Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Finally The Pop Ups Are Gone!


  • This topic is locked This topic is locked
1 reply to this topic

#1 hbj1972

hbj1972

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:26 AM

Posted 28 March 2008 - 08:14 AM

I think I have solved this - but I still would love to know...
was my personal info ever at risk? Is this just basically a pop up hoax to get you to buy software or was it someone actually trying to tap into my personal info.
I do all my banking online. Or is there a way to know this?

And should I reinstall Norton? I have seen posts where people have to reinstall.

I have Norton 360 (inc firewall), and Spyware Dr through Google pack, I use firefox and also have a desktop link to yahoo to access my husbands remote access to his office network. Am I safe?


I want to post this because it may help someone else and I would love an expert opinon. I posted a hijack log a while back and I never got a response, I know how busy you guys are. And I appreciate what your doing. In fact, I already had a computer tech come to my house 2 weeks ago and spent $140. The about 2 days later I had something new, I figured I could figure it out on my own (after watching him) and with the help of BC.

So, after running Adaware I found a trojan, and deleted it and then found 2 rootkit with Spybot that kept returning (until I killed them with AVG rootkit killer). Then I was finding NOTHING through Combofix, Spybot, etc.. I must have ran 10 different spy, mal and ad and virus programs. And nothing was coming up,

BUT, I still had the pop ups. So finally I was just looking at files in C:/WIN/System32/ and looked under details and date, and found something that was saved around the date the problems started. I clicked on it and my message with the countdown immediatly popped up and computer turned off. So, I figured it was corrupt, I scanned it with http://virusscan.jotti.org/ (what a Godsend)! Only one if the many scanners found malware with this file! It was AVIR, of course one that I had not run.

The file resisted deletion, so I downloaded Unlocker and was able to delete. And YEAH! no more pop ups :thumbsup:

SORRY TO BE SO WORDY, I just want to help someone else going through this. I think whatever the original problem was, was fixed with the tech. But somehow, something else came back and I killed it with the various programs. And the remaining file was creating pop ups. BTW, it was linked to IE and win log on.


Here are the pop ups:
A balloon pops up from the tray attached to the yellow emblem w/the exclamation point advising:

Your computer might be at risk
*Latest software updates not installed
*Incorrect files association
*System appears to hang
*Firewall has errors

Click balloon to fix the problem

Then another balloon from the tray attached to the red emblem with the x on it will pop up advising:

Tracking process is activated
**ADDRESS: 0x10A3007B
Can’t deactivate spyware program.

Click baloon to fix the problem

And finally the third balloon from the tray emblem with the four colors (red, green, blue, yellow) advising:

Explicit content is detected:


Further, I receive grey window pop ups :

Your system is unstable.

A problem has been detected and Windows has been shutdown buggy application to prevent damage to your computer, Kernel32x.SYS – Address 0xA73C20AE, error code Co2100, DateStamp 56b836A3, Kernel Debugger on port: COM3 (Port 0x19f, Baud rate 9201)



If I click on any of the emblems, a web browser attempts to open and when I close it, the emblems disappear. I also receive this windows prompt:

You have chosen to open setup_sbd_en.exe
Which is a: application
From: http://archive.easydownloadsoft.com
Would you like to save file?

Once I click on cancel, the prompt disappears and once I close the web browser, the emblem warning of a critical even disappears.

In addition, I’ve noticed the following when I have an open browser:

Iexplore.exe – application error
The instruction at “0x66fe1082” referenced memory at “0x0672d80”. The memory could not be “read”. Click ok to terminate the program.

As well as this one:

SysFader: IE7EXPLORER.EXE – Application Fatal Error
The instruction at 0x01cf34739 referenced memory at 0x02df2e50. The memory could not be read.

and then I would get a a count down and my computer would shut down.


Thanks to anyone in advance that read through this and has any advice!

BC AdBot (Login to Remove)

 


#2 TMacK

TMacK

  • Members
  • 4,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:B.C. Canada
  • Local time:06:26 AM

Posted 28 March 2008 - 10:25 AM

Hi hbj1972,

Since have a HJT log posted in the HijackThis Logs and Malware Removal forum, you shouldn't make any changes to your system.
Doing so, could change the results of the posted log, making it difficult to properly clean your system.

At this point, the HJT Team should be the only members that you take advice from, until they have verified your log as clean.
Please Do Not continue to post questions about malware while you have an active log.

If after 5 days you have received no response, then post a link to your HJT log in the thread titled "Haven't Had A Reply In Five Days?".

This topic will now be closed.
If you have any questions, feel free to send me a PM.
Chaos reigns within.
Reflect, repent, and reboot.
Order shall return.

aaaaaaaa a~Suzie Wagner




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users