#250304 - 24/02/2005 04:22
Help! Spyware/Popup problems
|
old hand
Registered: 15/02/2002
Posts: 1049
|
Hi everyone,
I accidentally mis-clicked on a pop up and ended up installing a whole bunch of nasties. I won't go into the rant about how this wouldn't have been possible on a computer with a real operating system...
Anyhow. I got everything working again. There were a couple of viruses and a bunch of spyware installed.
I've used Adaware, Hijack This and Spybot S&D and none of them finds anything. Actually, Spybot S&D keeps finding these two things:
IGetNet Common Hijacker
I don't think these are the cause of my problem, because Spybot shows they are "redirected host" type problems.
I remove them, but they keep coming back, even if I remove them in Safe Mode.
I'm getting a pop-up IE window every 5 minutes or so. I can't find any processes running that is causing this. It's driving me absolutely crazy.
PLEASE someone, how can I find out why IE is starting up on its own and showing me an ad. I can't figure this out...
Thanks in advance,
Jim
|
Top
|
|
|
|
#250305 - 24/02/2005 04:33
Re: Help! Spyware/Popup problems
[Re: TigerJimmy]
|
carpal tunnel
Registered: 20/12/1999
Posts: 31597
Loc: Seattle, WA
|
Dust off and nuke the site from orbit. It's the only way to be sure.
|
Top
|
|
|
|
#250306 - 24/02/2005 05:28
Re: Help! Spyware/Popup problems
[Re: TigerJimmy]
|
pooh-bah
Registered: 12/02/2002
Posts: 2298
Loc: Berkeley, California
|
Um. To use the cliched phrase, "Post a hijackthis log".
Also make sure you've cleared out your trusted sites lists and set all the security levels bask to the defaults.
Matthew
|
Top
|
|
|
|
#250307 - 24/02/2005 05:31
Re: Help! Spyware/Popup problems
[Re: tfabris]
|
old hand
Registered: 15/02/2002
Posts: 1049
|
No kidding! What a ridiculous piece of junk. Anyhow, wonders never cease. I "fixed" the problem (or so it seems, so far) by installing SP2. So, the people who caused the problem actually fixed it. Amazing. And you thought that Microsoft just made things worse and worse. Of course, I still have absolutely no idea what was going on. In the process, I learned about an antispyware tool I hadn't used before: Intermute's Spy Subtract . It's commercial-ware, but with a 30 day trial. It detected a few things (mostly registry keys) that Spybot, Adaware, and HiJack This all missed. The fact that whole segments of the software industry continue to thrive as a result of extremely poor quality of Microsoft amazes me. If it were *any* other product area, the poor quality source of all the problems would be replaced. Because of 3rd party software, this isn't happening "on the desktop". Instead, people keep bandaging their critically wounded patient. The internet will kill Microsoft. Not in the way they fear, however. It will be because the globally connected world magnifies the poor quality and reliability of the MS products. They will not be able to fix this without losing their stranglehold on the market -- their 3rd party software dominance. To fix these problems, Microsoft will need an entirely new platform; they can't polish this turd enough. When they do that, they lose the backward compatibility and the development environment investments won't matter because everything will need to be ported. I can't wait to see Microsoft delisted from Nasdaq. Jim
|
Top
|
|
|
|
#250308 - 24/02/2005 06:15
Re: Help! Spyware/Popup problems
[Re: TigerJimmy]
|
pooh-bah
Registered: 12/02/2002
Posts: 2298
Loc: Berkeley, California
|
Just to say this after the fact, but one should never install SP2 if you've got a spyware problem. I do a lot of helpdesk work, and it seems that the only way to really screw things up when installing SP2 is to install it over a mess of spyware.
Matthew
|
Top
|
|
|
|
#250309 - 24/02/2005 07:07
Re: Help! Spyware/Popup problems
[Re: TigerJimmy]
|
carpal tunnel
Registered: 08/06/1999
Posts: 7868
|
Quote: I won't go into the rant about how this wouldn't have been possible on a computer with a real operating system...
What about the rant about a different browser? So far, even with click happy relatives, 4 Windows machines I help maintain are spyware free after migrating them to Firefox ages ago. I actually forgot how long ago I had started this, until I found my mothers laptop was still running Firebird 0.7.
While changing the OS might not be possible, you can at least address the root of the cause in other ways, instead of maintaining 3-5 different spyware detectors.
|
Top
|
|
|
|
#250310 - 24/02/2005 07:12
Re: Help! Spyware/Popup problems
[Re: TigerJimmy]
|
enthusiast
Registered: 28/03/2002
Posts: 230
Loc: Dudley, UK
|
Hi there, I highly recommend "Scan Spyware" from http://www.scanspyware.net/ It's commercial software ($30) but they do have a trial version (don't know how functional it is though) After running Ad-Aware, I then run Scan-Spyware. Always finds loads more stuff and has never failed to remove it. Cheers, Sim
|
Top
|
|
|
|
#250311 - 24/02/2005 08:35
Re: Help! Spyware/Popup problems
[Re: tfabris]
|
pooh-bah
Registered: 14/01/2002
Posts: 2489
|
I take it you've been watching 'Aliens' a lot lately, Tony?
|
Top
|
|
|
|
#250312 - 24/02/2005 11:18
Re: Help! Spyware/Popup problems
[Re: drakino]
|
pooh-bah
Registered: 25/08/2000
Posts: 2413
Loc: NH USA
|
You know, as of about 10 minutes ago I'd be with you on the FF=impenatrable. I run M$ Anti-Spyware Beta, more as a test of it before my other users (most have gotten it now). I come in this morning and it tells me I've got a case of Comet Cursor. Now, I did not click any pop-ups or anything like that. I've no idea how this happened, but FF is not a silver bullet. Better yes. Perfect, no.
My system sits behind a Sonicwall Soho3, and runs XP SP2 (but admitedly the FW software was not on)- I have several centrally administered pieces of software - most notably my virus scanner - McAfee 8, corporate edition and hadn't bothered to look up which ports it needs.
<SIGH> No magic bullets. (yeah yeah linux/MAC....)
-Zeke
_________________________
WWFSMD?
|
Top
|
|
|
|
#250313 - 24/02/2005 14:47
Re: Help! Spyware/Popup problems
[Re: TigerJimmy]
|
carpal tunnel
Registered: 08/03/2000
Posts: 12338
Loc: Sterling, VA
|
Quote: I've used Adaware, Hijack This and Spybot S&D
Can I ask which version of Ad-Aware you have installed?
Quote: Um. To use the cliched phrase, "Post a hijackthis log".
Oh god, please don't everyone start posting those logs on here. Now everytime I Google for some spyware that I find on a system, I have to trudge through pages and pages of logs that nobody ever responds to. Ugh.
_________________________
Matt
|
Top
|
|
|
|
#250314 - 24/02/2005 16:02
Re: Help! Spyware/Popup problems
[Re: CrackersMcCheese]
|
carpal tunnel
Registered: 20/12/1999
Posts: 31597
Loc: Seattle, WA
|
Quote: I take it you've been watching 'Aliens' a lot lately, Tony?
No, it's just that I had to give the same advice to someone here in my company earlier that day, because they'd had the identical problem.
That person, of course, was my direct manager. Yes, Dilbert is my life.
|
Top
|
|
|
|
#250315 - 24/02/2005 19:01
Re: Help! Spyware/Popup problems
[Re: Dignan]
|
old hand
Registered: 15/02/2002
Posts: 1049
|
I am running Adaware 6.0 with the latest update file.
Thanks for all the suggestions, everyone. I was extremely frustrated last night. I can't figure out how it was happening. There didn't seem to be any process running, or any indication of where a process might be invoked.
I've had IE open now for about 7 hours and there hasn't been a popup.
I guess I got lucky with the SP2 install, but I did get rid of everything I could find first.
Jim
|
Top
|
|
|
|
#250316 - 24/02/2005 19:03
Re: Help! Spyware/Popup problems
[Re: tfabris]
|
old hand
Registered: 15/02/2002
Posts: 1049
|
Well, I consider myself a fairly competent computer user. I think the spyware/adware is getting much more sophisticated. So, I'd like to think that your boss isn't *necessarily* a pointy-haired boss, or at least that not being able to remove the popup stuff doesn't make him one...
J
|
Top
|
|
|
|
#250317 - 24/02/2005 19:23
Re: Help! Spyware/Popup problems
[Re: TigerJimmy]
|
carpal tunnel
Registered: 20/12/1999
Posts: 31597
Loc: Seattle, WA
|
|
Top
|
|
|
|
#250318 - 24/02/2005 19:47
Re: Help! Spyware/Popup problems
[Re: tfabris]
|
pooh-bah
Registered: 25/08/2000
Posts: 2413
Loc: NH USA
|
Quote: Dust off and nuke the site from orbit. It's the only way to be sure.
Thinking of this, I just ponied up for a 12 seat license of Symantec Ghost Suite, and I have to say I'm pretty impressed. I hadn't looked at Ghost since 2001 (when I ended up using RIS). This time RIS was being more trouble than it was worth. I'd like to have a solid setup where I can just re-image within an hour back to a working desktop. I think Ghost can get me there, but I've only had it a day or two.
-Zeke
_________________________
WWFSMD?
|
Top
|
|
|
|
#250320 - 24/02/2005 20:09
Re: Help! Spyware/Popup problems
[Re: TigerJimmy]
|
addict
Registered: 01/03/2002
Posts: 599
Loc: Florida
|
Quote: I am running Adaware 6.0 with the latest update file.
Thanks for all the suggestions, everyone. I was extremely frustrated last night. I can't figure out how it was happening. There didn't seem to be any process running, or any indication of where a process might be invoked.
I've had IE open now for about 7 hours and there hasn't been a popup.
I guess I got lucky with the SP2 install, but I did get rid of everything I could find first.
Jim
This version of AD-Aware doesn't get updates anymore, you need to download AD-Aware SE 1.05 and always download the updated definition file manually if you think your machine is infected. Always set AD-Aware to do a complete scan. I have see the host file spyware hacks and they tend to set a registry value on bootup to change the location of were the host file should be.
McAfee will also can for some spyware but you need to enable the scan for "Unwanted Programs" option.
I have a boot CD that has Spy-bot, Ad-Aware SE, McAfee 7, AVG and some other tools on it that I use when trying to clean someone elses machine. I boot up the CD and run the scans, then once it has removed and cleaned everything I then install AD-Aware SE one the machine and have it do a complete scan again as this will find all the registry hijacks.
If the machine is running XP installing SP2 is a must and going thru the "Manage Add-ons" in IE helps a lot. I try to get most of them to run Firefox but most have kids and they just don't seem to listen.
|
Top
|
|
|
|
#250321 - 24/02/2005 20:27
Re: Help! Spyware/Popup problems
[Re: Attack]
|
carpal tunnel
Registered: 08/03/2000
Posts: 12338
Loc: Sterling, VA
|
Beat you to it I'd agree with everything you've been doing except McAfee. I have no good will towards that program. I've never seen anything good about it. Plus, if you have AVG I don't see why you need McAfee. Similar to your methods: I've built computers for several people, and aside from Windows+updates and whatever software (Office, etc) that they want, I simply install Ad-Aware, AVG, and the Google Toolbar (with a hearty recomendation for Firefox). So far I have heard of zero problems from any of the people I've built systems for, and after as much as one to two years.
_________________________
Matt
|
Top
|
|
|
|
#250322 - 25/02/2005 00:44
Re: Help! Spyware/Popup problems
[Re: Dignan]
|
addict
Registered: 04/09/2004
Posts: 525
Loc: Oklahoma
|
Quote: I'd agree with everything you've been doing except McAfee. I have no good will towards that program. I've never seen anything good about it. Plus, if you have AVG I don't see why you need McAfee.
I'll second (and third, and foutrh) That! I had been using the same Mcafee, and during my 'pain and suffering' last week, I had ran and re-ran full scans. Mcfee said everything was cool... I then ran AVG and it found 4 trojans and 7 virus'! I was ticked... I will say that the beta spyware tool from MS seems to work well... It found 3 cases of spyware that AdAware did not. Choose your own tools, but I won't choose Mcfee anymore...
_________________________
The only easy day...was yesterday!
|
Top
|
|
|
|
#250323 - 25/02/2005 03:01
Re: Help! Spyware/Popup problems
[Re: Dignan]
|
addict
Registered: 01/03/2002
Posts: 599
Loc: Florida
|
I use both McAfee and AVG because both will find things that the other missed when scanning someone elses PC. I'm currently testing Mcafee 8 and Nod32. Nod32 is 10 times faster at doing a full system scan. Oh and any version after McAfee 8 is total CRAP.
|
Top
|
|
|
|
#250324 - 05/04/2005 20:25
Re: Help! Spyware/Popup problems
[Re: Attack]
|
old hand
Registered: 14/01/2002
Posts: 931
Loc: Minnetonka, MN
|
Ok...I am now having a spyware problem that I cannot get rid of. When I search for something with Google, it will redirect me to www2.popupsearches . I have tried getting rid of it with Spybot, Ad Aware, and the Microsoft one, but it is still there.It is frustrating....has anyone else had any success getting rid of it?
|
Top
|
|
|
|
#250325 - 05/04/2005 21:01
Re: Help! Spyware/Popup problems
[Re: burdell1]
|
carpal tunnel
Registered: 25/12/2000
Posts: 16706
Loc: Raleigh, NC US
|
Try seeing if you can identify it with Hijack This!.
_________________________
Bitt Faulk
|
Top
|
|
|
|
#250326 - 05/04/2005 21:16
Re: Help! Spyware/Popup problems
[Re: wfaulk]
|
addict
Registered: 01/03/2002
Posts: 599
Loc: Florida
|
If HiJack This doesn't help Download Agent Ransack from http://www.mythicsoft.com/agentransack/ and do a search for files containing text popupsearches once you find the file on your hard drive you can then search the registry and have point it back to the correct host file.
|
Top
|
|
|
|
#250327 - 05/04/2005 21:21
Re: Help! Spyware/Popup problems
[Re: Attack]
|
old hand
Registered: 14/01/2002
Posts: 931
Loc: Minnetonka, MN
|
There was another one that somebody from this site recommended a long time ago, but I can't remember what it was. It was one that scanned my computer from the website, you don't actually download the software. Anyone know which one this is?
|
Top
|
|
|
|
#250328 - 06/04/2005 13:39
Re: Help! Spyware/Popup problems
[Re: burdell1]
|
addict
Registered: 18/02/2002
Posts: 658
|
housecall.trendmicro.com
|
Top
|
|
|
|
#250329 - 06/04/2005 15:58
Re: Help! Spyware/Popup problems
[Re: TigerJimmy]
|
enthusiast
Registered: 20/11/2000
Posts: 279
Loc: Pacific Northwest
|
There was a great link on /. in case you missed it which cited a great plan to rid/stay clean from spyware for Windows users. I've followed a very similar methodology with great success so far. The one other tool I would suggest is WinPatrol 9.0. Which is a watchdog over critical system areas alerting you and giving you the option to allow/deny (ala Zone Alarm) access to those items. Good stuff. Enjoy. Updated often, Immunize. T
|
Top
|
|
|
|
#250330 - 06/04/2005 16:00
Re: Help! Spyware/Popup problems
[Re: burdell1]
|
addict
Registered: 01/03/2002
Posts: 599
Loc: Florida
|
Hmm, I just found this on /. "As of April 4, 2005 the SANS Internet Storm Center has raised their alert level to Yellow following a rash of active DNS poisonings. The infected DNS servers are re-directing users from popular sites such as Google or American Express to malware infecting advertising sites. According to the ISC presentation on the attack, it is believed to be linked to known spammers and malware distributors. The full presentation of information up until this point can be found here." http://it.slashdot.org/article.pl?sid=05/04/06/170233&tid=95&tid=172&tid=218Maybe this is your issue. I would recommend running Bind-PE (just noticed it's been renamed to TreeWalk DNS) on your local PC. I've been running it on my box for the past year and it works great. Just remember to update your root zone file about once a month.
|
Top
|
|
|
|
#250332 - 06/04/2005 19:19
Re: Help! Spyware/Popup problems
[Re: Dignan]
|
carpal tunnel
Registered: 29/08/2000
Posts: 14493
Loc: Canada
|
Wow.. a whole universe out there that I never get to experience. Oh well.
|
Top
|
|
|
|
#250333 - 06/04/2005 19:37
Re: Help! Spyware/Popup problems
[Re: mlord]
|
carpal tunnel
Registered: 08/03/2000
Posts: 12338
Loc: Sterling, VA
|
Don't you wish you could be in the club?? I wish I had the patience for Linux, I really do. But I don't feel like trying out all those different types of programs again to see which ones I like, and I don't want to dual-boot. And the thought of trying out several different OSs to begin with does not get me excited.
_________________________
Matt
|
Top
|
|
|
|
|
|