TechSpot

I need help removing pop-ups

By otnpabka
Feb 26, 2007
  1. I've been computing for years and have never had any problems with pop ups. I do now and it's driving me crazy! I've run Ad-Aware, Ewido and Spybot, removing all that they find. SpywareBlaster and AVG 7.0 are updated and on my machine. I'm running XP. I get the same 7-10 pop-up ads. I can post a HijackThis log if that would be helpful. I am new to TechSpot and I am not certain if I am in the right place.

    Thanks,
    otnpabka
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    You`re definitely in the right forum ;)

    Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

    If after reading the above, you wish to clean your system, do the following.

    Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT and AVG Antispyware logs as attachments into this thread, only after doing the above.

    Regards Howard :wave: :wave:

    This thread is for the use of otnpabka only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. otnpabka

    otnpabka TS Rookie Topic Starter

    Thanks Howard. I'll do what you suggested and post a log.

    otnpabka
     
  4. otnpabka

    otnpabka TS Rookie Topic Starter

    Help stop annoying pop-ups

    I've been having trouble lately with pop-ups. It's every time I surf the net. I followed the 15 steps for Virus/Spyware/Malware preliminary removal instructions posted by howard_hopkinso. I only encountered two problems. In step 3, I never could get Trend Micro to finish its scan and in step 6 it told me the Resident Shield was not available in the free version. I could have quite possibly been doing something wrong in both of these steps. When I ran the AVG Anti-Rootkit in step 11 I can't remember the results. I just ran it again and it said that there were no installed rootkits found on my computer. I realize this probably wasn't the exact time you wanted me to run it, but it looks as if the results are good. While typing this post and gathering the attachments, I can report I've had no pop-ups. That's a good thing. They were really starting to annoy me.

    Thanks in advance for all of your tips so far. If you see anything else I need to clean up after viewing my logs, I will appreciate the input.

    otnpabka
     
  5. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Threads merged.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O4 - Startup: .protected

    O4 - Global Startup: .protected

    Click on the fix checked button.

    Close HJT and reboot your system.

    Run the Ccleaner programme as per step9 of the instructions HERE.

    Post a fresh HJT log.

    Regards Howard :)

    This thread is for the use of otnpabka only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  6. otnpabka

    otnpabka TS Rookie Topic Starter

    When I ran HijackThis and attempted to check the two items you said it told me that it couldn't because they were in use and to go to Task Manager and shut down whatever was using them.

    thanks
     
  7. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Ok, we need to thoroughly clean your computer as it looks like you have a smitfraud infection. You`re also running an outdated version of HJT. See HERE for the latest version.

    Download and run this TOOL. Follow the instructions on it`s download page exactly.

    Post a fresh HJT log once done.

    Regards Howard :)

    This thread is for the use of otnpabka only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  8. otnpabka

    otnpabka TS Rookie Topic Starter

    When I ran Smitfraud in safe mode, after choosing the number 2 option my desktop when black after 5 to 10 seconds of cleaning with only safe mode written in each corner. I kept waiting for it to prompt me with a question or two, but it never did. I'm off to work for the evening. I'll reply again tomorrow.

    thanks again,
    otnpabka
     
  9. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Locate and delete the following bold files and/or directories(if there).

    C:\WINDOWS\.protected
    C:\DOCUME~1\ALLUSERS\STARTMENU\Programs\Startup\.protected
    C:\DOCUME~1\YOURNAME\STARTMENU\Programs\Startup\.protected

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O4 - Startup: .protected

    O4 - Global Startup: .protected

    O24 - Desktop Component 0: (no name) - file:///C:\DOCUME~1\BRIAN&~1.ODE\LOCALS~1\Temp\msohtml1\01\clip_image002.jpg

    Now, try running Smitfraudfix again.

    Reboot into normal mode and rehide your protected OS files.

    Post a fresh HJT log and let me know if you`re still having problems.

    Regards Howard :)

    This thread is for the use of otnpabka only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  10. otnpabka

    otnpabka TS Rookie Topic Starter

    I couldn't locate C:\WINDOWS\.protected, but I was able to locate the next two.

    When I ran HJT, I didn't see either of the 04's, but I located the 024 and had HJT fix it.

    When I ran Smitfraudfix I got the same results as yesterday. I selected option 2, it started cleaning and then the desktop went black except for the safe mode writings in the corners. I ran Smitfraudfix again, with the same results.

    I rebooted in normal, ran a new HJT and as you'll see the 024 you wanted me to get rid of is still there.

    I can report I am still not experiencing any pop-ups.

    thanks,
    otnpabka
     
  11. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O24 - Desktop Component 0: (no name) - file:///C:\DOCUME~1\BRIAN&~1.ODE\LOCALS~1\Temp\msohtml1\01\clip_image002.jpg

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\DOCUME~1\BRIAN&~1.ODE\LOCALS~1\Temp\msohtml1\01\clip_image002.jpg

    Reboot into normal mode and rehide your protected OS files.

    Turn off system restore.(XP/ME only) See how HERE.

    Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of otnpabka only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  12. zipperman

    zipperman TS Rookie Posts: 1,179   +7

    Use a Popup blocker.IE7 has one and also a Phishing filter.
    The software you named doesn't stop popups during browsing.
    But some popups are necessary to use a website.
     
  13. otnpabka

    otnpabka TS Rookie Topic Starter

    I did what you said and that 024 is now gone. Still no pop-ups. Thanks for all of your help. I truly appreciate it.

    otnpabka
     
  14. momok

    momok TS Rookie Posts: 2,265

    Hi,

    Just a few final pointers:

    Often times, an infection can occur again not due to the incompetence of programs, but because of user habits.
    May I recommend you to read this article.
    This can help to prevent future infections.

    Should you have any further problems, please post in this thread.


    Regards,
    Your friendly momok =)

    This thread is for the use of otnpabka only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  15. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    That`s great news.

    Turn off system restore.(XP/ME only) See how HERE.

    Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of otnpabka only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...