Spyware Issues (was Bellrock Warning)

Black21Jack

Dormant account
Joined
Mar 1, 2004
Location
Toronto, Ontario, Canada
Spyware Issues

Well, on advice from another posting I had regarding Viper Software I went directly to www.bellerock.com, not through an affiliate link. I proceeded to download Home Casino and install the software. Now I dont know if you read older posts of mine regarding Golden palace Casino and some fishy activity on my computer after using their software but you can read it here Anyways, as soon as I installed the software my internet home page was changed to res://myfzv.dll/index.html#27859 which is called Home Search, hmmm, Home Casino, Home Search, is there a connection? Now when I open my IE it goes directly here and I get a flood of pop up ads along with it. It also now tries to install some kind of feature for Office XP everytime I run IE. I get an Office Installer pop up and when I click cancel it gives me the error that I have included as a picture below. Spyware Blaster and SpyBot S&D even when fully updated cannot detect anything on my comp. Now when I go to Control Panel Add/Remove Programs I do find three programs that are responsible, one called Home Search Assistant, Search Extender, and Shopping Wizard. When I go to uninstall these programs I get the message: Unable to open "http://looking-for.cc/uninstall/program name.html" No one can say that it is coincidence, that it is not from Home Casino. The search is called Home Search, and I have not had a problem on my computer since the Golden Palace fiasco. I have had my computer cleaned and immunized by several spyware/adware programs and I have not installed any other software until yesterday. When I had only RTG on my comp. no problems. This is very shady, and I caution all against downloading anything from Belle Rock. Who knows what info they are obtaining off my hard drive, and no matter what I do I cannot get rid of it.
 
Last edited:
I also played at Home Casino, but I didn't recognize any spyware coming with the software.
Btw. Home Casino is the only Belle Rock Casino that doesn't use the new VIPER software, but the old microgaming sw.
 
Can't help, but try with google "1033/setup.hlp" (with "-marks).
Also check with SpyBot S&D (Advance mode) what programs start, etc. Not usual search-thing.
 
I played at Belle Rock using the download software. I did not get any spyware,
homepage change, pop up etc.

I have also installed Golden Palace but also did not get any spyware, homepage change, pop up etc.

So are you sure the source of your problem is with the downloaded softwares?
Why would they pick you out of all the people? If you are that lucky, you
should be a millionaire by now. Have you visited other dubious sites besides
Belle Rock? May be one of your other frequently visited sites is the source of
the problem?
 
I downloaded the software of Home Casino just today, but did not face any problem. The same for all the other casinos from that group.
 
The problem is you went to the wrong website, the bellerock website is at www.bellerockGAMING.com

There's nothing shady about the bellerock group, just the scumbag affiliate that setup the website you mentioned. If I were you, I'd notify bellerock directly about this. They should pull that clown from their affiliate program.

Also, try adaware from www.lavasoft.de and see if that cleans up the problems.
 
Last edited:
sw2003 said:
I played at Belle Rock using the download software. I did not get any spyware,
homepage change, pop up etc.

I have also installed Golden Palace but also did not get any spyware, homepage change, pop up etc.

So are you sure the source of your problem is with the downloaded softwares?
Why would they pick you out of all the people? If you are that lucky, you
should be a millionaire by now. Have you visited other dubious sites besides
Belle Rock? May be one of your other frequently visited sites is the source of
the problem?

Umm, as I said before no software has been installed on my computer for months. As soon as I installed from Home Casino it happened, my computer has been fine for months now. Coincidence? No other sites have I downloaded anything from. Spybot advanced, fully updated, spy ware blaster fully updated, control panel add remove, I have done it all, this one is pure stealth. As far as dubious sites, I do not play any casinos except RTG, so on advice I went to Belle Rock and this is the only other site I have downloaded from since Phoenician which definitely does not do it because it just happened right after installation of Home Casino.
 
In addition to the programs you mentioned you were using, you should also use an internet security program like Zone Alarm. What happened is a classic malware/spyware/browser hijack. An internet security package along with spybotm, etc. would help prevent such things from happening again.

As I said before, www.bellerockgaming.com is the correct website for this group, not www,bellerock,com (dots removed so people don't click on it and get hosed). I'm certain that is the root of the problem and not home casino.
 
jpm said:
In addition to the programs you mentioned you were using, you should also use an internet security program like Zone Alarm. What happened is a classic malware/spyware/browser hijack. An internet security package along with spybotm, etc. would help prevent such things from happening again.

As I said before, www.bellerockgaming.com is the correct website for this group, not www,bellerock,com (dots removed so people don't click on it and get hosed). I'm certain that is the root of the problem and not home casino.

Thanks for the tip, I had zone alarm on but it was too annoying especially since I use a wireless connection from my laptop, bloody thing went off all the time. I have both Spy Bot S&D and Spyware Blaster running and it did not catch it but I guess I will re install Zone Alarm.
 
Yeah, I've tried the McAfee, Norton and Zone Alarm products for internet security and found ZA to be the most compatible for online gaming, and just the best of the bunch overall. I am using the Pro version of it, which you gotta buy, but the basic free one is still good. The Pro version has more privacy related items, such as cookie, java, web bug blocking. That is the version I'd recommend. You can also tell it to shut up if the alerts are driving you nuts, it will just do its thing silently. They also have a special bundle that includes a product called Pest Patrol, which is a proactive anti malware/spyware program. I use that as well and never have a problem with hijacks, spyware, etc. And don't forget an up to date antivirus program! That's important to protect from evil email and websites. Yeah, its alot of crap to load on your machine, but its better than the alternative. Every so often I'll do an adaware and spybot scan just to see if anything snuck thru, so far so good!

Hint: If you use pest patrol, you may want to shut of the cookie patrol part, it can cause problems at times, and zone alarm pro can handle cookies.
 
browser hijack problem (its not bellerock)

What you have their is a nasty coolweb infection. Coolweb is a program that inserts itself into IE and your registry in order to redirect your homepage (to home search, among others) and give you pop up ads. It includes a remote keylogger to record everything you type in search engines, etc and uses that info to give you "targeted: pop ups. Some versions of coolweb are extremely stubborn and difficult to remove from your computer. Adware programs like ad-aware, spybot and spysweeper will track down bits and pieces of coolweb but are no real help in dealing with the beast. Coolweb is thought to be spread via certain, ahem, ad-intensive websites and pop ups. Here is a few suggestions in dealing with it:

Download coolweb shredder. Despite the name it doesn't usually do the job by itself, but its a start.

download hijack this. This is a program that identifies suspicious registry entries and gives you the options of which ones to delete. Use with caution, For the most part eveything it comes up with is expendable, but read the descriptions it gives you of the file types to help guide you. Specifically look for BHO (browser helper objects) and files that change your IE start and search pages (duh).

download a program like browser hijack blaster that will tell you whenever coolweb tries to reinsert the BHO into your registry. This gives you a good indication whether or not you've killed it.

download antivir, a free antivirus program that seems to help but doesn't eliminate coolweb.

go to your start menu and run "msconfig" click over to the last tab with the programs that load on startup. Uncheck everything you don't use (something called "addux" is suspicious). I uncheck everything for a super fast load, but some people like certain programs to start.

There is also a process that coolweb starts that is listed as a sysyem process that busily goes about undoing all your work by recreating the files that are attacking your browser. Hit control alt delete and go to the processes tab to see what processes are running. I've seen it use a process called something like dhvj or some four letter garbage starting with d. This can be labeled as a system process but it is not your friend. To narrow it down a little, boot in safe mode and write down all the processes that are running. These should be ok. Boot back in normal mode and see what extra processes there are. Experiment with ending these. One of them is adding phony .dll files to your system and system32 folder that are attacking your browser. (browser hijack blaster will tell you what .dll files are adding the BHOs to your registry.)

use your spyware program as normal to scour your system.

This is in no particular order, and all of it might not be necessary. However, running and rerunning all these things finally freed my brothers computer from the evil clutches of coolweb. cwshredder will also give you a few ways to prevent reinfection. Good Luck!
 
I can really recommend HijackThis. I've had similar problems like what you described twice within the last couple of months and this program helped me get rid of the intruders quickly.
 
I just remembered something that may be even easier for you. Since you are using XP, you could use the system restore feature and just restore everything to the way it was (say the day before) just before you went to this scumbag site. I've used it recently after I messed up my desktop and it worked flawlessly. If you'd like to try it, let me know and I'll post directions.

As angahar said, it is very tenacious and I've found infections like this to be almost impossible to clean completely without spending hours upon hours scouring the registry, etc. It can be quite tedious & frustrating even for seasoned computer geeks like me. System restore may be your best friend in this instance.
 
jpm said:
I just remembered something that may be even easier for you. Since you are using XP, you could use the system restore feature and just restore everything to the way it was (say the day before) just before you went to this scumbag site. I've used it recently after I messed up my desktop and it worked flawlessly. If you'd like to try it, let me know and I'll post directions.

As angahar said, it is very tenacious and I've found infections like this to be almost impossible to clean completely without spending hours upon hours scouring the registry, etc. It can be quite tedious & frustrating even for seasoned computer geeks like me. System restore may be your best friend in this instance.

That would be great if you could post how to do that jpm. I was going to start doing all the other stuff but because it will take a while, I am being lazy. Will system restore erase anything?
 
Last edited:
Its is supposed to only affect the registry and other programs and settings, but not affect documents, etc. Just be on the safe side and back up anything important before you do it! I didn't seem to lose anything when I did it the other nite and it was about a 5 minute procedure. Quite painless indeed, and I'll use it again in the future if I ever have similar issues.

I'll post the procedure when I get home, so I can take you thru each step as I do it, except for the final step of course ;)
 
You should also tighten up your IE security settings or even ditch IE completely and use a different browser such as Mozilla Firefox (my favourite) or Opera.
 
Ok, I decided to get off my lazy arse and download all advised programs. They were: Antivir; which found over 20 Trojan Horse files on the computer, Spyware Sweeper; which found numerous bad programs all of which included "casino" in the name, 3 had "Microgaming" in the name and two had "32Red" in the name even though those casinos were immediately uninstalled when I started having the problems, Hijack This, Window Washer (my own idea becuase it cleans cookies, history, recycle bin, and file extensions), Ad-aware, Browser Hijack Blaster, and CW Shredder. These are in addition to SpyBot S&D, and Spyware Blaster which I already had protectiing my system. All of this seems to have done thee trick, I do not get the search pages or popups anymore. I would still like to do system restore to be on the safe side. Thanks for all the help.
 
Well that was easy wasn't it! ;)

OK, here's the system restore procedure...

Close all open programs and backup any important files/documents

Click Start - Programs - Accessories - System Tools - System Restore

Restore My Computer to an Earlier Time should be selected by default, if not, then select it and click Next

In this screen you'll see a calendar with some dates bold and some regular. The bold dates have 'restore points' which means something was changed on the system after that point. Pick a date before you visited the bogus site and started having problems. Click on it on the calendar and in the right window, you'll see either System Checkpoint (an automatic system backup) or some notes about what was installed or removed at that time/date. Depending on what was done after the closest checkpoint before the infection date, you may want to do the checkpoint or something after it. I'd probably pick the closest checkpoint before the infection date personally.

Select the date and click next. Now you're ready to do the restoration. On the next screen when you click next, it will do its thing and I believe it reboots automatically afterwards (if not, reboot).

That should do it. Let us know what happens!
 
Link Removed (invalid URL)
Another good reason not to use IE, but if you have to, at least make sure Javascript is turned off.
 
Black21Jack said:
Ok, I decided to get off my lazy arse and download all advised programs. They were: Antivir; which found over 20 Trojan Horse files on the computer, Spyware Sweeper; which found numerous bad programs all of which included "casino" in the name, 3 had "Microgaming" in the name and two had "32Red" in the name even though those casinos were immediately uninstalled when I started having the problems, Hijack This, Window Washer (my own idea becuase it cleans cookies, history, recycle bin, and file extensions), Ad-aware, Browser Hijack Blaster, and CW Shredder. These are in addition to SpyBot S&D, and Spyware Blaster which I already had protectiing my system. All of this seems to have done thee trick, I do not get the search pages or popups anymore. I would still like to do system restore to be on the safe side. Thanks for all the help.
Try this .. Old / Expired Link
It's the free version, it works great. If you like it, then buy it, it will do a lot more then.
Lock your start up page so nothing can change it, checks for and cleans numerous spy/adware. I use Ad-Aware and X-Cleaner together, system stays clean.
 
Black21Jack said:
Ok, I decided to get off my lazy arse and download all advised programs. They were: Antivir; which found over 20 Trojan Horse files on the computer, Spyware Sweeper; which found numerous bad programs all of which included "casino" in the name, 3 had "Microgaming" in the name and two had "32Red" in the name even though those casinos were immediately uninstalled when I started having the problems, Hijack This, Window Washer (my own idea becuase it cleans cookies, history, recycle bin, and file .

I would advise anyone using 'Windowasher' to do so with care.

I used this program for a general cleanup of my system. It certainly cleaned it
up ok, the son of a Bit%h only went & deleted the whole of my Windows directory! I had to totally reinstall Windows from scratch, took me hours before I was up & running again.
 
daveos said:
I would advise anyone using 'Windowasher' to do so with care.

I used this program for a general cleanup of my system. It certainly cleaned it
up ok, the son of a Bit%h only went & deleted the whole of my Windows directory! I had to totally reinstall Windows from scratch, took me hours before I was up & running again.

I think it is great program, especially the bleaching feature. I checked my options and there was no listing of the windows directory in the clean folders list. Maybe you had accidentaly added the Windows directory to the custom wash list.
 

Users who are viewing this thread

Meister Ratings

Back
Top