Help,
I caught a f'ing popup generator. Can't find a process that's generating them.
AVG doesn't find it, AdAware doesn't find anything, and Windows Defender
won't either.
I'm reasonably knowledgeable. Can anyone give me any hints, process names,
or anything that might be the culprit? The popups are random, and some seem to
be legitimate companies. Hope they are not part of the problem!
I am pissed!!!!
Thanks,
Jeff
Full Version: OT f'ing popups!
Try Spybot? I generally run Spybot and Adaware. Together they do a fine job for me (so far).
QUOTE(Pnambic @ Oct 17 2006, 05:01 PM) 
Spyware Doctor works well. Costs money, but works.
QUOTE(jd66921 @ Oct 17 2006, 06:51 PM)
Can anyone give me any hints, process names, or anything that might be the culprit?
Windows? Sorry, couldn't resist...
Skip
You know what I hate most? "Free" blockers that then ask you for
money!!!!!
Spybot!!!
I'll probably find that it is the one that is generating the pop-ups!!!!
money!!!!!
Spybot!!!
I'll probably find that it is the one that is generating the pop-ups!!!!
It asks politely for donations, which you are free to decline. You can use the software for free. I've used Spybot for years now and will vouch for them.
Lo siento! I am sorry!!
I choose the wrong one from the Google list, slightly different name!
I'm running it now to see if it helps.
Jeff
I choose the wrong one from the Google list, slightly different name!
I'm running it now to see if it helps.
Jeff
Nope, Spybot didn't fix it!
Any other ideas?
Oh yeah, System Restore doen't work either!!
Jeff
Any other ideas?
Oh yeah, System Restore doen't work either!!
Jeff
QUOTE(jd66921 @ Oct 17 2006, 06:19 PM)
Any other ideas?
DNS hijack ...
check your DNS settings!
i had one that changed my primary and secondary DNS servers to:
85.255.115.22 and 85.255.112.228
every time you go to a site, you get routed through their DNS and they redirect you to a SPAM/PopUp page ...
if that's the case, revert them back to your correct settings and add the following to your "hosts" file (C:\WINDOWS\system32\drivers\etc\hosts):
127.0.0.1 85.255.115.22
127.0.0.1 85.255.112.228
where you replace the 85. IPs with the actual IPs of your hijack ....
Andy
i remove the hosts file totally, its usually not needed to DHCP leases anyway.
QUOTE(bd1308 @ Oct 17 2006, 07:14 PM)
i remove the hosts file totally, its usually not needed to DHCP leases anyway.
you are correct, it's not needed ... that's why it is EMPTY by default ...
you might want to read up on how your DNS lookup works ...
what i'm suggesting above is that he fixes his DNS settings (if they are compromised) and in *addition* adds the spam IPs to his hosts file so any application that might still be on his computer (think trojan) will never be able to reach those IPs anymore.
take a closer look at my post above and you'll see that those entries in the hosts file will create a endless loop for the lookup of those IPs, effectively rendering *any* software trying to reach those IPs useless ...
the hosts file lookups precede *any* other dns lookups in your system.
Andy
Ok, i'm following now.
Yep, that trick works.
I was just partially confuzzled, I know how DNS lookup works
Yep, that trick works.
I was just partially confuzzled, I know how DNS lookup works
I hate popups, too! I learned not to let my oldest son on my computer because he'll click on stupid stuff & get me popups and all kinds of nastiness (he helped me get a virus once...nearly kicked his tush for that one!).
Stacie
Stacie
After you get it cleaned up, get Firefox and never use IE again. That's the long-term solution. No pop-ups and no Active-X so no vulnerability for this kind of stuff.
To get it fixed, reboot into safe mode with network. Then try each of these free online scans:
www.antivirus.com (TrendMicro)
www.webroot.com
They can work miracles, but you'll never get anywhere with it if you aren't in safe mode because if the turd is running it will often be smart enough to put itself back in as soon as it is removed.
To get it fixed, reboot into safe mode with network. Then try each of these free online scans:
www.antivirus.com (TrendMicro)
www.webroot.com
They can work miracles, but you'll never get anywhere with it if you aren't in safe mode because if the turd is running it will often be smart enough to put itself back in as soon as it is removed.
Ok, a couple of questions. I looked at DNS settings in each network connection. All are automatic. Is that right? Nothing in hosts file.
I am running this computer through a wireless router. If I boot in safe mode, I lose the wirelss connection? Is that expected? Herd to run those other scans that way.
I am running www.antivirus.com stuff, but there is no indication it is doing anything. Is that normal. Most other antivirus stuff beats my disk to death! (Just trying this to see if it can find anything!
Latest is that the malware knows that I like 914's! I'm getting ads for them! Did I catch this from 914world.com? I amalso getting ads for Ebay. I hve looked at Ebay recently.
Is Ebay part of this conspiracy against me!!
The only software I added thatI know of is Windows live messenger. Any possible connection?
Thanks,
Jeff
I am running this computer through a wireless router. If I boot in safe mode, I lose the wirelss connection? Is that expected? Herd to run those other scans that way.
I am running www.antivirus.com stuff, but there is no indication it is doing anything. Is that normal. Most other antivirus stuff beats my disk to death! (Just trying this to see if it can find anything!
Latest is that the malware knows that I like 914's! I'm getting ads for them! Did I catch this from 914world.com? I amalso getting ads for Ebay. I hve looked at Ebay recently.
Is Ebay part of this conspiracy against me!!
The only software I added thatI know of is Windows live messenger. Any possible connection?
Thanks,
Jeff
Bosses computer has the EXACT same problem here. I ran Spybot, and it removed a bunch of stuff, but popups continue, including ones for Ebay, which I have never seen before. 
Gonna try Ahhhndy's plan next.
Gonna try Ahhhndy's plan next.
QUOTE(SirAndy @ Oct 17 2006, 09:00 PM)
if that's the case, revert them back to your correct settings and add the following to your "hosts" file (C:\WINDOWS\system32\drivers\etc\hosts):
127.0.0.1 85.255.115.22
127.0.0.1 85.255.112.228
A similar trick works with the route command, at least on Unix-y systems. When our web server gets hammered by an email crawler or other cretinaceous moron, I simply execute disable-host:
CODE
disable-host ()
{
host=$1;
time=$2;
if [ "x$host" = "x" ]; then
echo "usage: disable-host host [ reenable-time ]";
return;
fi;
route add -host $host gw 127.0.0.1;
route -n;
if [ "x$time" != "x" ]; then
echo "will reenable access at $time";
echo "route delete -host $host" | at $time 2>/dev/null;
fi
}
You just route them to your loopback address and they are gone until the (optional) reenable time.
This command is pretty system-specific, even across dialects of Unix, so you may need to tweak it to get it working in your environment.
I have a disable-net command as well. It routes an entire network into the bit bucket.
Skip
This may not help but it sounds like you should try anything you can. Run CCleaner (a.k.a. Crap Cleaner). I use it and it really gives the computer a serious enema.
OH OH OH OH
and search for HiJack This!
its a program where you have to know what you're doing, it gets rid of really nasty crap. It's like Immodium AD for your computer....
and search for HiJack This!
its a program where you have to know what you're doing, it gets rid of really nasty crap. It's like Immodium AD for your computer....
QUOTE(jd66921 @ Oct 18 2006, 03:22 AM)
I am running this computer through a wireless router. If I boot in safe mode, I lose the wirelss connection? Is that expected? Herd to run those other scans that way.
On my laptop the pcmcia wireless card still works in safe mode, but the built-in card does not. I don't know how to activate it after Windows has finished booting up.
I believe that the tool from Webroot is one that you can download and then run, which would get you around the loss of your wireless network.
Another trick is to use the msconfig utility to selectively turn off things that start up automatically, then scan for stuff.
QUOTE(jd66921 @ Oct 18 2006, 03:22 AM)
The only software I added thatI know of is Windows live messenger. Any possible connection?
I've seen reports that the Windows Messenger service is one of the main tools for the folks who spread this stuff. I'm not sure if it's the same thing as "Windows live messenger". Assuming it is, you can disable it by going through the Control Panel to the Services applet. Once there, stop the Messenger service and change it's startup to manual or disable.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.