Author Topic: Attack of the pop up monster (Read 4719 times)

Lennyjoe · « **on:** January 06, 2006, 08:20:07 PM »

Help me please. I'm getting ate up by friggin pop ups and cant stop them. Have ran Webroot Spy-Sweeper and Ad-Aware and they are still coming in. Removed Miram toolbar that I found on my puter too.

This *expletive deleted*it is getting out of hand.

cosine · « **Reply #1 on:** January 06, 2006, 08:41:05 PM »

Well, I wouldn't know what to do, (I just run my anti-virus and anti-spyware programs regularly and follow safe browsing habits) but hop over here http://www.spywarewarrior.com/index.php and ask for some help. I've lurked there, and they seem to have some great and knowledgeable spyware/adware experts.

Fjolnirsson · « **Reply #2 on:** January 06, 2006, 09:07:12 PM »

What browser do you use? When I switched from Internet explorer to Firefox, I eliminated popup problems for a good long time. even a year later, I seldom get any.

cosine · « **Reply #3 on:** January 06, 2006, 09:11:48 PM »

I've always used IE, and never have had any problem. Lennyjoe, are you getting these popups all the time, not just when your browsing the Internet? If you are, then you've got malicious software already installed on your computer. Wander over to the link I provided and ask some questions. If it is happening when you browse the Internet, see if your popup blocker is on/set high enough. Or, consider switching browsers. Firefox is good.

Lennyjoe · « **Reply #4 on:** January 06, 2006, 09:12:28 PM »

IE SP1. I never had this problem until today. I'm running Spyware doctor right now. So far it has found 695 infections and wants me to reboot in safe mode to view the ignore list. Something about E2Give program or something. I think I got some malware somewhere. Just got to find it. Ughh!

It is popping up even when your not on the internet. Thats whats got me to believe its a malicious attack of some sort.

cosine · « **Reply #5 on:** January 06, 2006, 09:22:58 PM »

You need to get SP2. I'm almost positive you've got some sort of malware. But firstly, when you go to work on/remove this type of junk, you should start in safe mode. You won't be able to access the Internet in safe mode, so if you need anti-spyware or anti-virus definitions updated or any type of help/instructions about what to do get them before you restart you computer in safe mode.

Nathaniel Firethorn · « **Reply #6 on:** January 07, 2006, 02:49:26 AM »

bermbuster · « **Reply #7 on:** January 07, 2006, 04:51:37 AM »

When you get your machine cleaned up change over to Firefox. You will never go back.

http://www.mozilla.com/

Firethorn · « **Reply #8 on:** January 07, 2006, 04:51:40 AM »

Quote from: Lennyjoe

IE SP1. I never had this problem until today. I'm running Spyware doctor right now. So far it has found 695 infections and wants me to reboot in safe mode to view the ignore list. Something about E2Give program or something. I think I got some malware somewhere. Just got to find it. Ughh!

It is popping up even when your not on the internet. Thats whats got me to believe its a malicious attack of some sort.

I've had to boot computers into safe mode to remove malicious adware before. Do the popups occur even when you aren't surfing?

Ben · « **Reply #9 on:** January 07, 2006, 06:24:10 AM »

Sorry to be the downer here, and you may yet be able to fix this, but I had this happen to a laptop at work about half a year ago (I'm ordered to give laptop users admin rights -blech). I can't recall the malware anymore, but after I discovered it, my spyware removal programs would not remove it. I went to all the internet sites that had manual removal instructions, followed them, and no luck. His computer was similar to yours in that he had hundreds of spy/ad/malware programs on it.

My final resolution was to pull all his data files to one of my test machines, scan them all to make sure they were free of bugs, then nuke the laptop and reinstall Windoze and the clean data files. I hope yours doesn't come to that, but in the end it may be the cleanest solution to give you a fresh, malware-free start.

If you use IE (or any browser) make sure it's set to the highest security/privacy settings and that you disallow all third party cookies at the very least. The safest bet is to disallow ALL cookies (and of course pop-ups), then add exceptions for the websites you want to allow in. Somewhat of a hassle to setup, but better than going through what you're going through now. Good luck!

Brad Johnson · « **Reply #10 on:** January 07, 2006, 09:10:53 AM »

I had problems too even though I was using some of the freeware removal tools. I decided to take and plunge and went to a subscription service by Pest Patrol. It has helped immensely.

Brad

Sindawe · « **Reply #11 on:** January 07, 2006, 11:03:25 AM »

I had the same occur on my workstation at work. Various spyware apps did not stop it. I had to do the following. PacerD from Amazon.com was the infection on my box.

1. Go to SysInternals and dl Process Explorer. http://www.sysinternals.com/Utilities/ProcessExplorer.html That allowed me to find and kill the processes spawned by IE that were driving the pop ups.

2. Locate and delete those files that were installed with the addware

3. Cleared out the listing of sites permited to send pop ups. This is under Toos/Internet options, on the privacy tab.

If you're not running a software firewall on you PC that monitors traffice in AND out, get one. I use Kerio (http://www.sunbelt-software.com/Kerio.cfm) at home.

Calumus · « **Reply #12 on:** January 07, 2006, 04:25:30 PM »

The best software firewall I've tried is the free version of sygate that was out just before Symantec bought them. VERY light on system resources, and quite easy to configure. your can still get the "old" free version here http://www.oldversion.com/program.php?n=sygate I would highly recommend it. Cheers,
Shawn

RadioFreeSeaLab · « **Reply #13 on:** January 07, 2006, 08:35:30 PM »

The simple answer is Firefox. I actually banned IE in my offices, too much trouble, not worth it.
http://www.getfirefox.com

Calumus · « **Reply #14 on:** January 07, 2006, 08:42:31 PM »

Quote from: dasmi

The simple answer is Firefox. I actually banned IE in my offices, too much trouble, not worth it.
http://www.getfirefox.com

Once he's gotten all the various malware out of his system most definitly, but give them a few days to sort out the issues they've been having with the newest release (1.5) one way or another IE has to go. The only thing I use it for are windows updates, and anything real-estate related (I have my liscense in NJ) because for some reason none of the real estate related sites will recognise Opera (my main browser used for everything but a few sites) or Firefox. We think its because their programers are actually a bunch of chimps sitting in a garage in south Jersey but that's another story all together

Cheers,
Shawn

Ben · « **Reply #15 on:** January 08, 2006, 07:23:13 AM »

Quote

We think its because their programers are actually a bunch of chimps sitting in a garage in south Jersey but that's another story all together

Huh. I always thought they were a collection of all the people that ever picked on Bill Gates in Junior High an High School, that he had the Microsoft bent-noses find, pick up, and lock in a room as slave labor. The ultimate nerd revenge. Cheesy

Lennyjoe · « **Reply #16 on:** January 08, 2006, 10:40:52 AM »

I think I got it out. Used Spy Doctor and went to safe mode to do additional cleaning. Also, got a notice from Norton that Hacktool virus just tried to get me but was blocked. I'm using Norton Corporate edition for virus/firewall.

I would get pop ups even when the browser was closed. It was driving me nuts but I think I got it now.

Lennyjoe · « **Reply #17 on:** January 08, 2006, 05:43:12 PM »

Nope, looks like Im still screwed. Using the laptop now to download fresh programs to cure the home PC. Wish me luck cause I'm not too educated in this stuff.

Lennyjoe · « **Reply #18 on:** January 08, 2006, 08:17:09 PM »

I found the culprit. Its ngpw36 malware and I'm working on getting it removed.

Zundfolge · « **Reply #19 on:** January 09, 2006, 05:45:58 AM »

Quote from: Lennyjoe

I found the culprit. Its ngpw36 malware and I'm working on getting it removed.

Actually the culprit is a virus made by some geeks in Redmond Washington.

Lennyjoe · « **Reply #20 on:** January 09, 2006, 07:55:50 AM »

Punks!

Felonious Monk/Fignozzle · « **Reply #21 on:** January 09, 2006, 09:33:25 AM »

Lennyjoe,
I can assure you, if you're using MS Anti-spyware, Spybot S&D, and Ad-Aware all with updated defs, you're not going to get any better performance out of a spyware app that you purchase.

Some of these things you have no choice but to back up data, wipe the HDD and reinstall windows & apps.

For some help, you can check the following forums (fora?):
http://forum.networktechs.com/showthread.php?t=1819059447
http://forums.spywareinfo.com/index.php?showtopic=227
http://tankweb.net/Forums.html

Lennyjoe · « **Reply #22 on:** January 09, 2006, 10:55:26 AM »

Funny thing is, nothing picked it up. I use Norton Firewall/Anti-Virus, Webroot Spy Sweeper and Spy Doctor. So far nothing has picked it up but it is showing in the task manager/applications.

Even in safe mode the Spy Doctor isnt showing it neither is Norton with a sweep.

I'm using Hijack This now and am going to post it on spywareinfo.com website so folks can talk me thru changing the registry without killing the machine. We're talking a pretty new shooter here as far as registry workings go here.

Waitone · « **Reply #23 on:** January 09, 2006, 07:57:35 PM »

Get a decent HOSTS file. Host file and switching to Netscape and Firefox killed popup dead. The Hosts file I use is here: www.mvps.org.

Lennyjoe · « **Reply #24 on:** January 10, 2006, 04:55:31 AM »

Interesting. I believe this is the culprit and nothing will pick it up. Even the Microsoft beta.

C:\WINDOWS\SYSTEM32\ngpw40.exe

News:

Author Topic: Attack of the pop up monster (Read 4719 times)

Felonious Monk/Fignozzle