PopUps, PopUps, PopUps ... - Page 2
Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 37

Thread: PopUps, PopUps, PopUps ...

  1. #11
    Senior Member
    Join Date
    Feb 2005
    Posts
    153
    If it's getting to the point where this workstation computer is going to need to go into command line for manual deletion of files, then why not save the time and effort and simply reformat?

    Why settle for a plethora of spyware infections that may or may not leave the system insecure/unstable after their removal, when you could take that mass hazard and simply wipe it clean? Normally I wouldn't recommend this, as I've cleaned boxes with 2,000 counts of spyware/adware. But if the spyware gets rooted deep enough into the system, lots of it, then you can't trust the registry stability any longer nor the system stability if it altered/replaced windows specific files that you had to delete.
    \"It is not the strongest of the species that survive, nor the most intelligent, but the one most responsive to change.\"
    - Charles Darwin

  2. #12
    Senior Member
    Join Date
    Mar 2005
    Posts
    400

    Exclamation

    Simply observations:

    Originally posted here by Und3ertak3r
    You will note in the HJT log the prevelence of programs in the Startup\RUN where the files exist in the user temp folder.. AND THAT IS NOT A RED FLAG TO ANYONE?

    and that is santa ? come on guys RED FLAG RED FLAG
    Some of us didn't miss it but read it and saw it all there, Und3ertak3r.
    The Red flags were obvious, and I agree with your Red flag list.

    Phishphreek80 was right about the safe mode. Since he has loads o' junk loading at boot time, he had to use safe mode to remove the -now- non-resident items.

    Most, but not all, of the remaining junk is in Molly's temp files, which means it happened during a time that Molly's account was active.

    Kazaa and AOL are still loaded, which both provide Adware and will continue to slow the computer.
    Using Kazaa to download files of unknown origin is "just waiting for another infection".

    I'm sure the registry is full of wayward CLSID's, references to non-existant DLL's, missing file references and empty paths, among other things.

    He'll never get the computer back to tip-top shape until reformats/reinstalls, guaranteed, as Guardian Alpha suggests.

    (note: I said tip-top shape, not simply operational.)
    ZT3000
    Beta tester of "0"s and "1"s"

  3. #13
    They call me the Hunted foxyloxley's Avatar
    Join Date
    Nov 2003
    Location
    3rd Rock from Sun
    Posts
    2,528
    Should you go down the re-install route :
    run HJT, and save the log .........
    It will give you the template for a known good clean set up.

    And as a quick and dirty overview of HJT :
    If it's in a temp file / folder, and it's got .exe at the end ...................................Not good, not necessarily bad, but they are the ones to watch first.

    If a 'temp' file is over one week old, I delete it as a matter of course, when I'm cleaning PC's at work.

    To give your system a quick kick up the Tex Ritter ............ on the desk top, R/click Internet Explorer, then properties, on the front page of the box that opens clear your 'cookies' and 'delete files', then set your history to 1, this clears the browser history after 1 day [default = 20]

    And if your skill set isn't as great as you would wish, follow the instructions below :
    PC cleaning made easier <-------------- click the link
    55 - I'm fiftyfeckinfive and STILL no wiser,
    OLDER yes
    Beware of Geeks bearing GIF's
    come and waste the day :P at The Taz Zone

  4. #14
    Junior Member
    Join Date
    Apr 2005
    Posts
    18
    Thanks to everyone who has helped so far. I have done the scans in safe mode that Phish recommended and I have clicked off the processes ZT suggested in his first post, and in the first few moments after logging on it really seemed to help. I have completly cleare my temp folder while trying to solve this problem about a week ago. I have my internet options set to clear history at the end of each day and I dump cookies and files regularly.

    I may be willing to reformat at this point, but first ...... what does that mean? What will I lose when I do, and how is it done?

    Thank You All Very Much

  5. #15
    Senior Member
    Join Date
    Oct 2003
    Posts
    707
    I may be willing to reformat at this point, but first ...... what does that mean? What will I lose when I do, and how is it done?
    This should answer your questions ....

    How to partition and format a hard disk in Windows XP
    Operation Cyberslam
    \"I\'ve noticed that everybody that is for abortion has already been born.\" Author Unknown
    Microsoft Shared Computer Toolkit
    Proyecto Ututo EarthCam

  6. #16
    Senior Member
    Join Date
    Feb 2005
    Posts
    153
    Agent made an excellent link that will cover most of your questions regarding formatting and reinstalling, so give it a good read. Even print it out for reference during the formatting process. It's a very simple process, so don't let the complex jargon fool you

    Tip that the link didn't cover:

    1. Choose NTFS when formatting. It's a much more robust, secure, and streamlined filesystem than FAT or FAT32.
    \"It is not the strongest of the species that survive, nor the most intelligent, but the one most responsive to change.\"
    - Charles Darwin

  7. #17
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,744
    Tip that the link didn't cover:

    1. Choose NTFS when formatting. It's a much more robust, secure, and streamlined filesystem than FAT or FAT32.
    Cant re-enfoce this one more... The majority of machines I have encountered with corrupted system files have been using FAT32..

    As to why I was so shitty in my previous post..

    It appeared that the main path of the descussion had gone to prevention, rather than assistance..to those that HAD been assisting no insult intended..

    Why is it that a request like with this problem gets greeted with an exclusive "Re-Format"..(it initially didnt in this case)
    For some people this may not be the best solution, certainly the easiest and best when your data in on a seperate HDD or Partition, and you make monthly images of the System drive or backups of system settings. The time and inconvienience of the backup and restore of data as well as the reconfiguring a system can be a more daunting task that just the format and installation alone
    And for some people the Re-installation path could easily be the absolute last option.
    As for this problem.. while it has a lot of rubbish in the machine I would not consider it a candidate for formatting..yet..
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  8. #18
    Senior Member
    Join Date
    Feb 2005
    Posts
    153
    Why is it that a request like with this problem gets greeted with an exclusive "Re-Format"..(it initially didnt in this case)
    Because it no longer becomes a matter of "which is longer/harder/more complicated to preform?", it turnes into "which way will give me a system I can depend on?" In typical spyware cases you can eliminate all problems and leave teh system just as stable as before. But when spyware digs in deep and starts linking to system dll's (even at times replacing them if running as administrator) and you "clean" them, then things start to get shakey. The registry now has gapping holes from registry links that are only half deleted, the 5 different ways of startup items in Windows are searching for additional forms of the deleted spyware, etc etc etc. Sometimes it is simply nessessary (if you want to have trust in the security of your system) to reformat and reinstall for the sake of system trust and troubleshooting in the future.

    And I don't even mean security/stability in the sense of network consultants. I mean it in a end-user format. If things begin to crash more and more often because of a recent dig-deep spyware removal that foobared a good deal of the registry or system files (read: hijack this.. yuck) then they have no idea how to solve it or where to troubleshoot when they call IT. Granted, the FFR may take longer than a clean system installation. But sometimes it just needs to be done.
    \"It is not the strongest of the species that survive, nor the most intelligent, but the one most responsive to change.\"
    - Charles Darwin

  9. #19
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,744
    When a clean is done correctly.. the system is as stable as before, as useable as before
    When Secured after the fact.. the system should be as stable and almost as usable as before (but then this result is EXACTLY the same as for a clean install)

    All of the Worst infections I have worked with lately have been Pre SP2 systems..

    Oh and I am selective as to which of the Anti=Virus solution that I will leave in a machine.

    And IF you have read any of my encounters of Malware.. I allocate 30mins to a cleanup ..(the exception was a recent post where I allocated 45mins) if my input time exceeds that it is a clean install.. and this machine is clean compared to many of the borderline cases I have encountered.. try ~4500 malware files (no cookies or TIF here)..
    Most likley OS to cop a Clean install will be Win98 then Win ME (is Win 95 still alive)..

    And to you guardian alpha I treat your Reformat comment the same as any that pops in with "USE LINUX".. the reformat option had been given in earlier posts.. so your post was not a contribution.. half of you previous post is already known and some just ****..

    I am ended with this pissing match..
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  10. #20
    Junior Member
    Join Date
    Apr 2005
    Posts
    18
    hello again and also thanks again to everyone that has contributed. I still hope to not have to reformat.

    I have enabled to view hidden and system files, cleared all the temp files and cookies and history (many times over)

    I have also run adaware, spybot, and Cleanup312 several times each in safe mode before restarting this last time. Here is my HJT log. Again thanks to all that give advise and thanks for your patience, I really am quite the novice.

    Logfile of HijackThis v1.99.1
    Scan saved at 2:53:58 AM, on 4/9/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    C:\Program Files\Common Files\Dell\EUSW\Support.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
    C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ipiprz.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Webroot\Washer\wwDisp.exe
    C:\Program Files\HijackThis\HijackThis.exe
    C:\PROGRA~1\COMMON~1\AOL\110510~1\EE\AOLHOS~1.EXE
    C:\Program Files\America Online 9.0a\waol.exe
    C:\PROGRA~1\COMMON~1\AOL\110510~1\EE\AOLServiceHost.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\interMute\SpySubtract\SpySub.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1105105845\EE\AOLHostManager.exe
    O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\ipiprz.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe /startup
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\HijackThis\HijackThis.exe /startupscan
    O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
    O4 - HKCU\..\RunOnce: [CleanUp!] C:\Program Files\CleanUp!\Cleanup.exe /WindowsRestart
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/game...s/y/grt5_x.cab
    O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/game...ts/y/tt3_x.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yaho...ymmapi_416.dll
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O20 - Winlogon Notify: Nls - C:\WINDOWS\system32\k2nolc531f.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides