pop-up issue

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • pentium
    Badcaps Legend
    • Mar 2006
    • 2778
    • Canada

    #1

    pop-up issue

    I have an issue that is driving me nuts.
    Ad aware is finding nothing, the online version of the House call virus scanner is not loading (errors out) and on select websites I am bombarded with popups, even with adblock on.

    For example, if I go to www.nekochan.net I don't have an issue at all however if I go to youtube or even these forums I get popups and they are always the same thing: yellow pages, a cheap "you have a virus!" window that redirects to a site and if I am searching something (say a power supply), I will get a popup that offers professional power supplies at premium prices.

    BLARGH! What the heck is going on?
    Find Nedry!


    Check the Vending machines!!

    <----Computer says I need more beer.
  • PCBONEZ
    Grumpy Old Fart
    • Aug 2005
    • 10661
    • USA

    #2
    Re: pop-up issue

    >> What the heck is going on? <<

    You have a virus.

    ~~

    Remove drive.
    Put in another system as second drive and DON'T EVEN LOOK AT the files on it.
    Run anti-virus on the drive from host system.
    Write down what it finds and does.

    Put problem drive back in original system and start fixing damage done.

    .
    Mann-Made Global Warming.
    - We should be more concerned about the Intellectual Climate.

    -
    Be who you are and say what you feel, because those who mind don't matter and those who matter don't mind.

    - Dr Seuss
    -
    You can teach a man to fish and feed him for life, but if he can't handle sushi you must also teach him to cook.
    -

    Comment

    • momaka
      master hoarder
      • May 2008
      • 12170
      • Bulgaria

      #3
      Re: pop-up issue

      Scaning only with Ad Aware will not help. About 5 years ago, I had even more problems with viruses and spyware when I didn't know anything about firewalls, spyware, and such. Your best bet is to scan with at least 2 different programs. My suggestion is, go to download.com and download Webroot SpySweeper (should be a 30 day free trial), Spybot Search and Destroy (free), and HijackThis (also free). Prior to scanning, disconnect your internet, and restart your computer. That way, any spyware that might be open and connected to the internet won't be a problem when deleting.

      First scan with SpySweeper, and permanently delete all spyware that it finds.

      Then scan with Spybot Search and Destroy, and again delete any spyware that it finds.

      Lastly, scan with HijackThis. Be extremely carefull though, since that program doesn't find know spyware but rather shows files in different vulnerable locations (most of which are Windows and IE/FF components and not spyware, so research every single entry. Google should be helpful here, however research from another computer and not the one your are cleaning).

      Once done scaning and cleaning your computer, install Spyware Blaster and active its protection (turn off SpySweeper when doing that, though). What Spyware Blaster does is it registers known bad/spyware/virus-infected websites into the IE/FF registry so that when you try to view a website that might be infected or that has advertisements with spyware, IE/FF will not download the advertisement from that website. It works similar to the hosts file for FF that disables most of the common advertiesements. Best part is, once you active the Spyware Blaster protection, you will no longer need to have it running to be protected (though opening Spyware Blaster and updating its database once a month or so is desirable).

      Once finished with all that, have yourself a firewall and anti-virus just in case. I have Zone Alarm and AVG-Free since they are both good and not heavy on system resources and are both free. I've also successfully cleaned many computers besides mine this same exact way, and never had a problem with them ever since, even when visiting some half-shady websites.
      Sorry for the long post, and I hope this helps you somehow.
      Last edited by momaka; 11-01-2008, 11:16 PM.

      Comment

      • Roadkill203
        Senior Member
        • Oct 2008
        • 68

        #4
        Re: pop-up issue

        Originally posted by momaka
        ...Once finished with all that, have yourself a firewall and anti-virus just in case. I have Zone Alarm and AVG-Free since they are both good and not heavy on system resources and are both free...
        My 2 cents...

        I have a hardware firewall built into my onboard LAN, plus I'm behind a router. I never trusted a software firewall, got infected many times with one (Black Ice Defender). Used to have McAffee too, got infected with that piece of garbage! Now I just run Panda Total Internet Security (about $20.00 a year), and with my hardware firewall and router, I've never had a problem since.

        Comment

        • pentium
          Badcaps Legend
          • Mar 2006
          • 2778
          • Canada

          #5
          Re: pop-up issue

          son of a...
          How the hell did it get on here?!
          I have no alternative system to boot off of The closest thing I have to a computer that runs ANY modern antivirus package is my parents computer and even then it's Norton Antivirus (better off with nothing).


          EDIT: SON OF A BITCH!!!!
          A quick check of the history logs finds links to pages about watercolor painting.
          My mom has been using my computer again and knowing how she completely nuked our Telus email inbox (now we get DUPLICATES of spam) she probably was going to shady places on my computer too. Damnit! I need to get her a linux box. She destroys any windows pc she uses.
          Last edited by pentium; 11-02-2008, 12:59 AM.
          Find Nedry!


          Check the Vending machines!!

          <----Computer says I need more beer.

          Comment

          • Per Hansson
            Super Moderator
            • Jul 2005
            • 5895
            • Sweden

            #6
            Re: pop-up issue

            If you want you can post your HijackThis log in Techspot's "Security and the Web" section
            Many very knowledgable guys in this field will be able to help you...
            But please do read the stickies first...

            http://www.techspot.com/vb/menu28.html
            "The one who says it cannot be done should never interrupt the one who is doing it."

            Comment

            • jpdoe
              Badcaps Veteran
              • May 2007
              • 237

              #7
              Re: pop-up issue

              I would just reinstall windows. Getting the bugs out of a sick install is too much of a hassle.What I do is reinstall and make an image of the clean installation with ghost or acronis. That way if I make a mistake down the road I can have a functional system again in 5 minutes.

              Another good thing is to have a small system partition. 20GB is more than enough. That way when you need to reinstall, you only have to move a few GB out of the system partition and then you can hose the whole system partition with a fast re-format using the windows setup, or just recover the ghost or acronis image (if you have one)

              And to wrap it up: a Windows PE (pre-boot environment) boot CD is a great tool to have. There's a tool called BartPE that allows you to make one. It allows to boot a modified Windows from CD, and run applications from it. Some antivirus have plugins you can add to the BartPE CD, so that you can remove virus from your system when booting from the BartPE CD.
              Last edited by jpdoe; 11-02-2008, 03:51 AM.

              Comment

              • gdement
                Badcaps Veteran
                • Jan 2007
                • 690

                #8
                Re: pop-up issue

                Originally posted by pentium
                son of a...
                How the hell did it get on here?!
                I have no alternative system to boot off of The closest thing I have to a computer that runs ANY modern antivirus package is my parents computer and even then it's Norton Antivirus (better off with nothing).
                I'll take your word for it, but from the pictures I've seen you have more computers than the starship Enterprise.

                Comment

                • i4004
                  Badcaps Legend
                  • Oct 2006
                  • 2029

                  #9
                  Re: pop-up issue

                  i would do free avast first(boot time scan) and then these two
                  https://www.badcaps.net/forum/showth...ware#post52481
                  (hitman and malwarebytes)

                  by then you should (at very least) have idea what's causing it(most likely it'll be removed by that time), and then you can go to bleepingcomputer.com to see if there's guide to manually remove it...
                  http://www.bleepingcomputer.com/forums/forum55.html

                  your mum was very naughty, AGAIN!!??
                  hehe...

                  Comment

                  • kc8adu
                    Super Moderator
                    • Nov 2003
                    • 8832
                    • U.S.A!

                    #10
                    Re: pop-up issue

                    sounds like one of my neighbors infections.
                    turned out to be antivirus xp 2008.
                    a real piece of shit that is fun to get rid of.
                    this thing would pop up every 15 seconds warning you to download the fix for 39.95.
                    about the 10th time you close it it served about 50 porno popups.
                    the online scanners are broken due to hosts entries it made.

                    Comment

                    • bgavin
                      Badcaps Legend
                      • Jan 2007
                      • 1355

                      #11
                      Re: pop-up issue

                      www.malwarebytes.org

                      This will rid you of XP200x virus. It runs equally well in safe mode.
                      Current version is 1.30, freeway. Best I have found to date. Very effective against VUndo also.

                      www.sandboxie.com

                      Use Sandboxie to surf anyplace dangerous.
                      I use it daily, and bought a registered copy. This is a serious internet condom for surfing suspect sites. When you close the browser, you can set it to automatically flush the sandbox. Bye, bye parasites.

                      Comment

                      • pentium
                        Badcaps Legend
                        • Mar 2006
                        • 2778
                        • Canada

                        #12
                        Re: pop-up issue

                        Well I can't even use the system now.
                        I installed one antivirus program, restarted the system like it asked and now just after I log in the system hangs.
                        I tried to get into safe mode...what do we have here?
                        The god damned BioLogon program I use won't let me type my password in. Only through the scanner and to no surprise it was disabled when you got into safe mode.

                        WHAT THE #@$!???


                        EDIT: aaargh!
                        Even if I let the system sit at the login screen it will hang all on its own!
                        Last edited by pentium; 11-02-2008, 11:50 AM.
                        Find Nedry!


                        Check the Vending machines!!

                        <----Computer says I need more beer.

                        Comment

                        • momaka
                          master hoarder
                          • May 2008
                          • 12170
                          • Bulgaria

                          #13
                          Re: pop-up issue

                          Originally posted by Roadkill203
                          I have a hardware firewall built into my onboard LAN, plus I'm behind a router.
                          What's your onboard LAN chip?
                          I'm behind a router as well, but how does that make a difference?

                          Originally posted by Roadkill203
                          I never trusted a software firewall, got infected many times with one (Black Ice Defender). Used to have McAffee too, got infected with that piece of garbage! Now I just run Panda Total Internet Security (about $20.00 a year), and with my hardware firewall and router, I've never had a problem since.
                          I never heard of Black Ice Defender, thus I wouldn't be surprised if it was crap.
                          And yes, McAffee is garbage. Same goes for Norton Anti-Virus or Norton Internet Security. That thing makes computers slow too.

                          Zone Alarm is a different story. Never had a more reliable firewall than that. It keeps track of programs on your computer that try to connect to the internet and alerts you. After a few alerts, it remembers the settings for each program (or you can set them manually beforehand - this is really helpfull for Windows main programs/executables such as svchost.exe, services.exe, etc.). Of course, it's not 100% foolproof, but it's still a very decent firewall. Next best thing that comes after it is Comodo firewall and the Windows built-in firewall, but those are far more basic than ZA.

                          Originally posted by i4004
                          i would do free avast first(boot time scan)
                          That's another very good alternative. I've tried Avast before (that was a few years back when it was only a 60 day trial ), and I really liked the boot time scan.

                          *Edit*
                          Woops, didn't see your above message Pentium. Assuming you have XP, try pressing F8 after boot up and select
                          "Directory Services Restore Mode (Windows domain controllers only)"
                          I found this to work in times even when Safe Mode did not.
                          Last edited by momaka; 11-02-2008, 12:17 PM.

                          Comment

                          • pentium
                            Badcaps Legend
                            • Mar 2006
                            • 2778
                            • Canada

                            #14
                            Re: pop-up issue

                            I'll give that a try after I finish some scans.
                            I pulled the drive and put it in another system and after it finishes a Norton Antivirus scan (yeah, it's crap but we paid $$$ for it and a subscription) followed by an online scan via the House call scanner which I used in the past (It always kept my system clean and cleaned up the mess that my mom left the last time she tried to use my computer) I'll try what you say and hope it works.
                            As for reinstalling everything. I'm not going to. I'm replacing this lone 120Gb drive soon for two 500Gb drives. It would be stupid (and a waste of time) to reinstall, only to have to do it AGAIN a month or so later.
                            Find Nedry!


                            Check the Vending machines!!

                            <----Computer says I need more beer.

                            Comment

                            • acstech
                              GrumpyModerator
                              • Jul 2007
                              • 1432
                              • USA

                              #15
                              Re: pop-up issue

                              I deal with this kind of thing all the time. If the only other computer you have access to is one with Norton (worse than nothing IMO) then it's time to reinstall.

                              Usually I can throw the affected drive in my test computer, which dual boots XP and Fedora. The XP has AVG loaded on it, which scans the drive for viruses (goodbye Windows Antivirus 2008 ). The Linux will copy the files off as a backup (ignoring Windows permissions I might add) before I do anything so there's no possibility of losing customer data.

                              Just as an aside about Norton, one particular laptop I saw about a month ago had Symantec Endpoint Protection, "Advanced Antivirus" and "Windows Antivirus 2008" all running at the same time. Lot of good that Symantec did. After removal and installation of AVG, several more viruses were found and cleaned.

                              Norton / Symantec =

                              Edit: Pentium, you posted while I was typing.
                              A man convinced against his will is of the same opinion still.

                              Comment

                              • Spacedye69
                                Badcaps Veteran
                                • Nov 2005
                                • 698
                                • US

                                #16
                                Re: pop-up issue

                                I second the malwarebytes. I've used is on 3 PCs in the last 2 weeks to remove Antivirus 2009. Works fast and completely removes it.

                                Comment

                                • Fizzycapola
                                  Badcaps Veteran
                                  • Oct 2006
                                  • 423

                                  #17
                                  Re: pop-up issue

                                  Whilst on the topic of infection, I was reading google news recently about some other virus...

                                  http://www.theregister.co.uk/2008/10..._trojan_heist/

                                  undetectable...MBR virus...spreads silently via websites that prey on unpatched vulnerabilities in the Windows operating system or in third-party applications, such as Adobe Flash and Apple's QuickTime media player...known to affect all countries apart from Russia, which reports none...
                                  Rubycon Rubycon Rubycon

                                  Comment

                                  • pentium
                                    Badcaps Legend
                                    • Mar 2006
                                    • 2778
                                    • Canada

                                    #18
                                    Re: pop-up issue

                                    Well in that case it then either came from some chinese site where I downloaded a component datasheet or when I was looking around google.
                                    Find Nedry!


                                    Check the Vending machines!!

                                    <----Computer says I need more beer.

                                    Comment

                                    • zandrax
                                      Hit and miss
                                      • Dec 2007
                                      • 1157
                                      • Italy

                                      #19
                                      Re: pop-up issue

                                      @ Pentium: this kind of malware may be hard to remove because it tries to be loaded at every boot (worst cases are Winlogon extensions: you can remove them only by killing Winlogon, which is the Windows authentication process and can't officially be closed).
                                      I agree with most suggestions here: disconnect the computer from the net (just to stop the malware from infecting others or from being updated), clean it with Spybot S&D (download the new definitions with another pc: choose manual update), Spyware Blaster (the same), basic on-demand antivirus (nothing to install, just run) like McAfee Stinger; after the first cleaning, check autoloading programs with Autoruns and disable the suspicious ones with Process Explorer (both from MS Technet, formerly Sysinternals). Restart in Safe mode and kill the most resistant malware: for killing Winlogon extensions read Russinovich' Running Windows with no services, after killing services and Winlogon you can remove the last ones.
                                      If you don't succeed in removing everything, then you have to backup all important files, format the drive and reinstall Windows.

                                      Whatever you managed to clean the haunted Windows or reinstalled it, you've to block most common paths for infection:
                                      - disable unneeded services (e.g. Remote desktop, Messenger [not MSN or Live messenger, only the Windows messaging service], WebClient, UPNP, anything with "share", etc.). If CIFS/SMB networking isn't required, then you can safely unbind "MS Network File and Printer Sharing" from all network cards: beware that disabling "NetBios on TCP/IP Helper" service may disable DHCP too, so better keeping it alive though unused [screw you Microsoft ].
                                      - run Windows Worm Door Cleaner or SeconfigXP to close some listening ports, unnecessary for most people: read related links to know all side effects before turning everything off (e.g. closing RPC may block some Live messenger extensions, such as Remote folder sharing and such. Normal file transmission shouldn't be affected );
                                      - create a limited user account for your mother: I don't think she'll install software and an user account limits the possible damage. If some programs she use require an Administrator account, then there are two choices: 1) keeping the limited user and writing some runas scripts to run those and only those programs as admin (suggestion: keep a folder writeable from both accounts and tell your mother she'll write and read all files from here); 2) giving up and running her account as admin (last choice);
                                      - [if you know what to do] enforce NTFS ACLs for the limited user account: set Windows, System32 and System Restore as read/execute only and create a folder for temporary files dedicated to the account;
                                      - install another browser and another mail client: both IE and Outlook Express are the main target for malware writers and their default configs suck a lot. Install Firefox (+NoScript), Opera (+ an UserJS extension) or at least a better browser using the IE engine for the former, Thunderbird for the latter.

                                      Main point: tell your mother do not click on every attachment, flashy banner and such.
                                      Microsoft don't love you, don't know your mail address and don't send patches by email (a client of mine was lured with fake patches ); the same for phishing sites.

                                      [IRONIC] Happy cleaning [/IRONIC]

                                      Zandrax
                                      Last edited by zandrax; 11-02-2008, 04:12 PM.
                                      Have an happy life.

                                      Comment

                                      • pentium
                                        Badcaps Legend
                                        • Mar 2006
                                        • 2778
                                        • Canada

                                        #20
                                        Re: pop-up issue

                                        Ugh!
                                        I had to abandon scanning with Norton as I had let it scan for the afternoon and it was only 10% done.
                                        House call is working now and after hat I'll fire up Spybot S&D and pass it over the drive as well and then see what else I can do.

                                        - create a limited user account for your mother:
                                        The system is secured with a biometric lock (there are some things your parents don't need to know about like , , and other things ) however there is the odd time where I leave the system and don't log out and my mom is too lazy to go and power the computer downstairs on (norton makes a mildly good spec system crawl).
                                        Find Nedry!


                                        Check the Vending machines!!

                                        <----Computer says I need more beer.

                                        Comment

                                        Related Topics

                                        Collapse

                                        • rounin
                                          MacBook Air A2337 (820-02016) USB-C Port Issue – Only Works in One Orientation (CC Line Problem?)
                                          by rounin
                                          Hi everyone,

                                          I'm working on a MacBook Air 2020 (A2337, board 820-02016) and running into a strange USB-C issue. I've gone through quite a bit of testing and part replacement, but I'm stuck — hoping someone here can shed some light.

                                          🛠 Original Issue
                                          The machine initially wouldn't negotiate 20V over USB-C — stuck at 5V.
                                          Diagnosis showed PP1V5_UPC0_LDO_CORE shorted to ground.

                                          I replaced U3100 (UF400) using a donor board (A2179), and the machine powers on fine now.

                                          ⚠️ New Problem: One USB-C Port Only Works in One Orientation...
                                          04-19-2025, 01:18 AM
                                        • ugamazing
                                          Three 820-01700 32GB Logic Boards Same Issue: Won't Wake From Hibernate
                                          by ugamazing
                                          I have three identical-spec 820-01700 boards (2.6/32/512), and ALL THREE boards came to us with the same fault, from different sources: The boards don't wake from hibernation with the keyboard or lid, they ONLY wake when you press the power button. I understand this is a very minor issue, but the boards must be fixed!

                                          We will of course begin with the obvious (checking lid signals), but I couldn't help but notice these three boards were all 32GB variants. Has anyone noticed an issue relating to these 32GB boards in particular? I of course don't think it's a RAM issue, but it's bizarre...
                                          12-17-2024, 07:05 PM
                                        • elmark
                                          HP 15-cw1002ua strange keyboard issue
                                          by elmark
                                          HP Pavilion 15-CW1002UA
                                          S/N 5CD0251CBC
                                          P/N 7KE54EA

                                          Hello guys!
                                          I have a strange issue with my laptop keyboard and I'm lost trying to detect what's wrong - the KB9028Q-C or the keyboard itself.
                                          It powers on OK and has no other issues except the following:
                                          • CAPS LOCK does not work at all
                                          • Fn button toggles Flight Mode
                                          • When I press 't' or '5', it produces 't5', and when I press 'y' or '6', it produces 'y6'
                                          • (with SHIFT pressed: 't%' and 'y^' respectively)
                                          I initially thought it was a keyboard malfunction (internal short, etc.),
                                          but when I press and hold...
                                          06-27-2025, 01:10 AM
                                        • Simone Vergani
                                          Alienware 15 R2 Service Tag: DL7NN32 ISSUE (Battery is not charging)
                                          by Simone Vergani
                                          Hello everyone,

                                          I'm experiencing an issue with my Alienware 15 R2 (Service Tag: DL7NN32). The laptop works perfectly when connected to the AC adapter — it powers on and functions normally. However, the battery does not charge. If I disconnect the DC adapter, the laptop shuts down immediately, as the battery is at 0%. I have replaced the battery with a new compatible one, but the issue persists. I also replaced the AC adapter with a compatible one, but the battery still doesn't charge.

                                          To assist with troubleshooting, I'm attaching two power circuit schematics:
                                          • Power
                                          ...
                                          03-05-2025, 02:25 PM
                                        • wizard13
                                          Dynabook Satellite Pro C50D-B-100 - BIOS Issue, Black Screen
                                          by wizard13
                                          Hello everyone,

                                          I am experiencing a BIOS-related issue with my Dynabook Satellite Pro C50D-B-100. When I power on the laptop, the screen stays black, and there is no response from the system. I suspect a corrupted BIOS.

                                          I have checked the forum and the available documentation but could not find a solution specific to my issue.
                                          • Brand & Model: Dynabook Satellite Pro C50D-B-100
                                          • Part Number (P/N): PYU13E-00C00PFR
                                          • Serial Number (S/N): 22028896H
                                          • System Configuration (SC): A1PYU13E1127
                                          • Motherboard Model: IP3_ACN16_MB_V21_20211222A
                                          • Power Input: DC 19V –
                                          ...
                                          02-28-2025, 02:43 AM
                                        • Loading...
                                        • No more items.
                                        Working...