Guest SS Posted April 30, 2008 Posted April 30, 2008 Hi... Running: WinXP Pro 5.1.2600 SP2 build 2600 with all of the automatic updates. IE6 6.0.2900.2180.xpsp_sp2_gdr.070227-2254IC also with the automatic updates. (Noite...this also happens with Firefox.) This does NOT happen when viewing htm files on my hard drive...only online websites (and not every site...for instance, Sun's Java site seemed immune.) Popups occur randomly...sometimes as straight ads, sometimes as shown in the attached images. (These are shrunk or cropped to keep them small ... and the forst one has red ovals that I added to show the non-full-screen popups.) Sometimes they open an full-screen window...sometimes smaller windows. Here's what I have tried already: I have uninstalled Java 4 and 5 and installed Java 6 (This was suggested in an earlier response to someone else's post). I went into my porcess list and deleted everything that seemed nonessential. Using Tuneup Utilities 2008, I disabled all the unidentifiable start-up files...BUT...the following one kept coming back, so it is high on my suspect list: VDSKEKTH.exe An internet search for VDSKEKTH.exe came up empty. I have scanned my entire computer with McAfee AV and AdAware to no avail. I am open to all suggestions. I will check this newsgroup religiously, but I can also be reached at info@sanderhome.com Thanks. SS Quote
Guest Malke Posted April 30, 2008 Posted April 30, 2008 SS wrote: <span style="color:blue"> > Hi... > > Running: > > WinXP Pro 5.1.2600 SP2 build 2600 with all of the > automatic updates. > > IE6 6.0.2900.2180.xpsp_sp2_gdr.070227-2254IC > also with the automatic updates. > > (Noite...this also happens with Firefox.) > > This does NOT happen when viewing htm files on my > hard drive...only online websites (and not every > site...for instance, Sun's Java site seemed > immune.) > > Popups occur randomly...sometimes as straight ads, > sometimes as shown in the attached images. (These > are shrunk or cropped to keep them small ... and > the forst one has red ovals that I added to show > the non-full-screen popups.)</span> (snippage) Thank you for being thorough but: 1. It would have been simpler to just tell us "AntiSpyware Master" and leave off all the screenshots. 2. Also, next time don't make 4 separate posts about the same subject. AntiSpyware Master is just another rogue antispyware program and your computer is infested. Here is a thread showing how to remove it but if your computer skills are not high (and I'm not saying they aren't - I have no way of knowing whether you have MadSkilz or not) I strongly suggest that you register at BleepingComputer or one of the other specialty forums listed below and get guided help. DO NOT POST HIJACK THIS LOGS IN THE MS NEWSGROUPS. http://www.bleepingcomputer.com/forums/topic143309.html Other specialty malware removal forums: http://aumha.org/downloads/hijackthis.zip http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Merijn http://www.bleepingcomputer.com/forums/ind...showtutorial=42 - another tutorial http://aumha.net/ - Click on the HijackThis forum. Read the announcement and the stickies first . http://www.atribune.org/forums/index.php?showforum=9 http://aumha.net/viewforum.php?f=30 http://www.bleepingcomputer.com/forums/forum22.html http://castlecops.com/forum67.html http://www.dslreports.com/forum/cleanup http://www.cybertechhelp.com/forums/forumdisplay.php?f=25 http://www.geekstogo.com/forum/Malware_Rem...o_Here-f37.html http://gladiator-antivirus.com/forum/index.php?showforum=170 http://spywarewarrior.com/viewforum.php?f=5 Choose one, register and read its posting FAQ. You will generally be asked to: 1. Download and execute HiJack This! (HJT) - http://www.trendsecure.com/portal/en-US/th.../HJTInstall.exe 2. Disable Notepad's word wrap - In Notepad.exe; Format --> uncheck; "Word wrap" 3. Download/run Deckard's System Scanner - http://www.techsupportforum.com/sectools/Deckard/dss.exe 4. Save the scan results (Main.txt and Extra.txt) 5. And then post the contents of Main.txt and Extra.txt in your post at the forum you chose. DO NOT POST LOGS IN THE MS NEWSGROUPS. Standard disclaimer: I can't see and test your computer myself, so these are just suggestions based on many years of being a professional computer tech; suggestions based on what you've written. You should not take my suggestions as a definitive diagnosis. If you can't do the work yourself (and there is no shame in admitting this isn't your cup of tea), take the machine to a professional computer repair shop (not your local equivalent of BigComputerStore/GeekSquad). Please be aware that not all local shops are skilled at removing malware and even if they are, your computer may be so infested that Windows will need to be clean-installed. If possible, have all your data backed up before you take the machine into a shop. Malke -- MS-MVP Elephant Boy Computers www.elephantboycomputers.com Don't Panic! Quote
Guest SS Posted May 1, 2008 Posted May 1, 2008 Re: Help... Mystery Popup Virus?? (0/1) Thank you...it worked! On Wed, 30 Apr 2008 07:27:21 -0700, Malke <malke@invalid.invalid> wrote: <span style="color:blue"> > >http://www.bleepingcomputer.com/forums/topic143309.html ></span> The above seems to have worked! It was actually quite easy -- though the full scan by SuperAntiSpyware took hours and hours. Thank you so much...and sorry about the image posts...I'll try to remember that in the future. SS Quote
Guest David H. Lipman Posted May 2, 2008 Posted May 2, 2008 Re: Help... Mystery Popup Virus?? (0/1) Thank you...it worked! From: "SS" <scooby@doo.com> | On Wed, 30 Apr 2008 07:27:21 -0700, Malke | <malke@invalid.invalid> wrote: <span style="color:blue"><span style="color:green"> >>http://www.bleepingcomputer.com/forums/topic143309.html</span></span> | The above seems to have worked! | It was actually quite easy -- though the full scan | by SuperAntiSpyware took hours and hours. | Thank you so much...and sorry about the image | posts...I'll try to remember that in the future. | SS There was nothing wrong with the "image posts". -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp Quote
Guest Malke Posted May 2, 2008 Posted May 2, 2008 Re: Help... Mystery Popup Virus?? (0/1) Thank you...it worked! SS wrote: <span style="color:blue"> > On Wed, 30 Apr 2008 07:27:21 -0700, Malke > <malke@invalid.invalid> wrote: > > <span style="color:green"> >> >>http://www.bleepingcomputer.com/forums/topic143309.html >></span> > > The above seems to have worked! > > It was actually quite easy -- though the full scan > by SuperAntiSpyware took hours and hours. > > Thank you so much...and sorry about the image > posts...I'll try to remember that in the future.</span> I'm very glad that worked for you. As David Lipman said, there was nothing wrong with posting a link to an image; it was the three separate posts I wasn't crazy about. But no harm, no foul. ;-) Thanks for taking the time to let us know everything is resolved. Malke -- MS-MVP Elephant Boy Computers www.elephantboycomputers.com Don't Panic! Quote
Guest SS Posted May 2, 2008 Posted May 2, 2008 Re: Help... Mystery Popup Virus?? (0/1) Thank you...it worked! - No it didn't! It's back. <span style="color:blue"><span style="color:green"><span style="color:darkred"> >>></span> >> >> The above seems to have worked! >> >> It was actually quite easy -- though the full scan >> by SuperAntiSpyware took hours and hours. >> </span></span> I can't believe it. Now it's popping up a window every now and then that tries to go to: 85.12.43.69 (but my browser won't go there...get the usual error when you can't access a site.) It even does that when I am not browsing. I'm going to turn off AIM and my weather bot to see if that helps) Also...my browser is running really slow, and can't seem to go certain places. Ugghhh!!! I'll try that procedure again and see what happens. Quote
Guest pcbutts1 [MS MVP] Posted May 2, 2008 Posted May 2, 2008 Re: Help... Mystery Popup Virus?? (0/1) Thank you...it worked! - No it didn't! It's back. Use my free Remove-it software, it will remove that malware from your system. Download it here http://pcbutts1.com/downloads/tools/tools.htm -- Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads The list grows. Leythos the stalker http://www.leythosthestalker.com, David H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz, Beauregard T. Shagnasty,Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell "SS" <scooby@doo.com> wrote in message news:ce3m14djdifrp58dp3u5lojjmtqlqi3ij6@4ax.com...<span style="color:blue"> ><span style="color:green"><span style="color:darkred"> >>>> >>> >>> The above seems to have worked! >>> >>> It was actually quite easy -- though the full scan >>> by SuperAntiSpyware took hours and hours. >>></span></span> > > I can't believe it. Now it's popping up a window > every now and then that tries to go to: > 85.12.43.69 > > (but my browser won't go there...get the usual > error when you can't access a site.) > > It even does that when I am not browsing. > I'm going to turn off AIM and my weather bot to > see if that helps) > > Also...my browser is running really slow, and > can't seem to go certain places. > > Ugghhh!!! > > I'll try that procedure again and see what > happens. </span> Quote
Guest Malke Posted May 2, 2008 Posted May 2, 2008 Re: Help... Mystery Popup Virus?? (0/1) Thank you...it worked! - No it didn't! It's back. SS wrote: <span style="color:blue"> > I can't believe it. Now it's popping up a window > every now and then that tries to go to: > 85.12.43.69 > > (but my browser won't go there...get the usual > error when you can't access a site.) > > It even does that when I am not browsing. > I'm going to turn off AIM and my weather bot to > see if that helps) > > Also...my browser is running really slow, and > can't seem to go certain places. > > Ugghhh!!! > > I'll try that procedure again and see what > happens.</span> I can easily believe it since I deal with this sort of thing every day. A lot of the current crop of malware variants are extremely hard to remove, respawning, using rootkits, etc. Instead of going through the procedure at the link again, I strongly suggest that you register at BleepingComputer or one of the other specialty forums and get guided help. A program was suggested by another poster in this thread that I cannot recommend. The program may work but is hosted on a site that also hosts pr0n. Draw your own conclusions from that. Here is the information about the specialty forums again for your convenience: http://aumha.org/downloads/hijackthis.zip http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Merijn http://www.bleepingcomputer.com/forums/ind...showtutorial=42 - another tutorial http://aumha.net/ - Click on the HijackThis forum. Read the announcement and the stickies first . http://www.atribune.org/forums/index.php?showforum=9 http://aumha.net/viewforum.php?f=30 http://www.bleepingcomputer.com/forums/forum22.html http://castlecops.com/forum67.html http://www.dslreports.com/forum/cleanup http://www.cybertechhelp.com/forums/forumdisplay.php?f=25 http://www.geekstogo.com/forum/Malware_Rem...o_Here-f37.html http://gladiator-antivirus.com/forum/index.php?showforum=170 http://spywarewarrior.com/viewforum.php?f=5 Choose one, register and read its posting FAQ. You will generally be asked to: 1. Download and execute HiJack This! (HJT) - http://www.trendsecure.com/portal/en-US/th.../HJTInstall.exe 2. Disable Notepad's word wrap - In Notepad.exe; Format --> uncheck; "Word wrap" 3. Download/run Deckard's System Scanner - http://www.techsupportforum.com/sectools/Deckard/dss.exe 4. Save the scan results (Main.txt and Extra.txt) 5. And then post the contents of Main.txt and Extra.txt in your post at the forum you chose. DO NOT POST LOGS IN THE MS NEWSGROUPS. Malke -- MS-MVP Elephant Boy Computers www.elephantboycomputers.com Don't Panic! Quote
Guest pcbutts1 [MS MVP] Posted May 2, 2008 Posted May 2, 2008 Re: Help... Mystery Popup Virus?? (0/1) Thank you...it worked! - No it didn't! It's back. I don't host porn, why do you believe trolls. -- Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads The list grows. Leythos the stalker http://www.leythosthestalker.com, David H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz, Beauregard T. Shagnasty,Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell "Malke" <malke@invalid.invalid> wrote in message news:e2knc3FrIHA.3616@TK2MSFTNGP06.phx.gbl...<span style="color:blue"> > SS wrote: > ><span style="color:green"> >> I can't believe it. Now it's popping up a window >> every now and then that tries to go to: >> 85.12.43.69 >> >> (but my browser won't go there...get the usual >> error when you can't access a site.) >> >> It even does that when I am not browsing. >> I'm going to turn off AIM and my weather bot to >> see if that helps) >> >> Also...my browser is running really slow, and >> can't seem to go certain places. >> >> Ugghhh!!! >> >> I'll try that procedure again and see what >> happens.</span> > > I can easily believe it since I deal with this sort of thing every day. A > lot of the current crop of malware variants are extremely hard to remove, > respawning, using rootkits, etc. Instead of going through the procedure at > the link again, I strongly suggest that you register at BleepingComputer > or > one of the other specialty forums and get guided help. A program was > suggested by another poster in this thread that I cannot recommend. The > program may work but is hosted on a site that also hosts pr0n. Draw your > own conclusions from that. > > Here is the information about the specialty forums again for your > convenience: > > http://aumha.org/downloads/hijackthis.zip > http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Merijn > http://www.bleepingcomputer.com/forums/ind...showtutorial=42 - another > tutorial > http://aumha.net/ - Click on the HijackThis forum. Read the announcement > and > the stickies first . > http://www.atribune.org/forums/index.php?showforum=9 > http://aumha.net/viewforum.php?f=30 > http://www.bleepingcomputer.com/forums/forum22.html > http://castlecops.com/forum67.html > http://www.dslreports.com/forum/cleanup > http://www.cybertechhelp.com/forums/forumdisplay.php?f=25 > http://www.geekstogo.com/forum/Malware_Rem...o_Here-f37.html > http://gladiator-antivirus.com/forum/index.php?showforum=170 > http://spywarewarrior.com/viewforum.php?f=5 > > Choose one, register and read its posting FAQ. You will generally be asked > to: > > 1. Download and execute HiJack This! (HJT) - > http://www.trendsecure.com/portal/en-US/th.../HJTInstall.exe > > 2. Disable Notepad's word wrap - In Notepad.exe; Format --> uncheck; > "Word > wrap" > > 3. Download/run Deckard's System Scanner - > http://www.techsupportforum.com/sectools/Deckard/dss.exe > > 4. Save the scan results (Main.txt and Extra.txt) > > 5. And then post the contents of Main.txt and Extra.txt in your post at > the > forum you chose. DO NOT POST LOGS IN THE MS NEWSGROUPS. > > Malke > -- > MS-MVP > Elephant Boy Computers > www.elephantboycomputers.com > Don't Panic! </span> Quote
Guest Leythos Posted May 2, 2008 Posted May 2, 2008 Re: Help... Mystery Popup Virus?? (0/1) Thank you...it worked! - No it didn't! It's back. In article <7OHSj.667$17.1@newssvr22.news.prodigy.net>, pcbutts1 @leythosthestalker.com says...<span style="color:blue"> > I don't host porn, why do you believe trolls.</span> What do you call the pictures you have posted links to that are on the same site you link to in these groups? The link info can be found in my sig, and it's clearly filthy porn. Yea, you may have renamed it or moved it, but all of us older residents know you had it there and you were PROUD of it, boasted about it, and you plastered those links all over Usenet. -- Leythos - spam999free@rrohio.com (remove 999 to email me) Fight exposing kids to porn, complain about sites like PCBUTTS 1.COM that create filth and put it on the web for any kid to see: Just take a look at some of the FILTH he's created and put on his website: http://forums.speedguide.net/archive/index.php/t-223485.html all exposed to children (the link I've include does not directly display his filth). You can find the same information by googling for 'PCBUTTS1' and 'exposed to kids'. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.