OT f'ing popups!, I hate these pieces of sh$t |
|
Porsche, and the Porsche crest are registered trademarks of Dr. Ing. h.c. F. Porsche AG.
This site is not affiliated with Porsche in any way. Its only purpose is to provide an online forum for car enthusiasts. All other trademarks are property of their respective owners. |
|
OT f'ing popups!, I hate these pieces of sh$t |
jd66921 |
Oct 17 2006, 05:51 PM
Post
#1
|
Member Group: Members Posts: 316 Joined: 9-January 06 From: Texas Member No.: 5,394 |
Help,
I caught a f'ing popup generator. Can't find a process that's generating them. AVG doesn't find it, AdAware doesn't find anything, and Windows Defender won't either. I'm reasonably knowledgeable. Can anyone give me any hints, process names, or anything that might be the culprit? The popups are random, and some seem to be legitimate companies. Hope they are not part of the problem! I am pissed!!!! Thanks, Jeff |
Pnambic |
Oct 17 2006, 06:01 PM
Post
#2
|
Honk if you like obscene gestures! Group: Members Posts: 914 Joined: 9-April 03 From: Atlanta, GA Member No.: 546 Region Association: South East States |
Try Spybot? I generally run Spybot and Adaware. Together they do a fine job for me (so far).
|
Hammy |
Oct 17 2006, 06:14 PM
Post
#3
|
mr. Wonderful Group: Members Posts: 1,826 Joined: 20-October 04 From: Columbia, California Member No.: 2,978 Region Association: Northern California |
|
KaptKaos |
Oct 17 2006, 06:27 PM
Post
#4
|
Family Group: Members Posts: 4,009 Joined: 23-April 03 From: Near Wausau Member No.: 607 Region Association: Upper MidWest |
Spyware Doctor works well. Costs money, but works.
|
smontanaro |
Oct 17 2006, 06:29 PM
Post
#5
|
Senior Member Group: Members Posts: 1,190 Joined: 3-June 05 From: Evanston, IL Member No.: 4,197 Region Association: Upper MidWest |
Can anyone give me any hints, process names, or anything that might be the culprit? Windows? Sorry, couldn't resist... (IMG:style_emoticons/default/smile.gif) Skip |
jd66921 |
Oct 17 2006, 06:34 PM
Post
#6
|
Member Group: Members Posts: 316 Joined: 9-January 06 From: Texas Member No.: 5,394 |
You know what I hate most? "Free" blockers that then ask you for
money!!!!! Spybot!!! I'll probably find that it is the one that is generating the pop-ups!!!! |
Pnambic |
Oct 17 2006, 06:36 PM
Post
#7
|
Honk if you like obscene gestures! Group: Members Posts: 914 Joined: 9-April 03 From: Atlanta, GA Member No.: 546 Region Association: South East States |
It asks politely for donations, which you are free to decline. You can use the software for free. I've used Spybot for years now and will vouch for them.
|
jd66921 |
Oct 17 2006, 06:53 PM
Post
#8
|
Member Group: Members Posts: 316 Joined: 9-January 06 From: Texas Member No.: 5,394 |
Lo siento! I am sorry!!
I choose the wrong one from the Google list, slightly different name! I'm running it now to see if it helps. Jeff |
jd66921 |
Oct 17 2006, 07:19 PM
Post
#9
|
Member Group: Members Posts: 316 Joined: 9-January 06 From: Texas Member No.: 5,394 |
Nope, Spybot didn't fix it!
Any other ideas? Oh yeah, System Restore doen't work either!! Jeff |
SirAndy |
Oct 17 2006, 08:00 PM
Post
#10
|
Resident German Group: Admin Posts: 41,625 Joined: 21-January 03 From: Oakland, Kalifornia Member No.: 179 Region Association: Northern California |
Any other ideas? DNS hijack ... check your DNS settings! i had one that changed my primary and secondary DNS servers to: 85.255.115.22 and 85.255.112.228 every time you go to a site, you get routed through their DNS and they redirect you to a SPAM/PopUp page ... if that's the case, revert them back to your correct settings and add the following to your "hosts" file (C:\WINDOWS\system32\drivers\etc\hosts): 127.0.0.1 85.255.115.22 127.0.0.1 85.255.112.228 where you replace the 85. IPs with the actual IPs of your hijack .... (IMG:style_emoticons/default/type.gif) Andy |
bd1308 |
Oct 17 2006, 08:14 PM
Post
#11
|
Sir Post-a-lot Group: Members Posts: 8,020 Joined: 24-January 05 From: Louisville,KY Member No.: 3,501 |
i remove the hosts file totally, its usually not needed to DHCP leases anyway.
|
SirAndy |
Oct 17 2006, 08:38 PM
Post
#12
|
Resident German Group: Admin Posts: 41,625 Joined: 21-January 03 From: Oakland, Kalifornia Member No.: 179 Region Association: Northern California |
i remove the hosts file totally, its usually not needed to DHCP leases anyway. (IMG:style_emoticons/default/wacko.gif) you are correct, it's not needed ... that's why it is EMPTY by default ... you might want to read up on how your DNS lookup works ... what i'm suggesting above is that he fixes his DNS settings (if they are compromised) and in *addition* adds the spam IPs to his hosts file so any application that might still be on his computer (think trojan) will never be able to reach those IPs anymore. take a closer look at my post above and you'll see that those entries in the hosts file will create a endless loop for the lookup of those IPs, effectively rendering *any* software trying to reach those IPs useless ... the hosts file lookups precede *any* other dns lookups in your system. (IMG:style_emoticons/default/type.gif) Andy |
bd1308 |
Oct 17 2006, 08:40 PM
Post
#13
|
Sir Post-a-lot Group: Members Posts: 8,020 Joined: 24-January 05 From: Louisville,KY Member No.: 3,501 |
Ok, i'm following now.
Yep, that trick works. I was just partially confuzzled, I know how DNS lookup works |
Mamacita |
Oct 17 2006, 10:53 PM
Post
#14
|
Member Group: Members Posts: 89 Joined: 5-July 06 From: Alabama Member No.: 6,380 |
I hate popups, too! I learned not to let my oldest son on my computer because he'll click on stupid stuff & get me popups and all kinds of nastiness (he helped me get a virus once...nearly kicked his tush for that one!).
Stacie |
ThinAir |
Oct 18 2006, 12:22 AM
Post
#15
|
Best friends Group: Members Posts: 2,542 Joined: 4-February 03 From: Flagstaff, AZ Member No.: 231 Region Association: Southwest Region |
After you get it cleaned up, get Firefox and never use IE again. That's the long-term solution. No pop-ups and no Active-X so no vulnerability for this kind of stuff.
To get it fixed, reboot into safe mode with network. Then try each of these free online scans: www.antivirus.com (TrendMicro) www.webroot.com They can work miracles, but you'll never get anywhere with it if you aren't in safe mode because if the turd is running it will often be smart enough to put itself back in as soon as it is removed. |
jd66921 |
Oct 18 2006, 04:22 AM
Post
#16
|
Member Group: Members Posts: 316 Joined: 9-January 06 From: Texas Member No.: 5,394 |
Ok, a couple of questions. I looked at DNS settings in each network connection. All are automatic. Is that right? Nothing in hosts file.
I am running this computer through a wireless router. If I boot in safe mode, I lose the wirelss connection? Is that expected? Herd to run those other scans that way. I am running www.antivirus.com stuff, but there is no indication it is doing anything. Is that normal. Most other antivirus stuff beats my disk to death! (Just trying this to see if it can find anything! Latest is that the malware knows that I like 914's! I'm getting ads for them! Did I catch this from 914world.com? I amalso getting ads for Ebay. I hve looked at Ebay recently. Is Ebay part of this conspiracy against me!! The only software I added thatI know of is Windows live messenger. Any possible connection? Thanks, Jeff |
aircooledboy |
Oct 18 2006, 09:37 AM
Post
#17
|
Sweet Pea's 1st ride in daddy's "vroom -vroom" Group: Members Posts: 1,672 Joined: 4-February 04 From: Rockford, IL Member No.: 1,629 Region Association: Upper MidWest |
Bosses computer has the EXACT same problem here. I ran Spybot, and it removed a bunch of stuff, but popups continue, including ones for Ebay, which I have never seen before. (IMG:style_emoticons/default/confused24.gif)
Gonna try Ahhhndy's plan next. |
smontanaro |
Oct 18 2006, 05:45 PM
Post
#18
|
Senior Member Group: Members Posts: 1,190 Joined: 3-June 05 From: Evanston, IL Member No.: 4,197 Region Association: Upper MidWest |
if that's the case, revert them back to your correct settings and add the following to your "hosts" file (C:\WINDOWS\system32\drivers\etc\hosts): 127.0.0.1 85.255.115.22 127.0.0.1 85.255.112.228 A similar trick works with the route command, at least on Unix-y systems. When our web server gets hammered by an email crawler or other cretinaceous moron, I simply execute disable-host: CODE disable-host () { host=$1; time=$2; if [ "x$host" = "x" ]; then echo "usage: disable-host host [ reenable-time ]"; return; fi; route add -host $host gw 127.0.0.1; route -n; if [ "x$time" != "x" ]; then echo "will reenable access at $time"; echo "route delete -host $host" | at $time 2>/dev/null; fi } You just route them to your loopback address and they are gone until the (optional) reenable time. This command is pretty system-specific, even across dialects of Unix, so you may need to tweak it to get it working in your environment. I have a disable-net command as well. It routes an entire network into the bit bucket. Skip (IMG:style_emoticons/default/type.gif) |
sgomes |
Oct 18 2006, 11:31 PM
Post
#19
|
Electric Member Group: Members Posts: 815 Joined: 6-May 04 From: Campbell, CA Member No.: 2,029 |
This may not help but it sounds like you should try anything you can. Run CCleaner (a.k.a. Crap Cleaner). I use it and it really gives the computer a serious enema.
|
bd1308 |
Oct 18 2006, 11:34 PM
Post
#20
|
Sir Post-a-lot Group: Members Posts: 8,020 Joined: 24-January 05 From: Louisville,KY Member No.: 3,501 |
OH OH OH OH
and search for HiJack This! its a program where you have to know what you're doing, it gets rid of really nasty crap. It's like Immodium AD for your computer.... |
Lo-Fi Version | Time is now: 8th May 2024 - 09:46 PM |
All rights reserved 914World.com © since 2002 |
914World.com is the fastest growing online 914 community! We have it all, classifieds, events, forums, vendors, parts, autocross, racing, technical articles, events calendar, newsletter, restoration, gallery, archives, history and more for your Porsche 914 ... |