OT : Pop Ups, but IE not launched by user ... repost

[Tx2]

[1st post not showing, repost]

I am trying to deal with an infected machine where, just sitting idle,
an IE pop-up window will suddenly appear!

IE isn't launched by the user, which IME, is the more common issue of
pop-up's, these damn things just - well - appear!

I have run Ad-Aware, Spybot S&D, Spywareblaster, CWS Shredder, Hijack
This, and amended all suspect looking .exe entries in the "RUN" part of
the registry to read as .old extensions ..... but it is still
occurring!!

I have also installed NOD32 on the machine, done a full scan of all
extensions, and removed a few trojans that it uncovered.

I also installed Zone Alarm in an effort to try and catch whatever it
was that was communicating with the outside world, but nothing!

Short of formatting the hard drive, and re-installing Windows 98, i am a
loss where else i might look on this machine.

Any clues would be appreciated ... i'm not worried about editing the
registry et al

Help!

 

[GSV Three Minds in a Can]

[1st post not showing, repost]

Change to a decent ISP, or use groups.google.com, since it shows here,
and it has already been answered.

 

[Tx2]

[1st post not showing, repost]

Change to a decent ISP, or use groups.google.com, since it shows here,
and it has already been answered.

I'm not using my ISP's server, a quick check of the headers would have
shown that - i use x-archive to not archive my posts, and besides, it
was only posted today, hardly time to show up - and my news client isn't
showing the post or subsequent thread.

Thanks for being so very, erm, helpful? I'll reset the group to see if i
can find the post.

 

[Tx2]

[1st post not showing, repost]

Change to a decent ISP, or use groups.google.com, since it shows here,
and it has already been answered.

I'm not using my ISP's server, a quick check of the headers would have
shown that - i use x-archive to not archive my posts, and besides, it
was only posted today, hardly time to show up - and my news client isn't
showing the post or subsequent thread.

Thanks for being so very, erm, helpful? I'll reset the group to see if i
can find the post.

OK, i see the answers in Google groups, but not my original post, so i
can only answer here ..... sorry

A firewall was/is in use, the connection is behind a router that
utilises such, in addition to the software firewall i put in place.

Service Pack 2 for XP won't run on Windows 98 .... [sic]

It's not the Messenger service, these are IE windows that are appearing
- as in browser windows - and not the 'grey' pop ups associated with
XP's Messenger service

Art : Many thanks for the feedback ... will be utilising your site in
the next day or so.

 

[Conor]

Service Pack 2 for XP won't run on Windows 98 .... [sic]

It's not the Messenger service, these are IE windows that are appearing
- as in browser windows - and not the 'grey' pop ups associated with
XP's Messenger service

Windows 98 also has a messenger type service too.

 

[GSV Three Minds in a Can]

Bitstring <[email protected]>, from the
wonderful person Tx2 <[email protected]> said
[1st post not showing, repost]

Change to a decent ISP, or use groups.google.com, since it shows here,
and it has already been answered.

I'm not using my ISP's server, a quick check of the headers would have
shown that - i use x-archive to not archive my posts, and besides, it
was only posted today, hardly time to show up - and my news client isn't
showing the post or subsequent thread.

Thanks for being so very, erm, helpful? I'll reset the group to see if i
can find the post.

OK, i see the answers in Google groups, but not my original post,

That's because you X-No-Archived it, which is pretty damn antisocial
since it makes it much harder for anyone else to benefit .. it also
doesn't work worth a damn, since your post if referenced in the replies,
and sicne the archives you =ought= be worried about (like the NSA one,
and the FBI one, and ..) don't honour XNA headers anyway.

so i
can only answer here ..... sorry

A firewall was/is in use, the connection is behind a router that
utilises such, in addition to the software firewall i put in place.

Service Pack 2 for XP won't run on Windows 98 .... [sic]

It's not the Messenger service, these are IE windows that are appearing
- as in browser windows - and not the 'grey' pop ups associated with
XP's Messenger service

Then something on your machine is launching IE, since I don't know any
way to launch it from outside. However I can't remember what 'messenger'
style pop-ups under Win98 looked like either.

What version of Internet explorer are you using? Have you tried
switching to some other (more secure) web browser?? Have you tried
something like Popupstopper?

Another thought - have you gone to one of the 'port scanning' sites (the
Trend AV site will likely do) and have your machine scanned from outside
to see what folks on the WWW can see by way of open ports?

 

[rjdriver]

[1st post not showing, repost]

Change to a decent ISP, or use groups.google.com, since it shows here,
and it has already been answered.

I'm not using my ISP's server, a quick check of the headers would have
shown that - i use x-archive to not archive my posts, and besides, it
was only posted today, hardly time to show up - and my news client isn't
showing the post or subsequent thread.

Thanks for being so very, erm, helpful? I'll reset the group to see if i
can find the post.

This sounds similar to a problem my sister had recently, or at least the
last stage of it.
Try Trojan Hunter first. 30 day free trial download is here:
http://www.trojanhunter.com/trojanhunter/trojan-hunter.jsp

Then get Vx2 Finder for Win 98 here: http://www.subratam.org/?page=removal
Good luck. This was a very persistent problem that kept regenerating
itself.


Bob

 

[Tx2]

That's because you X-No-Archived it, which is pretty damn antisocial
since it makes it much harder for anyone else to benefit ..

Yes, i realise my post won't show because of the X-Archive, but, point
taken about antisocial ... i'll remove such for future posts.

Then something on your machine is launching IE, since I don't know any
way to launch it from outside. However I can't remember what 'messenger'
style pop-ups under Win98 looked like either.

Yes, it is definitely launching IE, but i am 99% sure it is not a
messenger type issue as this is a fully blown browser window with
toolbars, menu's etc.

I've seen the XP Messenger Service pop-ups, and this is nothing like
them.

What version of Internet explorer are you using? Have you tried
switching to some other (more secure) web browser?? Have you tried
something like Popupstopper?

Version 6 - alternate browser is installed, but IE still keeps popping
up - not tried a pop-up blocker, good point.

Another thought - have you gone to one of the 'port scanning' sites (the
Trend AV site will likely do) and have your machine scanned from outside
to see what folks on the WWW can see by way of open ports?

No, i've not used Housecall by Trend, that'll be something to consider
when i am back with the machine.

 

[Tx2]

Service Pack 2 for XP won't run on Windows 98 .... [sic]

It's not the Messenger service, these are IE windows that are appearing
- as in browser windows - and not the 'grey' pop ups associated with
XP's Messenger service

Windows 98 also has a messenger type service too.

See my other post re: browser window. You were quite clearly referring
to XP, which is what i based my reply to you on.

 

[Tx2]

This sounds similar to a problem my sister had recently, or at least the
last stage of it.
Try Trojan Hunter first. 30 day free trial download is here:
http://www.trojanhunter.com/trojanhunter/trojan-hunter.jsp

Then get Vx2 Finder for Win 98 here: http://www.subratam.org/?page=removal
Good luck. This was a very persistent problem that kept regenerating
itself.

Thanks .... some more useful tools to try .... i don't want this one to
beat me!

 

[GSV Three Minds in a Can]

Bitstring <[email protected]>, from the

No, i've not used Housecall by Trend, that'll be something to consider
when i am back with the machine.

No, not housecall, but rather their post scanning service.. or you can
try the one at www.grc.com ('shields up'). Either there is something bad
ON your PC, or else something bad is ACCESSING your PC.

 

[GSV Three Minds in a Can]

Bitstring <[email protected]>, from the


No, not housecall, but rather their post scanning service.. or you can
try

Arrgh! .. PORT scanning service, not 'post scanning'.

 

[Tx2]

[...]

Either there is something bad ON your PC,
or else something bad is ACCESSING your PC

[saw your follow up re: Trend *port* scanning]

I'd be surprised at the latter, although happy to not rule it out
altogether, as the machine is/was behind both a router firewall, and a
software one, namely Zone Alarm. No intrusions showed up that i saw.

 

[Colon Terminus]

[1st post not showing, repost]

I am trying to deal with an infected machine where, just sitting idle,
an IE pop-up window will suddenly appear!

IE isn't launched by the user, which IME, is the more common issue of
pop-up's, these damn things just - well - appear!

I have run Ad-Aware, Spybot S&D, Spywareblaster, CWS Shredder, Hijack
This, and amended all suspect looking .exe entries in the "RUN" part of
the registry to read as .old extensions ..... but it is still
occurring!!

I have also installed NOD32 on the machine, done a full scan of all
extensions, and removed a few trojans that it uncovered.

I also installed Zone Alarm in an effort to try and catch whatever it
was that was communicating with the outside world, but nothing!

Short of formatting the hard drive, and re-installing Windows 98, i am a
loss where else i might look on this machine.

Any clues would be appreciated ... i'm not worried about editing the
registry et al

Help!

What happens when you rename Iexplore.exe?
What behaviour do you see then?

Maybe by renaming Iexplore you can cause this bug to fault and identify
itself.

 

[Tx2]

What happens when you rename Iexplore.exe?
What behaviour do you see then?

Maybe by renaming Iexplore you can cause this bug to fault and identify
itself

Good idea, i'll try it and see.

 

[Gabriele Neukam]

On that special day, Conor, ([email protected]) said...

Service Pack 2 for XP won't run on Windows 98 .... [sic]

It's not the Messenger service, these are IE windows that are appearing
- as in browser windows - and not the 'grey' pop ups associated with
XP's Messenger service

Windows 98 also has a messenger type service too.

I don't think that WinPopup can be run from "outside", if it isn't
active, and Win9x doesn't run WinPopup by default. More often than not,
it isn't even installed.


Gabriele Neukam

(e-mail address removed)