Popup Ads

Discussion in 'Computer Support' started by MAK, Aug 31, 2003.

  1. MAK

    MAK Guest

    I am running Windows 2000 SP 4, with IE version 6.0 and I'm having a
    lot of problems with pop-up ads and unsolicited invitations to install
    software on my PC. They are not being spawned by a browser window I
    already have open. They happen even if I have no browser or any other
    program open at all, including MSN Messenger. All I have to be is
    on-line. I'm getting a lot of them at one time. Something is also
    periodically changing the browser homepage as well. Whatever it is
    also spans user accounts. I found some suspicious software and
    removed it. I am running McAfee VirusScan version 7.0.0, virus def
    4290, scan engine 4.2.60, which found a trojan-type virus but the
    McAfee report said it deleted the virus.



    When I re-ran McAfee with "find potentially unwanted programs"
    selected, it did find program called SpyBlast.exe, which I uninstalled
    and and made sure that the executable was deleted. However, the
    popups, which are becoming extremely annoying, continue to appear.



    The Windows messenger service is disabled. I have uninstalled all of
    the java programs that can be uninstalled (one java program will not
    uninstall. I get errors when I try). I attempted to uninstall and
    reinstall IE, but was unable to do so. I did, however, apply the
    latest IE patch that I could find available. I applied all of the
    latest patches available via windowsupdate.microsoft.com.



    This problem has been evident for about a week or so, so it appears
    that the PC was somehow infected/hacked/otherwise subverted around
    that time. Not sure if this is a virus or something else. Any
    suggestions? How can I get rid of this?



    Thanks,



    MAK
     
    MAK, Aug 31, 2003
    #1
    1. Advertisements

  2. MAK

    °Mike° Guest

    <X-Posting snipped>

    You should install a firewall, since the messenger service
    uses ports 137-139 (NETBIOS), which should be blocked by your
    firewall.

    To prevent the Messenger service from starting automatically,
    open the Services panel by typing...

    services.msc /s

    ....into the Start / Run box.
    In the right-hand pane highlight 'Messenger'.
    Right click and choose 'Properties'.
    Click the 'Stop' button.
    From the 'Startup Type' dropdown, choose 'Disabled' or 'Manual'.
    'Apply / Ok'.

    More information:

    Messenger Service Window That Contains an Internet Advertisement
    http://support.microsoft.com/search/preview.aspx?id=kb;en-us;Q330904

    Windows Messages
    http://www.jmu.edu/computing/security/info/winmsg.shtml

    How to stop Messenger SPAM Disable Windows Messenger Service
    http://www.auburn.edu/oit/security/messengerService.html

    How to Prevent Windows Messenger from Running on a Windows
    XP-Based Computer
    http://support.microsoft.com/search/preview.aspx?id=kb;en-us;Q302089

    Stopping Advertisements with Messenger Service Titles
    http://www.microsoft.com/windowsxp/pro/using/howto/communicate/stopspam.asp

    Disable-Remove Windows Messenger
    http://www.dougknox.com/xp/utils/xp_mess_disable.htm

    Firewalls:
    ------------
    Outpost
    http://www.agnitum.com/products/outpost/

    Sygate
    http://soho.sygate.com/products/shield_ov.htm

    Zone Alarm
    http://www.zonelabs.com/
     
    °Mike°, Aug 31, 2003
    #2
    1. Advertisements

  3. MAK

    W.S. Blevins Guest


    Go to http://www.grc.com and check out the freeeware product called
    "Shoot The Messenger". It explains it and stops it.
     
    W.S. Blevins, Aug 31, 2003
    #3
  4. MAK

    MAK Guest

    Thanks for the response. The web page appears to be telling me to
    disable the Windows messenger service. That service was and still is,
    disabled.
     
    MAK, Aug 31, 2003
    #4
  5. MAK

    W.S. Blevins Guest


    Then my guess is Spyware/Adware. Email me and I'll send you something
    to cure it.
     
    W.S. Blevins, Aug 31, 2003
    #5
  6. MAK

    jeroen Guest

    MCafee is quite capable when it comes to handling virii. Browser
    Hijackers, spyware and other net vermin are best left to the
    specialists.

    Download spybot, run a full scan with that. After that supplement your
    mcafee with some sort of personal firewall.
     
    jeroen, Aug 31, 2003
    #6
  7. MAK

    Bigfred Guest

  8. MAK

    Stuart Gray Guest

    Sounds to me like spyware. Download and run both Ad Aware and spybot. Ad
    Aware detects things that spybot doesn't and vice versa.This will get rid of
    your problem

    Stuart.
     
    Stuart Gray, Aug 31, 2003
    #8
  9. MAK

    discogail Guest

    First please get Spybot S&D

    Short tutorial and download link here:
    http://tomcoyote.org/SPYBOT/

    Fix everything SpybotSD labels in RED.

    Then after reboot:
    Download 'Hijack This!'. http://www.tomcoyote.org/hjt/
    Unzip, doubleclick HijackThis.exe, and hit "Scan".

    When the scan is finished, the "Scan" button will change into a "Save Log"
    button.
    Press that, save the log, load it in Notepad, and copy its contents Most of
    what it lists will be harmless or even essential, don't fix anything yet.

    and come on over to SpywareInfo: http://www.spywareinfo.com/forums/
    You may post as a "guest" if you wish. Scroll down & click the "
    Spyware and Hijackware Removal Support" category...then "New Topic"
    ".....& explain your problem....Paste the log into your post.....
    & we'll nail the hijacker .
     
    discogail, Aug 31, 2003
    #9
  10. I recomend you getting ad-aware: simply because it removes spyware. this
    would be the best option unless you go to sites with automatic popup adds...
    if this is the case get yourself a popu blocker, a good one to use is the
    google toolbar: google.com, duh.
     
    Lucas Zieland, Oct 18, 2003
    #10
  11. MAK

    Boomer Guest

    And you are replying to a month and a half old question?
    Why?
     
    Boomer, Oct 18, 2003
    #11
  12. MAK

    Stevo Guest

    Boomer wrote:
    <more snip>

    Maybe his clock was wrong.. ;-)

    Seriously, I have noticed a number of very late replies over the last week,
    maybe a a problem with message propogation

    Or perhaps the angle of the flim flam atomiser is just wrong at this time of
    year..
     
    Stevo, Oct 18, 2003
    #12
  13. MAK

    Boomer Guest

    Maybe it takes a long time for messages to get to Australia?
    Actually I think it is the wrong angle of the flim flam atomiser
    though! ;)
     
    Boomer, Oct 18, 2003
    #13
  14. MAK

    Stevo Guest

    Of course, this is an ancient land so those of us domiciled here have an
    inbuilt excuse.. but most of the poster of the replies to month old posts
    were not form here, it was easily seen that they weren't - no long muscly
    tails nor curved sticks for throwing at atangonists... :)
    bloody flim flam atomisers.. scourge of the earth and a fortune to maintain
    and *still* no-one knows how they work..
     
    Stevo, Oct 18, 2003
    #14
  15. MAK

    Boomer Guest

    Must be made some where in Redmond.
     
    Boomer, Oct 18, 2003
    #15
  16. MAK

    Stevo Guest

    Boomer wrote:
    Which planet? Is Slartibartfast working there?
     
    Stevo, Oct 18, 2003
    #16
  17. MAK

    Boomer Guest

    Heck if I know.
    Probably not.
     
    Boomer, Oct 18, 2003
    #17
  18. MAK

    Stevo Guest

    :)
     
    Stevo, Oct 18, 2003
    #18
  19. MAK

    d c Guest


    I would use the google bar popup blocking in combination with another popup
    blocker... such as panicware's tool (free or pro version). In my
    experience, both of the above can miss some popups alone... but in
    combination the two are more effective.
     
    d c, Oct 18, 2003
    #19
  20. MAK

    taff Guest

    That may stop the effects, but Do you have a decent firewall running.
    It is possible that someone is hacking in through a trojan of some
    sort. I run Adaware 6 and Spybot and find that spybot catches things
    that Adaware misses completely. Both are free.

    Taff....




    www.sounds-pa.com | www.thecomputerworkshop.com
     
    taff, Oct 18, 2003
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.