Can't find Spyware

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi

I keep getting *lots* of pop-ups but all the spycheckers I use don't find
anything. Any ideas how I can find it?

I have Norton AV 2005, Microsoft AntiSpyware beta, Ad-Aware SE Professional,
and SpyBot - Search & Destroy.

Please help! I can't face doing a fresh Windows install but these pop-ups
are driving me mad!

Cheers
James
 
Hi James,

MSAS is an antispyware app, NOT a pop-up blocker, NOR an AV app

Block Pop-up Windows with Internet Explorer

Prevent most pop-up windows from appearing over pages you want to view while
you’re using the Internet.
http://www.microsoft.com/windowsxp/using/web/sp2_popupblocker.mspx

http://www.find.fm/search.php?keyword=popup

A good firewall will also include pop-up blocking capªbilities.

http://www.mvps.org/winhelp2002/nopopups.htm

http://www.accs-net.com/hosts/DNSKong.html

http://accs-net.com/hosts/

Good luck

Engel
 
Hi Engel

Pop-ups are blocked in IE and I also have the Google toolbar installed that
has blocked 909 pop-ups to date. This is spyware.

Cheers
James
 
Hi again,

This is a AndyM or Ron Kinner case beacuse I cannot find any good advice
within any forum without using HijackThis and to be carefully guided.
Get HijackThis.exe from
http://tomcoyote.org/hjt/hjt199//HijackThis.exe

http://computercops.biz/HijackThis.html

Save it to C:\hjt (new folder) then Open it and select Scan and Save Log.
Note where you saved the log then send it to him as an attachment. Put
Hijack in the subject so he'll know it's not spªm.

Alternatively you can post it on the Dell Forum ªt:

http://forums.us.dell.com/supportforums/board?board.id=si_hijack

(if it wraps you can go tº:

http://tinyurl.com/ckuzq instead.)

Put Ron in the subject so he will see it. You do not need to have a Dell to
post but you will need to register.

Ron Kinner
Microsoft MVP 2004 & 2005
(e-mail address removed)

Dave M found this, have a look:
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction

http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Overview

http://wiki.castlecops.com/Malware_Prevention:_Prevent_Re-infection

http://wiki.castlecops.com/Roll_your_own_Free_Security_Suite

OR

http://aumha.org/a/parasite.htm

Good luck

Engel
 
What kind of pop-ups? I had a lot of those today and messages that my pc was
infected. The problems where: mssearchnet.exe, nvctrl.exe and mscornet.exe. I
took me 4 hour to clean it all :(
 
See, that's just the problem - I can't clean it. NOTHING finds it. Nearly all
the ads are on a gambling theme, which is unsurprising as I write gambling
software for a living so I visit many related sites. The *ucker doesn't show
as being memory resident so I'm guessing it has some kind of timer delay or
is very well cloaked.

Cassava is the main advertiser, and there are some little ones that claim
something on the lines of "This ad is not brought to you by the site you are
visiting"

Just to really take the p*ss, some of the ads say "Your computer is
infected! - click here to buy the removal tool." It's like driving people
down in the street and saying "it's ok, I'm a doctor"

Ingenuity - where will it all end?
 
Hi

Many thanks for the advice. I'll hijack tomoz and post accordingly. If the
guys who coded this got proper jobs they'd be rich by now. On t'other hand,
it's capitalism driving this so perhaps they're rich already. Bah humbug.

;-) James
 
James said:
See, that's just the problem - I can't clean it. NOTHING finds it. Nearly all
the ads are on a gambling theme, which is unsurprising as I write gambling
software for a living so I visit many related sites. The *ucker doesn't show
as being memory resident so I'm guessing it has some kind of timer delay or
is very well cloaked.

Cassava is the main advertiser, and there are some little ones that claim
something on the lines of "This ad is not brought to you by the site you are
visiting"

Just to really take the p*ss, some of the ads say "Your computer is
infected! - click here to buy the removal tool." It's like driving people
down in the street and saying "it's ok, I'm a doctor"

Ingenuity - where will it all end?
Click to expand...

Here's something new to try that may give you an insight:
http://www.dslreports.com/forum/remark,14984832

Bob Vanderveen
 
I have not looked at the other responses to your post. At some point, McAfee
pointed me to SecureIE from Winferno [partnered with, at least for a while].
It appears to be a browser shell [using IE6.x as an engine] allowing multiple
window management and MUCH finer security controls [especially under XP; ME
is OK, but not as good]. I will try to put together a 'review' sometime, but
maybe take a look. I only get pop-ups while using SecureIE if I am VERY
casual in responding to warnings. [I also have MS AntiSpy beta, AdAware SE
<personal> and SpyBot. I may switch to Symantec from McAfee.]

Good luck. Peace - Hesch
 
MS AntiSpy, Ad-Aware & NAV2005 didn't find it. I used XoftSpy. That did find
it, but couldn't remove every files. I manually removed:
c:\windows\system32\mssearchnet.exe (which is memory resident by the way)
c:\windows\system32\nctrl.exe
c:\windows\system32\mscornet.exe
and a lot of *.tmp c:\windows\system32
remove registry key software\microsoft\currentversion\explorer\browser
helper ojecta
and value's:
software\microsoft\currentversion\policies\explorer\run\wininiet.deel
software\microsoft\currentversion\policies\explorer\run\kernel32.dll
software\microsoft\currentversion\policies\explorer\run\nvctrl.exe
and I removed a browser helper object which called the *.tmp

Succes
 
Back
Top