Spontaneous pop-ups in IE6

[Jonathan Sachs]

I seem to have contracted adware. Every time I start my browser (IE6) I get
pop-ups from paladin-select.net and slotch.net. While I'm running I
occasionally get spontaneous pop-ups from these sources and perhaps others
even when no browser is running.

I installed Ad-Aware SE Plus, which offers real-time monitoring. (I was
previously using the freeware version of Ad-Aware, which does not.) It
claims to have found and removed all of the malware on my system, but I'm
still getting the pop-ups.

I tried installing EarthLink's pop-up blocker, but gave up on it. (The
installer warned me to turn off my virus protection, but won't run without a
network connection. I'm expected to stay connected to the net with virus
protection off? No thanks.)

Any suggestions for getting rid of this garbage?

 

[Jan Il]

Hi Jonathan

You may have a hijacker, malware, spyware or parasites on your system
causing this problem. Thus, in addition to running your updated anti-virus
program, you should do the following to be sure none of these are present on
your system. Although you may have already run one or more of the programs,
please do so again according to the instructions below. Some variants of
malware can replicate themselves over and over if not removed properly.
Please follow all instructions carefully to be sure your system is
thoroughly cleaned:

Dealing with Unwanted Spyware and Parasites:
http://mvps.org/winhelp2002/unwanted.htm
Be sure to run CWShredder, Ad-aware and Spybot.
Also be sure to use the About:Buster here
http://www.majorgeeks.com/download4289.html
http://www.atribune.org/downloads/AboutBuster.zip
AdAware se (Free)
http://www.lavasoftusa.com/support/download/
the newest version of CWShredder (2.0) here:
http://www.majorgeeks.com/download3019.html
and the HijackThis. Please do not post your log to this
newsgroup, but to the SpywareInfo or the Aumha HiJackThis forums
http://forum.aumha.org/viewforum.php?f=30, to allow the experts there to
evaluate your log and advise you of the necessary steps to clean your
system.

CAUTION!!!!! Before you try to remove spyware using any of the programs
below, download a copy of LSPFIX from any of the following sites:
http://www.cexx.org/lspfix.htm
http://www.spychecker.com/program/winsockxpfix.html
(if your OS is Win2k or XP) The process of removing certain malware may kill
your internet connection. If this should occur, this program, LSPFIX, will
enable you to regain your connection.

Also, get a copy of WinsockFix Utility
http://www.dfwonline.net/files/WinsockFix.zip
or
WinsockXPFix available at:
http://www.spychecker.com/program/winsockxpfix.html
and
WinsockXP Fix- WinXP
http://www.spychecker.com/program/winsockxpfix.html
Also, with instructions, at
http://www.iup.edu/house/resnet/winfix.shtm
also
From LavaSoft- all versions of Windows-
http://digital-solutions.co.uk/lavasoft/whndnfix.zip
also ....
(NOTE: It is reported that in XP SP2, the command netsh winsock reset
will fix this problem without the need for these programs.)

Also.........

Courtesy of Jim Byrd -

Download Sysclean.com, from Trend Micro, here:
http://www.trendmicro.com/download/dcs.asp along with the latest pattern
file, here:
http://www.trendmicro.com/download/pattern.asp
Be sure to read the "How-to" info here:
http://www.trendmicro.com/ftp/products/tsc/readme.txt
You might also want to get Art's updater, SYS-UP.Zip, here for future
updating of these: http://home.epix.net/~artnpeg/.
(If you download and use the updater from the beginning, it will
automatically handle downloading the other files. Place them in a dedicated
folder after appropriate unzipping, and then run. This scan may take a long
time, as Sysclean is VERY extensive and thorough

and......

NOTE: If you can not download these programs from the Internet, if your PC
has CD read capabilities, go to another computer with CD-ROM burning
capabilities. Create a folder on the hard drive of the other computer called
HOLD, download the programs to that folder, then burn that folder to a CD.
Copy the HOLD folder to your HD and then install the programs from there
and run them. After you have IE access again, update all programs where
possible to get the latest definitions and run them again in Safe Mode to be
sure there are no lingering items on the system.

also...........

Additional information on how to protect your PC:
The Parasite Fight http://www.aumha.org/a/quickfix.htm
More security tips at http://www.aumha.org/a/parasite.htm
Bugs, Glitches & Stuffups: http://www.mvps.org/inetexplorer/Darnit.htm

So how did I get infected in the first place?
http://boards.cexx.org/viewtopic.ph...ghlight=&sid=53751d8ff5915261af727df08e66ce0d
or
http://snipurl.com/980t

If these steps do not resolve your problem, please post back to this thread
with the details and any error messages.

Hope this helps

Jan
Smiles are meant to be shared,
that's why they're so contagious.

Please reply to the newsgroup so others may benefit.
How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm

 

[Jonathan Sachs]

It seems remarkable that I would have to run a half-dozen different programs
to clean up this type of problem. Do I understand you correctly that these
steps are all necessary -- they are not alternatives or solutions to
distinct problems?

At the moment I seem to be OK. I followed some instructions that I found at
www.doxdesk.com for manual removal of one critter, then I ran Ad-Aware one
more time, rebooted, and so far I have seen no evidence of problems
(including no suspicious looking tasks in Task Manager).

I will keep your instructions on hand in case the problems recur.

 

[Jan Il]

Hi Jonathan

I can understand your confusion, however, there are many various types of
parasites, malware, spyware, adware, worms and viruses, thus, no one program
can detect or remove them all. Anti-virus programs are for detecting and
removing viruses. Parasites, malware, spyware, adware all may require
various types of removal tools. Some variants, such as the Coolweb series,
are very vicious, and can mutate and even replicate themselves over and over
if they are not properly and totally removed. Removing some types of
spyware can damage some files, even causing you to lose connection to the
internet.

AdAware is programmed to detect and remove adware. SpyBot S&D is programmed
to detect and remove spyware. HijackThis is used to detect and allow removal
of hijackware, etc. The fact that you used AdAware and it now comes back
clean does not, I repeat, does not, mean that your system is completely free
of any scumware. It just means that it has removed the adware that may have
been on your system. Agreed, getting rid of the scumware is much harder and
more time consuming than getting it in the first place.

I urge you to continue with the rest of the programs to make sure that your
system is totally free of all forms or scumware, as many of these variants
can, and will, come back over and over. However, if you choose not to
continue at this time, I am glad to know that you will keep them handy for
use later.

Hope this helps

Jan
Smiles are meant to be shared,
that's why they're so contagious.

Please reply to the newsgroup so others may benefit.
How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm

 

[Jonathan Sachs]

I'm at the point where my system has no symptoms except starting a couple of
unwanted windows on unwanted web sites each time I start. That's going to
have to be sufficient for a week or two until I discharge my current
time-critical commitments and I can make time for this.