I need help removing pop-ups

Status
Not open for further replies.
O

otnpabka

Posts: 7   +0
I've been computing for years and have never had any problems with pop ups. I do now and it's driving me crazy! I've run Ad-Aware, Ewido and Spybot, removing all that they find. SpywareBlaster and AVG 7.0 are updated and on my machine. I'm running XP. I get the same 7-10 pop-up ads. I can post a HijackThis log if that would be helpful. I am new to TechSpot and I am not certain if I am in the right place.

Thanks,
otnpabka
 
Hello and welcome to Techspot.

You`re definitely in the right forum ;)

Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

If after reading the above, you wish to clean your system, do the following.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT and AVG Antispyware logs as attachments into this thread, only after doing the above.

Regards Howard :wave: :wave:

This thread is for the use of otnpabka only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Help stop annoying pop-ups

I've been having trouble lately with pop-ups. It's every time I surf the net. I followed the 15 steps for Virus/Spyware/Malware preliminary removal instructions posted by howard_hopkinso. I only encountered two problems. In step 3, I never could get Trend Micro to finish its scan and in step 6 it told me the Resident Shield was not available in the free version. I could have quite possibly been doing something wrong in both of these steps. When I ran the AVG Anti-Rootkit in step 11 I can't remember the results. I just ran it again and it said that there were no installed rootkits found on my computer. I realize this probably wasn't the exact time you wanted me to run it, but it looks as if the results are good. While typing this post and gathering the attachments, I can report I've had no pop-ups. That's a good thing. They were really starting to annoy me.

Thanks in advance for all of your tips so far. If you see anything else I need to clean up after viewing my logs, I will appreciate the input.

otnpabka
 
Threads merged.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O4 - Startup: .protected

O4 - Global Startup: .protected

Click on the fix checked button.

Close HJT and reboot your system.

Run the Ccleaner programme as per step9 of the instructions HERE.

Post a fresh HJT log.

Regards Howard :)

This thread is for the use of otnpabka only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
When I ran HijackThis and attempted to check the two items you said it told me that it couldn't because they were in use and to go to Task Manager and shut down whatever was using them.

thanks
 
Ok, we need to thoroughly clean your computer as it looks like you have a smitfraud infection. You`re also running an outdated version of HJT. See HERE for the latest version.

Download and run this TOOL. Follow the instructions on it`s download page exactly.

Post a fresh HJT log once done.

Regards Howard :)

This thread is for the use of otnpabka only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
When I ran Smitfraud in safe mode, after choosing the number 2 option my desktop when black after 5 to 10 seconds of cleaning with only safe mode written in each corner. I kept waiting for it to prompt me with a question or two, but it never did. I'm off to work for the evening. I'll reply again tomorrow.

thanks again,
otnpabka
 
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Locate and delete the following bold files and/or directories(if there).

C:\WINDOWS\.protected
C:\DOCUME~1\ALLUSERS\STARTMENU\Programs\Startup\.protected
C:\DOCUME~1\YOURNAME\STARTMENU\Programs\Startup\.protected

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O4 - Startup: .protected

O4 - Global Startup: .protected

O24 - Desktop Component 0: (no name) - file:///C:\DOCUME~1\BRIAN&~1.ODE\LOCALS~1\Temp\msohtml1\01\clip_image002.jpg

Now, try running Smitfraudfix again.

Reboot into normal mode and rehide your protected OS files.

Post a fresh HJT log and let me know if you`re still having problems.

Regards Howard :)

This thread is for the use of otnpabka only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
I couldn't locate C:\WINDOWS\.protected, but I was able to locate the next two.

When I ran HJT, I didn't see either of the 04's, but I located the 024 and had HJT fix it.

When I ran Smitfraudfix I got the same results as yesterday. I selected option 2, it started cleaning and then the desktop went black except for the safe mode writings in the corners. I ran Smitfraudfix again, with the same results.

I rebooted in normal, ran a new HJT and as you'll see the 024 you wanted me to get rid of is still there.

I can report I am still not experiencing any pop-ups.

thanks,
otnpabka
 
You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O24 - Desktop Component 0: (no name) - file:///C:\DOCUME~1\BRIAN&~1.ODE\LOCALS~1\Temp\msohtml1\01\clip_image002.jpg

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\DOCUME~1\BRIAN&~1.ODE\LOCALS~1\Temp\msohtml1\01\clip_image002.jpg

Reboot into normal mode and rehide your protected OS files.

Turn off system restore.(XP/ME only) See how HERE.

Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard :)

This thread is for the use of otnpabka only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Use a Popup blocker.IE7 has one and also a Phishing filter.
The software you named doesn't stop popups during browsing.
But some popups are necessary to use a website.
 
I did what you said and that 024 is now gone. Still no pop-ups. Thanks for all of your help. I truly appreciate it.

otnpabka
 
Hi,

Just a few final pointers:

Often times, an infection can occur again not due to the incompetence of programs, but because of user habits.
May I recommend you to read this article.
This can help to prevent future infections.

Should you have any further problems, please post in this thread.


Regards,
Your friendly momok =)

This thread is for the use of otnpabka only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
That`s great news.

Turn off system restore.(XP/ME only) See how HERE.

Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard :)

This thread is for the use of otnpabka only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Status
Not open for further replies.

Similar threads

Cal Jeffrey
Roku is running interactive pop-up ads during live TV broadcasts
Replies
8
Views
1K
Uncle Al
Uncle Al
X
How can i get rid of an annoying pop-up message that appears each time i use Youtube?
Replies
8
Views
4K
wiyosaya
wiyosaya
U
Solved Pop-ups/clickers when browsing web
2
Replies
30
Views
4K
Broni
Broni

Latest posts

Back