im getting all kinds of popups and little so called
programs that are telling me i have a "parasite" or other
harmful things on my system. now these programs are even
loading as i write this....i need the perfect pop up
stopper i guess. i run adaware and it finds things all the
time! i've also seen things about leaking memory and java
security.....need help with this, its getting worse!
John,
Take the advice of the popups with a grain of salt. No reputable popup or
spyware control product advertises with popups. Anything you buy would be a
waste of time.
But you need to stop the popups.
There are at least three varieties of pop-ups, and the solutions vary
accordingly. Which specific type(s) are you seeing?
I. "Messenger Service" Pop-Ups
This will be a text only message, and will only hit you when you're online. A
Messenger Service pop-up can't contain a clickable link. The window will be
titled "Messenger Service".
This type of spam has become quite common over the past year or so, and
unintentionally serves as a valid security alert. It demonstrates that you
haven't been taking sufficient precautions while connected to the Internet.
Your data probably hasn't been compromised by these specific advertisements, but
if you're open to this exploit, you most definitely open to other threats, such
as the Blaster Worm that still haunts the Internet. Install and use a decent,
properly configured firewall. (Merely disabling the messenger service, as some
people recommend, only hides the symptom, and does little or nothing to truly
secure your machine.) And ignoring or just "putting up with" the security gap
represented by these messages is particularly foolish.
Messenger Service of Windows
<
http://support.microsoft.com/default.aspx?scid=KB;en-us;168893>
Messenger Service Window That Contains an Internet Advertisement
Appears
<
http://support.microsoft.com/?id=330904>
Stopping Advertisements with Messenger Service Titles
<
http://www.microsoft.com/windowsxp/pro/using/howto/communicate/stopspam.asp>
Blocking Ads, Parasites, and Hijackers with a Hosts File
<
http://www.mvps.org/winhelp2002/hosts.htm>
If you're using AOL, you'll either need to find a 3rd party firewall that is
compatible with AOL, or switch to a real ISP that is compatible with the real
Internet. This is because AOL is an on-line content provider that ignores
international networking standards in favor of its own proprietary products, and
has deliberately made its connection software incompatible with both WinXP's
built-in firewall and WinXP's Internet Connection Sharing feature. AOL's
proprietary connection applet is deliberately designed to preclude your
setting/adjusting any of its properties, to include enabling/disabling WinXP's
ICF and ICS.
Whichever firewall you decide upon, be sure to ensure UDP ports 135, 137, and
138 and TCP ports 135, 139, and 445 are _all_ blocked. You may also disable
Inbound NetBIOS (NetBIOS over TCP/IP). You'll have to follow the instructions
from firewall's manufacturer for the specific steps.
You can test your firewall at:
Gibson Research <
http://grc.com/default.htm> (ShieldsUp!)
SecurityMetrics <
http://www.securitymetrics.com/portscan.adp>
Sygate Security Scan <
http://www.sygatetech.com/>
Symantec Security Check <
http://security.symantec.com/ssc/vr_main.asp>
Be especially wary of people who advise you to do nothing more than disable the
messenger service. Disabling the messenger service, by itself, is a "head in
the sand" approach to computer security. The real problem is _not_ the
messenger service pop-ups; they're actually providing a useful, if annoying,
service by acting as a security alert.
II. Regular Browser Based Pop-Ups
This will be an HTML message, and will only hit you when you're online. A
browser based popup will probably contain clickable links. The window title
will vary.
Get the free Google Toolbar from <
http://toolbar.google.com/>. Hosts file
blocking (above) works on this problem also.
III. Adware / Spyware
This will be an HTML message, and can hit you when you're online, or offline.
An adware based popup will probably contain clickable links. The window title
will vary.
This is where you need a thorough adware / spyware scan, including
CoolWebSearch, Spybot S&D, and HijackThis, with expert advice to interpret the
HijackThis log.
First, download LSP-Fix and WinsockXPFIx from <
http://www.cexx.org/lspfix.htm>,
and CWShredder from <
http://www.majorgeeks.com/download4086.html>. All are
free.
Next, close all Internet Explorer and Outlook windows, then run CWShredder.
Have it fix all variants.
Now check for, and remove, spyware. Get HijackThis
<
http://www.majorgeeks.com/download.php?det=3155> and Spybot S&D
<
http://www.safer-networking.org/index.php?page=download>. Both free.
1) Install and run Spybot. First update it ("Search for updates"), then run a
scan ("Check for problems"). Trust Spybot, and make all recommended deletions.
2) Install and run HijackThis. Do NOT make any changes immediately. Save the
HJT Log. <
http://forums.spywareinfo.com/index.php?showtopic=227>
3) Have your HJT log interpreted by experts at one or more of the following
forums (and post it, or a link to your forum post, here):
<
http://forums.net-integration.net/>
<
http://forums.spywareinfo.com/>
<
http://spywarewarrior.com/index.php>
<
http://forums.tomcoyote.org/>
<
http://www.wilderssecurity.com/>
If removal of any spyware affects your ability to access the internet (some
spyware builds itself into the network software, and its removal may damage your
network), run LSP-Fix and / or WinsockXPFIx.
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
