyways, I hope the real culprint is found soonish before more people slander Messenger Plus! for it.


Related threads:
http://www.redflagdeals.com/forums/merged-ihatero...ndom-pop-up-821977
http://www.neowin.net/forum/index.php?showtopic=852260
http://www.basilmarket.com/forum/1307360/1/ihaterogersca_popup.html
http://www.hondaprelude.to/forums/showthread.php?p=1486745

This post was edited on 12-09-2009 at 06:07 AM by CookieRevised.
.-= A 'frrrrrrrituurrr' for Wacky =-.
12-07-2009 03:17 PM
Profile PM Find Quote Report
Patchou
Messenger Plus! Creator
*****

Avatar

Posts: 8607
Reputation: 201
43 / Male / Flag
Joined: Apr 2002
RE: ihaterogers.ca toast popup
Hi,

I can confirm this is not coming from Messenger Plus!. I checked the servers and all is fine on that side as well. Maybe the internal APIs of Plus! got abused by some program or web site. I'll investigate.

Patch
[Image: signature2.gif]
12-07-2009 04:59 PM
Profile PM Web Find Quote Report
roflmao456
Skinning Contest Winner
****

Avatar

Posts: 955
Reputation: 24
30 / Male / Flag
Joined: Nov 2006
Status: Away
RE: ihaterogers.ca toast popup
I got it once too :P
[quote]
Ultimatess6
: What a noob mod
12-07-2009 08:49 PM
Profile PM Web Find Quote Report
mr_poopyhead
New Member
*


Posts: 1
Joined: Dec 2009
RE: ihaterogers.ca toast popup
hello,

first, i'd like to thank patchou for this great bit of software, and thanks for looking into this issue.

please look into this issue closely as i really do believe messenger plus! OR windows live messenger is the culprit here. the only real discussion i can find on this issue is from the redflagdeals forum, and while they may come off as abrasive or misinformed, messenger plus seems to be the only common element in all of this. that in itself is worthy of investigation.

i have something else to add to this that i've not seen posted yet and which i think may be the strongest evidence pointing to msg plus!/WLM....

at the time i received this "ihaterogers" popup, i had JUST completed a fresh install of windows XP SP2 (downgrade from win7... but that's a story for another time, :P) the only things installed on my computer at the time were:

- firefox with adobe flash plugin
- thunderbird
- ati drivers and control center
- logitech setpoint
- razer mouse utility
- 7-zip
- plextor plextools
- a buttload of windows patches

and of course WLM with msg plus! /w enhancer script

when i woke up in the morning i saw the popup on my screen and freaked out... i mean.. this install was less than 10 hours old and already, my computer was infected??? it was unbelieveable. 5 other computers on my network and i'm the only one who got it. my brother uses WLM, but he's never reported anything fishy lately. i myself haven't seen this popup since... i'm kinda wishing it would come up more regularly so i could find out more about it.

this post is not meant to accuse you of anything malicious... but if someone has exploited something in msg plus! hopefully you can get to the bottom of this. thanks again for all your hard work.

This post was edited on 12-08-2009 at 04:52 PM by mr_poopyhead.
12-08-2009 04:28 PM
Profile E-Mail PM Find Quote Report
Nagamasa
Skinning Contest Winner
*****

Avatar

Posts: 1842
Reputation: 30
31 / Male / Flag
Joined: May 2006
RE: ihaterogers.ca toast popup
A screenshot was posted of the ad at the RedFlagDeals.com Forums:

(This isn't my screenie.)

[Image: msnad.png]

http://www.redflagdeals.com/forums/merged-ihatero...977/3/#post9887131
[Image: unled1uo.png]
Joined this forum 6768 days, 18 hours, 2 minutes, 3 seconds ago.



12-09-2009 02:47 AM
Profile PM Web Find Quote Report
ji_hyun_jun
New Member
*


Posts: 1
Joined: Dec 2009
RE: RE: ihaterogers.ca toast popup
quote:
Originally posted by CookieRevised
quote:
Originally posted by Spunky
It sounds like the users of that forum know a fair bit about what they're doing
I don't entirly agree though! At least not those guys in those latest posts in that thread who linked all this to Messenger Plus!, at least in the way they linked it to Plus!.

If you read that thread a bit better, you'll notice that they very quickly jump to the conclusion it is Messenger Plus!, but mostly based on assumptions like:
- "Plus! installs spyware, and ...."
- "The popup's close button is the same as the close button used on a Plus! toast."
- The other guy said so

But those assumptions are seriously wrong and mostly fueled by other/old heresay about Plus! and its sponsor and not at all based upon actual facts. eg: A same close button (which is actually just a standard image) doesn't say a thing, not in the slightest way, about the relationship between the two. A lot of programs use that close button image because it is a standard image. And many programs use such kind of popups/toasts too.

On NeoWin, the guy who claims it is a Plus! toast because "the close button matches up", even says the close button is actually NOT exactly the same. So...

But people do not read all the posts in detail and only see what they want to see. As a result, everybody now seems to jump on the bandwagon of Plus! "having a big secuity hole", "the setup has a bug in it" and it is "Plus!'s sponsor fault" (all quotes from those threads) and all the old heresay comes boiling up again. While the popup certainly does not come from the Messenger Plus! addon itself or its old depricted sponsor.

My apologies if you mistook what I said. I meant that we were more than your 'average' user. Perhaps I'm not as technically inclined as others, but RFD does indeed have a lot of 'geeks' on it whether or not you'd like to believe that is up to you. However, insulting the intelligence of another community when you don't know them is quite rude.

I would disagree that the assumptions made were fueled by Plus!'s previous reputation or anything of the sort. It's quite obvious that a lot of us use and trust plus, it's not jumping on the bandwagon of bashing it. The fact that it pops up on the bottom right corner of the screen the (exact) same way an msn notification does certainly gives us some reason to suspect that it was something related to msn. Especially given when the only programs that were open at the time for one of the users was MSN and Word, it didn't seem likely that it was from a browser.

quote:
Originally posted by CookieRevised

The claim by ji_hyun_junthat it is useless to have a screenshot of the popup is not correct either. For stuff like this, having a screenshot of the popup can help a great deal to help identify the culprint. Especially if it can not be reproduced on demand.

Not to mention that he finds it "mysterious" that "scans didn't showed up anything" and that they are all "quite security aware" seriously raises my eyebrows. No offense though, but if they are "quite security aware" and "know what they are talking about" they should know that scans quite often do not show up stuff (an quite often give false positives too). Especially when it comes down to such popups, as they can not be distinguished from normal programs. People way too often rely on such scans and popup killers and swear by them. And that is quite the opposite of being "quite security aware" , but that is imho.


Yes, scans can show up nothing, but the fact that it went through the number of different people that it did and not be found by any of the different programs by various users certainly means more than just false positives or something that was missed by a single scan. It was in my opinion, that a screenshot wouldn't help much based on what popped up. As seen above, it's as I described it: a box that pretty much says hate rogers? go to ihaterogers.ca that appears on the bottom right much like an msn notification. Perhaps maybe you can get something out of that picture, but I just didn't see any use of it. I could very well be wrong, but that was just the way I saw things. 

I'm not here to argue with you about what goes on in Msn P! or about whether or not I'm technologically knowledgeable in this. I'm certainly not at the level of what you're mocking me to think of myself to be. But logically, given the information we have, Messenger Plus! does seem to be the only other thing in common with ALL the users with this problem other than being members of that forum. I certainly don't think our claims are absurd or unreasonable based on what we've come up with so far.

I too, would like to get to the bottom of this. While I certainly don't believe that Messenger Plus! has any malicious intent, the plugin is certainly our biggest lead so far. Thank you for your hard work.

This post was edited on 12-09-2009 at 02:36 PM by ji_hyun_jun.
12-09-2009 02:35 PM
Profile PM Find Quote Report
CookieRevised
Elite Member
*****

Avatar

Posts: 15517
Reputation: 173
– / Male / Flag
Joined: Jul 2003
Status: Away
RE: RE: RE: ihaterogers.ca toast popup
quote:
Originally posted by ji_hyun_jun
My apologies if you mistook what I said. I meant that we were more than your 'average' user.
Nothing to apologize for, as I probably misunderstood you in that case. It is very true that you are more than the 'average' user, but a lot of people in that thread seem not to be, at least is _seems_ so when you read how they come to the conclussion that it is Plus!.
quote:
Originally posted by ji_hyun_jun
However, insulting the intelligence of another community when you don't know them is quite rude.
I never meant to insult anybody. It's also not because you don't know something that you're not intelligent, or vice-versa. If they or you find that insulting then I apologize.

But I simply made the observation that many of those posts talk about it with the previous 'reputation' of Plus! in mind, those are very clear and almost literally say it. Others clearly have that same undertone, except for a small few. Making that observation is not insulting those posters imho, it is simply stating that they apparently do not know exactly what they are talking about.

But the problem with that is, as you surely know, that other people (who know even less about the subject) do take those posts as 'truth', repost those posts and/or jump on that bandwagon, and you get again a lot of here-say and other false assumptions. And as with a lot of stuff on the internet (especially in fora): "if many people claim something it surely must be true".

Thus:
quote:
Originally posted by ji_hyun_jun
I would disagree that the assumptions made were fueled by Plus!'s previous reputation or anything of the sort.
Then we need to agree to disagree because I could start quoting each and every post which talked about Plus! like that, or which has that undertone, and that post would become very long...

In fact, I exactly did that by making a post on the redflagdeals forum and quoting the most obvious ones in that thread trying to set things strait. But for some reason, the mods did not approved my post*. And they also haven't replied to my mail asking for an explanation... Eventhough it did not break any rules in the slightest way. The only thing you could say about it was that it was long, very long compared to the average post there... I find that not approving such a post (because it is long? because it set some things strait? Because it defends Plus!? who knows) is very dubious in itself. Just as I find it very strange that it _seems_ that mostly people on that forum have experienced that popup.... (= indeed a small undertone that something could be fishy there, but that is based on no facts at all other than my personal opinion, which doesn't matter at this point).

* for the people here: the first post of a new member needs approval in that forum, to see if you're not a bot/spammer. Might not be such a bad idea to do it here too actually :p

quote:
Originally posted by ji_hyun_jun
The fact that it pops up on the bottom right corner of the screen the (exact) same way an msn notification does certainly gives us some reason to suspect that it was something related to msn.
Which is already a very false assumption in itself because there are a hell of a lot other programs which do exactly the same thing. This is by far nothing unique to Messenger or Messenger Plus!.
quote:
Originally posted by ji_hyun_jun
Especially given when the only programs that were open at the time for one of the users was MSN and Word, it didn't seem likely that it was from a browser.
Now _that_ is a good assumption. All the rest is seriously irrelevant and assuming the wrong thing.

(Eventhough, there could also be other programs running in the background which also pops stuff up. It wouldn't be the first time I see somebody saying he/she only has program x and y running, while in the background there are like 10 hidden processes. Usually coming from stuff loaded when Windows starts. In fact, if you learn one thing from giving support all the time, you learn that 99% of people saying something like "I only have program x and Y open", usually do have hidden processes running from other programs (and even malware and/or adware in some cases)).

quote:
Originally posted by ji_hyun_jun
Yes, scans can show up nothing, but the fact that it went through the number of different people that it did and not be found by any of the different programs by various users certainly means more than just false positives or something that was missed by a single scan.
Actually not though, not in this case. And that is my point I was trying to make (in a bit of a strong way, I must admit).

Such stuff is extremely easy to make, and you wont do anything out of the ordinary. Extremely many adware things are never ever picked up by scans, simply because scans do not check on such stuff or simply can not distinguish it from a normal program (because it simply uses the same stuff that any other normal program uses). Such scans quite often check on certain routines in programs, if you don't use such a routine, you're in the clear. It is only seldom that scans actually check upon the whole program/process and have a checksum of the program to compare it with.

In fact, I could write douzens of malware programs (anyone could actually) which would never be picked up. At least not immediatly unless someone reports the program to all the anti-malware companies. And even then it is often not possible to make a good detection system for it unless you want to have false positives all the time (although that seems to be the trend these days - the more false positives the better the security program is... not). And after that, all I need to do is alter the program a bit more.

The same for Messenger malware. Many people are surprised their scanner does not pick such stuff up. But how can it? There is nothing out of the ordinary about such malware, except that it shows maybe some ad, changes your homepage, or tricks you in surfing to a certain page. All things which any 'normal' program might do.

It is therefore absolutely no surprising at all that such stuff is not detected at all imho.

quote:
Originally posted by ji_hyun_jun
It was in my opinion, that a screenshot wouldn't help much based on what popped up. As seen above, it's as I described it: a box that pretty much says hate rogers? go to ihaterogers.ca that appears on the bottom right much like an msn notification. Perhaps maybe you can get something out of that picture, but I just didn't see any use of it. I could very well be wrong, but that was just the way I saw things. 
The content of the picture is indeed of not much use, in this case. But it isn't so much the content, what the picture says, which is important.

The important part is in what kind of graphical 'container' the picture is shown. For example: if it was looking exactly like a Plus! toast (and I mean exactly; thus not like some user claimed "it is exactly like a Plus! toast" while there is nothing similar about it), it would already give a very strong clue. Also the position on your taskbar can give clues. The used border colors, the thickness, the title, the size, etc, etc.

--------

PS: don't get me wrong.... I don't say it can not be something which is abusing Plus! or whatever though!!! But it certainly is not coming from Plus! itself, or its old depricted sponsor. I only wanted to set some things strait as many assumptions made in that thread are completely irrelevant and/or false (eventhough they eventually might lead to the same culprint, but that is only coincidence in that case).

I wouldn't have shouted one bit if people simply stated what you stated, which is "one thing in common is Messenger and Plus!", but nothing more or less! However, I will always shout when there are wrong assumptions being made and will always try to set things strait and/or tell people what is wrong with those assumptions so they don't make the same mistake again next time.

To investigate stuff like this in a proper way one should base their findings on facts, or at least on very calculated guesses while having a big expertise on the matter. Thus not on here-say and other false stuff, or stuff which you think is true while on the same time you actually do not have the technical knowhow to make sure it is true. Unfortunalty, the later happens way too often and is done by everybody sometimes, including me.

---

Anyways, enough space wasted in this thread me thinks :D Who will read it all anyways :p
PS: ji_hyun_jun, it's great to have someone from there here now... keep us informed!

This post was edited on 12-09-2009 at 11:08 PM by CookieRevised.
.-= A 'frrrrrrrituurrr' for Wacky =-.
12-09-2009 05:40 PM
Profile PM Find Quote Report
Pages: (2): « First [ 1 ] 2 » Last »
« Next Oldest Return to Top Next Newest »


Threaded Mode | Linear Mode
View a Printable Version
Send this Thread to a Friend
Subscribe | Add to Favorites
Rate This Thread:

Forum Jump:

Forum Rules:
You cannot post new threads
You cannot post replies
You cannot post attachments
You can edit your posts
HTML is Off
myCode is On
Smilies are On
[img] Code is On