Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Help With Popups (not An Easy One)


  • Please log in to reply
8 replies to this topic

#1 otaking71

otaking71

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 11 April 2007 - 01:46 AM

I've cleaned out quite a few computers of spyware/malware before and I've registered to get some help.

Honestly I'm a lurker and look up a lot on my own but I'm absolutely stumped by this machine (good friend of mine).

It seems that anytime it does a DNS lookup...it gets a pop up...does not matter what browser is used.


I've run AVG and Avira concurrently at one point to clean out the viruses.

I've run A-squared, AVG Antivirus, AVG Rootkit, smitfraudfix, rogeremover/rogueremoval.zip package, qoofix, vundo, combofix, sdfix, spybot, windows defender, and adaware.

All scans were run with the latest updates.


The popups are NOT random at all. They happen pretty much right after you type in the site names. You can continue to browse on THAT domain and won't have another popup...but as sson as you navigate to another domain name....bam.

Any ideas?



BTW, thanks for the guides you have posted up. They've cleaned many machines.

BC AdBot (Login to Remove)

 


#2 fozzie

fozzie

    aut viam inveniam aut faciam


  • Members
  • 3,516 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ossendrecht/The Netherlands
  • Local time:08:39 PM

Posted 11 April 2007 - 01:48 AM

Posted Image to BC


In normal mode, run an online antivirus check from at least two and preferably three of the following sites
BitDefender
Computer Associates Online Virus Scan
Panda's ActiveScan
Trend Micro Housecall
Windows Live Safety Center Free Online Scan
This scanner from Trend does not require an Active X to run.

1. Detects and removes malware ( viruses, worms, trojans, etc. )
2. Detects and removes grayware and spyware
3. Restores damage caused by malware to your system.
4. Notifies about vulnerabilities in installed programs and connected network services.
5. Multi-platform support for: Windows, Linux, Solaris.
6. Easy-to-use with the Microsoft Internet Explorer and Mozilla Firefox.


EDit : corrected the Bitdefender link

Edited by fozzie, 11 April 2007 - 01:59 AM.


#3 otaking71

otaking71
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 11 April 2007 - 01:52 AM

good lord that was fast.

no.


They had that. I've already run smitfraud.


The popups are literally just popups...nothing malicious.

Gamevance is one on the screen right now.
cpvfeed was one that's come up a few times.
maniatv is another.

those are all i can remember offhand.

The popups do come up individually.

#4 otaking71

otaking71
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 11 April 2007 - 01:53 AM

alright..i'll run them right now.

#5 otaking71

otaking71
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 11 April 2007 - 01:54 AM

btw..the bit defender link is invalid.

#6 fozzie

fozzie

    aut viam inveniam aut faciam


  • Members
  • 3,516 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ossendrecht/The Netherlands
  • Local time:08:39 PM

Posted 11 April 2007 - 02:01 AM

A good alternative for tracking down spyware is SuperAntiSpyware.

Download and scan with SUPERAntiSypware Free for Home Users

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Udates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
* When done, select "Scan for Harmful Software".
* There are three scanning options. Choose "Perform Complete Scan" and click "Next".
* When done, a Scan Summary will appear with potentially harmful items that were detected. Click "OK".
* Make sure they all have a checkmark next to them and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* Click Preferences and then click the statistics/logs tab.
* Click the dated log and press View log. A text file will appear so you can see the results.
* Select close to exit the program.
* Scan in SAFE MODE

#7 otaking71

otaking71
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 11 April 2007 - 02:07 AM

funny you mentioned that. I actually already used that for the first time on this machine. Hrm. Still running scans.

#8 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:39 PM

Posted 11 April 2007 - 07:48 AM

If you haven't done it already, check the list of programs in Add/Remove for any program recently added. If you don't recognize it, Google it. You could also check the IE browser addons for a clue as to what might be causing the popups.
If you still have no luck finding the culprit, you should post a Hijack This log and let the experts have a look. You have done the prep for posting.

Post a Hijack This log in the Hijack This Forum by following the directions in the link below. DO NOT post the log in this forum.
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#9 otaking71

otaking71
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:39 PM

Posted 11 April 2007 - 04:09 PM

I managed to fix it. The online scans pointed out the files and I looked it up and fixed it. Thanks a bunch fozzie.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users