As soon as I open Firefox or IE I'm getting separate instances of those
browses popping up with all kinds of websites (non-porn). I ran Kaspersky
Antivirus and AdAware a few times. They didn't find anything, and they won't
intercept any of those windows. What do I do? I'm at the end of my wits.
1.Clear the (IE) temporary Internet files and the history cache.
Click Start==>Run... then type (or copy/paste) "inetcpl.cpl" (w/out
quotation marks) into the box, then click the 'OK' button.
In Internet Properties panel 'General' tab, under 'Browsing history', click
'Delete...'button, in 'Delete Browsing History' panel, click the 'Delete
all...'button then place a checkmark into the box beside 'Also delete files
and settings stored by add-ons', Click 'Yes' and exit the Internet
Properties panel by clicking the 'OK' button.
2.Clean HDD
Click Start==>Run... then type (or copy/paste) "cleanmgr" (w/out quotation
marks into the box, then click the 'OK' button. Select your drive
(presumably WinXP (C
and click OK.
3.Download/execute:
Malwarebytes© Corporation - Anti-Malware
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
--and--
Kaspersky® AVPTool
http://avptool.virusinfo.info/en/
Direct:
http://downloads5.kaspersky-labs.com/devbuilds/AVPTool/
--and--
Dr.Web CureIt!® Utility - FREE
http://www.freedrweb.com/cureit/
--and--
SuperAntispyware - Free
http://www.superantispyware.com/superantispywarefreevspro.html
NOTE:
Kaspersky® Virus Removal Tool, Dr.Web CureIt!® and the free version of
Malwarebytes© and SuperAntispyware are not capable for real-time protection
of your computer.
Kaspersky® AVPTool, Dr.Web CureIt!® have no update feature (so they don't
turn into full blown scanners). As soon as your computer is cleaned you are
supposed to remove these tools from your operating system.
Re: K/AVPTool; To uninstall/move this program 'enable self-defense' must be
unchecked!
The free version of Malwarebytes© and SuperAntispyware have an update
feature, keep them installed in addtion to your resident AV/A-S
applications and scan frequently.
After the software is updated, it is suggested scanning the system in Safe
Mode.
How do you boot to Safe Mode?
By pressing/tabbing F8 (or F5 on some keyboards) during re-boot.
A description of the Safe Mode Boot options in Windows XP
http://support.microsoft.com/default.aspx?scid=315222
Start your computer in safe mode (Vista)
http://windowshelp.microsoft.com/Windows/en-us/help/323ef48f-7b93-4079-a48a-5c58eec904a11033.mspx
http://www.bleepingcomputer.com/tutorials/tutorial61.html
Alternatively:
Click Start==>Run... then type (or copy/paste) "msconfig" (without
quotation marks), click OK. Then click onto BOOT.INI tab and 'check'
/SAFEBOOT then OK and click Restart. To go back to Normal Mode, you must
access the System Configuration utility again and click the General tab
then click/check the radio button 'Normal Startup'- load all device drivers
and services'.
4.Download and execute HiJack This! (HJT)
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis
Please, do not post HJT logs to this newsgroup.
Fora where you can get expert advice for HiJack This! (HJT) logs.
http://www.thespykiller.co.uk/index.php?board=3.0
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.tomcoyote.org/index.php?showforum=27
http://www.bleepingcomputer.com/forums/forum22.html
http://www.malwarebytes.org/forums/index.php?showforum=7
http://www.5starsupport.com/ipboard/index.php?showforum=18
http://www.theeldergeek.com/forum/index.php?s=2e9ea4e19d3289dd877ab75a8220bff6&showforum=29
NOTE:
Registration is required in any of the above mentioned fora before posting
a HJT log and read the 'stickies' (instructions/guidelines) for the
respective HJT forum.
5.Routinely practice Safe-Hex.
http://www.claymania.com/safe-hex.html
Good luck
