AltaVista Popup! Used Adaware SE and scanned with AVG!

X

xSnowmaNx

Gawd
Joined
Aug 11, 2004
Messages
708
Ok, I don't know where this is coming from or how it came to be, but after starting up an internet exporer window pops up from nowhere and goes to Alta Vista. Seeing as how I maintain my computer fairly well I don't see how this started as I have not installed any programs I don't trust nor have clicked on any links I don't trust or know where it goes to.

It pops up from absolutely no where. I don't have Internet Explorer running at all and it will come up. I have scanned with Adaware SE and it is usually clean or has just a few objects. I have scanned with AVG for any viruses and there are none. I have been using IE for a while because I had one annoyance with Firefox (Some websites that are heavy with flash or macromedia ran butt slow. One website in particular was gamespot.com). Now I have started using firefox again (now everything runs almost as fast as IE does)

The main problem is the popup. It will come up no matter what. Doesn't matter if I use IE or Firefox, it will come up within minutes of starting my computer. I want to get rid of this f%#ker because it is annoying the sh!t out of me.
 
Doesn't look like it's limited to just altavista either. its been to lycos and wisenut.com.

I got Microsoft AntiSpyware and it still pops up even though it doesn't find anything.
 
Have you cleared out your Temporary Internet files or your temp files? ( i.g. C:\Documents and Settings\{login name}\Local Settings\Temp)

also run msconfig to check for weird programs loading at bootup.
 
Ok, i took a screen of the process that pops up right before the popup itself shows up in the task manager. But after further investigation i found the following programs are used to execute the popups:

popupbitchfile3.JPG


Is it safe for me just to delete all of that?
 
Well... Even after deleting those files, something spawns new ones and causes more popups... gotta find that source somehow. Nothing has detected it. No anti virus, no anti spyware/adware programs.
 
In the MS Antispyware program under Advanced Tools you can disable certain programs on bootup, as well as disable rogue ActiveX controls.

Get Process Explorer and check for any rogue programs that still may be running. You'll be able to find out where it's starting from any delete it.
 
Keep in mind that when you run Spybot, Adaware, or the MS Spyware App you should be running all of them in Safe Mode.
 
Yea, in safe mode you can delete everything in the TEMP folder, as well as those .pf prefetch files you found. Sometimes it might be a good idea to temporarily disconnect internet access to the computer so that the programs (if run) do not install other programs. Once you stop getting pop up windows after you clean up the computer in safe mode, then reconnect the computer to the internet and see if it works.

As always, disable any startup programs that are not used by windows or any programs you installed in safe mode.

Its strange that MS antispyware did'nt find anything. Did you also under the advanced options see if there were any IE plug-ins being used? Can't hurt, even though you said the pop up's start without IE being open.

Also, i would delete all ActiveX plug-ins that you do not specifically know you use. Then go into your internet options, and under the security tab, highlight the internet icon, and click custom settings.... then disable activeX and scripting, along with anything else you find there that you don't like.

Because you said it even happens when IE is not used, it seems like its a bad program being run on startup (prefetch perhaps) that is doing it... that obviously antivirus and antispyware is not catching.

~Hope this helps



Edit: On a side note, you might want to consider doing a system restore if you are using windows XP and you have restore points before this problem started happening.... as long as you would'nt loose any important data that you installed.

Also, i just wanted to comment on what you said. Even though you might not "click" on bad links, just browsing to a bad website by accident and having your IE security settings set to default, bad programs can be installed. That is why, if you use IE, it is very important to configure it to be as safe as possible. So much so, that you will have to manually add pages to "trusted sites" to get any advanced content such as an ActiveX application or uncertified java applets. It might be a bit of a pain, but once you add the sites that require advanced fatures to trusted sites for a few days, the extra security will be worth it 100%.... or at least i think so.
 
Anything abnormal under Start > Run > msconfig > startup tab?

Try hijack this, grab it from the link in the sig. Post the log if you don't see anything obvious..
 
I started windows in safe mode and ran the windows anti spyware program and it found a browser hijacker. removed it and hopefully that was what was causing the popup.
 
At first it seemed that it was removed, but after a couple of hours it came back again... this is getting really frustrating.
 
Yea, you have at least one program that running deep inside your computer, and if you can not find out which one is doing, then it will probably continue to happen.

Is formatting and doing a clean install an option? Usually this is a last resort.

Can you post a screen shot of your startup tab in MSCONFIG ? With the directory column expanded. Heck, it might even be a service...

On a side note, if you boot up into safe mode with networking enabled, do you get these pop ups? If the answer is no, then obviously its a program / service that is running... and you should be able to locate it (or them).
 
towert7 said:
Yea, you have at least one program that running deep inside your computer, and if you can not find out which one is doing, then it will probably continue to happen.

Is formatting and doing a clean install an option? Usually this is a last resort.

Can you post a screen shot of your startup tab in MSCONFIG ? With the directory column expanded. Heck, it might even be a service...

On a side note, if you boot up into safe mode with networking enabled, do you get these pop ups? If the answer is no, then obviously its a program / service that is running... and you should be able to locate it (or them).
Click to expand...

Well, i had safe mode with networking disabled. No popups at all. Not sure if I gave it enough time tho. Usually when i start up, within 5 minutes I get a popup.

msconfigstartup.JPG
 
-(Xyphox)- said:
Get Microsoft's Antispy Ware
Its good stuff
Click to expand...

i got it today. Very very nice. its cool to see something useful from Microshaft.
 
Well, today, my AVG received an update. I decided to restart because my internet was going kinda slow and powercycled some stuff. Upon startup I went to DSL reports and then about a minute or 2 later I get this AVG Resident Shield alert saying that a virus was detected. The virus happened to be the executables that open up the popups. So far it has only found those executables that are created and lie in C:\Windows\temp, but I'll be doing a full system scan later.

Oh and the virus is a trojan horse, Collected.BT. AVG doesn't have a description though.
 
You must log in or register to reply here.
Back
Top