Ads problem

[Guest]

Something seems to have installed on my computer and now I keep getting ads
popping up (even when not viewing webpages). I have high speed internet so
am always connected; but I can't figure out how to stop all these windows
from coming up and messing up what I'm doing...aside from the annoyance
factor!!! Can someone suggest something?

 

[Unk]

Something seems to have installed on my computer and now I keep getting ads
popping up (even when not viewing webpages). I have high speed internet so
am always connected; but I can't figure out how to stop all these windows
from coming up and messing up what I'm doing...aside from the annoyance
factor!!! Can someone suggest something?

Download and install the below:
Ad-Aware
http://www.lavasoftusa.com/

Spybot - Search & Destroy by Patrick Kolla
http://security.kolla.de/

NOTE: After you install the above, click "Online" and get the latest
updates for the database. Update it regularly for new spy info.

 

[Guest]

I've already done both...it didn't help. Anything else I can do? Anything I
can look for?

 

[Trax]

|>I've already done both...it didn't help. Anything else I can do? Anything I
|>can look for?

After you get clean'd up you might want to run a HOSTS file
Mine (the one I use): http://someonewhocares.org/hosts/
What's a HOSTS file: http://www.mvps.org/winhelp2002/hosts.htm

Bottom line, a HOSTS file blocks sites listed in the HOSTS file;

|>"Unk" wrote:
|>
|>>
|>> >Something seems to have installed on my computer and now I keep getting ads
|>> >popping up (even when not viewing webpages). I have high speed internet so
|>> >am always connected; but I can't figure out how to stop all these windows
|>> >from coming up and messing up what I'm doing...aside from the annoyance
|>> >factor!!! Can someone suggest something?
|>>
|>> Download and install the below:
|>> Ad-Aware
|>> http://www.lavasoftusa.com/
|>>
|>> Spybot - Search & Destroy by Patrick Kolla
|>> http://security.kolla.de/
|>>
|>> NOTE: After you install the above, click "Online" and get the latest
|>> updates for the database. Update it regularly for new spy info.
|>>
|>>
|>>

 

[Guest]

Tks Trax, have saved the info and will do as soon as I figure out what to do
about getting this problem resolved. Man, at this point I'm ready to throw
all the computers in my house right out the window!!! It's just beyond
annoying.

 

[CWatters]

Tks Trax, have saved the info and will do as soon as I figure out what to do
about getting this problem resolved. Man, at this point I'm ready to throw
all the computers in my house right out the window!!! It's just beyond
annoying.

Been there. Took me 4 days once to rid my wifes PC or adware programs. The
buggers hide well and keep repairing themselves. Removed lots only to find
it came back on restart. Had to run several removal programs one after the
other (and do some manual removal) as they each only found bits of the
problem.

Look for suspect processes using the task manager. Compare list on two PC
and google for any differences. Not all differences will be problems. My
wifes PC had 60 suspect processes running. All had "random" names the same
length.

Check the startup folder for suspect programs.

Run all the tools you can find basically. Try them in different orders even.

Microsoft's Antispyware
http://www.microsoft.com/athome/security/spyware/software/default.mspx
Pest patrol
http://www.pestpatrol.com/
Spybot Search and Destroy
http://www.safer-networking.org/
Ad-aware
http://www.lavasoftusa.com/software/adaware/
Hijackthis
http://www.merijn.org/
and a support site
http://www.hijackthis.de/
Spyware Guard
http://www.javacoolsoftware.com/index.html
Spyware Blaster
http://www.javacoolsoftware.com/index.html

Be carefull WHERE you get anti-spyware/adware progs from because there are
fake programs out there that do nothing but give you false reports and
install MORE problem ware.

 

[CWatters]

I forgot to add...

On broadband you really do need a firewall. This could be the one provided
with WindowsXP (make sure it's enabled) or in a hardware router box between
your PC and the modem.

Good luck

 

[Unk]

Maybe Windiows Messaging...
How to Prevent Windows Messenger from Running on a Windows XP-Based Computer
Right-click "My Computer" and select "Manage", Select "Services and
Applications" in the left panel, then double-click "services" in the
right panel. Scroll down the right pane until you see "messenger",
double click it and click the stop button, click "Apply", "OK"

http://support.microsoft.com/?kbid=302089
http://www.clankiller.com/tech/WinXP/misctweaks.php
http://www.lantalk.net/disable_messenger.php
http://support.microsoft.com/default.aspx?scid=kb;en-us;302089
http://www.microsoft.com/windowsxp/pro/using/howto/communicate/stopspam.asp

"Shoot The Messenger" utility for Windows NT/2000/XP
http://grc.com/stm/ShootTheMessenger.htm

Disable/Enable/Remove Windows Messenger in XP
http://www.dougknox.com/xp/utils/xp_mess_disable.htm

Windows Messenger Spam Elimination Freeware
http://grc.com/stm/shootthemessenger.htm
http://grc.com/miscfiles/ShootTheMessenger.exe

Disabling the messenger service will stop the popups, but if you have file and print sharing
bound to your external TCP/IP connection, then you could also potentially be sharing your
entire hard disk with the world since netBIOS uses ports 137-139.

 

[Guest]

Yeah, I can see I'm going to be at this for the next couple of days. Heck,
there goes my weekend *sigh*
There's supposed to be a firewal working on our home network but I'll have
to ask my son to make sure it's working properly. I have Norton AV and it
seems to be incompatible with the windows firewall so I can't make that work.
If worst comes to worst I'll have to give in an get the whole Norton
Internet security pack.
Arrrgh...I think I really hate computers!

 

[Brian A.]

**It is very important to run the update for each program before running
the app/s to be sure you have the latest definitions.**
Run the programs in Safe Mode after assuring you have shut down all running
tasks except explorer or systray and all apps are fully up to date.
Remove your Temp Internet files: Right click IE. Under the General tab
click Delete Files, put a check in Delete all Offline..., click OK and
close when finished.
Delete all files in c:\windows\temp.

Download/run Cool Web Shredder from:
http://www.intermute.com/products/cwshredder.html

For Info on Cool Web Search variants:
http://www.richardthelionhearted.com/~merijn/cwschronicles.html

Download/install/run Ad-Aware SE to detect/rid of any other
parasites/spyware that may be installed. It can be obtained free from:
http://www.lavasoftusa.com/
After installing Ad-Aware, open it and click on the ref update to get the
latest up-to-date ref file, then run Ad-Aware and delete everything it
finds.

Download/install/run Spybot - Search & Destroy:
http://security.kolla.de/index.php?lang=en&page=download
Run it at it's default settings until you learn an know more about it.
Spybot S&D is more of an advanced users tool and changing from the default
settings can be dangerous to the novice user. Items found in the default
settings that are RED can usually be safely removed. If you are unsure of a
found item, do not remove it and ask for help.

If you still have problems, download/run HijackThis from:
http://www.richardthelionhearted.com/~merijn/downloads.html
http://majorgeeks.com/downloads31.html

Copy HJT to it's own folder, this is where the log files will be saved.
Run HJT in Normal Mode.
Do not remove anything with it until you get advice on what to remove,
HJThis will list many apps that are needed along with the bad ones.
Removing items listed hap-hazardly without knowing what they are can/will
create a royal mess. Read the quick start here on how to create a log file
that can be copied/pasted into a forum that can provide assistance on
removal of unwanted pests.
http://mjc1.com/mirror/hjt/#quick

Then post the logs to an appropriate forum where they specialize in
spyware/hijacker removal. Please read any sticky notes for proper posting
which are most commonly posted first at the top in each specific forum.
Read any information under each forum category name for information on what
that particular one is used for, look for the proper one that you post logs
to.
http://forums.spywareinfo.com/
http://aumha.net/
http://forum.aumha.org/

After running the above and assuring you have a clean machine:
It’s also a good idea to have a HOSTS file to block bad sites, scroll to
HOSTS File Manager here:
http://www.mvps.org/PracticallyNerded/Software.htm

Download/install/run SpywareBlaster which stops the badboys before they
even get a chance to install:
http://www.javacoolsoftware.com/spywareblaster.html

--

Brian A. Sesko { MS MVP_Shell/User }
Conflicts start where information lacks.
http://basconotw.mvps.org/

Suggested posting do's/don'ts: http://www.dts-l.org/goodpost.htm
How to ask a question: http://support.microsoft.com/kb/555375

 

[Guest]

Nope, I already have Messenger off...Just double checked to make sure and
it's disabled.
This is horrible...nothing seems to work!!

 

[Geoffw]

I have had success with this on line check

www.ewido.com

good luck

Geoff

in message

 

[Guest]

Hehe...you'll find this funny. Just downloaded shoot the messenger to be
extra sure and all...and just as it told me that messenger was properly
disabled four windows popped up and cover the window. I guess it's a measure
of just how frustrated I am that I finally burst out laughing...

 

[Guest]

eeekkkk...just went there and seems there's so much infection the computer
should be dead by now....let's see if that helps...
Thanks!!!

 

[Guest]

ok...stupid question...where does shoot the messenger install??? I closed it
after verifying and now I can't find it again!
jeeez...this is just not my week.

 

[Brian A.]

ok...stupid question...where does shoot the messenger install??? I
closed it
after verifying and now I can't find it again!
jeeez...this is just not my week.

You don't install it, you simply download the .exe to a folder and run
it. If you can't recall where you downloaded it too, use find to search
for it.


--

Brian A. Sesko { MS MVP_Shell/User }
Conflicts start where information lacks.
http://basconotw.mvps.org/

Suggested posting do's/don'ts: http://www.dts-l.org/goodpost.htm
How to ask a question: http://support.microsoft.com/kb/555375

 

[Brian A.]

Are all your detection apps fully updated and did you run them in Safe
Mode as recommended? Some times it even best to run them in Safe Mode a
few times before Normal booting as they may/can/do find more.

--

Brian A. Sesko { MS MVP_Shell/User }
Conflicts start where information lacks.
http://basconotw.mvps.org/

Suggested posting do's/don'ts: http://www.dts-l.org/goodpost.htm
How to ask a question: http://support.microsoft.com/kb/555375

 

[Jim Byrd]

Hi Maria - Sounds like you've got a serious problem on your hands. You can
work your way through the steps outlined in my Blog, addy below in my
Signature, but I think it might be faster in this case if you got some
immediate expert assistance.


Download HijackThis, free, here:
http://209.133.47.200/~merijn/files/HijackThis.exe (Always download a new
fresh copy of HijackThis [and CWShredder also] - It's UPDATED frequently.)
You may also get it here if that link is blocked:
http://www.majorgeeks.com/downloadget.php?id=3155&file=3&evp=3304750663b552982a8baee6434cfc13

There's a good "How-to-Use" tutorial here:
http://computercops.biz/HijackThis.html

In Windows Explorer, click on Tools|Folder Options|View and check "Show
hidden files and folders" and uncheck "Hide protected operating system
files". (You may want to restore these when you're all finished with
HijackThis.)

Place HijackThis.exe or unzip HijackThis.zip into its own dedicated folder
at the root level such as C:\HijackThis (NOT in a Temp folder or on your
Desktop), reboot to Safe mode, start HT then press Scan. Click on SaveLog
when it's finished which will create hijackthis.log. Now click the Config
button, then Misc Tools and click on Generate StartupList.log which will
create Startuplist.txt


Then go to one of the following forums:

Spyware and Hijackware Removal Support, here:
http://forums.spywareinfo.com/

or Net-Integration here:
http://www.net-integration.net/cgi-...86d536d57b5f65b6e40c55365e;act=ST;f=27;t=6949

or Tom Coyote here: http://forums.tomcoyote.org/index.php?act=idx
or Jim Eshelman's site here: http://forum.aumha.org/
or Bleepingcomputer here: http://www.bleepingcomputer.com/
or Computer Cops here: http://www.computercops.biz/forums.html

Register if necessary, then sign in and READ THE DIRECTIONS at the beginning
of the particular site's HiJackThis forum, then copy and paste both files
into a message asking for assistance, Someone will answer with detailed
instructions for the removal of your parasite(s). Be sure you include at
the beginning of your first post a description of "What specific
problem(s)/symptoms you're trying to solve" and "What steps you've already
taken."



*******
ONLY IF you've successfully eliminated the malware, you can now make a new,
clean Restore Point and delete any previously saved (possibly infected)
ones. The following suggested approach is courtesy of Gary Woodruff: For XP
you can run a Disk Cleanup cycle and then look in the More Options tab. The
System Restore option removes all but the latest Restore Point. If there
hasn't been one made since the system was cleaned you should manually create
one before dumping the old possibly infected ones.
*******


Once you get this cleaned up, you might want to consider installing Eric
Howes' IESpyAds, SpywareBlaster and SpywareGuard here to help prevent this
kind of thing from happening in the future:

IESpyads - https://netfiles.uiuc.edu/ehowes/www/resource.htm "IE-SPYAD adds
a long list of sites and domains associated with known advertisers,
marketers, and crapware pushers to the Restricted sites zone of Internet
Explorer. Once you merge this list of sites and domains into the Registry,
the web sites for these companies will not be able to use cookies, ActiveX
controls, Java applets, or scripting to compromise your privacy or your PC
while you surf the Net. Nor will they be able to use your browser to push
unwanted pop-ups, cookies, or auto-installing programs on your PC." Read
carefully.

http://www.javacoolsoftware.com/spywareblaster.html (Prevents malware Active
X installs) (BTW, SpyWareBlaster is not memory resident ... no CPU or memory
load - but keep it UPDATED) The latest version as of this writing will
prevent installation or prevent the malware from running if it is already
installed, and it provides information and fixit-links for a variety of
parasites.

http://www.javacoolsoftware.com/spywareguard.html (Monitors for attempts to
install malware) Keep it UPDATED. All three Very Highly Recommended

Next, install and keep updated a good HOSTS file. It can help you avoid
most adware/malware. See here: http://www.mvps.org/winhelp2002/hosts.htm
(Be sure it's named/renamed HOSTS - all caps, no extension) Additional
tutorials here:
http://www.bleepingcomputer.com/forums/index.php?s=14f3f9225081133297a8acdd11137c5b&showtutorial=51
(detailed) and here: http://www.spywarewarrior.com/viewtopic.php?t=410
(overview)



Finally, go to Windows Update and ensure that ALL Critical updates are
installed. And, of course, you need to have a good hardware or software
firewall and an Anti-Virus installed.

 

[Jim Byrd]

Hi Maria - I forgot momentarily that Eric Howes has moved on to a new job
and has moved his site. Here's a corrected addy for IESPYAD -
http://www.spywarewarrior.com/uiuc/resource.htm

--
Regards, Jim Byrd, MS-MVP/DTS/AH-VSOP
My Blog, Defending Your Machine, here:
http://DefendingYourMachine.blogspot.com/

Hi Maria - Sounds like you've got a serious problem on your hands. You can
work your way through the steps outlined in my Blog, addy below in my
Signature, but I think it might be faster in this case if you got some
immediate expert assistance.


Download HijackThis, free, here:
http://209.133.47.200/~merijn/files/HijackThis.exe (Always download a new
fresh copy of HijackThis [and CWShredder also] - It's UPDATED frequently.)
You may also get it here if that link is blocked:
http://www.majorgeeks.com/downloadget.php?id=3155&file=3&evp=3304750663b552982a8baee6434cfc13

There's a good "How-to-Use" tutorial here:
http://computercops.biz/HijackThis.html

In Windows Explorer, click on Tools|Folder Options|View and check "Show
hidden files and folders" and uncheck "Hide protected operating system
files". (You may want to restore these when you're all finished with
HijackThis.)

Place HijackThis.exe or unzip HijackThis.zip into its own dedicated folder
at the root level such as C:\HijackThis (NOT in a Temp folder or on your
Desktop), reboot to Safe mode, start HT then press Scan. Click on SaveLog
when it's finished which will create hijackthis.log. Now click the Config
button, then Misc Tools and click on Generate StartupList.log which will
create Startuplist.txt


Then go to one of the following forums:

Spyware and Hijackware Removal Support, here:
http://forums.spywareinfo.com/

or Net-Integration here:
http://www.net-integration.net/cgi-...86d536d57b5f65b6e40c55365e;act=ST;f=27;t=6949

or Tom Coyote here: http://forums.tomcoyote.org/index.php?act=idx
or Jim Eshelman's site here: http://forum.aumha.org/
or Bleepingcomputer here: http://www.bleepingcomputer.com/
or Computer Cops here: http://www.computercops.biz/forums.html

Register if necessary, then sign in and READ THE DIRECTIONS at the beginning
of the particular site's HiJackThis forum, then copy and paste both files
into a message asking for assistance, Someone will answer with detailed
instructions for the removal of your parasite(s). Be sure you include at
the beginning of your first post a description of "What specific
problem(s)/symptoms you're trying to solve" and "What steps you've already
taken."



*******
ONLY IF you've successfully eliminated the malware, you can now make a new,
clean Restore Point and delete any previously saved (possibly infected)
ones. The following suggested approach is courtesy of Gary Woodruff: For XP
you can run a Disk Cleanup cycle and then look in the More Options tab. The
System Restore option removes all but the latest Restore Point. If there
hasn't been one made since the system was cleaned you should manually create
one before dumping the old possibly infected ones.
*******


Once you get this cleaned up, you might want to consider installing Eric
Howes' IESpyAds, SpywareBlaster and SpywareGuard here to help prevent this
kind of thing from happening in the future:

IESpyads - https://netfiles.uiuc.edu/ehowes/www/resource.htm "IE-SPYAD adds
a long list of sites and domains associated with known advertisers,
marketers, and crapware pushers to the Restricted sites zone of Internet
Explorer. Once you merge this list of sites and domains into the Registry,
the web sites for these companies will not be able to use cookies, ActiveX
controls, Java applets, or scripting to compromise your privacy or your PC
while you surf the Net. Nor will they be able to use your browser to push
unwanted pop-ups, cookies, or auto-installing programs on your PC." Read
carefully.

http://www.javacoolsoftware.com/spywareblaster.html (Prevents malware Active
X installs) (BTW, SpyWareBlaster is not memory resident ... no CPU or memory
load - but keep it UPDATED) The latest version as of this writing will
prevent installation or prevent the malware from running if it is already
installed, and it provides information and fixit-links for a variety of
parasites.

http://www.javacoolsoftware.com/spywareguard.html (Monitors for attempts to
install malware) Keep it UPDATED. All three Very Highly Recommended

Next, install and keep updated a good HOSTS file. It can help you avoid
most adware/malware. See here: http://www.mvps.org/winhelp2002/hosts.htm
(Be sure it's named/renamed HOSTS - all caps, no extension) Additional
tutorials here:
http://www.bleepingcomputer.com/forums/index.php?s=14f3f9225081133297a8acdd11137c5b&showtutorial=51
(detailed) and here: http://www.spywarewarrior.com/viewtopic.php?t=410
(overview)



Finally, go to Windows Update and ensure that ALL Critical updates are
installed. And, of course, you need to have a good hardware or software
firewall and an Anti-Virus installed.

eeekkkk...just went there and seems there's so much infection the computer
should be dead by now....let's see if that helps...
Thanks!!!

 

[Bruce Chambers]

Something seems to have installed on my computer and now I keep getting ads
popping up (even when not viewing webpages). I have high speed internet so
am always connected; but I can't figure out how to stop all these windows
from coming up and messing up what I'm doing...aside from the annoyance
factor!!! Can someone suggest something?

What specific kind of pop-ups are you seeing? There are at least
three varieties of pop-ups, and the solutions vary accordingly.

1) Does the title bar of these pop-ups read "Messenger Service?"

This type of spam has become quite common over the past few years,
and unintentionally serves as a valid security "alert." It demonstrates
that the computer user hasn't been taking sufficient precautions while
connected to the Internet. The user's data probably hasn't been
compromised by these specific advertisements, but if he/she's open to
this exploit, he/she may well be open to other threats, such as the
Blaster Worm that swept across the Internet years ago and the Sasser
Worm that followed shortly thereafter, both of which can still be
contacted. Install and use a decent, properly configured firewall.
(Merely disabling the messenger service, as some people recommend, only
hides the symptom, and does little or nothing to truly secure the
machine.) And ignoring or just "putting up with" the security gap
represented by these messages is particularly foolish.

Messenger Service of Windows
http://support.microsoft.com/default.aspx?scid=KB;en-us;168893

Messenger Service Window That Contains an Internet Advertisement
Appears
http://support.microsoft.com/?id=330904

Stopping Advertisements with Messenger Service Titles
http://www.microsoft.com/windowsxp/pro/using/howto/communicate/stopspam.asp

Blocking Ads, Parasites, and Hijackers with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm

Oh, and be especially wary of people who advise the user to do
nothing more than disable the messenger service. Disabling the
messenger service, by itself, is a "head in the sand" approach to
computer security. The real problem is not the messenger service
pop-ups; they're actually providing a useful, if annoying, service by
acting as a security alert. The true problem is the unsecured computer,
and the user's been advised to merely turn off the warnings. How is
this helpful?

2) For regular Internet pop-ups, you might try the free 12Ghosts
Popup-killer from http://12ghosts.com/ghosts/popup.htm, Pop-Up Stopper
from http://www.panicware.com/, or the Google Toolbar from
http://toolbar.google.com/. Alternatively, you can upgrade your WinXP
to SP2, to install IE's pop-up blocker. Another alternative would be
to use another browser, such as Mozilla or Firefox, which has pop-up
blocking capabilities. (But I'd avoid Netscape; it carries too much
extraneous AOL garbage.)

3) To deal with pop-ups caused by any sort of "adware" and/or
"spyware," such as Gator, Comet Cursors, Xupiter, Bonzai Buddy, or
KaZaA, and their remnants, that you've deliberately (but without
understanding the consequences) installed, two products that are
quite effective (at finding and removing this type of scumware) are
Ad-Aware from www.lavasoft.de and SpyBot Search & Destroy from
www.safer-networking.org/. Both have free versions. It's even
possible to use SpyBot Search & Destroy to "immunize" your system
against most future intrusions. I use both and generally perform
manual scans every week or so to clean out cookies, etc.

Additionally, manual removal instructions for the most common
varieties of scumware are available here:

PC Hell Spyware and Adware Removal Help
http://www.pchell.com/support/spyware.shtml

More information and assistance is available at these sites:

Blocking Ads, Parasites, and Hijackers with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm

The Parasite Fight
http://www.aumha.org/a/parasite.htm

Neither adware nor spyware, collectively known as scumware,
magically install themselves on anyone's computer. They are almost
always deliberately installed by the computer's user, as part of some
allegedly "free" service or product.

While there are some unscrupulous malware distributors out there,
who do attempt to install and exploit malware without consent, the
majority of them simply rely upon the intellectual laziness and
gullibility of the average consumer, counting on them to quickly click
past the EULA in his/her haste to get the latest in "free" cutesy
cursors, screensavers, "utilities," and/or wallpapers.

If you were to read the EULAs that accompany, and to which the
computer user must agree before the download/installation of the
"screensaver" continues, most adware and spyware, you'll find that
they _do_ have the consumer's permission to do exactly what they're
doing. In the overwhelming majority of cases, computer users have no
one to blame but themselves.

There are several essential components to computer security: a
knowledgeable and pro-active user, a properly configured firewall,
reliable and up-to-date antivirus software, and the prompt repair (via
patches, hotfixes, or service packs) of any known vulnerabilities.

The weakest link in this "equation" is, of course, the computer
user. No software manufacturer can -- nor should they be expected
to -- protect the computer user from him/herself. All too many people
have bought into the various PC/software manufacturers marketing
claims of easy computing. They believe that their computer should be
no harder to use than a toaster oven; they have neither the
inclination or desire to learn how to safely use their computer. All
too few people keep their antivirus software current, install patches
in a timely manner, or stop to really think about that cutesy link
they're about to click.

Firewalls and anti-virus applications, which should always be used
and should always be running, are important components of "safe hex,"
but they cannot, and should not be expected to, protect the computer
user from him/herself. Ultimately, it is incumbent upon each and
every computer user to learn how to secure his/her own computer.

To learn more about practicing "safe hex," start with these links:

Protect Your PC
http://www.microsoft.com/security/protect/default.asp

Home Computer Security
http://www.cert.org/homeusers/HomeComputerSecurity/

List of Antivirus Software Vendors
http://support.microsoft.com/default.aspx?scid=kb;en-us;49500

Home PC Firewall Guide
http://www.firewallguide.com/

Scumware.com
http://www.scumware.com/



--

Bruce Chambers

Help us help you:



They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -Benjamin Franklin

Is life so dear or peace so sweet as to be purchased at the price of
chains and slavery? .... I know not what course others may take, but as
for me, give me liberty, or give me death! -Patrick Henry