Pop-up vs. virus

[Tish]

Hi, I recently started getting frequent and familiar pop-ups along with new
windows being opened to dating sites, chatrooms, and this particular search
FindStuff.com page. To make a long story short, I've revamped my online
security with IEsp2 and downloaded the AVG anti-spyware, anti-virus,
anti-root and ran them all and I am pretty sure deleated like 4viruses,
50something spyware but the anti-root came back clean. However, I still have
a problem somewhere because after I rebooted and logged back in, it wasn't
long til I was at another search FindStuff page. Which is apparently not a
known phlishing or whatever site and I really dont know what else to do.
Maybe reboot in safe mode and re-run the scanners? If so, I'm not sure how
to reboot in safe mode. Thanks for any help-oh I'm on Windows XP, thanks.

 

[John]

Just press F8 when booting and choose safe mode from the list.

John.

 

[pcbutts1]

Use Remove-it version 18, it's fast and free. It now has over 9500
signatures to remove All variants of Rogue scanners, Desktop/Homepage
Hijackers, Trojans, Codec's, and related Malware/Spyware. Download it here
http://pcbutts1.com/downloads/tools/tools.htm Also download whats live rn
from the same page and send me a copy of the log file it creates.

--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com, David
H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz, Beauregard T.
Shagnasty,Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell

 

[Malke]

Hi, I recently started getting frequent and familiar pop-ups along with new
windows being opened to dating sites, chatrooms, and this particular search
FindStuff.com page. To make a long story short, I've revamped my online
security with IEsp2 and downloaded the AVG anti-spyware, anti-virus,
anti-root and ran them all and I am pretty sure deleated like 4viruses,
50something spyware but the anti-root came back clean. However, I still have
a problem somewhere because after I rebooted and logged back in, it wasn't
long til I was at another search FindStuff page. Which is apparently not a
known phlishing or whatever site and I really dont know what else to do.
Maybe reboot in safe mode and re-run the scanners? If so, I'm not sure how
to reboot in safe mode. Thanks for any help-oh I'm on Windows XP, thanks.

Go through these general malware removal steps systematically -
http://www.elephantboycomputers.com/page2.html#Removing_Malware

Include scanning with David Lipman's Multi_AV and follow instructions to
do all scans in Safe Mode.

http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions
http://www.pctipp.ch/downloads/sicherheit/35905/multi_av_scanning_tool.html
- download site

The site is in German but David's tool is in English so don't let that
worry you. Scroll all the way down to almost the bottom of the page and
you'll see a box titled "Infos Zum Download - Multi-AV Scanning Tool".
You'll see "Download von www pctipp.ch" and the live link to download
Multi_AV.

You can also check to see if there are targeted removal steps for your
malware here:
Bleeping Computer removal how-to's -
http://www.bleepingcomputer.com/forums/forum55.html

When all else fails, run HijackThis and post your log in one of the
specialty forums listed at the first link above (not here, please).

Standard caveat: If the procedures look too complex - and there is no
shame in admitting this isn't your cup of tea - take the machine to a
professional computer repair shop (not your local version of
BigComputerStore/GeekSquad). Please be aware that not all local shops
are skilled at removing malware and even if they are, your computer may
be so infested that Windows will need to be clean-installed. Have all
your data backed up before you take the machine into a shop.


Malke

 

[Frank Saunders MS-MVP IE,OE/WM]

Hi, I recently started getting frequent and familiar pop-ups along with
new
windows being opened to dating sites, chatrooms, and this particular
search
FindStuff.com page. To make a long story short, I've revamped my online
security with IEsp2 and downloaded the AVG anti-spyware, anti-virus,
anti-root and ran them all and I am pretty sure deleated like 4viruses,
50something spyware but the anti-root came back clean. However, I still
have
a problem somewhere because after I rebooted and logged back in, it wasn't
long til I was at another search FindStuff page. Which is apparently not
a
known phlishing or whatever site and I really dont know what else to do.
Maybe reboot in safe mode and re-run the scanners? If so, I'm not sure
how
to reboot in safe mode. Thanks for any help-oh I'm on Windows XP, thanks.

Do a thorough check for malware, following all of the steps at one of these
Web pages.
Help with malware:
All MS-MVP Sites.
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://www.elephantboycomputers.com/page2.html#Removing_Malware
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/darnit.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm

Unexplained computer behavior may be caused by deceptive software.
http://support.microsoft.com/kb/827315

So How Did I Get Infected Anyway?
For quite a few people it's by installing programs like Messenger Plus,
whose ads for malware don't identify the malware as such and try to convince
you that you owe it to the author. See also:
http://www.wilderssecurity.com/showthread.php?t=27971
Don't ever do a "default" install of anything. Always choose Custom and see
what else is being carried along. Don't install any extras you're not sure
of.

 

[Leythos]

Remove-it version 18

Is hosted on a website that contains pornographic filth created by
pcbutts himself, will block access to reputable anti-malware sites
according to butts, and should be avoided as an unethical product of
piracy, according to many.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
(e-mail address removed) (remove 999 for proper email address)

 

[Tish]

Thank you John and everyone for their help. I scanned in safe mode this
morning and aside from deleting a few more spamware did not find a virus. So
far though today, it has not happened again so maybe that fixed it?! If it
turns out that it didn't I will go to the next suggestion and let you know,
thanks again.

 

[Tish]

This message is from Tish.....but not the same "Tish" that wrote these 1/8
messages. I'd written to Microsoft in December raising my concern about
finding that there are apparently two of us out here using the same moniker
on these community sites. That didn't do any good so now I'm writing to you
directly to ask you to post some info so that I can contact you to find out
why we are both showing up as apparently the same person. My file does have
contact info. I've also checked to be notified of replies to this message.
If Microsoft is monitoring, would you please check into this again? This is
the other person.

 

[Bob I]

Microsoft doesn't "monitor" this, it is a peer-to-peer users news group.
If you are concerned that some other user is posting using the same 4
character combo as a name, please feel free to make your "handle" unique.

 

[Tish]

I was told previously by Microsoft that everyone has a unique 'handle' since
they do not allow duplication during the registration process. I've been
using this 'handle' ever since they were first issued and it makes it easy
for me to look up my questions since I don't always seem to get notifications
of responses. So I'm hesitant to change my 'handle' from my name to
something else. I'm curious as to how this slipped up in the Microsoft
registration process. It does not require monitoring by microsoft once you
are assigned your name.

 

[Bob I]

This is a public, unmoderated newsgroup and people can post from
anyplace they want to. Just because you believe there is something
special about "Tish", it doesn't prevent someone from posting it from
google.groups or one of a thousand other news servers that handle this
newsgroup. That's how it is, you will have to live with it. If you don't
believe that, go here and search for "Tish"

http://groups.google.com/grphp?hl=en&tab=wg

 

[Tish]

This is a public, unmoderated newsgroup and people can post from
anyplace they want to. Just because you believe there is something
special about "Tish", it doesn't prevent someone from posting it from
google.groups or one of a thousand other news servers that handle this
newsgroup. That's how it is, you will have to live with it. If you don't
believe that, go here and search for "Tish"

http://groups.google.com/grphp?hl=en&tab=wg

 

[Tish]

Thanks for the 'heads up' on the location I'd wound up on. I had entered
via Microsoft's site using my Microsoft assigned password identifier which
was supposed to be unique (within the realm of the Microsoft 'handles'. I
had been unaware that there were other entry points that did not require
positive ID via Microsoft User ID and Password. That would indeed explain
why there was nothing unique about the 'handle'. Unfortunately when I'd
inquired about this previously (directly to Microsoft) they must have been as
confused about my question....or location as described by me.....as I was
because they assured me that it was not possible for anyone to be using my
User ID on the site unless that person possessed my password. It was that
sort of 'identify' issue that was concerning me, not the fact that someone
else had the same name as I do in real life! Having just been the victim of
credit card fraud I'm being a bit skittish about identity theft these days.
But thanks for the help on this. I appreciate it.

 

[Bob I]

Yes your "microsoft identity" will be unique and protected, but the
"Tish" nick is not anything special as far as the newsgroup. So you are
ok, just don't get excited about seeing "Tish" in the wild west of
public newsgroups.