UNWANTED POP-UPS

[PrimusRTD]

I am currently using firfox to post this thread. Everytime i open up my explorer and go to a website i get the following message:

NOTICE: if your computer has errors in the registry database or file system, it could case unpredictable or erratic behavior, freezes and crashes. Fixing these errors can increase your computer's performance and prevent data loss.

Then I'll just close the box because i know that the pop-up is full of sh** and then a few seconds later a full window pops-up to this link:

http://scanner.sysprotect.com/pages/scanner/index.php?aid=vm_pk_spt6h_3_ed2&lid=keyin&ex=1&p=&ax=2

I then close that window and get this pop-up from my explorer:

NOTICE: You have not completed the scan. If your computer has erros in the registry database or file system, it could cause unpredictable or erratic behavior, freezes, crashes.

SysProtect can perform a quick and completely FREE scan of your system for errors.

Would you like to download SysProtect to scan for and, if found, correct any registry problems now (recommended)?

I close that box as well not selecting yes or no and then i get the following message:

SysProtect will scan your system for errors now.

Please select "RUN" or "OPEN" when prompted to start the installation.

This file has been digitally signed and independently certified as 100% free of viruses, adware and spyware.

then i get directed to this link:

http://scanner.sysprotect.com/pages...resize=1&aid=vm_pk_spt6h_3_ed2_exit&lid=keyin

and at the same time i get this box come up with the following message:

There is a security vulnerability from the BloodHound Virus. We recommen you DOWNLOAD one of the security software programs to prevent malware infections.

and then i get this window pop up after i close that box:

http://www.amaena.com/securityworm5/?aid=vm_pk_scwaskw_7&lid=scan

sorry about the length of this post, but this is so annoying this happens everytime i open up explorer. I have Norton anti virus,spyware, adware, firwall all the goodstuff 2006 and i downloaded Spybot search and destroy and neither of these things can find the issue.

Thanks for any help you guys can give

 

[Inforcer]

I have seen something similar happen before and I too thought it was spyware. However, I went to the control panel and then to "Add/Remove Software". After scrolling through the list, I noticed software installed that I did not remember installing. I would suggest scrolling through that list of programs and see if you find anything "fishy" like a SaveNow program or something.

If my understanding of spyware is correct and it is software that is installed, which is causing the problem, then I do not believe it will be detected as spyware. Can anyone else verifty this statement to be true?

Have you tried Microsofts Anti-Spyware? Sometimes it has found things that SpyBot or Adaware could not find.

 

[RebateMonger]

You obviously have accidentally allowed spyware to be installed on your computer. Somebody at your computer, running as a Local Administrator, probably agreed to the install, although he/she, doubtless, didn't know what was being installed. It happens all the time.

If you are lucky, then all you have is "simple" spyware. But you could just as easily have password-gathering trojans, remote control software, a rootkit, or countless other invasions. If you aren't an expert at detecting and removing this stuff, you may have other infections you aren't even aware of. These days, you seldome get "one" piece of spyware. They come in droves, assisting each other in the install process.

The most effective course of action (and least-time-consuming over the long run):
1) Back up your important data. You SHOULD have backups anyway. Hard drives fail ALL THE TIME.
2) Reinstall your OS and your applications.
3) Install Antivirus and a single active Antispyware application. I recommend MS Antispyware, since it's free and works fairly well. Keep your AV and A-Spyware definitions current.
4) If you are using XP, be SURE to update to SP2 and keep the firewall ON.
5) Create a Limited-Privileges account (Limited User in Windows XP) and USE IT. Do NOT use your computer with an account that has Administrator rights. It's asking for trouble.
6) Learn the rules of safe web surfing so you wont' have any more problems.

 

[skisteven1]

gah! format.


.....or use firefox.

 

[PrimusRTD]

thanks guys, i have to go to work right now and then to school afterwards, but i will try your suggestions as soon as i get home and let you guys know if i run into any trouble. thanks

 

[BadThad]

My plan of malware attack!

 

[mechBgon]

Do this: http://www.omnicast.net/~tmcfadden/scan.txt McAfee's onto SysProtect and if you follow the directions, it should be dead meat.

BTW looking at McAfee's writeup of SysProtect, on the bottom of the Characteristics tab, I see that it has a sscan.sys file in the C:\Windows\System32 directory that's a Service and is designated to run even in Safe Mode. If your initial removal fails, then repeat the process but try this twist: before launching the scanner, run the command Services.msc, look at the started services by double-clicking them, and find the one that uses sscan.sys. Set the service to Disabled if you can, stop it, then launch the McAfee scanner.

 

[dBTelos]

Download, install, update, and run a FULL scan with all of the following in both reg. and safe mode, removing anything they find with a backup (aka quarantine).


http://vil.nai.com/vil/stinger/
McAfee Stinger (stand alone so no install)

http://www.ewido.net/en/
ewido anti-malware

http://www.download.com/Spybot-Search-Destroy/3000-8022_4-10122137.html
Spybot

http://www.download.com/3000-2144-10045910.html
Ad-Aware

Do you have A/V protection? If you do, update it and run a full scan, if not then choose ONE of the following.

http://www.download.com/AVG-Anti-Virus-Free-Edition/3000-2239_4-10342876.html
AVG Anti-Virus

http://www.download.com/Avast-Home-Edition/3000-2239_4-10375520.html
Avast Home

http://www.free-av.com/
AntiVir PersonalEdition Classic (I use this one myself)

 

[PrimusRTD]

Thanks everyone, today i ran Spy Sweeper, SpyBot, and ad-aware both in safe mode and regular mode, for total of 2 scans each so 6 scans. The Spy Sweeper i had to purchase for $30. But it looks like everyone has been succesfully removed. Aside from all the cookies that it deleted the 2 things that stood out where that it found and removed "virtumonde" and "sysprotect" which i guess where the major problems. thanks again everyone fo the help

 

[rudder]

From now on, log in as a regular user. When you need to install a program just use "run as" and access the admin account then. Then you will not get spyware and won't need to run anti-spyware all the time.

 

[PrimusRTD]

Originally posted by: rudder
From now on, log in as a regular user. When you need to install a program just use "run as" and access the admin account then. Then you will not get spyware and won't need to run anti-spyware all the time.

I'm sorry, i'm not to sure on what you mean? I currently have to select my login and then enter my password. How do i know if i am logged in as an "admin" and not a regular user?

 

[mechBgon]

Originally posted by: PrimusRTD

Originally posted by: rudder
From now on, log in as a regular user. When you need to install a program just use "run as" and access the admin account then. Then you will not get spyware and won't need to run anti-spyware all the time.

I'm sorry, i'm not to sure on what you mean? I currently have to select my login and then enter my password. How do i know if i am logged in as an "admin" and not a regular user?

Go to Control Panel > User Accounts and see if your account is listed as a Computer Administrator. If it is, and you want to change it to a Limited (safer) account, then make a new user account, and name it Admin or something, and leave that one as a Computer Administrator. Now you can switch your established account down to Limited. This is a huge deterrent to malware because all of a sudden it's stealing an unloaded gun, so to speak. Haha, no ammo

More info on Limited accounts: http://www.mechbgon.com/build/Limited.html

and how to overcome their little quirks: http://www.mechbgon.com/build/LimitedSW.html