Spyware Issues (was Bellrock Warning)

Black21Jack

Dormant account
Spyware Issues

Well, on advice from another posting I had regarding Viper Software I went directly to www.bellerock.com, not through an affiliate link. I proceeded to download Home Casino and install the software. Now I dont know if you read older posts of mine regarding Golden palace Casino and some fishy activity on my computer after using their software but you can read it here Anyways, as soon as I installed the software my internet home page was changed to res://myfzv.dll/index.html#27859 which is called Home Search, hmmm, Home Casino, Home Search, is there a connection? Now when I open my IE it goes directly here and I get a flood of pop up ads along with it. It also now tries to install some kind of feature for Office XP everytime I run IE. I get an Office Installer pop up and when I click cancel it gives me the error that I have included as a picture below. Spyware Blaster and SpyBot S&D even when fully updated cannot detect anything on my comp. Now when I go to Control Panel Add/Remove Programs I do find three programs that are responsible, one called Home Search Assistant, Search Extender, and Shopping Wizard. When I go to uninstall these programs I get the message: Unable to open "http://looking-for.cc/uninstall/program name.html" No one can say that it is coincidence, that it is not from Home Casino. The search is called Home Search, and I have not had a problem on my computer since the Golden Palace fiasco. I have had my computer cleaned and immunized by several spyware/adware programs and I have not installed any other software until yesterday. When I had only RTG on my comp. no problems. This is very shady, and I caution all against downloading anything from Belle Rock. Who knows what info they are obtaining off my hard drive, and no matter what I do I cannot get rid of it.
 
Last edited:

mucullus

Experienced Member
I also played at Home Casino, but I didn't recognize any spyware coming with the software.
Btw. Home Casino is the only Belle Rock Casino that doesn't use the new VIPER software, but the old microgaming sw.
 

Sodax77

Dormant account
Can't help, but try with google "1033/setup.hlp" (with "-marks).
Also check with SpyBot S&D (Advance mode) what programs start, etc. Not usual search-thing.
 

sw2003

Dormant account
I played at Belle Rock using the download software. I did not get any spyware,
homepage change, pop up etc.

I have also installed Golden Palace but also did not get any spyware, homepage change, pop up etc.

So are you sure the source of your problem is with the downloaded softwares?
Why would they pick you out of all the people? If you are that lucky, you
should be a millionaire by now. Have you visited other dubious sites besides
Belle Rock? May be one of your other frequently visited sites is the source of
the problem?
 

HateMG

Dormant account
You can manually delete these files doing search in Windows Explorer on C: drive. Also check the registry (run command regedit)
 

padanian

Experienced Member
I downloaded the software of Home Casino just today, but did not face any problem. The same for all the other casinos from that group.
 

jpm

Dormant account
The problem is you went to the wrong website, the bellerock website is at www.bellerockGAMING.com

There's nothing shady about the bellerock group, just the scumbag affiliate that setup the website you mentioned. If I were you, I'd notify bellerock directly about this. They should pull that clown from their affiliate program.

Also, try adaware from www.lavasoft.de and see if that cleans up the problems.
 
Last edited:

Black21Jack

Dormant account
sw2003 said:
I played at Belle Rock using the download software. I did not get any spyware,
homepage change, pop up etc.

I have also installed Golden Palace but also did not get any spyware, homepage change, pop up etc.

So are you sure the source of your problem is with the downloaded softwares?
Why would they pick you out of all the people? If you are that lucky, you
should be a millionaire by now. Have you visited other dubious sites besides
Belle Rock? May be one of your other frequently visited sites is the source of
the problem?
Umm, as I said before no software has been installed on my computer for months. As soon as I installed from Home Casino it happened, my computer has been fine for months now. Coincidence? No other sites have I downloaded anything from. Spybot advanced, fully updated, spy ware blaster fully updated, control panel add remove, I have done it all, this one is pure stealth. As far as dubious sites, I do not play any casinos except RTG, so on advice I went to Belle Rock and this is the only other site I have downloaded from since Phoenician which definitely does not do it because it just happened right after installation of Home Casino.
 

jpm

Dormant account
In addition to the programs you mentioned you were using, you should also use an internet security program like Zone Alarm. What happened is a classic malware/spyware/browser hijack. An internet security package along with spybotm, etc. would help prevent such things from happening again.

As I said before, www.bellerockgaming.com is the correct website for this group, not www,bellerock,com (dots removed so people don't click on it and get hosed). I'm certain that is the root of the problem and not home casino.
 

Black21Jack

Dormant account
jpm said:
In addition to the programs you mentioned you were using, you should also use an internet security program like Zone Alarm. What happened is a classic malware/spyware/browser hijack. An internet security package along with spybotm, etc. would help prevent such things from happening again.

As I said before, www.bellerockgaming.com is the correct website for this group, not www,bellerock,com (dots removed so people don't click on it and get hosed). I'm certain that is the root of the problem and not home casino.
Thanks for the tip, I had zone alarm on but it was too annoying especially since I use a wireless connection from my laptop, bloody thing went off all the time. I have both Spy Bot S&D and Spyware Blaster running and it did not catch it but I guess I will re install Zone Alarm.
 

jpm

Dormant account
Yeah, I've tried the McAfee, Norton and Zone Alarm products for internet security and found ZA to be the most compatible for online gaming, and just the best of the bunch overall. I am using the Pro version of it, which you gotta buy, but the basic free one is still good. The Pro version has more privacy related items, such as cookie, java, web bug blocking. That is the version I'd recommend. You can also tell it to shut up if the alerts are driving you nuts, it will just do its thing silently. They also have a special bundle that includes a product called Pest Patrol, which is a proactive anti malware/spyware program. I use that as well and never have a problem with hijacks, spyware, etc. And don't forget an up to date antivirus program! That's important to protect from evil email and websites. Yeah, its alot of crap to load on your machine, but its better than the alternative. Every so often I'll do an adaware and spybot scan just to see if anything snuck thru, so far so good!

Hint: If you use pest patrol, you may want to shut of the cookie patrol part, it can cause problems at times, and zone alarm pro can handle cookies.
 

angahar

Dormant account
browser hijack problem (its not bellerock)

What you have their is a nasty coolweb infection. Coolweb is a program that inserts itself into IE and your registry in order to redirect your homepage (to home search, among others) and give you pop up ads. It includes a remote keylogger to record everything you type in search engines, etc and uses that info to give you "targeted: pop ups. Some versions of coolweb are extremely stubborn and difficult to remove from your computer. Adware programs like ad-aware, spybot and spysweeper will track down bits and pieces of coolweb but are no real help in dealing with the beast. Coolweb is thought to be spread via certain, ahem, ad-intensive websites and pop ups. Here is a few suggestions in dealing with it:

Download coolweb shredder. Despite the name it doesn't usually do the job by itself, but its a start.

download hijack this. This is a program that identifies suspicious registry entries and gives you the options of which ones to delete. Use with caution, For the most part eveything it comes up with is expendable, but read the descriptions it gives you of the file types to help guide you. Specifically look for BHO (browser helper objects) and files that change your IE start and search pages (duh).

download a program like browser hijack blaster that will tell you whenever coolweb tries to reinsert the BHO into your registry. This gives you a good indication whether or not you've killed it.

download antivir, a free antivirus program that seems to help but doesn't eliminate coolweb.

go to your start menu and run "msconfig" click over to the last tab with the programs that load on startup. Uncheck everything you don't use (something called "addux" is suspicious). I uncheck everything for a super fast load, but some people like certain programs to start.

There is also a process that coolweb starts that is listed as a sysyem process that busily goes about undoing all your work by recreating the files that are attacking your browser. Hit control alt delete and go to the processes tab to see what processes are running. I've seen it use a process called something like dhvj or some four letter garbage starting with d. This can be labeled as a system process but it is not your friend. To narrow it down a little, boot in safe mode and write down all the processes that are running. These should be ok. Boot back in normal mode and see what extra processes there are. Experiment with ending these. One of them is adding phony .dll files to your system and system32 folder that are attacking your browser. (browser hijack blaster will tell you what .dll files are adding the BHOs to your registry.)

use your spyware program as normal to scour your system.

This is in no particular order, and all of it might not be necessary. However, running and rerunning all these things finally freed my brothers computer from the evil clutches of coolweb. cwshredder will also give you a few ways to prevent reinfection. Good Luck!
 

Yankee

Dormant account
I can really recommend HijackThis. I've had similar problems like what you described twice within the last couple of months and this program helped me get rid of the intruders quickly.
 

Black21Jack

Dormant account
Thanks a lot for the help angahar. I will try all this tomorrow and re post my progress. Once again thanks a lot, I appreciate it.
 

jpm

Dormant account
I just remembered something that may be even easier for you. Since you are using XP, you could use the system restore feature and just restore everything to the way it was (say the day before) just before you went to this scumbag site. I've used it recently after I messed up my desktop and it worked flawlessly. If you'd like to try it, let me know and I'll post directions.

As angahar said, it is very tenacious and I've found infections like this to be almost impossible to clean completely without spending hours upon hours scouring the registry, etc. It can be quite tedious & frustrating even for seasoned computer geeks like me. System restore may be your best friend in this instance.
 

Black21Jack

Dormant account
jpm said:
I just remembered something that may be even easier for you. Since you are using XP, you could use the system restore feature and just restore everything to the way it was (say the day before) just before you went to this scumbag site. I've used it recently after I messed up my desktop and it worked flawlessly. If you'd like to try it, let me know and I'll post directions.

As angahar said, it is very tenacious and I've found infections like this to be almost impossible to clean completely without spending hours upon hours scouring the registry, etc. It can be quite tedious & frustrating even for seasoned computer geeks like me. System restore may be your best friend in this instance.
That would be great if you could post how to do that jpm. I was going to start doing all the other stuff but because it will take a while, I am being lazy. Will system restore erase anything?
 
Last edited:

jpm

Dormant account
Its is supposed to only affect the registry and other programs and settings, but not affect documents, etc. Just be on the safe side and back up anything important before you do it! I didn't seem to lose anything when I did it the other nite and it was about a 5 minute procedure. Quite painless indeed, and I'll use it again in the future if I ever have similar issues.

I'll post the procedure when I get home, so I can take you thru each step as I do it, except for the final step of course ;)
 

GrandMaster

Ueber Meister
CAG
You should also tighten up your IE security settings or even ditch IE completely and use a different browser such as Mozilla Firefox (my favourite) or Opera.
 

Black21Jack

Dormant account
Ok, I decided to get off my lazy arse and download all advised programs. They were: Antivir; which found over 20 Trojan Horse files on the computer, Spyware Sweeper; which found numerous bad programs all of which included "casino" in the name, 3 had "Microgaming" in the name and two had "32Red" in the name even though those casinos were immediately uninstalled when I started having the problems, Hijack This, Window Washer (my own idea becuase it cleans cookies, history, recycle bin, and file extensions), Ad-aware, Browser Hijack Blaster, and CW Shredder. These are in addition to SpyBot S&D, and Spyware Blaster which I already had protectiing my system. All of this seems to have done thee trick, I do not get the search pages or popups anymore. I would still like to do system restore to be on the safe side. Thanks for all the help.
 
Top