What type of pop-ups are these and how do I stop them?

[ZepTepi]

Ok, I work for a hotel here in San Diego and we have 2 business center PC's
that are both running IE Version 7.0.5730.11. One of the PC's(the one i'm
writing this on) keeps having issues with pop-ups. Sometimes when I check the
pop-up blocker it's turned off but other times, like today, it's on yet the
pop-ups happen anyway. In the 20 minutes since I sat down here 10 pop-ups
have popped up. Some of them have "CiD:" in front of the name of the web site
both on the blue bar at the very top of the page as well as the tab. Some of
them don't have that. The PC is running XP. Not sure what other info you need
to diagnois this issue. I'll post the url's of the pop-ups here in case that
helps. I appriciate any help anyone can provide.

http://www.diet.com/dietblogs/index.php

http://eas.apm.emediate.eu/eas?camp=24239;cu=1168;cre=mu;target=_blank;ord=[timestamp]

http://www.quizrocket.com/twilight-...e=100713&utm_medium=Ban&utm_campaign=Twilight

http://www.joltoffers.com/xx.asp?keyword=pr

http://www.freecreditreport.com/pm/default.aspx?pagetypeid=homepage62&sc=668095&bcd=CD1171

https://www.easypaydayloanonline.com/ze/default.aspx?hid=460208402&sid=106

http://www.dtv4pc.net/ybnt/long/main_nflf/se/index.html

http://www.open-aire.com/slanding.aspx?source=hy_17261&keyword=stat&aff_id=1234&lcid=

http://www.joltoffers.com/xx.asp?keyword=nintendo

 

[MowGreen [MVP]]

It would behoove you to have whomever does IT for you do a malware scan
on the system with the popups. It sure sounds as if malware is resident
on it and should not be trusted for business nor any other purpose.

At best, it's spyware, at worst, there could be a keylogger, password
stealer or rootkit-like malware resident.

MowGreen [MVP 2003-2009]
===============
*-343-* FDNY
Never Forgotten
===============

 

[Malke]

Ok, I work for a hotel here in San Diego and we have 2 business center
PC's that are both running IE Version 7.0.5730.11. One of the PC's(the one
i'm writing this on) keeps having issues with pop-ups. Sometimes when I
check the pop-up blocker it's turned off but other times, like today, it's
on yet the pop-ups happen anyway. In the 20 minutes since I sat down here
10 pop-ups have popped up. Some of them have "CiD:" in front of the name
of the web site both on the blue bar at the very top of the page as well
as the tab. Some of them don't have that. The PC is running XP. Not sure
what other info you need to diagnois this issue. I'll post the url's of
the pop-ups here in case that helps. I appriciate any help anyone can
provide.

(snip lots of very spammy URLs)

It's the holiday season, so I'm going to presume the best of you and answer
as if you are not a spammer. If this is a legitimate post, you should know
that you should never post unmunged spammy/malicious URLs.

Your computer is infected and you need to clean it up. Take it off the
Internet and your Local Area Network and remove all the malware.

Go through these general malware removal steps systematically -
http://www.elephantboycomputers.com/page2.html#Removing_Malware

Include scanning with David Lipman's Multi_AV and follow instructions to do
all scans in Safe Mode. Please see the special Notes regarding using
Multi_AV in Vista.

http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions
http://tinyurl.com/yoeru3 - download link and more instructions

When all else fails, get guided help. Choose one of the specialty forums
listed at the first link. Register and read its posting FAQ. PLEASE DO NOT
POST LOGS IN THE MS NEWSGROUPS.

If you have an IT Dept., they should clean up the machine or reimage it. If
you don't have an IT Dept. and you can't do the work yourself, have a local
professional come on-site. I don't recommend using
BigComputerStore/GeekSquad types of places.

Malke

 

[ZepTepi]

oK, so another hotel employee told me to check the hard drive for something
and when I went to my computer I noticed it showed a thumb drive, but there
is no thumb drive attached to the PC in any of the ports. The other employee
then said it looked to them like someone had managed to create a virtual
drive on this PC and that might be how they were getting around the pop-up
blocker. Sound legit??

I also forgot to mention that this PC has been having an issue, for the last
3 days with a malware program called "Antivirus 2010". alot of, supposedly,
fake scans coming up and then a warning message saying it detected 40
something viruses/trojans and that we need to downlopad & register Antivirus
2010 right away or the P{C could suffer major trouble. When i googles
"Antivirus 2010" I found that it was malicious
malware. I found a site that said to download something called
"Malwarebyte's Anti Malware" and run it. It would then scan, detect, and get
rid of the malware. I did so yesterday and had no issues with it agin until
this morning. As if I had gotten rid of it and then a guest had gotten it
again. Only guessing as i can't be sure.

 

[PA Bear [MS MVP]]

What Malke said.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/

Ok, I work for a hotel here in San Diego and we have 2 business center
PC's
that are both running IE Version 7.0.5730.11. One of the PC's(the one i'm
writing this on) keeps having issues with pop-ups. Sometimes when I check
the pop-up blocker it's turned off but other times, like today, it's on
yet
the pop-ups happen anyway. In the 20 minutes since I sat down here 10
pop-ups have popped up. Some of them have "CiD:" in front of the name of
the web site both on the blue bar at the very top of the page as well as
the tab. Some of them don't have that. The PC is running XP. Not sure what
other info you need to diagnois this issue. I'll post the url's of the
pop-ups here in case that helps. I appriciate any help anyone can provide.

<SNIP SPAMMY LINKS>

 

[Randem]

Use a System Restore and you can try this
http://www.randem.com/virusproblems.html


--
Randem Systems
Your Installation Specialist
The Top Inno Setup Script Generator
http://www.randem.com/innoscript.html
http://www.rndem.com/installerproblems.html
http://www.randem.com/vistainstalls.html
http://www.financialtrainingservices.org

oK, so another hotel employee told me to check the hard drive for
something
and when I went to my computer I noticed it showed a thumb drive, but
there
is no thumb drive attached to the PC in any of the ports. The other
employee
then said it looked to them like someone had managed to create a virtual
drive on this PC and that might be how they were getting around the pop-up
blocker. Sound legit??

I also forgot to mention that this PC has been having an issue, for the
last
3 days with a malware program called "Antivirus 2010". alot of,
supposedly,
fake scans coming up and then a warning message saying it detected 40
something viruses/trojans and that we need to downlopad & register
Antivirus
2010 right away or the P{C could suffer major trouble. When i googles
"Antivirus 2010" I found that it was malicious
malware. I found a site that said to download something called
"Malwarebyte's Anti Malware" and run it. It would then scan, detect, and
get
rid of the malware. I did so yesterday and had no issues with it agin
until
this morning. As if I had gotten rid of it and then a guest had gotten it
again. Only guessing as i can't be sure.

Ok, I work for a hotel here in San Diego and we have 2 business center
PC's
that are both running IE Version 7.0.5730.11. One of the PC's(the one i'm
writing this on) keeps having issues with pop-ups. Sometimes when I check
the
pop-up blocker it's turned off but other times, like today, it's on yet
the
pop-ups happen anyway. In the 20 minutes since I sat down here 10 pop-ups
have popped up. Some of them have "CiD:" in front of the name of the web
site
both on the blue bar at the very top of the page as well as the tab. Some
of
them don't have that. The PC is running XP. Not sure what other info you
need
to diagnois this issue. I'll post the url's of the pop-ups here in case
that
helps. I appriciate any help anyone can provide.

http://www.diet.com/dietblogs/index.php

http://eas.apm.emediate.eu/eas?camp=24239;cu=1168;cre=mu;target=_blank;ord=[timestamp]

http://www.quizrocket.com/twilight-...e=100713&utm_medium=Ban&utm_campaign=Twilight

http://www.joltoffers.com/xx.asp?keyword=pr

http://www.freecreditreport.com/pm/default.aspx?pagetypeid=homepage62&sc=668095&bcd=CD1171

https://www.easypaydayloanonline.com/ze/default.aspx?hid=460208402&sid=106

http://www.dtv4pc.net/ybnt/long/main_nflf/se/index.html

http://www.open-aire.com/slanding.aspx?source=hy_17261&keyword=stat&aff_id=1234&lcid=

http://www.joltoffers.com/xx.asp?keyword=nintendo

 

[Malke]

oK, so another hotel employee told me to check the hard drive for
something and when I went to my computer I noticed it showed a thumb
drive, but there is no thumb drive attached to the PC in any of the ports.
The other employee then said it looked to them like someone had managed to
create a virtual drive on this PC and that might be how they were getting
around the pop-up blocker. Sound legit??

I also forgot to mention that this PC has been having an issue, for the
last 3 days with a malware program called "Antivirus 2010". alot of,
supposedly, fake scans coming up and then a warning message saying it
detected 40 something viruses/trojans and that we need to downlopad &
register Antivirus 2010 right away or the P{C could suffer major trouble.
When i googles "Antivirus 2010" I found that it was malicious
malware. I found a site that said to download something called
"Malwarebyte's Anti Malware" and run it. It would then scan, detect, and
get rid of the malware. I did so yesterday and had no issues with it agin
until this morning. As if I had gotten rid of it and then a guest had
gotten it again. Only guessing as i can't be sure.

Your computer is still not clean.

Removal instructions for Antivirus 2010:
http://www.malwarebytes.org/forums/index.php?showtopic=6703

These may work for you and all may be well. However, in many cases the
computer will also be infected with Zlob and/or Vundo trojans and protected
by a rootkit. These machines are extremely difficult to clean.

If your machine is one of these cases, either get guided help at one of the
specialty forums below OR back up your data and do a clean install of
Windows. It is your choice. If you are unsure how to back up your data or
how to do a clean install, you can take your machine to a local computer
professional. I don't recommend using BigComputerStore/GeekSquad types of
places.

PLEASE DO NOT POST LOGS IN THE MS NEWSGROUPS.

http://aumha.org/downloads/hijackthis.zip
http://aumha.net/ - Click on the HijackThis forum. Read the announcement and
the stickies *first*.
http://www.atribune.org/forums/index.php?showforum=9
http://aumha.net/viewforum.php?f=30
http://www.bleepingcomputer.com/forums/forum22.html
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://www.malwarebytes.org/forums/index.php?showforum=7
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://spywarewarrior.com/viewforum.php?f=5
http://forums.techguy.org/54-security/
http://forums.tomcoyote.org/
http://www.thespykiller.co.uk/index.php?board=3.0
http://forums.subratam.org/index.php?showforum=7



Malke

 

[beamish]

Ok, I work for a hotel here in San Diego and we have 2 business center PC's
that are both running IE Version 7.0.5730.11. One of the PC's(the one i'm
writing this on) keeps having issues with pop-ups. Sometimes when I check the
pop-up blocker it's turned off but other times, like today, it's on yet the
pop-ups happen anyway. In the 20 minutes since I sat down here 10 pop-ups
have popped up. Some of them have "CiD:" in front of the name of the web site
both on the blue bar at the very top of the page as well as the tab. Some of
them don't have that. The PC is running XP. Not sure what other info you need
to diagnois this issue. I'll post the url's of the pop-ups here in case that
helps. I appriciate any help anyone can provide.

http://www.diet.com/dietblogs/index.php

http://eas.apm.emediate.eu/eas?camp=24239;cu=1168;cre=mu;target=_blank;ord=[timestamp]

http://www.quizrocket.com/twilight-...e=100713&utm_medium=Ban&utm_campaign=Twilight

http://www.joltoffers.com/xx.asp?keyword=pr

http://www.freecreditreport.com/pm/default.aspx?pagetypeid=homepage62&sc=668095&bcd=CD1171

https://www.easypaydayloanonline.com/ze/default.aspx?hid=460208402&sid=106

http://www.dtv4pc.net/ybnt/long/main_nflf/se/index.html

http://www.open-aire.com/slanding.aspx?source=hy_17261&keyword=stat&aff_id=1234&lcid=

http://www.joltoffers.com/xx.asp?keyword=nintendo

Hello,
Under the set up that is indicated, I would use a imaging software program,
that has the ability to burn an image to DVD/CD and reinstall.
Reinstall the OS and then make an image of the clean system, then burn to a
DVD/CD, using the image program.
Twice a day the system can be re-imaged using the image on the DVD/CD.

I am assuming that these units are not linked to a server, if they are then
the image can be run from the server on a set schedule.

This supposes that the hotel has not given data storage capability to guest
on these units.
Does not need to be a guest causing the problem.

take care,
beamish