WWPierre Posted October 14, 2004 Share Posted October 14, 2004 I was downloading dirty movies last week and I got a trojan. A red screen comes up and stays for 10 seconds. I took the computer down to the guy down the street, and he worked on it for an hour and a half. He said it was fixed and he loaded Adaware and Spybot search and destroy. Now it is worse: I keep getting popups. I don't have to be in Explorer, even. They throw me out of the game, even in SP. I keep scanning with Adaware and if the popups don't make Adaware freeze up, there are always things to nuke. The worst thing is, most of these popups are trying to sell me anti-popup programs.Maybe I should have posted this in the rant section.Pierre Link to comment Share on other sites More sharing options...
WWSensei Posted October 14, 2004 Share Posted October 14, 2004 Pierre, it's probably just using Messenger to do the pop-ups. Here is a completely free way to turn it off.Start->Control Panel->Adminstrative Tools->ServicesIn the list of services look for the one named "Messenger" with a description of "Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start."Double click it. Hit the Stop button if it isn't already greyed out.In the Startup type: filed change the drop down to "Disabled".You don't need this service. Ever. It's used to broadcast messages over large networks.If you are using IE stop and switch to Mozilla. If you don't want to then at least install a pop-up blocker like the one from Google. Link to comment Share on other sites More sharing options...
WWPlague Posted October 14, 2004 Share Posted October 14, 2004 (edited) Hijackthis is a program that will id everything running on your computer. Download it here: http://64.233.167.104/search?q=cache:PdkOrx3vA_EJ:www.majorgeeks.com/download3155.html+hijackthis+1.98.2&hl=enand install it and hit the "scan" button. Save the log. DO NOT delete anything without getting some advice. A couple of free help sites on the 'net will allow you to post your log, and they will tell what is infecting your computer, and what you can safely delete or which remover to run, to remove it. So far, nothing nasty out there that cant be cleaned up. Unfortunately, this wont last too long. More sh*theads producing new variants of nastys, than good guys writting removal programs.For those of you who are not having problems, you should have the latest Spybot SD 1.3 updated to latest detection rules, and let it immunize you, set to "block bad pages silently." SPybot SD, teatimer has to do with your hosts file, but I dont use it, and I recommend you dont use it, until it gets some more work on whats ok for the hosts file, dont bother with updates for it either. You also need Adaware SE. First, update your Adaware and run it. Get rid of all cookies. (Makes first SE run easier to deal with). Download SE and install it, and let it uninstall your old Adaware. Run ADAWARE SE in deep search mode, takes much longer, and then after removing any nasties, you can change it to "smart scan" for normal maintence. Every once in a while, run it on deep scan mode, just to check it all. Of course, you need AV of some kind. Some free AV out there, but Norton is good, if you are buying. I like "CleanmyPC" popup blocker, but be aware, its too good, you will never see popups, but will need to check for PM's on our forum manually, no big deal to me, I'm used to it, second nature now. Edited October 14, 2004 by Guest Link to comment Share on other sites More sharing options...
WWPlague Posted October 14, 2004 Share Posted October 14, 2004 Heres a group that will help when you are having problems. Usually they ask for a Hijackthis 1.98.2 log, or people just put it in the first post asking for help and describing the problem. http://forums.spywareinfo.com/index.php?showforum=18Heres my log for example, it wont show other things on your HD, just what is running.Logfile of HijackThis v1.98.2Scan saved at 10:29:35 AM, on 10/14/2004Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:WINDOWSSystem32smss.exeC:WINDOWSsystem32winlogon.exeC:WINDOWSsystem32services.exeC:WINDOWSsystem32lsass.exeC:WINDOWSSystem32Ati2evxx.exeC:WINDOWSsystem32svchost.exeC:WINDOWSSystem32svchost.exeC:Program FilesCommon FilesSymantec SharedccEvtMgr.exeC:WINDOWSsystem32spoolsv.exeC:WINDOWSsystem32Ati2evxx.exeC:WINDOWSExplorer.EXEC:Program FilesCommon FilesSymantec SharedccApp.exeC:Program FilesSaitekSoftwareProfiler.exeC:Program FilesSaitekSoftwareSaiSmart.exeC:Program FilesISSBlackICEblackice.exeC:Program FilesISSBlackICEblackd.exeC:Program FilesNorton SystemWorksNorton AntiVirusnavapsvc.exeC:Program FilesMessengermsmsgs.exeC:Program FilesInternet Exploreriexplore.exeC:1HijackThis.exeR0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yahoo.com/O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 6.0ReaderActiveXAcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dllO2 - BHO: CleanMyPC Popup Blocker - {7A9BC6B1-7F27-47c6-A66D-13582E81E537} - C:Program FilesCleanMyPC Popup BlockerCleanBHO.dllO2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:Program FilesNorton SystemWorksNorton AntiVirusNavShExt.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocxO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:Program FilesNorton SystemWorksNorton AntiVirusNavShExt.dllO3 - Toolbar: CleanMyPC Toolbar - {04164EC4-1E48-4279-818E-3721931E7636} - C:Program FilesCleanMyPC Popup BlockerCleanBar.dllO4 - HKLM..Run: [ccApp] C:Program FilesCommon FilesSymantec SharedccApp.exeO4 - HKLM..Run: [ccRegVfy] C:Program FilesCommon FilesSymantec SharedccRegVfy.exeO4 - HKLM..Run: [Profiler] C:Program FilesSaitekSoftwareProfiler.exeO4 - HKLM..Run: [saiSmart] C:Program FilesSaitekSoftwareSaiSmart.exeO4 - Global Startup: BlackICE PC Protection.lnk = C:Program FilesISSBlackICEblackice.exeO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093191840625O17 - HKLMSystemCCSServicesTcpip..{1621A2A4-5823-4CC7-9180-039C303D9BA6}: NameServer = 216.229.0.25,216.229.0.6 Link to comment Share on other sites More sharing options...
WWPlague Posted October 14, 2004 Share Posted October 14, 2004 Yes, I am spamming our forum. :lol: Browsing the net and waiting for UPS to showup, "what canbrown do for you?" and deliver my new power supply. Anyway, I found this news article interesting. Simular to the truckers prayer: "Lord, just once before I die, let me blow the wheels off a Greyhound bus.", is the computer helper guys prayer, "Lord, just once before I die, let take a cheese grater and shave off the nuts of a nasty program writer". WASHINGTON Oct. 13, 2004 — In what regulators are calling a first, the government has asked for a court order to shut down a spyware operation. The Federal Trade Commission says computer users who went to certain Web sites unknowingly had the snooping software downloaded onto their computers. The agency says it secretly changed settings, caused computers' CD-ROM trays to fly open and triggered barrages of pop-up ads for anti-spyware programs called Spy Wiper and Spy Deleter. The FTC's acting director of consumer protection, Lydia Parnes, says selling software to fix a problem that you've caused is the very definition of "online chutzpah." The FTC says computer users can protect themselves from the growing problem of spyware by keeping their operating systems and Web browsers updated and by being cautious when downloading software.Me again, that shows you how lame the FTC is, first states that users unkowningly got the malware by visting a site, and now says "being cautious when downloading software" wonder if FTC knows the difference, I doubt it. Link to comment Share on other sites More sharing options...
WWPierre Posted October 14, 2004 Author Share Posted October 14, 2004 S! Sensei,I do not have administrative services in my control panel.I am using Win98I do have a folder called Symantic Live Update, though.I have Norton and all that stuff, I got it for Ghost, which I have never figured out how to use, but for some reason I stayed with AVG for Virus protection. I understand that my data is not at risk, and this is only a nuisance, but what a nuisance it is: While writing this message, I have had to Ctrl/alt/del 6 popups.When I started the computer this morning, AVG informed me of the trojan, and told me to start my computer with a virus free disk. (btw, this does not happen every time I boot up.) Does that mean a standard start-up disk? or some (another advt for a program to fix this problem just came up, I was tempted to click on it:) that makes 7) other disk. I am not putting you guys in danger, am I?I looked at AVG, and I cannot find (another one, free cursors this time, #8) a way to scan my system from within the program, seems it does it only at startup. I have already spent $100 on this and am willing to spend more, if I have to. Of course, the free methods will have to be explored first:)Plague, I will look at the stuff you suggested later. BZ today with storm sewer installation in front of my bldg before the rains come back. A few grand gets me 8 or 9 parking spots, worth 5 grand a pop on the open market:)Pierre Link to comment Share on other sites More sharing options...
WWSensei Posted October 14, 2004 Share Posted October 14, 2004 Win98 Well, I think Messenger is on 98 as well but I have no idea how to turn it off. Haven't used 98 in 6 years... ;-)A google search might find it though. Link to comment Share on other sites More sharing options...
WWWringer Posted October 14, 2004 Share Posted October 14, 2004 (edited) Not good news for Windows 98 users ....http://www.itc.virginia.edu/desktop/docs/messagepopup/However on this site:http://www.pchell.com/support/ipmessaging.shtml it says: What about Windows 95 or Windows 98 IP Messaging?Although the technology for this type of IP Messaging is available in Win95/98, it was in the form of a program called WinPopUp. It can be installed or uninstalled from Add/Remove Programs. In Windows 95, it is found in the Accessories section, while in Windows 98 it is installed through System Tools.Although the version in Win95/98 and the version in Win2K/XP are not compatible with each other, they do offer an interesting way to communicate between computers (as long as its not abused). For more information on how to use WinPopUp or Windows Messenger to send and receive emails, you may want to visit the World of Windows Networking article on PopUp Messages. You can also go Start -> Run -> Type in "msconfig" without the quotes and then click on the "Startup" Tab and carefully checkout what is automatically starting every time your computer boots up. If you find something suspicious - or just want to know what it is go here:http://www.processlibrary.com/ If this site identifies it as your problem then `Uncheck' the entry so that it won't start and then do a Search to find where it is installed on your computer and Delete it. OR Google the name and see if you can find information on removing it.Good luck. (BTW the site Plague told you about is is excellent. ) Edited October 14, 2004 by Guest Link to comment Share on other sites More sharing options...
WW8Ball Posted October 14, 2004 Share Posted October 14, 2004 I havn't had any visable problems since my debacle of upgrading ME to XP. At that time my system was so full of crap I had to wipe my drive and reinstall everything. At that time I got and installed Norton Internet Security Suite. Then had to do it all again recently when I upgraded my MB. Also on a lark and being ever the optimist I also installed SP2 for XP. Having read about problems between Norton and SP2 I left Norton running during the installation to see what would happen. Much to my surprise at the end of the SP2 installation a Norton window popped up telling me that SP2 was trying to duplicate some of the services that Norton provided and asked if I wished to turn them off. I turned off the XP services (firewall, pop up blocker and adaware services) Leaving Norton in charge of the system. Everything still seems to be in good shape. My question is, does NIS do enough to protect me or should I also have Spybot and Adaware installed? Link to comment Share on other sites More sharing options...
WWSensei Posted October 14, 2004 Share Posted October 14, 2004 My question is, does NIS do enough to protect me or should I also have Spybot and Adaware installed? NIS is enough for firewall and AV and limited spyware. Adding Adaware and Spybot are good ideas for additional protection--NIS lacks good spyware protection (it's on its way but should have been there a long time ago).By far the biggest thing you can do to reduce the threat of spyware is stop using IE and use another browser that isn't vulnerable to ActiveX objects attaching themselves. Link to comment Share on other sites More sharing options...
WWPierre Posted October 15, 2004 Author Share Posted October 15, 2004 Update...Finally figured out how to run AVG. It found and removed a virus, but popups still continue. I did the msconfig thing Wring recommended, no difference. Ran Spybot, found some stuff. (The thing must be replicating itself in my computer) I have just gone to the site Plague recommended, and sent a M'aider. Will keep you informed.Pierre Link to comment Share on other sites More sharing options...
WWPierre Posted October 15, 2004 Author Share Posted October 15, 2004 S! Guys,The Spywareinfo site Plague directed me to is awesome. I have been at it about 4 hours and it looks like the problem is pretty much fixed. The popups have stopped, AdAware can find nothing.......(at last scan). Spybot keeps finding 1 or 2, but I am dealing with that now.At the Malware forum, I had step-by-step personal support in almost real time. The neat thing is that I didn't go off the deep end as I usually do when confronted with this type of bullshit :lol: Maybe I can get to fly a bit tonight!Merci mes freresPierre Link to comment Share on other sites More sharing options...
WWSandMan Posted October 16, 2004 Share Posted October 16, 2004 Glad to hear your current computer troubles seem to have been cured, Pierre. /applications/core/interface/imageproxy/imageproxy.php?img=%7BSMILIES_PATH%7D/icon_joy.gif&key=eacf8d5bbbccc7bf7a9dd4b8dd1050077a2cc0be1a419a3356be265aa0465c66">One request... we need a new topic started in a public forum area in order to get this topic's title off the very top of the Portal page. It's not exactly something that visitors will find appealing... the first post-topic they see is "I've got a Trojan!" ;) /applications/core/interface/imageproxy/imageproxy.php?img=%7BSMILIES_PATH%7D/icon_rolleyes.gif&key=1e8c06ab12fb541f5359109fc2a9aa78454b8063e7aa8862e992af3163d7b4b4"> Link to comment Share on other sites More sharing options...
WWPlague Posted October 16, 2004 Share Posted October 16, 2004 Glad you are getting it sorted out, Pierre. I would keep at it at that forum until your Hijackthis log is blessed by the guru's helping you. Spybot S&D 1.3 has the "immunize" section, and its safe and effective. I recommend people use it. Just one of the tools that helps keep the headaches down. I use:Spybot 1.3 "immunize"NAV auto-protect always onSoftware firewall full up unless I host, then down one notchXP firewall unless I host- I could do better, and find out the single thing I need to adj. to host, so's to leave the rest of XP firewall on. I run scans with Spybot and Adaware SE and NAV every 2-3 days. Or sooner, whenever I "think" somethings not right. Link to comment Share on other sites More sharing options...
WWWringer Posted October 16, 2004 Share Posted October 16, 2004 Glad to hear your current computer troubles seem to have been cured, Pierre. /applications/core/interface/imageproxy/imageproxy.php?img=%7BSMILIES_PATH%7D/icon_joy.gif&key=eacf8d5bbbccc7bf7a9dd4b8dd1050077a2cc0be1a419a3356be265aa0465c66">One request... we need a new topic started in a public forum area in order to get this topic's title off the very top of the Portal page. It's not exactly something that visitors will find appealing... the first post-topic they see is "I've got a Trojan!" ;) /applications/core/interface/imageproxy/imageproxy.php?img=%7BSMILIES_PATH%7D/icon_rolleyes.gif&key=1e8c06ab12fb541f5359109fc2a9aa78454b8063e7aa8862e992af3163d7b4b4"> :D OK - I just got something that I will post - "Warning to Men" /applications/core/interface/imageproxy/imageproxy.php?img=%7BSMILIES_PATH%7D/icon_twisted.gif&key=76870aa9df6931b692ccc9ef4c7472a7834d1d9dfc6a76eccadd1fa39c0df891"> Link to comment Share on other sites More sharing options...
AsRock Posted September 18, 2005 Share Posted September 18, 2005 Spybot 1.3 "immunize"NAV auto-protect always onSoftware firewall full up unless I host, then down one notchXP firewall unless I host- I could do better, and find out the single thing I need to adj. to host, so's to leave the rest of XP firewall on. Spybot 1.4 now.Nav kinda sucks try Avast MUCH better.XP Firewall No thanks not to bad much better would be Outpost FreePro.Allso you could try is to download MS's Anti Spyware program to ( Beta ). But only if you legaly own WinXp Link to comment Share on other sites More sharing options...
WWChunk Posted September 18, 2005 Share Posted September 18, 2005 Spybot 1.3 "immunize"NAV auto-protect always onSoftware firewall full up unless I host, then down one notchXP firewall unless I host- I could do better, and find out the single thing I need to adj. to host, so's to leave the rest of XP firewall on. Spybot 1.4 now.Nav kinda sucks try Avast MUCH better.XP Firewall No thanks not to bad much better would be Outpost FreePro.Allso you could try is to download MS's Anti Spyware program to ( Beta ). But only if you legaly own WinXp Uh-oh... /applications/core/interface/imageproxy/imageproxy.php?img=%7BSMILIES_PATH%7D/icon_wink.gif&key=940dab18e6395dabf49383a0bb376331df53e6f1880bab3f9e4e80745a8cc9ca"> Link to comment Share on other sites More sharing options...
WWDubya Posted September 18, 2005 Share Posted September 18, 2005 ... oops; someone's cornflakes gots piss in 'em. :shock: Link to comment Share on other sites More sharing options...
WWSandMan Posted September 18, 2005 Share Posted September 18, 2005 I wouldn't worry... I'm sure the resident Symantec guy has heard a lot worse than that. ;) Besides... crunchy Corn Flakes suck. That's why you have to put liquid of some sort on them. I prefer beer, but that's just me... Link to comment Share on other sites More sharing options...
AsRock Posted September 18, 2005 Share Posted September 18, 2005 HAHAHA. sorry if i offended anyone lol. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now