cannot stop popups from downloading virus's

  • Thread starter Thread starter just wondering
  • Start date Start date
J

just wondering

Hi I am running windoes xp but have (I think a virus)
I have norton and it is up to date.
I also have spybot search and destroy and adaware and popupstopper.
The problem is I keep getting a message from norton that
JS.Exception.exploit has been detected.
Now I know that this means that it stopped it, and that it was probably on a
web page,but i was not surfing at the time.
Then every 1/2 hour or so I get norton detecting a virus, different viruses
usually.
even when i am away from my computer.

So I checked the task manager. Every 15 seconds or so 3 or 4 iexplore
processes start and then are stopped,
by (I assume) my popup blocker.

So... I guessed I had a trojan, double checked norton for updates, updated
spybot and did a system scan.
nothing. How can I find out what program is spawning all these popups?
Is there anywhere I can find a complete list of processes that are part of
xp to compare.
Does this sound familiar to anyone?
any ideas?

thanks in advance.
 
Once you find it, go to a program to stop popups or get a browser like
Opera where you can turn off popups with the F12 key.
 
Nomen said:
Once you find it, go to a program to stop popups or get a browser like
Opera where you can turn off popups with the F12 key.
Click to expand...

Another thing you can do is go to http://www.grc.com and run a couple of
simple scans of your ports + learn there how to disable Windows Messenger
Service and a number of other things. Also go to windows update to patch
your system.
Ensure that you have a running firewall.

Regards,

Sammy Hall, Jr
 
Hi I am running windoes xp but have (I think a virus)
I have norton and it is up to date.
I also have spybot search and destroy and adaware and popupstopper.
The problem is I keep getting a message from norton that
JS.Exception.exploit has been detected.
Now I know that this means that it stopped it, and that it was
probably on a web page,but i was not surfing at the time.
Then every 1/2 hour or so I get norton detecting a virus, different
viruses usually.
even when i am away from my computer.

So I checked the task manager. Every 15 seconds or so 3 or 4 iexplore
processes start and then are stopped,
by (I assume) my popup blocker.

So... I guessed I had a trojan, double checked norton for updates,
updated spybot and did a system scan.
nothing. How can I find out what program is spawning all these popups?
Is there anywhere I can find a complete list of processes that are
part of xp to compare.
Does this sound familiar to anyone?
any ideas?

thanks in advance.
Click to expand...

If you're running XP Pro, you can go to the Administrative Tools/Local
Security Policy\Local Policies\Audit Policy

You can enabled Audit Object Access and Audit Process Tracking

Then you can track what's happening on the machine by using
Administrative Tools/Event/Viewer/Security and double-clicking the event.

Doing that and using Process Explorer (free) should help you track it
down.

XP Home doesn't have the above feature, but Process Explorer should help.

Win 2K has the above feature.

Duane :)
 
Main thing is to get your operating system patched up as soon as possible,
visit the windows update site. Your Outlook Express looks real old! What OS
are you on?
If you really HAVE to use Windows, try a dedicated newsreader program such
as XNEWS, rather that using Outlook Express, it's quicker all the way, and
safer.

Regards,

Sammy Hall, Jr.
 
just wondering said:
Hi I am running windoes xp but have (I think a virus)
Click to expand...

Actually, your problem is probably that you need a security patch for
your system...
I have norton and it is up to date.
I also have spybot search and destroy and adaware and popupstopper.
The problem is I keep getting a message from norton that
JS.Exception.exploit has been detected.
Click to expand...

Assuming NAV is not telling lies about this, then this is not, per se,
a problem _unless_ you do not have an appropriately patched version of
the Microsoft ("Java") Virtual Machine.
Now I know that this means that it stopped it, and that it was probably on a
web page,but i was not surfing at the time.
Then every 1/2 hour or so I get norton detecting a virus, different viruses
usually.
even when i am away from my computer.
Click to expand...

OK -- the "even when I am away from the computer" part is worrying,
particularly if you do not leave an instance of IE running when away
from the machine. If that's the case you most likely have some form of
malware like an "ad clicker" which silently and in the background
visits web pages to push up the the ad impression count so the person
running teh site generates more revenue from pay-per-view and/or click-
through advertisements.
So I checked the task manager. Every 15 seconds or so 3 or 4 iexplore
processes start and then are stopped,
by (I assume) my popup blocker.
Click to expand...

This sounds very much like an ad-clicker...
So... I guessed I had a trojan, double checked norton for updates, updated
spybot and did a system scan.
nothing. How can I find out what program is spawning all these popups?
Click to expand...

You need a good process viewer (i.e. not the standard Windows "Task
List" one) that will show all running tasks _and_ a really good "what
runs at startup" utility. Between these you should be able to fairly
quickly locate the troublesome application(s). Note that more than
one thing may be involved -- if your MSVM is buggy and vulnerable to
the JS.Exception.exploit then all manner of unwanted crud, some of
which may unknown to your AV and anti-spyware, could have been
installed. Also, it is quite common for these things to have two (or
more) components run at startup -- one from a well-known and "obvious"
startup location (such as the Run, RunOnce, RunServices, etc registry
keys) and one (or more) "guardians" running from the much less well-
known startup locations. The latter check to make sure the "main"
copy has not been removed, disabled, etc and "re-install" (and usually
immediately run) it if it has been disabled/deleted/etc.
Is there anywhere I can find a complete list of processes that are part of
xp to compare.
Click to expand...

Nope.

Well, not unless you know exactly what should be running based on your
hardware and software configuration (but then you would not have to
ask... 8-) ).
Does this sound familiar to anyone?
any ideas?
Click to expand...

Yep -- sounds very much like what would be expected from an ad-clicker.
thanks in advance.
Click to expand...

You're welcome...

If you'd like more detailed help, you are welcome to Email me directly
at this address.
 
Back
Top