Porn Popups

bwaites

Flashlight Enthusiast
Joined
Nov 27, 2003
Messages
5,035
Location
Central Washington State
OK, my wife's business computer has been infested with some type of popup that the standard popup blockers aren't catching.

Most of them are Porn ads, and seem to have started after she visited B&H Photo, something that she has to do several times each week.

I have run Adaware, Panda, Microsofts popup blocker, Googles popup blocker, Spybot all without catching and cleaning the problem.

Any ideas?

Bill
 

bjn70

Flashlight Enthusiast
Joined
Nov 25, 2004
Messages
1,097
Location
DFW, TX
Not sure why but it seems that none of the anti-spyware programs are 100%, each one catches things that the others miss. I tried Spysweeper and it found things that adaware and spybot didn't find. They want you to buy the shareware version, hinting that it will catch even more problems.

I run Mozilla Firefox almost exclusively, and it is fairly immune to infections like this. Internet Explorer is like a sitting duck.
 

bwaites

Flashlight Enthusiast
Joined
Nov 27, 2003
Messages
5,035
Location
Central Washington State
I switched to FF on one of my 'puters, but found it did not want to run with several of my programs, and that it caused some conflicts.

IE is a sitting duck, but it runs with all her software. Thanks for the help so far guys!!

Bill
 

carrot

Flashaholic
Joined
Dec 6, 2005
Messages
9,236
Location
New York City
Firefox does not make you impervious though. Neither does Opera, although Opera has less known exploitable flaws.
 

AJ_Dual

Enlightened
Joined
May 7, 2005
Messages
691
Location
SE WI
I caught some nasty spyware/adware that was actualy trying to make itself look like MS SecurtyCenter and hawk their own spyware cleaner. It was a very nasty homepage hijack that was an encrypted registry entry with some supporting DLL's.

Very annoying.

I got it mostly neutered by exhaustively searching Google for other more knowledgable people posting how to get rid of it. But only neutered, not clean, because the infected PC was running Win 2000, and 99.9% of the people posting how-to info were on Xp. There were some subtle registry and DLL differences that made their advice not 100% effective.

Finaly, after waiting a few weeks, and checking updates on all my security software, suddenly both AdAware and the freebie virus checker that RoadRunner gives you cleaned it.

The easiest thing if you don't have the time to keep searching the pop-up URL's in google to find other people posting tech advice with the same malware, would be to use Mozilla FireFox as your browser, then just keep updaing AdAware, SpyBot Search and destroy and your AV program, they'll get updated and fix this eventualy.

I haven't had one problem since switching to FireFox personaly.
 

Monolith

Enlightened
Joined
Mar 5, 2004
Messages
746
Location
NJ
SpyDoctor is free to run. You can download a copy and run it locally. You only have to buy the full version if you want it to automatically fix your problems. If you're a little computer savvy, you won't need that much help. Just depends. Give it a shot and report back if you found your problem.
 

greenLED

Flashaholic
Joined
Mar 26, 2004
Messages
13,263
Location
La Tiquicia
Try running all those clean-up programs in sequence, *while disconnected from her LAN and/or Internet*
 

Monolith

Enlightened
Joined
Mar 5, 2004
Messages
746
Location
NJ
Remember that Windows XP has a rollback feature. Typically, you'll have to reboot in safe mode to completely get rid of it.
 

Bob_G

Enlightened
Joined
Apr 25, 2005
Messages
682
Location
Kentucky, USA
It's obviously on the computer, so blocking it isn't a solution, you need to get rid of it. Best bet is to go to a spyware forum that specializes in "HijackThis' logs.

I'd poke around at the tomcoyote spyware forums to get comfortable, then dl HJT and have a go.

This stuff usually piggybacks in on some other download and is so sophisticated today that the usual cleaners often won't get everything.
 

Mike Painter

Flashlight Enthusiast
Joined
Sep 16, 2002
Messages
1,863
Here is a little information on rootkits as installed by Sony's DRM and probably by several others. Anything that depends on Windows calls to find out things will never see these hidden directories.
I don't know what "B&H photo" is but if they are concerned about copyright they may be doing some management.
 

powernoodle

Flashlight Enthusiast
Joined
Feb 25, 2004
Messages
2,512
Location
secret underground bunker
What Monolith said. If its XP, turn off the restore feature (whatever its called), reboot, use Adaware etc., turn on the restore feature and reboot. Nasties can hide in there and your cleaning programs can't get to them. Worth a shot, anyway.

peace
 

Sub_Umbra

Flashlight Enthusiast
Joined
Mar 6, 2004
Messages
4,748
Location
la bonne vie en Amérique
bwaites said:
Good points guys!! Thanks and keep it up!

This is a real kludge, but it may be appropriate if the offending popups always originate from the same source.

Edit the host file to reflect that that info may be found on the local hdd. I don't recall the exact WIN syntax but what you want to tell it is:
Code:
http://www.offending.url.com=127.0.0.1
(127.0.0.1 is the local machine)

I'm pretty sure that there are custom host files on line for just this purpose.
 

carrot

Flashaholic
Joined
Dec 6, 2005
Messages
9,236
Location
New York City
What Sub_Umbra said.
The hosts file should be in C:\Windows\System32\drivers\etc\
(forgive me if I'm wrong, I haven't used Windows in awhile)

Just follow the format given in the example in the hosts file.
 

M.TEX

Enlightened
Joined
Oct 14, 2005
Messages
265
Location
USA. _ MA
My 02 Cents here,

Try all the above and also try AVG software from Symantec.
they are very good....
Popups are bad... I don't like it:rant:
 

raggie33

*the raggedier*
Joined
Aug 11, 2003
Messages
13,423
i get porn email it makes me so mad.im about to just drop email aint worth it to me cause all the darn spam i get but i do admit gmail is way better then hotmail i should just quit hotmail
 

Ras_Thavas

Enlightened
Joined
Nov 4, 2005
Messages
455
Location
Virginia
If installing Firefox messes with some other installed programs there is another option: Portable Firefox.

It can run off a thumb drive or portable hard drive. It does not install, you just run the executable. It is a hair slower, and my not support as many advanced website functions, but it may suffice for your needs.

Just Google portable Firefox, I can't remember if there is a link to it from Mozilla's site.
 

OutdoorIdiot

Enlightened
Joined
Feb 14, 2006
Messages
216
Location
UK
You've probably already fixed it by now, but just in case...

I had a similar problem a while ago. No malware removal tool could automatically get rid of it.

I ended up having to download and use both of the freewares "hijackthis" and "killbox", then find some specific advice on the internet about the particular problem. I.e. I had to find a list of the registry entries to delete using "hijackthis" and a list of program files to delete using "killbox".

In order to track down the specific advice, I noted that there were one or two URLs that came up frequently in the unwanted pop-ups, then just Googled "hijackthis killbox <dodgyURL>" and was lucky enough to find people with the exact same problem, where some experts had listed exactly what to get rid of using those two tools.

If the OS is Windows XP, it may be worth checking it has Service Pack 2 installed. This may seem a silly suggestion in this day and age, but I discovered only a few months ago that I was still on SP1! I'm sure in a business, the computers will all be up to date ... but worth checking, given how insecure SP1 was...
 
Top