Help Please Boffins!!!

I have an annoying little pest in my computer that opens a pop up window when i open and close internet explorer, also some times changes home page to a gambling site.

I've run something called Ad Aware and it find all sorts of scary things but the pop up keeps coming .

got any ideas, last time i had something like this it was an active x thing!!

Is there any decent FREE software for sorting this , 'cos i'm tight that 's why i built a 'LOCOST'


Thanks

ive got the google toolbar, i havent seen a pop up in ages. If you need pop ups on a certain page u can disable it for that page by a click of the button. It also has the advantage if being able to search things quickly. Go to google, and tools at the bottom.

There are a number of resident 'Spy-style' programs that attempt to pop-up windows like that. You may have inadvertently installed it when you installed a program like Kazaa or AudioGalaxy.

All hope is not lost however. Install and run a program named 'SpyBot Search and Destroy'. It is amazing. On top of finding all of those nasty programs that cause pop-ups, spy on you, log your keystrokes, it has a feature called 'Immunize' which will aslo block all sorts of 'tracking cookies'.

Almost 14 million downloads from Downloads.com - DOIT!!!

http://download.com.com/3000-8022-10194058.html?tag=lst-0-4

I find that the use of AdAware, SpybotS&D and Evidence Eliminator together keep my system running well. The Google toolbar is an amazing Must-Have tool that blocks pop-ups as well as any other I have tried and is free to boot.

Don't forget Antivirus - AVG Antivirus is world-class and it's free too!

Graber

Another product that I recommend highly is Pest Patrol, which detects, cleans, and prevents worms and hijacking trojans, along with the spyware and adware. Well worth $40, IMO. They have a free online scan that identifies problems but does not fix them, which would be interesting to run after cleaning your computer with the free programs:

http://www.pestpatrol.com/

I also use Spybot, AdAware, and (free) Trend Micro virus scanner:

http://www.antivirus.com

Norton is overrated, IMO. I've seen some machines that were clogged with adware and hijacker junk, all the while running Norton.

Pete

i wouldn't expect norton to keep spyware out, it's a virus scanner, not an antispyware app.

secondly, in my opionion AVG anti-virus isn't all that good, friends have got viruses while using it that it just hasn't picked up.

to some level, a software firewall may help, that way you can see and stop any traffic going to any dodgy apps/viruses....

but as i'm sure chrisW will appear and mention, most software firewalls make a fuss about a lot of unimportant stuff so you feel like they're doing a job

quote:

---

Originally posted by Staple balls
but as i'm sure chrisW will appear and mention, most software firewalls make a fuss about a lot of unimportant stuff so you feel like they're doing a job

---

i'm simplifying quite a lot.

as for the *nix firewall box, i think in 90% of locosters cases, that'd be a leedle overkill, myself, i just don't get on with *nix, i have basic understanding, but not a fan

but something like sygate personal firewall is free, and i've found it to be very good for a free software firewall (this box is sitting out in the DMZ for ease of stuff)

You could try a different browser, as non-MicroSnot ones usually allow you to control pop-ups.

For a start, you could try Opera or Mozilla - both are free (the free Opera has ads in a little window in the top banner, but you can ignore them). Both work in a similar way to IE, but are often faster in operation.

I use Mozilla exclusively now, mostly because I use Win 2000 at work and Linux at home, and Mozilla works identically on both. I only use IE to access sites where the authors are too lazy to write for all browsers (not that many cases).


rgds,

David

quote:

---

Originally posted by Staple balls
secondly, in my opionion AVG anti-virus isn't all that good, friends have got viruses while using it that it just hasn't picked up.

---

What OS are you using and have you got all your updates installed? There is a program called Shoot the Messenger that closes a port left open by MSN for their own purposes which is used to open popups. Google it, it might help. I use AVG and it picked up 3 infections last week. If you update it regularly it is good. I have received several updates in one day sometimes.

don't install sh!te on your puter

believe it or not, it tends to work quite well, adaware only tends to pick up cookies.

quote:

---

Originally posted by Staple balls
i wouldn't expect norton to keep spyware out, it's a virus scanner, not an antispyware app.

---

I run McAfee Internet Security and it blocks all my pop ups (sometimes too well) it allows you to block indirect cookies, it kills web bugs yadd yadder. All the stuff others claim to do but dont. I havent had any trouble at all. It always picks up viruses, trojans and worms no problem. And will usually delete them. If it wont it will help you delete them manually.

On top of that it automatically clears all the temporary internet files from non bookmarked internet sites when i close IE. And it has a handy file shredder to securly delete personal files.

It'll cost you £50 ish and something like £10 a year to get unlimited updates. IN all i think its well worth investing in.

As for the problem Surrey Dave has, i had that for a while, it was a trojan from the exploitbyte-verify family. There are loads of them. But your virus scanner should pick it up. McAfee did, but you will have to manually reset you homepage, and may need some manual removal. See;

http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100261

Im not saying that is the problem, but thats what it was when my computer did that.

Cheers
David

The pic below is the 2 views of my Browser Buddie which is part of McAfee Net Security, allows you to quickly allow or disallow popups and cookes....
Rescued attachment browser bud.jpg

cheers pete, i ran that check and apparently i have more open backdoors then a gay bar on friday night (their words not mine).

anyone know about a good personal fire wall? i though i had my windows one sorted but musta got confused...

McAfee is a great firewall....its part of the Internet Security package. It sits there and only makes a fuss when it need to. it automatically blocks certain communications, and lets you add programs to a safe list. It also logs firewall violations.

I am on a network of approaching 6000 computers and have a permanent internet connection at about 2mb/sec and have had so few attempted hacks, all of which have failed. Which is reassuring

If you really care loads the best thing is a hardware firewall, so much better than a software one.

I have heard little positive about Norton (Symantec is the same complany) infact i tried it and it was totally shyte, not a patch on McAfee. IMHO.

BTW the windows firewall is crap....

Cheers
David

i swear by sygate personal fire www.sygate.com

Have Run AdAware, Search and Destroy, deleted cookies, blocked cookie from the site i suspect (www.undergroundlair.net) something to do with Underground Games.

The window still opens after closing I.E. , is it a Trojan ? , whats good for finding these?
I'm getting Obsessed now!!!

Boffins Alert..................

when you open IE?

and have you tried a virus scan?

[Edited on 18/3/04 by Staple balls]

I tried the anti spyware thing suggested in the first post. It found soem cookies and stuff.

However, it didnt fix a problem I have on a pc at work.

About once a day, the homepage gets changed to some bloody search engine called ccsearch or summat.

Anyone got a clue how I stop whatever it is from changing my IE homepage to this sodding thing?

atb

steve

That is a malware symptom. The item puts an entry into your registry to trigger the page change. You can run a registy check if you change the settings in adaware to do so. It does a registry scan and a deep scan, but watch what you delete as you can cause problems. I use Spybot as well, another good free program which doesn't concentrate so much on cookies.

quote:

---

Originally posted by flak monkey
And it has a handy file shredder to securly delete personal files.

---

quote:

---

Originally posted by Peteff
That is a malware symptom. The item puts an entry into your registry to trigger the page change. You can run a registy check if you change the settings in adaware to do so. It does a registry scan and a deep scan, but watch what you delete as you can cause problems. I use Spybot as well, another good free program which doesn't concentrate so much on cookies.

---

My homepage is: freeserve.

And no I haven't tried an antivirus yet.

But I can delete files in Adaware or Spybot and the ad window still opens when I close I.E.

Could it be I need one of these programs that changes my id numbers to stop the ad site locking on to me?

Failing that a ****ing great mallet would do the trick.

The Internet is fantastic , but like most things we have twats outs there!!!!!!

as an auto install or overwriter don't these STUPID people realise that you actually use the hijacking pop-up LESS. Then you try your damnedest to be rid of it - vowing nver again to darken your door (even your back one!)

I am considering re-formatting my drive simly to be rid of all the SH*TE!

A nice little utility for killing off the type of hijackers reported by Steve G. and Surrey Dave is HijackThis, a free program available here:

http://www.spywareinfo.com/~merijn/downloads.html

Warning: This program lists ALL your start-up process, good and bad, so if in doubt as to what to delete, DON'T.

The malware usually appears as a BHO (browser helper object). Sometimes the BHO will be reinstalled at each system startup with a 'Run' command. These programs can be hard to spot, with names resembling Windows utilities.

If you guys would like, you can save the log and paste it here. Surely someone will be able to help.

Pete

trend antivirus found this little pest in the windows system folder.

had to start in 'safe' mode ,rename and delete.

this is a trojan bookmark that adds to your favourites and changes your homepage.

could be some of my prob...........

quote:

---

Originally posted by JoelP
i ran that check and apparently i have more open backdoors then a gay bar on friday night (their words not mine).

---

Still not cured

The url displayed in popup is: www.atoque.com/


This popup opens about 3 seconds after you close I.E.

Any more ideas welcome...........

http://miataru.computing.net/security/wwwboard/forum/9909.html

Read the last post in the thread. It explains in detail what is happening and how to remove it from your system. It's a real DOOZY of a problem!

Graber

Edit - sorry - NOT last post in thread.. But you'll find it just after the long paragraph written in CAPS...

[Edited on 3/19/04 by sgraber]

Thanks ,
I just found that too but i'm not clear how to do it yet , I'm tired , ( 2.00am in UK)I'll do it tomorrow..................

Thanks All............

What the frick is a 'DOOZY'................

quote:

---

Originally posted by Surrey Dave
What the frick is a 'DOOZY'................

---

something new everyday...

This was the definition I knew of...

doozy

doo·zy [ dzee ] (plural doo·zies)

noun

something wonderful: a remarkable or excellent thing ( slang )


[Early 20th century. Origin uncertain: perhaps an alteration of daisy (perhaps blended with Duesenberg (a type of luxury car).]


not quite the same definition is it?....

(referring to solution posted by Steve Graber)

You must kill a running process so that HijackThis can remove the related file and registry entry. If you are running Windows 98 or Me (and maybe others), Task Manager won't show all the processes that are running on your computer.

Here's another favorite FREE utility, PrcView, that shows all running processes (along with a bunch of other crap I don't understand but Staple Balls would). With this, you can kill a process so that HijackThis can remove it.

http://www.teamcti.com/pview/prcview.htm


Some may be reading this thread casually, thinking it doesn't apply to them, but the average user has acquired a ton of sludge on their computer.

I bought a year-old computer on eBay that was just clogged with crap. So bad, in fact, that the old owner hadn't used it in six months. But after applying these fixes, it runs like a top now.

Pete

P.S. Doozy=Corker

[Edited on 19/3/04 by pbura]

There is plan B, if you're feeling adventurous... run Linux! (ducks behind parapet!)

I use it for almost all my home PC work, and if the Quicken accounting package came on Linux I would be 100% off Windows - that program is the only reason I have dual-boot on my machine. (Don't mention WINE - I've never got it working well enough to give up Windows)

I have set up my Windows with no access to the modem (it doesn't know the machine has one), it has a firewall that blocks every attempt to make a network connection, and so on... only Linux can see the real world.

The down-side is that even the easiest Linux distribution (Mandrake) requires a reasonable amount of technical knowledge, whereas Windows will run after a fashion, even if it's not set up right.

cheers,

David

Not just me then...thats a relief.

I keep getting a pop up banner saying come and have a look at my webcam......description with it is kinda indicating a porn site but then i have been hit with so many virus things too paranoid to go and look.

quote:

---

Originally posted by David Jenkins
The down-side is that even the easiest Linux distribution (Mandrake) requires a reasonable amount of technical knowledge, whereas Windows will run after a fashion, even if it's not set up right.

---

Thanks Pbura, I was wondering how to stop processes in Win98 as the tab they refer to in the fix is not there.

This forum got some knowledgable bods on it !!!!!

98 could be interesting, very different to me/2k/xp.

had a looksee, and i think (not used 98 for a long time)

you wanna hit ctrl + alt + delete which should bring up a window like




which may have the process you're looking for in it.

when i do cnt alt del it says i have around 30 processes running, several of them called svchost.exe, which sounds a bit ominous....

off to google methinks.

apparently harmless...

[Edited on 19/3/04 by JoelP]

svchost.exe is harmless, part of windows, controls stuff

scvhost.exe and explore.exe (NOT explorer.exe) however are parts of viruses

Yehbut this Window doesn't give the option to kill a process , so i'll have to download the suggested utility later , when i'm at home.................

if you're pretty competent (and the machine's fast enough), i can sort you out with a copy of windows 2000 which'll fix a few problems, and be a bit shinier around the edges

Can I upgrade ( install over the top) my Win 98 to 2000?

And will it run with all my 98 applications?

Is it based on NT so do i need to reformat the HD to install?

I'd love a job in I.T. I'm ONLY 49 and willing to learn!!!!

Desperate of Surrey!

Highlight the process in the window and click on end task to kill it (stop it running) in Windows 98. That's all it means. If you put 2000 on it gives you the choice of updating or dual booting with 98.

[Edited on 19/3/04 by Peteff]

quote:

---

Originally posted by Surrey Dave
Can I upgrade ( install over the top) my Win 98 to 2000?

Yep

And will it run with all my 98 applications?

should do, drivers etc will need updating to better versions though

Is it based on NT so do i need to reformat the HD to install?

Sort of, it uses a different (NTFS) filesystem which is more stable and less likey to lose data, but it'll convert it during the install

I'd love a job in I.T. I'm ONLY 49 and willing to learn!!!!

I would too, only 18 and don't care
enough to learn

---

Are ther any REAL advantages , I 've found Win98Se generally reliable/stable I dont do upgrading for the sake of it I'm too cynical for that , it seems that with every incarnation of Windows you actually NEED a faster computer just to run all the extra bells and whistles they put on it.

Or if you keep the same old (750 Athlon) everything just takes longer...........

[Edited on 19/3/04 by Surrey Dave]

Some "system" tasks don't show in Windows 98, hence the prob.

I really like Win 98SE, is very compact and controllable compared to some later versions. It runs well on my older machine.

it depends what you're after really, this thing is always on (and downloading crap) and had no problems whatsoever. also win2000 is still supported by microsoft, so updates are still very much available.

i'd say it'd probably run ok on your machine, i have a 2k box with a 1ghz duron and 256meg ram in the other room

It'll run fine with win2k.

Machine at home is a P2 266 running win2k advanced server!! little bit on slow side but its not too bad, memory is more important, half gig ram (512Mb) is essential for w2k, the more the better though.

quote:

---

Originally posted by GO
half gig ram (512Mb) is essential for w2k, the more the better though.

---

when I say essential, what I mean is, if its your only machine and you want to use the machine directly for everyday stuff, browsing, spreadsheets etc, as I imagine is probably Surrey's situation, you wouldnt wanna be using it with much less than 512.

for running as a games server cpu speed is more critical.

Due to demand, windows 98se support has been extended by microsoft till 2006 and has not been stopped as was previously planned in January of this year. We are still downloading updates for it from MSN on my wifes computer. I have 2000pro on a PII 333 with 192 meg and it runs well, no crashes yet and fast enough for web use.

GO, i'd still say 512 was overstating things a little. 256 is the ideal minimum, 128 the real minimum.

given that the other machine i mention is used to do a lot of normal home use as well.

i also have a 3rd box, being a 233 cyrix with 32 meg of ram on windows Me, that does bloody big spreadsheets (a business working at ~£250k turnover)

peteff, didn't realise about 98Se, what's the story on plain 98?

only my experience, with 256 it was pretty horendous, 512 made a huge difference, but I am running w2kAS so its going to be most intensive on resources than standard. However, I have disabled most of the extra services so I wouldn't expect AS to make that much difference.

but equally, I'm not a network admin so its probably a long way from the most efficient setup.

true on both points, i'm really giving the minimum needed for basic use.

i find 1.5gig to be a little limiting for what i do, but then it i do quite a bit of video/photoshop work

Meanwhile back at my I.E./atoque.com popup problem, I do not appear to be finding the .exe files they talk about in the system32 folder.............

I think I found it in the System folder not system32.

64k exe file by TMAX.

deleted it and the registry key for it , so far so good.

i'm scared to close I.E now, in case it's lurking..........

first thing worth doing will be searching for a file called HOSTS on your computer

what you wanna do is edit the hosts file to contain the url for the the site the popup is loading (follow the same style as the other entries) and enter an ip address of 127.0.0.1 so it appears as


127.0.0.1 evilpopupsite.com

this won't fix the popup, but it wll stop the page loading.

Windows 98 and Windows 98 Second Edition support was scheduled to end on January 16, 2004. However, continual evaluation of the Support Lifecycle policy revealed that customers in the smaller and the emerging markets needed additional time to upgrade their product. Therefore, Windows 98, Windows 98 Second Edition, and Windows Me will continue to be supported after January 16, 2004.
http://support.microsoft.com/default.aspx?scid=fh;[LN];LifeAn1 tells more about it

ahhh

shame about M.E though, should never have been made or released