Computer is infected, can't stop pop-ups

Have run spybot, have reinstalled xp service pack 2 all to no avail, HELP.

From: "dgreene1227"

| Have run spybot, have reinstalled xp service pack 2 all to no avail, HELP.

You need to be MORE specific if you want help.

For example...

What exactly is the Pop-Up stating ?

Is it a Pop-Up for WinAntivirus Pro 2006 or WinAntiSpyware 2006 ?

Does to Pop-Up show, http://www.amaena.com/ as part of a URL ?

Does it state you are infected with the Beagle virus ?

Please provide facts surrounding what you are experiencing.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

dgreene1227 wrote:
Have run spybot, have reinstalled xp service pack 2 all to no avail, HELP.


What specific kind of pop-ups are you seeing? There are at least
three varieties of pop-ups, and the solutions vary accordingly.

1) Does the title bar of these pop-ups read "Messenger Service?"

This type of spam has become quite common over the past few years,
and unintentionally serves as a valid security "alert." It demonstrates
that the computer user hasn't been taking sufficient precautions while
connected to the Internet. The user's data probably hasn't been
compromised by these specific advertisements, but if he/she's open to
this exploit, he/she may well be open to other threats, such as the
Blaster Worm that swept across the Internet years ago and the Sasser
Worm that followed shortly thereafter, both of which can still be
contacted. Install and use a decent, properly configured firewall.
(Merely disabling the messenger service, as some people recommend, only
hides the symptom, and does little or nothing to truly secure the
machine.) And ignoring or just "putting up with" the security gap
represented by these messages is particularly foolish.

Messenger Service of Windows
http://support.microsoft.com/default...B;en-us;168893

Messenger Service Window That Contains an Internet Advertisement
Appears
http://support.microsoft.com/?id=330904

Stopping Advertisements with Messenger Service Titles
http://www.microsoft.com/windowsxp/p...e/stopspam.asp

Blocking Ads, Parasites, and Hijackers with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm

Oh, and be especially wary of people who advise the user to do
nothing more than disable the messenger service. Disabling the
messenger service, by itself, is a "head in the sand" approach to
computer security. The real problem is not the messenger service
pop-ups; they're actually providing a useful, if annoying, service by
acting as a security alert. The true problem is the unsecured computer,
and the user's been advised to merely turn off the warnings. How is
this helpful?

2) For regular Internet pop-ups, you might try the free 12Ghosts
Popup-killer from http://12ghosts.com/ghosts/popup.htm, Pop-Up Stopper
from http://www.panicware.com/, or the Google Toolbar from
http://toolbar.google.com/. Alternatively, you can upgrade your WinXP
to SP2, to install IE's pop-up blocker. Another alternative would be
to use another browser, such as Mozilla or Firefox, which has pop-up
blocking capabilities. (But I'd avoid Netscape; it carries too much
extraneous AOL garbage.)

3) To deal with pop-ups caused by any sort of "adware" and/or
"spyware,"such as Gator, Comet Cursors, Xupiter, Bonzai Buddy, or
KaZaA, and their remnants, that you've deliberately (but without
understanding the consequences) installed, two products that are
quite effective (at finding and removing this type of scumware) are
Ad-Aware from www.lavasoft.de and SpyBot Search & Destroy from
www.safer-networking.org/. Both have free versions. It's even
possible to use SpyBot Search & Destroy to "immunize" your system
against most future intrusions. I use both and generally perform
manual scans every week or so to clean out cookies, etc.

Additionally, manual removal instructions for the most common
varieties of scumware are available he

PC Hell Spyware and Adware Removal Help
http://www.pchell.com/support/spyware.shtml

More information and assistance is available at these sites:

Blocking Ads, Parasites, and Hijackers with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm

The Parasite Fight
http://www.aumha.org/a/parasite.htm

Neither adware nor spyware, collectively known as scumware,
magically install themselves on anyone's computer. They are almost
always deliberately installed by the computer's user, as part of some
allegedly "free" service or product.

While there are some unscrupulous malware distributors out there,
who do attempt to install and exploit malware without consent, the
majority of them simply rely upon the intellectual laziness and
gullibility of the average consumer, counting on them to quickly click
past the EULA in his/her haste to get the latest in "free" cutesy
cursors, screensavers, "utilities," and/or wallpapers.

If you were to read the EULAs that accompany, and to which the
computer user must agree before the download/installation of the
"screensaver" continues, most adware and spyware, you'll find that
they _do_ have the consumer's permission to do exactly what they're
doing. In the overwhelming majority of cases, computer users have no
one to blame but themselves.

There are several essential components to computer security: a
knowledgeable and pro-active user, a properly configured firewall,
reliable and up-to-date antivirus software, and the prompt repair (via
patches, hotfixes, or service packs) of any known vulnerabilities.

The weakest link in this "equation" is, of course, the computer
user. No software manufacturer can -- nor should they be expected
to -- protect the computer user from him/herself. All too many people
have bought into the various PC/software manufacturers marketing
claims of easy computing. They believe that their computer should be
no harder to use than a toaster oven; they have neither the
inclination or desire to learn how to safely use their computer. All
too few people keep their antivirus software current, install patches
in a timely manner, or stop to really think about that cutesy link
they're about to click.

Firewalls and anti-virus applications, which should always be used
and should always be running, are important components of "safe hex,"
but they cannot, and should not be expected to, protect the computer
user from him/herself. Ultimately, it is incumbent upon each and
every computer user to learn how to secure his/her own computer.

To learn more about practicing "safe hex," start with these links:

Protect Your PC
http://www.microsoft.com/security/protect/default.asp

Home Computer Security
http://www.cert.org/homeusers/HomeComputerSecurity/

List of Antivirus Software Vendors
http://support.microsoft.com/default...kb;en-us;49500

Home PC Firewall Guide
http://www.firewallguide.com/

Scumware.com
http://www.scumware.com/


--

Bruce Chambers

Help us help you:
http://dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html

They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -Benjamin Franklin

I turn on the computer a dell inspiron 5100. my displayed photo is often not
there and needs to be reset. within a couple of minutes, even before I go
online I start getting popups one right after another. eventually I can't
get rid of all of them before the computer freezes. Nothing has said virus
or infected, I just can't stop the popups. I've run spybot 6or 8 times and
"network monitor" and some others can't be removed. I've reinstalled service
pak 2 but it basically achieves nothing. It seems to also reset my firewall,
sometimes it's on and sometimes I can't access it

"David H. Lipman" wrote:

From: "dgreene1227"

| Have run spybot, have reinstalled xp service pack 2 all to no avail, HELP.

You need to be MORE specific if you want help.

For example...

What exactly is the Pop-Up stating ?

Is it a Pop-Up for WinAntivirus Pro 2006 or WinAntiSpyware 2006 ?

Does to Pop-Up show, http://www.amaena.com/ as part of a URL ?

Does it state you are infected with the Beagle virus ?

Please provide facts surrounding what you are experiencing.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Hi,
By pop-ups I mean all kinds of ads. poker, american express, virus
protection, they just keep coming

"dgreene1227" wrote:

Have run spybot, have reinstalled xp service pack 2 all to no avail, HELP.

From: "dgreene1227"

| I turn on the computer a dell inspiron 5100. my displayed photo is often not
| there and needs to be reset. within a couple of minutes, even before I go
| online I start getting popups one right after another. eventually I can't
| get rid of all of them before the computer freezes. Nothing has said virus
| or infected, I just can't stop the popups. I've run spybot 6or 8 times and
| "network monitor" and some others can't be removed. I've reinstalled service
| pak 2 but it basically achieves nothing. It seems to also reset my firewall,
| sometimes it's on and sometimes I can't access it
|



If you are using any version of Sun Java that is prior to JRE Version 5.0,
then you are strongly urged to remove any/all versions that are prior to JRE
Version 5.0. There are vulnerabilities in them and they are actively being exploited.
It is possible that is how you got infected with malware.

Therefore, it is highly suggested that if there are any prior versions of Sun Java
to Version 5 on the PC that they be removed and Sun Java JRE Version 5.0 Update 6
be installed ASAP.

http://www.java.com/en/download/manual.jsp


For non-viral malware...

Please download, install and update the following software...

* Ad-aware SE v1.06
http://www.lavasoft.de/
http://www.lavasoftusa.com/
http://www.lavasoft.de/ms/index.htm

* SpyBot Search and Destroy v1.4
http://security.kolla.de/
http://www.safer-networking.org/microsoft.en.html

* SuperAntiSpyware
http://www.superantispyware.com/supe...freevspro.html

After the software is updated, I suggest scanning the system in Safe Mode.

I also suggest downloading, installing and updating BHODemon for any Browser Helper Objects
that may be on the PC.

* BHODemon

http://www.majorgeeks.com/downloadge...4332b4b8b8442d

For viral malware...

* Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm

Additional Instructions:
http://pcdid.com/Multi_AV.htm


* * * Please report back your results * * *


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

I've seen nothing that says:
http://www.amaena.com/ as part of a URL
or beagle virus
-David

"Bruce Chambers" wrote:

dgreene1227 wrote:
Have run spybot, have reinstalled xp service pack 2 all to no avail, HELP.


What specific kind of pop-ups are you seeing? There are at least
three varieties of pop-ups, and the solutions vary accordingly.

1) Does the title bar of these pop-ups read "Messenger Service?"

This type of spam has become quite common over the past few years,
and unintentionally serves as a valid security "alert." It demonstrates
that the computer user hasn't been taking sufficient precautions while
connected to the Internet. The user's data probably hasn't been
compromised by these specific advertisements, but if he/she's open to
this exploit, he/she may well be open to other threats, such as the
Blaster Worm that swept across the Internet years ago and the Sasser
Worm that followed shortly thereafter, both of which can still be
contacted. Install and use a decent, properly configured firewall.
(Merely disabling the messenger service, as some people recommend, only
hides the symptom, and does little or nothing to truly secure the
machine.) And ignoring or just "putting up with" the security gap
represented by these messages is particularly foolish.

Messenger Service of Windows
http://support.microsoft.com/default...B;en-us;168893

Messenger Service Window That Contains an Internet Advertisement
Appears
http://support.microsoft.com/?id=330904

Stopping Advertisements with Messenger Service Titles
http://www.microsoft.com/windowsxp/p...e/stopspam.asp

Blocking Ads, Parasites, and Hijackers with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm

Oh, and be especially wary of people who advise the user to do
nothing more than disable the messenger service. Disabling the
messenger service, by itself, is a "head in the sand" approach to
computer security. The real problem is not the messenger service
pop-ups; they're actually providing a useful, if annoying, service by
acting as a security alert. The true problem is the unsecured computer,
and the user's been advised to merely turn off the warnings. How is
this helpful?

2) For regular Internet pop-ups, you might try the free 12Ghosts
Popup-killer from http://12ghosts.com/ghosts/popup.htm, Pop-Up Stopper
from http://www.panicware.com/, or the Google Toolbar from
http://toolbar.google.com/. Alternatively, you can upgrade your WinXP
to SP2, to install IE's pop-up blocker. Another alternative would be
to use another browser, such as Mozilla or Firefox, which has pop-up
blocking capabilities. (But I'd avoid Netscape; it carries too much
extraneous AOL garbage.)

3) To deal with pop-ups caused by any sort of "adware" and/or
"spyware,"such as Gator, Comet Cursors, Xupiter, Bonzai Buddy, or
KaZaA, and their remnants, that you've deliberately (but without
understanding the consequences) installed, two products that are
quite effective (at finding and removing this type of scumware) are
Ad-Aware from www.lavasoft.de and SpyBot Search & Destroy from
www.safer-networking.org/. Both have free versions. It's even
possible to use SpyBot Search & Destroy to "immunize" your system
against most future intrusions. I use both and generally perform
manual scans every week or so to clean out cookies, etc.

Additionally, manual removal instructions for the most common
varieties of scumware are available he

PC Hell Spyware and Adware Removal Help
http://www.pchell.com/support/spyware.shtml

More information and assistance is available at these sites:

Blocking Ads, Parasites, and Hijackers with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm

The Parasite Fight
http://www.aumha.org/a/parasite.htm

Neither adware nor spyware, collectively known as scumware,
magically install themselves on anyone's computer. They are almost
always deliberately installed by the computer's user, as part of some
allegedly "free" service or product.

While there are some unscrupulous malware distributors out there,
who do attempt to install and exploit malware without consent, the
majority of them simply rely upon the intellectual laziness and
gullibility of the average consumer, counting on them to quickly click
past the EULA in his/her haste to get the latest in "free" cutesy
cursors, screensavers, "utilities," and/or wallpapers.

If you were to read the EULAs that accompany, and to which the
computer user must agree before the download/installation of the
"screensaver" continues, most adware and spyware, you'll find that
they _do_ have the consumer's permission to do exactly what they're
doing. In the overwhelming majority of cases, computer users have no
one to blame but themselves.

There are several essential components to computer security: a
knowledgeable and pro-active user, a properly configured firewall,
reliable and up-to-date antivirus software, and the prompt repair (via
patches, hotfixes, or service packs) of any known vulnerabilities.

The weakest link in this "equation" is, of course, the computer
user. No software manufacturer can -- nor should they be expected
to -- protect the computer user from him/herself. All too many people
have bought into the various PC/software manufacturers marketing
claims of easy computing. They believe that their computer should be
no harder to use than a toaster oven; they have neither the
inclination or desire to learn how to safely use their computer. All
too few people keep their antivirus software current, install patches
in a timely manner, or stop to really think about that cutesy link
they're about to click.

Firewalls and anti-virus applications, which should always be used
and should always be running, are important components of "safe hex,"
but they cannot, and should not be expected to, protect the computer
user from him/herself. Ultimately, it is incumbent upon each and
every computer user to learn how to secure his/her own computer.

To learn more about practicing "safe hex," start with these links:

Protect Your PC
http://www.microsoft.com/security/protect/default.asp

Home Computer Security
http://www.cert.org/homeusers/HomeComputerSecurity/

List of Antivirus Software Vendors
http://support.microsoft.com/default...kb;en-us;49500

Home PC Firewall Guide
http://www.firewallguide.com/

Scumware.com
http://www.scumware.com/


--

Bruce Chambers

Help us help you:
http://dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html

They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -Benjamin Franklin

dgreene1227 wrote:
I've seen nothing that says:
http://www.amaena.com/ as part of a URL
or beagle virus


Telling us what you haven't seen isn't going to enable us to provide
any help. You need to describe *exactly* what you are seeing, and under
exactly what circumstances.

No one can help if you don't provide at least a modicum of pertinent
information.

Help us help you:
http://dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html


--

Bruce Chambers

Help us help you:
http://dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html

They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -Benjamin Franklin

From: "Bruce Chambers"

| dgreene1227 wrote:
I've seen nothing that says:
http://www.amaena.com/ as part of a URL
or beagle virus
|
| Telling us what you haven't seen isn't going to enable us to provide
| any help. You need to describe *exactly* what you are seeing, and under
| exactly what circumstances.
|
| No one can help if you don't provide at least a modicum of pertinent
| information.
|
| Help us help you:
| http://dts-l.org/goodpost.htm
| http://www.catb.org/~esr/faqs/smart-questions.html
|

Bruce:

It did rule out the Vundo Trojan/WinFixer problem.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

How do I get to "safe mode"?

"dgreene1227" wrote:

Have run spybot, have reinstalled xp service pack 2 all to no avail, HELP.

From: "dgreene1227"

| How do I get to "safe mode"?
|


For those users having trouble getting into Safe Mode, there is the free BootSafe
application:
http://www.superadblocker.com/bootsafe.html

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Bruce,
As I've said, I turn on the computer. often my displayed photo is not there
anymore and I have to go to control panel to put it back. eventually, though
offline advertisement popups appear, one right after another, most of them
spy remover types like ad aware, windows antivirus, spy sheriff, but also ms
internet explorer provided by verizon ( a particularly difficult one to get
rid of). I've run spy bot about 9 times and I've reinstalled xp service pak
2 twice to no avail. The afdvert pop-ups continue and often freeze my
machine.

"dgreene1227" wrote:

Have run spybot, have reinstalled xp service pack 2 all to no avail, HELP.

also, when I run spy bot it seems the two most pervasive spies are "command
service" and "network monitor", neither of which can be removed from the
system

"dgreene1227" wrote:

Have run spybot, have reinstalled xp service pack 2 all to no avail, HELP.

there's nothing that states "messenger service"

"dgreene1227" wrote:

Have run spybot, have reinstalled xp service pack 2 all to no avail, HELP.

David H. Lipman wrote:


Bruce:

It did rule out the Vundo Trojan/WinFixer problem.



Good point. One down, several hundred thousand possibilities
remaining.... ;-}


--

Bruce Chambers

Help us help you:
http://dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html

They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -Benjamin Franklin