Intermittent pop-ups

[Erik]

Need some help here. Defender says there's "no unwanted or harmful software
detected." I've run a full scan with the latest definitions. I also ran a
full scan of the Malicious Software Removal Tool--and it came back with a
clean report. But I keep getting intermittent Explore pop-ups telling me,
among other things, I should click to install spyware protection. It started
happening Friday. I run a brand-name anti-virus solution that is always on
and up to date.

I also ran a scan from another band-name spyware removal solution and it
identified a "trojan" and a few other things. They want $40 to cure my
computer. I don't know if this would be money well spent or if it's even
safe to give out my credit card number online now since my PC appears
compromised.

Any thoughts?

 

[Alan D]

You'll get more expert advice here from others here, but while you're
waiting for that, DON'T be lured into paying money! There are several very
effective free scanners that may well solve your problem (they all have
different strengths and weaknesses, so one may succeed where another fails).
In the first instance, try SUPERantispyware, which you can download here:
http://www.superantispyware.com/
Many of us use this free scanner, and have seen it remove malware very
effectively when others (eg Defender) have failed. They also have a forum
here:
http://forums.superantispyware.com/
and they will help you if the program doesn't remove the malware.

There are lots of other things to try, but this at least gets you started in
a reasonably simple way.

Good luck,
Alan D

 

[Bill Sanderson]

I agree that you have cause for suspicion. I also agree that you shouldn't
spend any money on fixing this yet, at least.

You should know that Microsoft has free help for virus infection, spyware,
or problems related to security patches. In the U.S. and Canada, you can
dial 1-866-pcsafety (yeah, that's too many digits!) Elsewhere, the call may
not be toll-free, but the help will be--dial the nearest Microsoft
subsidiary and ask for the free help as outlined above.

I suspect Microsoft would probably ask that you do a scan with their
antivirus definitions, which you can do at http://safety.live.com So--that
may be a good thing to do. I also agree that Alan D has recommended a
reputable product which is well worth trying.

 

[Engel]

Hello Erik,

That is an scam

Read ahead, and apply, you don't going feel sorry


It seems possible that your Windows installation has been deliberately
damaged by a trojan (Vundo, along any uninvited guests. (SDBot and ZLOB, all
protected by a rootkit.)) so as to prevent you updating your system or
removing the trojan.

An other very good antimalware app is Malwarebytes Antimalware

There is a free version (on demand scanning only), the paid for version
includes active monitoring, similar to Windows defender:

Malwarebytes Antimalware
<http://www.malwarebytes.org/mbam.php>
Malwarebytes Anti-Malware Instructions
<http://securitynewsfromthenet.blogspot.com/2008/03/malwarebytes-anti-malware-105.html>

Together with SUPERAntiSpyware, are free malaware scanning application's


Have a look at this articles. It may be relevant to your problem.

<http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction>
-=-

<http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Overview>
-=-

This will give you a starting point for your troubleshooting anyway.


Also I would suggest running a HijackThis to to ensure that Vundo did not
bring along any uninvited guests. (SDBot and ZLOB, all protected by a
rootkit.)

Please read this guide before actually doing the procedure

And it has all of the links for downloads you need.

Preparation Guide for use before posting a HijackThis Log
<http://www.bleepingcomputer.com/forums/topic34773.html>


Let us know how it works ºut.

Good luck


Ǝиçεl
-=-

 

[Erik]

Hi Alan--

I took your advice. Superantispyware appears to have done the trick. It
found the following--

Adware.Vundo/variant
Adware.webHancer
RootKit.TnCore/Trace
Rootkit.TNCore-Variant/A
Trojan.Fake-Alert
Trojan.Fake-Alert/Trace
Trojan.Unclassified/Packed-Win

Apparently my PC was a real honey pot for this stuff. It removed them all
(and hopefully they won't be coming back). I donated $20 to SuperAntiSypware
(1/2 of what I was going to pay for the Computer Associates solution)--seems
only fair.

Thanks for everyone's interest and help. Hopefully I won't be back with
more questions anytime soon...
;0)

--Erik

 

[Alan D]

I'm glad to hear that it helped, Erik, but if I were you I'd continue to
check things out very carefully using the advice from Bill and Engel. Once
your system has been compromised like that, you really can't be too careful.

 

[Engel]

Hi Alan D,

Talking about "system has been compromised"

Good reading here,

Cleaning a Compromised System
<http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx>

I hope the OP have the time to see this post.



ÆŽ
-=-

 

[Bill Sanderson]

I just noticed that Microsoft has a link at
www.microsoft.com/technet/security to "Malware Removal Starter kit" (in
Featured Content) which leads to:

http://www.microsoft.com/security/malwareremove/default.mspx

I don't like the look of this page--it appears as though you've simply hit
the home page for the Malicious Software Removal tool, but if you scroll
down, you can see a sequence of recommendations: Run the MSRT, Run an
online scan at safety.live.com, read the articles about getting secure, and,
if necessary, call the free help lines.

I've just run through the first two parts of this sequence on my own
machine, and, indeed, it did take hours--but I got a clean bill of health in
the end, and my registry smells clean and fresh....

So I think this link is what I'm going to recommend to folks with an
infection at this point--and see how it goes.
--

 

[Engel]

Thank you Bill,

I see it, is practical to have the main tools and instructions in the same
page.

With that, and the 3rd party extras programs the responsible user can feel
in peace
-=-

 

[Alan D]

Thanks Engel. That makes scary but necessary reading, doesn't it? As you
say, I hope the OP comes back and reads it.

Cheers,
Alan D

 

[John]

You'll get more expert advice here from others here, but while you're
waiting for that, DON'T be lured into paying money! There are several very
effective free scanners that may well solve your problem (they all have
different strengths and weaknesses, so one may succeed where another fails).
In the first instance, try SUPERantispyware, which you can download here:
http://www.superantispyware.com/
Many of us use this free scanner, and have seen it remove malware very
effectively when others (eg Defender) have failed. They also have a forum
here:
http://forums.superantispyware.com/
and they will help you if the program doesn't remove the malware.

There are lots of other things to try, but this at least gets you started in
a reasonably simple way.

Good luck,
Alan D

 

[John]

Alan,
I tried clicking on the link but it says Internet Explorer cannot display
the webpage, my internet has no problem. But it doesn't let me go to the
page. Should I try downloading it from this site
http://www.download.com/SUPERAntiSpyware-Free-Edition/3000-8022_4-10523889.html
-John