OT f'ing popups!, I hate these pieces of sh$t Options

[jd66921]

Help,

I caught a f'ing popup generator. Can't find a process that's generating them.
AVG doesn't find it, AdAware doesn't find anything, and Windows Defender
won't either.

I'm reasonably knowledgeable. Can anyone give me any hints, process names,
or anything that might be the culprit? The popups are random, and some seem to
be legitimate companies. Hope they are not part of the problem!

I am pissed!!!!

Thanks,

Jeff

[Pnambic]

Try Spybot? I generally run Spybot and Adaware. Together they do a fine job for me (so far).

[Hammy]

Try Spybot? I generally run Spybot and Adaware. Together they do a fine job for me (so far).

(IMG:style_emoticons/default/agree.gif)

[KaptKaos]

Spyware Doctor works well. Costs money, but works.

[smontanaro]

Can anyone give me any hints, process names, or anything that might be the culprit?

Windows? Sorry, couldn't resist... (IMG:style_emoticons/default/smile.gif)

Skip

[jd66921]

You know what I hate most? "Free" blockers that then ask you for
money!!!!!

Spybot!!!


I'll probably find that it is the one that is generating the pop-ups!!!!

[Pnambic]

It asks politely for donations, which you are free to decline. You can use the software for free. I've used Spybot for years now and will vouch for them.

[jd66921]

Lo siento! I am sorry!!

I choose the wrong one from the Google list, slightly different name!

I'm running it now to see if it helps.

Jeff

[jd66921]

Nope, Spybot didn't fix it!

Any other ideas?

Oh yeah, System Restore doen't work either!!

Jeff

[SirAndy]

Any other ideas?

DNS hijack ...
check your DNS settings!

i had one that changed my primary and secondary DNS servers to:
85.255.115.22 and 85.255.112.228

every time you go to a site, you get routed through their DNS and they redirect you to a SPAM/PopUp page ...

if that's the case, revert them back to your correct settings and add the following to your "hosts" file (C:\WINDOWS\system32\drivers\etc\hosts):

127.0.0.1 85.255.115.22
127.0.0.1 85.255.112.228

where you replace the 85. IPs with the actual IPs of your hijack ....

(IMG:style_emoticons/default/type.gif) Andy

[bd1308]

i remove the hosts file totally, its usually not needed to DHCP leases anyway.

[SirAndy]

i remove the hosts file totally, its usually not needed to DHCP leases anyway.

(IMG:style_emoticons/default/wacko.gif)

you are correct, it's not needed ... that's why it is EMPTY by default ...

you might want to read up on how your DNS lookup works ...

what i'm suggesting above is that he fixes his DNS settings (if they are compromised) and in *addition* adds the spam IPs to his hosts file so any application that might still be on his computer (think trojan) will never be able to reach those IPs anymore.

take a closer look at my post above and you'll see that those entries in the hosts file will create a endless loop for the lookup of those IPs, effectively rendering *any* software trying to reach those IPs useless ...

the hosts file lookups precede *any* other dns lookups in your system.
(IMG:style_emoticons/default/type.gif) Andy

[bd1308]

Ok, i'm following now.

Yep, that trick works.

I was just partially confuzzled, I know how DNS lookup works

[Mamacita]

I hate popups, too! I learned not to let my oldest son on my computer because he'll click on stupid stuff & get me popups and all kinds of nastiness (he helped me get a virus once...nearly kicked his tush for that one!).
Stacie

[ThinAir]

After you get it cleaned up, get Firefox and never use IE again. That's the long-term solution. No pop-ups and no Active-X so no vulnerability for this kind of stuff.

To get it fixed, reboot into safe mode with network. Then try each of these free online scans:
www.antivirus.com (TrendMicro)
www.webroot.com

They can work miracles, but you'll never get anywhere with it if you aren't in safe mode because if the turd is running it will often be smart enough to put itself back in as soon as it is removed.

[jd66921]

Ok, a couple of questions. I looked at DNS settings in each network connection. All are automatic. Is that right? Nothing in hosts file.

I am running this computer through a wireless router. If I boot in safe mode, I lose the wirelss connection? Is that expected? Herd to run those other scans that way.

I am running www.antivirus.com stuff, but there is no indication it is doing anything. Is that normal. Most other antivirus stuff beats my disk to death! (Just trying this to see if it can find anything!

Latest is that the malware knows that I like 914's! I'm getting ads for them! Did I catch this from 914world.com? I amalso getting ads for Ebay. I hve looked at Ebay recently.
Is Ebay part of this conspiracy against me!!

The only software I added thatI know of is Windows live messenger. Any possible connection?

Thanks,

Jeff

[aircooledboy]

Bosses computer has the EXACT same problem here. I ran Spybot, and it removed a bunch of stuff, but popups continue, including ones for Ebay, which I have never seen before. (IMG:style_emoticons/default/confused24.gif)

Gonna try Ahhhndy's plan next.

[smontanaro]

if that's the case, revert them back to your correct settings and add the following to your "hosts" file (C:\WINDOWS\system32\drivers\etc\hosts):

127.0.0.1 85.255.115.22
127.0.0.1 85.255.112.228

A similar trick works with the route command, at least on Unix-y systems. When our web server gets hammered by an email crawler or other cretinaceous moron, I simply execute disable-host:

CODE

disable-host ()
{
    host=$1;
    time=$2;
    if [ "x$host" = "x" ]; then
        echo "usage: disable-host host [ reenable-time ]";
        return;
    fi;
    route add -host $host gw 127.0.0.1;
    route -n;
    if [ "x$time" != "x" ]; then
        echo "will reenable access at $time";
        echo "route delete -host $host" | at $time 2>/dev/null;
    fi
}

You just route them to your loopback address and they are gone until the (optional) reenable time.

This command is pretty system-specific, even across dialects of Unix, so you may need to tweak it to get it working in your environment.

I have a disable-net command as well. It routes an entire network into the bit bucket.

Skip (IMG:style_emoticons/default/type.gif)

[sgomes]

This may not help but it sounds like you should try anything you can. Run CCleaner (a.k.a. Crap Cleaner). I use it and it really gives the computer a serious enema.

[bd1308]

OH OH OH OH

and search for HiJack This!

its a program where you have to know what you're doing, it gets rid of really nasty crap. It's like Immodium AD for your computer....