Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ie Bombarded With Popups, Think I Have A Trojan Virus


  • Please log in to reply
8 replies to this topic

#1 I_Hate_Viruses

I_Hate_Viruses

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:03:55 AM

Posted 06 May 2007 - 11:25 AM

:thumbsup: I don't know how to go about fixing this problem. I get on Internet Explorer and I get bombarded with un-wanted popups and fake warnings excessively. McAffe has detected a few trojans with the generic.dx and .dll's also AOL Spyware has dectected many adware/spyware. Yet, the virus is still here. VERY FRUSTRATING!! I have surfed all night trying to figure out how to remove this with removal tools and what not but most are saying different things. Can anyone help me with this????

BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:55 AM

Posted 06 May 2007 - 01:14 PM

Use the directions in the link below to run Vundofix.exe.
http://www.atribune.org/content/view/24/2/

Install Super Antispyware. Run it in safe mode. Allow it to quarantine whatever it finds.
http://www.superantispyware.com/

Run the online scan for Bit Defender in normal mode. Allow it to quarantine whatever it finds.
http://www.bitdefender.com/scan8/ie.html

--------------------------------------------------------------------------------

Post a Hijack This log in the Hijack This Forum by following the directions in the link below if the programs above have not removed ALL malware. DO NOT post the log in this forum.
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
--------------------------------------------------------------------------------

Getting into Windows Safe Mode
http://www.computerhope.com/issues/chsafe.htm
(pre-Vista OS's)
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:55 AM

Posted 07 May 2007 - 11:42 AM

AOL Spyware has dectected many adware/spyware. Yet, the virus is still here...

AOL automatically installs Spyware Protection as part of their bundled package. This Spyware Protection program is a licensed clone that is not notably effective in its scanning. SpyZapper works alongside AOL Spyware Protection to automatically target the most disruptive forms of spyware and other programs that may cause connection problems, performance issues, and security risks. The SpyZapper feature scans the computer and helps members decide whether they want to block the programs it identifies. Again, this feature is not notably effective.

You need to be using better protection than what AOL is providing you. See BC's List of Virus & Malware Resources

What do the pop ups and alerts say? Can you be more specific? Do the fake alert messages look like any of these?
example screenshots 1
example screenshots 2
example screenshots 3
example screenshots rogue apps & fake alerts

If so and if your using Win XP or 2000, follow the generic instructions for using SmitfraudFix in BC's "How to remove the Smitfraud/Generic Zlob"
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 I_Hate_Viruses

I_Hate_Viruses
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:03:55 AM

Posted 07 May 2007 - 01:55 PM

Most of the popups were false warnings saying that my computer was in danger and download this and that. Most of the time it was WinProAntiVirus2007...or something like that I cant think the of the name at the moment. Also, many advertisements, and ones that looked like in the examples. I just got done running Vundo (after 3 longs hours) and I'm about to run the Super Antispyware, and go through the steps that buddy215 has posted. (Thanks!) I am running on XP and McAffee has been scanning. I also downloaded Spybot, Ad-Aware and Zone Alarm (which I will prolly find another firewall, along with my windows firewall). I currently am getting popup boxes with Spybot with pmnlj and a browser helper trying to change my registry. I've denied them since I remember seeing those two popup in the Vundo. But I am going to try both of yours and buddy's methods so hopefully I can get this nasty thing out of the comp. system!! :thumbsup:

Okay...and NOW i keep getting windows popping up with C:/Windows/system32 thingie.....UGH!!!

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:55 AM

Posted 07 May 2007 - 02:38 PM

I understand the frustration. If you continue to have problems, then go ahead and use the link buddy215 provided to post a HijackThis log in the HijackThis Logs and Analysis Forum, NOT here, for assistance by the HJT Team Experts. You may have performed some of these steps already. If you can't perform a step, then skip and continue with the next. In step #9 there are instructions for downloading HijackThis and creating a log.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:55 AM

Posted 07 May 2007 - 02:51 PM

If you have spybot's teatimer activated, you should exit it by right clicking on the icon in the system tray and choose exit. It may interfere with the removal of the malware by other programs.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 I_Hate_Viruses

I_Hate_Viruses
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:03:55 AM

Posted 07 May 2007 - 10:25 PM

Alright. Well I posted up my HijackThis log so hopefully some one can find something. McAffee is still popping up with the Vundo.dll, genericspy.b, and generic.dx. I was thinking about running all my anti-virus and spyware in safe mode and see if it gets rid of it, but superspyware didnt get a few of them on safe mode. (Though that was all before I turned off Spybot's TeaTimer). However, I think I will just wait until my log is checked and see whats going on..... :thumbsup:

#8 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:55 AM

Posted 08 May 2007 - 05:49 AM

I see your Hijack This post has been responded to. I was curious to know how your computer picked up the infection. Could you have clicked on a link in a spam email?
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#9 I_Hate_Viruses

I_Hate_Viruses
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:03:55 AM

Posted 08 May 2007 - 08:49 AM

Must have been a link or something that some one clicked on. There's 3 other people who use this computer also.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users