Microsoft Popups

[cowgirlway1]

Ok, first let me say that I know as much about a computer as I do a car. I turn it on and expect it to work. So please don't start talking cyber speak to me because I'm lost. Explain things to me like I'm 5 years old. I am a creative writer. I have this problem that is driving me crazy...microsoft popups that overlap and overlap and overlap. I can't work at all and sometimes, it just freezes up and nothing will clear it but to turn it off at the source. How can I rid myself of these annoyances?

[SuPerNoVi]

Are you talking about using the internet explorer
or
using microsoft word?

If your using microsoft word, do you have the internet loaded up whilst you are working, if so leave it closed when using word.
Secondly sound like you might have a trojan, whats a trojan you ask?
Well in your case it infects your system and opens pop ups randomly using internet explorer, but generally you have to be using internet explorer to get this problem.

So a bit more information would be helpfull what exactly is poping up and what is it poping up from?

[jgvernonco]

Hi, Cowgirl,

I moved yourthread over here so that we could watch it. It's probably an "infection problem.

Please follow the directions below, then tell us how your problem is.

Please download Ad-aware SE and install it if you don't have it already. Make sure it's the newest version and check for any updates before running it. Go to this site to get the plug-in for fixing VX2 variants. To run this tool, go into Ad-aware->Add-ons and select VX2 Cleaner. Then click Run Tool and OK to start it. If it's clean, it will say Status System Clean. Otherwise, you will have to click on the Clean button to remove the VX2 infection. Also make sure to customize the settings in Ad-aware for better scan results. Run the scan and fix everything that it finds.

Run an online virus scan at TrendMicro or RAV Antivirus. Select the Autoclean option if you use TrendMicro.

[cowgirlway1]

Quote:

Originally Posted by jgvernonco

Hi, Cowgirl,

I moved yourthread over here so that we could watch it. It's probably an "infection problem.

Please follow the directions below, then tell us how your problem is.

Please download Ad-aware SE and install it if you don't have it already. Make sure it's the newest version and check for any updates before running it. Go to this site to get the plug-in for fixing VX2 variants. To run this tool, go into Ad-aware->Add-ons and select VX2 Cleaner. Then click Run Tool and OK to start it. If it's clean, it will say Status System Clean. Otherwise, you will have to click on the Clean button to remove the VX2 infection. Also make sure to customize the settings in Ad-aware for better scan results. Run the scan and fix everything that it finds.

Run an online virus scan at TrendMicro or RAV Antivirus. Select the Autoclean option if you use TrendMicro.

Hi.
Ok, now the dummy questions begin. Is Ad-aware SE something that you go to Best Buy and obtain or is it readily available on the internet?

I can be typing an e-mail, or surfing a site, and am plagued. I have not taken notice if this occurs while in Word also but will definitely find out.

[Horse]

Adaware SE is a free program that is available on the internet. Click the link as indicated by jg and follow all the instructions in his post.

[Detah]

AdAware is download only. You will not find it at BestBuy. Just follow jg's instructions for downloading. That is, click on the 'Ad-Aware' link that he has provided, then follow the 'settings' instructions to configure it properly.

You do not need to 'test' Microsoft Word. The problem lies in Internet Explorer and in your registry. Just follow jg's instructions and we will help you fix everything.

When you have completed his instructions, please post a HiJackThis log. HiJackThis is a diagnostic and repair tool that helps us identify some very basic information about your computer, including OS, internet browser version, and service packs, which helps us to analyze your problem. So please download HiJackThis and post your log. It is important to have the most recent version of HiJackThis. The most current version is v1.98.2.
----------------------------------------------------------------
HijackThis instructions (~157kB)

• Download HiJackThis (written by Merijn Bellekom) from
  http://www.spywareinfo.com/~merijn/downloads.html
  Save HijackThis.exe into its own permanent directory, NOT in a TEMPorary folder or on the DESKTOP. Temporary folders get cleaned out periodically and are often destinations for viruses and spyware. So you don't want it there. If you place HJT on the Desktop, then all of your logs and backups will get spread out over the desktop. That is not efficient. For simplicity, I recommend c:/program files/HJT/
  Important: Close all windows/programs, internet connections and especially internet browsers before scanning and fixing with HJT.
• Doubleclick HijackThis.exe. Config | Misc Tools | Check for update online, save into your permanent directory. If you find a new version, then close HJT. Unzip into permanent directory. Replace file=Yes.
• Doubleclick HijackThis.exe. Press the <Scan> button
  DO NOT FIX ANYTHING YET!! Most of the entries found in a HiJackThis scan are programs/files which are REQUIRED for your computer to operate normally.
• Press the <Save Log> button and save into your HJT folder. Change the file name to HJT 9-22-04a.log or some similar dating nomenclature so you can identify each log
• The log should automatically open in Notepad. If not, open the log file from any text editor (Notepad, MS Word, Word Perfect, etc)
• Copy/paste the results here in this forum and let an expert evaluate it for you.
• Close HiJackThis//

[SuPerNoVi]

Oh i misunderstood i was under the impression it occurs when you are writing.
Sorry well if its when on outlook and internet explorer it is almost certainly spyware.
Do you have a pop up blocker? if not get google toolbar from here http://toolbar.google.com/

I generally recommend not using IE as Mozilla Firefox is a lot better in my opinion and stops nearly all spyware in my experience. I would link for you but you sound like the person who isnt into change, hehe

Ok so once the pop up blocker is installed this should stop a lot of popups but it isnt 100% successful especially when you are infected with spyware.
Download adaware like previously told, it is free and works wonders.
Heres the link to the download http://www.download.com/3000-2144-10...age&tag=button

Install and follow the on screen instructions and scan your computer, when finished. do a restart. I think you should install google toolbar first though.
You hopefully will then solve your problems.

[cowgirlway1]

Thanks everyone for your advise. I can't wait to get back to my home computer to try out the recommendations. Will let you know tomorrow. Thanks again. This is so cool.

[cowgirlway1]

Hi again.
It was nearly impossible to install Ad-aware or attempt HiJack. The popups were coming so fast and furious and overlapping that I couldn't keep ahead of them for long. I did manage to do a scan with Ad-aware, but when I went to plug-ins to fix the variants, there were no plug-ins (yes, it was the latest version). So, I thought I'd just HiJack everything and send it along, but on both programs, I kept getting a popup block that said something to the effect that I was not configured to accept Active X files (something along those lines). It was chaos. I was frustrated and disappointed. Should I just go ahead and purchase a firewall? Will that do it? Really?

[cowgirlway1]

Aside to SuPerNoVi.
Hey. I missed your last recommendation until I printed out everything. I do have blockers. In fact, things used to be alot worse than they are now - I was deluged with porn popups. But AOL gave me step-by-step instructions and I did get rid of absolutely everything but these that say microsoft and there are many, many of those. Should I go ahead and try to evade the popups and try your recommendation or just suck it up and get a firewall?

[Detah]

Let's do this in order.
----------------------------------------------------------------
Manually turn off Popups
Start | Run | type "services.msc" | rightclick Messenger | select Stop. then select Properties | under Startup Type, set to Disabled. OK OK. Reboot.
----------------------------------------------------------------
Now see if you can download and install AdAware. AdAware does a very fine job of cleaning up popup attackers.
----------------------------------------------------------------
Please do not attempt to fix or clean anything with HiJackThis on your own. Most of the items in a HiJackThis scan are required for your operating system to function normally. Only use HiJackThis under the guidance of an expert.
----------------------------------------------------------------
A Firewall technically does not block popups. A firewall's job is to monitor inbound and outbound traffic over all ports (ie. your dialup internet connection, ftp, telnet, etc). I would definitely recommend a firewall to you. But lets get the bugs out of your system first, then I would be glad to tackle the firewall issue with you.

I also want you to download and install Spybot Search & Destroy. Both programs scan your harddrive and remove spyware/adware/malware.

Here are my explicit AdAware and Spybot instructions.
When you are done please post a fresh HiJackThis log.
----------------------------------------------------------------
Here are two essential anti-spyware programs which you should run regularly. Updates for these programs come out weekly. Run them now.

Spybot Search & Destroy instructions (~3.5MB)

• Download Spybot (written by Patrick Kolla). Click <download> from
  http://www.safer-networking.org/
  Save spybotsd13.exe into its own directory, NOT in a TEMPorary folder or on the Desktop.
  I recommend c:/program files/spybot/
• Doubleclick spybotsd13.exe. Make sure to direct the program to install in the c:/program files/spybot/ directory, NOT the default directory.
• Open Spybot from Start | Programs | Spybot | Spybot S&D
• Select <Search for Updates>. Let it install all updates. This is very important!
• Select <Immunize>
• Select <Check for Problems>
• Check all entries that are in RED. Only RED, NOTHING ELSE. For your records, write/print out each item that you have fixed. Date it.
• Select <Fix Selected Problems>
• Close Spybot//

Ad-Aware instructions (2563 kB)

• Download Ad-Aware SE build 1.05 (written by Lavasoft) from
  http://www.lavasoft.de/
  If you have a previous version of AdAware installed, you will be prompted to uninstall or keep the older version during installation. Be sure to choose Uninstall The Previous Version. Save aawsepersonal.exe into its own directory, NOT in a TEMPorary folder or on the Desktop. I recommend c:/program files/Adaware/
• Doubleclick aawsepersonal.exe. Make sure to direct the program to install in the c:/program files/adaware/ directory, NOT the default directory.
• Open AdAware from Start | Programs | Lavasoft | Adaware.
• Select <Check for updates now>, <Proceed>
• Setting adjustments. [[Green = checked]] Click the Gear Icon in the top right corner. New settings:
  
  • By default you begin in the <General> section. The following should be checked:
    
    • Automatically save logfile
    • Automatically quarantine objects prior to removal
    • Safe Mode (always request confirmation)
    • Prompt to update outdated confirmation - change to "7 days"
  • Click <Scanning>
    
    • Check Scan within Archives
    • Select "Select drives & folders to scan", check all of your harddrives. Usually its just c:/, <Proceed>
    • Under Memory & Registry, select all options
  • Click <Advanced>
    
    • Under Shell Integration, select "Move deleted files to Recycle Bin"
    • Under Logfile detail, select all options
  • Click <Defaults>
    
    • Type in the full URL of what you want as your default homepage and search page eg. http://www.google.com
      
  • Click <Tweak>
    
    • Expand Scanning Engine and make sure the following are selected:
      
      • Unload recognized processes during scanning
      • Obtain command line of scanned processes
      • Scan registry for all users instead of current user only
    • Expand Cleaning Engine and make sure the following are selected:
      
      • Always try to unload modules before deletion
      • During removal, unload explorer and IE if necessary
      • Let Windows remove files in use at next reboot
      • Delete quarantined objects after restoring
    • Expand Safety Settings and make sure the following are selected:
      
      • Write-protect system files after repair (Hosts file, etc)
        
• Click <Proceed> | <Start> | select Use custom scanning options | <Next>
• When the scan is finished, rightclick on any entry and choose <Select All Objects>.
• Select <Clean>
• Close Adaware//

[cowgirlway1]

Now that's what I'm talking about!
Step-by-step (thanks).
Will get right on it.

[cowgirlway1]

Hi.
Well, the good news is that my computer is clean...finally. It wasn't anything I did. I finally had to take my CPU to the tech at my job. He cleaned it up for me. He said he had never seen a computer that was as bad as mine - it was loaded with spyware. He recommended that I get Microsoft Service Pack II for Windows and Norton Anti-Virus. I did that.

Here's the bad news. I cannot install Norton because I get this message:
"Windows cannot find NOTEPAD.EXE. This program is needed for opening files of type "Text Document." Type in the executable file to be used instead:
C:\

I have no idea what that means but figured that I would re-install Windows XP and that would put in NOTEPAD.EXE. It didn't. I have gone on-line to Dell and MSN to find the solution to this problem and there doesn't appear to be any mention of what to do if you don't have NOTEPAD.EXE.

Now I still have all the operating disks that came with the Dell. Does anybody know how I can get NOTEPAD.EXE or else what to type in the blank that asks for the executable file to be used instead C:\

The Service Pack II for Windows went on without a glitch, but I want the Norton too which states "you must activate this product within 15 days of installation with the enclosed Product Key, or the product will stop working.

What do I do about this dilemma? And Thanks, everybody has been so great!

[CTSNKY]

Regarding the tech: I recommend posting a new HJT log for us to review. Malware removal can be extremely tricky.

Regarding Notepad: I am attaching a copy of Notepad to this post, put it back into your C:\Windows folder.

Regarding Norton: Where did you get that copy? If you have the CD, follow their prompts for putting in the product key, that should be on the CD jacket, and registering your copy online.

If you got a copy from a friend and don't have a product key, there is a very good, free AV program called AVG at http://www.grisoft.com

[cowgirlway1]

Hi:
Remember I said I wasn't computer savy...What is an HJT Log and how do I go about doing that?

Perhaps I didn't explain it well. The computer is clean of spyware. I have installed Service Package II for Windows (to get the firewall). I purchased the Norton Antivirus from Best Buy. I did all the steps with giving them the product code, etc. BUT during the process while it is attempting to do its thing (after approximately 44,000 files have been scanned) is when I get the message "Windows cannot find NOTEPAD.EXE..."

Thanks so very much for the attachment. I couldn't sleep for worrying about it, so I got up early to check and see if someone had responded. Am going to try Norton again now since I have NOTEPAD. Used most of my Saturday trying to work with this. Will keep you informed.

[cowgirlway1]

YES!
Thank you for NOTEPAD. That's all it took. Now the Norton Ani-Virus is installed and running its scan at this moment. HOWEVER, (nothing is ever simple for me), after reading the accompanying literature, I find on page 11 (IT SHOULD HAVE BEEN ON THE OUTSIDE OF THE BOX), that it does not support AOL e-mail. Well, that's peachy keen. Now what?

[CTSNKY]

AOL should be scanning email for you anyway, so I would not be concerned. Any attachment you open from an AOL email will be scanned by Norton.

Any lingering problems?

[cowgirlway1]

Yes, there is one lingering th