POP UP NIGHTMARE!!!

[CyberGenX 0]

I have a HUGE problem: I have idiots for clients, one of these idiots has managed to infect 3 of his office computers with adware, malware, and spyware... I cannot seem to get this infection out. I have never seen it so bad. In the last month I have went from meaningful onsite calls to being a friggin' POPUP TECHNICIAN!!! HELP

 

I have used Adaware, bazooka, spybot - search and destroy and a couple others (all with latest updates). As soon as these pieces of software find and remove the 'badware' it just comes right back. I even get popups during the f^cking scans!!! I have tried manually removing a lot of stuff but that doesn't work either. Regedit >Run folders etc.

 

I am running McAfee and it finds no viruses, and limited malware. No odd services are registered. All the boxes are WindowsXP SP1. I have tried running the scanners in Safe Mode and with the NIC disconnected, still not successful. I don't even have to open a browser, just sit there at the desktop and watch the popups flow!!! Hundreds of them eventually. This pretty much has brought productivity at this office to a hault.

 

Could someone PLEASE direct me to a piece of software that actually works!?! I need something that will clean 100%, not 50%, not 75%, NOT 98%! A FULL 100%! I can't charge these tards until the job is finished...

 

BTW: If i ever get the chance to meet one of you f^cks that writes these programs, YOU ARE DEAD, literally. I don't mind going back to prison...lol

 

[Vermyn 0]

When it's that bad, I'd like to introduce you to a piece of software that will work 100%:

 

format

 

Usage:

 

format c:

 

Works every time.

 

After you use this wonderful utility and reinstall Windows (if you want to torture yourself like that), check out http://blogs.red-abstract.com/vermyndax/articles/147.aspx - this page contains a little software I wrote called "ProxyHelper." .NET runtimes are required... use this to create a scheduled task that will auto-download a blacklist of bad adware sites and install it as a HOSTS file so they can't go there.

[Sampson 0]

You could reformat and that will fix the problem. It will also be a monumental headache. You asked for software that might fix the problem. I would suggest PestPatrol. None of these programs are infallible. It seems to do the best job however often finding things that Spybot and Ad-aware do not. Two examples: 1) eAcceleration software. If perchance you have some of its components put on your system and you Uninstalled it, it writes itself into a text that re-installs itself again, but this time does not appear in the Install/uninstall software. PestPatrol really has to work to dig out all the places it is imbedded. But, it does clean it out. 2) clientsniffer.js (and vb_sniffer.js). All these littles piece of javacode are supposed to do is figure out what kind of browser you have. Several webpages stick this into your IE tempfiles - sudhian and anantech. By themselves, they do nothing hurtful, but let some unscrupulous hacker find this on your system (and some webpages wanting to install a spybot), they are the perfect backdoor.

[Jerry Atrik 0]

i know just how u feel

there is no software that works 100%

 

i have to deal with it here daily on 30 computers. someone is always getting hijacked. my steps are as follows.

 

1 stop suspected processes in task man

 

2 handpick thru the registry deleting as much as i can find

 

3 manually delete program folders: here is where it gets sticky

(there are always at least 2 programs that u cant delete, one is lycos(whatever) .dll)

 

4 scan with adaware

 

5 read results and note loaded programs

 

6 try and delete said programs

 

7 change security permissions on all programs u cant delete removing ALL permissions (including system)

 

8 reboot

 

9 delete files u couldnt delete before

 

10 give client your theory on testing that should be required to operate a computer, and any other darwinian thoughts.

 

believe it or not this works 9 out of 10 times.

it's not the answer u were looking for but i hope it helps a little.

[CyberGenX 0]

Thanks y'all! I appreciate the quick responses and suggestions. I consider my self a pretty good tech (10 years now). I know where all the reg keys that will run programs, I def. remember and often use the old DOS/Win3.11/9.x ini files etc. I can understand why you'd ask, there are some serious 'educated' ID10TS our there that think they are techs. I make sure all the services that don't need to be running are not, including Messenger, Server(no onr is sharing), Remote Registry, Remote Desktop, etc. I try to lock the PCs down pretty tight.

 

 

I was able to narrow it down to rundll32.exe! Through another post here I learned that API calls and such can be made through rundll32. So I will use the sniffers you recommended and try again. Thanks a bunch.

 

 

Death to Crapware writers

[zoooom 0]

A really good program is SpyBotSD. Its got a command line switch that you can set to have it autoupdate autofix and hide. I have it scheduled run once a day in the background. All spyware gone. Btw Ive also decided that internet explorer sucks. I seem to get more spyware when I use it. Opera is free faster and has a great option that removes unintended popups. So popups will open when you click a link but they wont open with some random javascript command.

 

Also you may encounter one of those really nasty ones that cause other programs in your system to crash. If you take the information from the crash and the dll or exe that crashed you can search the web and you will be likely to find the the fix. I had a guy who was plagued with spyware and his internet explorer wouldnt start. adaware wouldnt fix the dll and niether would the system file checker. This isnt meant to be professional advice just my own experience. I used to get alot of that crap and now my system is pretty clean.

 

And I too know the feeling of wanting to bash somebody's head. It should be illegal. I have monitored spyware on my firewall that was sending information to some server in isreal. How is it that unintended applications can just randomly send information over the net. It seems to me that windows advanced as it is should have a layer somewhere that says this .exe can or this .exe cant send data. Firewalls dont prevent .exe's from sending data they filter ip's and ports. It should be built into the os somewhere. This really would solve alot of problem with trojans and spyware. Oh well I guess security is never the default. Especially on windows...

[CyberGenX 0]

Yeah I cannot really afford the time to teach the clients how to use a new browser (as easy as it is). It would be a whole new can of worms. I personally do not have ANY problems with my own machines, funny. I am actually very happy with I.E. under SP2 RC. I.E. now has a built in popup blocker that works friggin great.

 

 

SpyBotSD was the program that could not seem to get rid of the problem for me, the popups actually would increase when it was running!!!

 

I agree the OS should have that built in for sure. Hopefully Windows2010 (lol) will have that.

[felix 0]

Is it necessary for website authors/owners to put the terms and coniditions of website usage on their site?

 

What I'm getting at is rarely have I seen a site that tells me when I sign up, load up or click to that "by your entering this site you agree that any downloads you accrue through the use of this site are deemed solicited and acceptable."

 

Surely there would be ground for a class action against spammers and pop-up merchants who force their advertisements onto our systems and therefore force the downloading of extra kbytes of data against our accounts.

 

Consider this, if you get junk mail in your letterbox or an unwanted advertising phone call, you can tear/burn it or hang up, plus you haven't paid for it. If it comes in via e-mail or browser, in most cases you have already downloaded it before you even know it's there. Thus ISPs and consumers should have grounds for a class action claiming that unwanted advertising is actually a criminal offence (outside the Can Spam Act) due to the fact that you are being forced to pay for an unwanted, unsolicited service. Similar to the covert installation of spyware, which uses your bandwidth without your consent.

 

What do you think?

[Ali 0]

Come on, i got one right here!!! tell me who is responsible for punishing these criminals?

 

 

tell me!!! i have got to revenge this site for what they're doing to my computer!!! wasted 2 days of my life looking for their crap!!! should UN have a devision or could Nato bomb their office or something????? their Wois information and Phone number is fake. i'm willing to pay for the long distance and call them to find out how to get rid if the s*** they put on my computer!!!

[adamvjackson 0]

Limited-user accounts are good...

 

Local Administrator accounts are bad...

 

 

Learn, grasshopper ;-)

[spyke31 0]

OMG! I have been sitting here for some unaccounted for amount of time running through the mood swings of a millenium while reviewing this thread! I believe I have gone from sympathetic understanding to 100% empathy to tears of laughter while reading this!

I've decided several of you should be honored as "Rulers of Kingdom Tech" and given thrones upon lovely green electronic-encoded boards....maybe sceptors made from that shiny crystaline material that crackles when exposed to light!

Anyhow--I started reading the thread with the mention of the Pop-Up ads from Hell--or whatever spawned hell and its fearsome fires... My computer issues seemed to center on the freakin' "grandcasino" ads. Upon sifting through the endless lists of sneaky .pifs and other absolute crap.....i musta deleted something of value or something has eaten its way into my computer and refuses to come out until it has sucked every ouce of my sanity out through my left pinkie toe. (Yes...it is as painful as it sounds)...

La de da.. if anyone feels like showering the sympathy--feel free to hop on over to my plead for assistance (not of the backup and reformat kind)... I value any and all input--humorous...helpful...or even busy work assignment.

I really thought I sorta knew my computer basics until this metal lugnut blinked out on me!!

~Spyke