Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Crazy Pop Ups!


  • Please log in to reply
11 replies to this topic

#1 mel9589

mel9589

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:10 PM

Posted 06 December 2007 - 04:59 PM

I have been getting crazy pop ups of every sort when I open internet explorer and mozilla. I don't know whats causing them, but they're super annoying. I would really appreciate if someone could help me out. I have CA Antivirus but it does nothing.

BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • BC Advisor
  • 12,990 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:10 PM

Posted 06 December 2007 - 05:17 PM

Download and Install Super Antispyware free. Reboot and Run it in safe mode. Allow it to quarantine whatever it finds.
http://www.superantispyware.com/

Post back with what SAS found and for further instructions.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 mel9589

mel9589
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:10 PM

Posted 06 December 2007 - 08:46 PM

It found and quarantined
Adware.180solutions/ZangoSearch
Adware.Clickspring/Yazzle
Adware.Tracking Cookie
Adware.Vundo Variant
Adware.Vundo Variant/Rel
Adware.Vundo Variant/Small
Adware.Vundo Variant/Small-A
Adware.Web Buying
Adware. WhenU
RelevantKnowledge Spyware Component
Trojan.Downloader-Gen/DDC
Trojan.Net-MSV/VPS-H
Trojan.WinFixer
Unclassified.Unknown Origin

#4 buddy215

buddy215

  • BC Advisor
  • 12,990 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:10 PM

Posted 06 December 2007 - 09:01 PM

That is a large collection of malware!!

Look in your Add/Remove list of programs for any of the items listed below.
Oin
Yazzle by Oin
Purityscan by Oin
Snowballwars by Oin
or anything similar with Oin or Outerinfo in it.
Zolero
Tizzletalk
MediaTickets
Cowabanga
If you find any of the above use info in the link below to remove.
http://www.geekstogo.com/forum/How-to-remo...IN-t134763.html

Run the Vundofix tool in the link below.
http://vundofix.atribune.org/

Run the online scan for Bit Defender in normal mode. Allow it to quarantine whatever it finds.
http://www.bitdefender.com/scan8/ie.html

Post back with the results of the scans.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#5 mel9589

mel9589
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:10 PM

Posted 06 December 2007 - 11:59 PM

I could not find any of those on my add/remove program list and Vundo found nothing.
THis is what bitdefender came up with...
ime


01:35:22

Files


344957

Folders


7812

Boot Sectors


4

Archives


4635

Packed Files


21016







Results

Identified Viruses


2

Infected Files


7

Suspect Files


0

Warnings


0

Disinfected


0

Deleted Files


7







Engines Info

Virus Definitions


880615

Engine build


AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins


14

Archive plugins


38

Unpack plugins


7

E-mail plugins


6

System plugins


1







Scan Settings

First Action


Disinfect

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes








Scanned File


Status

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP23\A0006432.dll


Infected with: Trojan.Vundo.DRT

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP23\A0006432.dll


Disinfection failed

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP23\A0006432.dll


Deleted

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP23\A0006436.dll


Infected with: Trojan.Vundo.DRI

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP23\A0006436.dll


Deleted

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP23\A0006439.dll


Infected with: Trojan.Vundo.DRT

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP23\A0006439.dll


Disinfection failed

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP23\A0006439.dll


Deleted

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP23\A0006447.dll


Infected with: Trojan.Vundo.DRI

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP23\A0006447.dll


Deleted

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP23\A0006448.dll


Infected with: Trojan.Vundo.DRI

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP23\A0006448.dll


Deleted

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP23\A0006449.dll


Infected with: Trojan.Vundo.DRI

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP23\A0006449.dll


Deleted

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP23\A0006450.dll


Infected with: Trojan.Vundo.DRI

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP23\A0006450.dll


Deleted

#6 buddy215

buddy215

  • BC Advisor
  • 12,990 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:10 PM

Posted 07 December 2007 - 05:38 AM

Remove temporary files, logs, cookies, etc. by using Ccleaner. Do not use "Advanced Settings" or the "Issues" button. Use only the default settings. http://www.ccleaner.com/
During install you will be offered the Yahoo Toolbar. UNcheck if not wanted.

Super Antispyware updated late yesterday. Update your SAS and run again in safe mode.

Bit Defender found only the infected restore points. Those will be removed after all other malware is removed.

Post back with what SAS found and what problems you are experiencing.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#7 mel9589

mel9589
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:10 PM

Posted 07 December 2007 - 12:58 PM

SAS found 27 instances of
Adware. Tracking Cookie

#8 buddy215

buddy215

  • BC Advisor
  • 12,990 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:10 PM

Posted 07 December 2007 - 01:46 PM

If you are not experiencing any more problems with malware, remove the infected restore points, permanently remove ALL
quarantined files in ALL security programs.
Turn off system restore. This will remove all restore points since some are infected . Turn system restore back on.
http://www.bleepingcomputer.com/tutorials/windows-xp-system-restore-guide/

You can block the "third party cookies" (placed by advertisers) by following the simple
instructions in the link below.
http://www.howtogeek.com/howto/windows-vis...cookies-in-ie7/
Once you have blocked the third party cookies, run Ccleaner to remove the existing ones.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#9 mel9589

mel9589
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:10 PM

Posted 07 December 2007 - 03:28 PM

Thanks a bunch!!!! I think it worked, no pop ups in sight for now!

#10 buddy215

buddy215

  • BC Advisor
  • 12,990 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:10 PM

Posted 07 December 2007 - 04:03 PM

Okay, delete the restore points as some are infected.
Turn off system restore. This will remove all restore points since some are infected . Turn system restore back on.
http://www.bleepingcomputer.com/tutorials/windows-xp-system-restore-guide/

If anything else "pops up", report back.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#11 mel9589

mel9589
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:10 PM

Posted 07 December 2007 - 04:34 PM

Yeah I deleted them, the pop ups are still popping though, I guess their not gone..

#12 buddy215

buddy215

  • BC Advisor
  • 12,990 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:10 PM

Posted 07 December 2007 - 05:14 PM

Post a Hijack This Log in the Hijack This Forum by following the directions in the link below. DO NOT post a log in this forum. http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
If you are unable to perform any of the steps, skip and move on to the next. The important thing is to get the
log posted.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users