Pop- Ups

  • Thread starter Thread starter Stan
  • Start date Start date
S

Stan

Hello:

Don;t know if this is the right newsgroup to post this but I hope someone
can offer some insight. How exactly do advertisers execute pop-ups on remote
computers. Is it through cookies or are/have they installed some routine on
your computer that is run when you open IE. Can someone explain this to me.

Thanks
 
Neither. Your messenger service is set to start auomatically. You have an open port there and the messenger service is listening on that port. They do it based on the net send command. Type net send /? in the command prompt.
 
I'm talking about web popups. We have several users getting pop up from x
rated sites the minute they start IE. What is prompting this ?


Neither. Your messenger service is set to start auomatically. You have an
open port there and the messenger service is listening on that port. They
do it based on the net send command. Type net send /? in the command
prompt.
 
Well that is a little different. This is a result of ActiveX that has been installed usually by visiting porn sites to begin with. You can usually find the dlls that are doing this in C:\Documents and Settings\%profile%\Local Settings\temp. Also in a Application Data folder. Another place where these dlls can install is in C:\WINNT\system32 but that is not usual.

They are called in HKLM\Software\Microsoft\Windows\CurrentVersion\Run same place in HKCU check

Another place where this can happen is if an installable protocol has been installed. You can find those in HKCR\protocols. But do not remove anything here uintil you compare with a machine that you know to be safe.

All this in Start | Run | regedit | OK.

Finally these "pests" can be found in the Start Programs Folder but again that is not usual.

The best thing to do is use three pest finders:

AdAware 6.0
HijackThis
BHODemon

They will clean this stuff out. Almost all. They usually don't delete files just the calls to them in the registry. Before you let these applications remove the reg entries check in the registry to the files these are calling so you can find and remove them.

Often the files will be in use and you cannot delete them. If that is the case reboot in Safe Mode and delete them then.

HTH
 
Yu go boy,
Nice post

don
------------


Well that is a little different. This is a result of ActiveX that has been
installed usually by visiting porn sites to begin with. You can usually find the
dlls that are doing this in C:\Documents and Settings\%profile%\Local
Settings\temp. Also in a Application Data folder. Another place where these dlls
can install is in C:\WINNT\system32 but that is not usual.

They are called in HKLM\Software\Microsoft\Windows\CurrentVersion\Run same place
in HKCU check

Another place where this can happen is if an installable protocol has been
installed. You can find those in HKCR\protocols. But do not remove anything here
uintil you compare with a machine that you know to be safe.

All this in Start | Run | regedit | OK.

Finally these "pests" can be found in the Start Programs Folder but again that is
not usual.

The best thing to do is use three pest finders:

AdAware 6.0
HijackThis
BHODemon

They will clean this stuff out. Almost all. They usually don't delete files just
the calls to them in the registry. Before you let these applications remove the
reg entries check in the registry to the files these are calling so you can find
and remove them.

Often the files will be in use and you cannot delete them. If that is the case
reboot in Safe Mode and delete them then.

HTH
 
Greetings --

This type of spam has become quite common over the past year, and
unintentionally serves as a valid security "alert." It demonstrates
that you haven't been taking sufficient precautions while connected to
the Internet. Your data probably hasn't been compromised by these
specific advertisements, but if you're open to this exploit, you are
open to other threats, such as the Blaster and Welchia worms that
recently swept cross the Internet. Install and use a decent,
properly configured firewall. (Merely disabling the messenger
service, as some people recommend, only hides the symptom, and does
little or nothing to truly secure your machine.) And ignoring or just
"putting up with" the security gap represented by these messages is
particularly foolish.

Messenger Service of Windows
http://support.microsoft.com/default.aspx?scid=KB;en-us;168893

Messenger Service Window That Contains an Internet Advertisement
Appears
http://support.microsoft.com/?id=330904

Stopping Advertisements with Messenger Service Titles
http://www.microsoft.com/windowsxp/pro/using/howto/communicate/stopspam.asp

Blocking Ads, Parasites, and Hijackers with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm

Oh, and be especially wary of people who advise you to do nothing
more than disable the messenger service. Disabling the messenger
service, by itself, is a "head in the sand" approach to computer
security. The real problem is _not_ the messenger service pop-ups;
they're actually providing a useful, if annoying, service by acting as
a security alert. The true problem is the unsecured computer, and
you've been advised to merely turn off the warnings. How is this
helpful?


Bruce Chambers

--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH
 
George,

Thanks for the info, it does seem very helpful. However I do / did use AdAware6.0 for the same popup issue. The problem now seems to be getting worse. I updated my AdAware program but the very next time my machine is rebooted and I go online it seems as if there are MORE popups. All of this began 3 weeks ago and is progressively getting worse. I have a software firewall and I am running 2000 Advanced server with all the latest updates and virus protection. Is there not a way to totally get rid of the programs causing the popups without using AdAware or other 3rd party software? I sorta feel as if these programs are disguised to help but really are helping the wrong "side". Do you have any other suggestions.
 
Those three applications get all the stuff that I cannot get myself. They are really very good.

What I need you to do is give me a list of everything under:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run and the same place under HKEY_CURRENT_USER.

After you attack this crap repeatedly you'll know where to look and you can usually clean everything out. This is one reason why I no longer surf with any ActiveX enabled; MetaRefresh enabled; and any of the Scripting enabled. It's just too dangerous out there for a healthy system.

Finally let me tell you a way to help in these matters. When you install a new op sys ALWAYS make a backup reg file of this key:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main

Then when you lose your Search Page and other things nasty's do just import this key from your original installation.
 
Back
Top