Elusive PopUp source - PLEASE HELP!

Discussion in 'Malware Help (A Specialist Will Reply)' started by bertdog, May 8, 2006.

  1. bertdog

    bertdog Private E-2

    I'm a computer tech that does quite a lot of work on personal computers, particularly malware removal, but this one has me absolutely stumped.

    I have a laptop whose user clicked a link in an AIM message and subsequently received an infection that shut down his Internet connection. Once I got the connection restored, all hell broke loose - popups galore. I spent several days cleaning the machine, but there is still something on there that has proven to be very elusive. I have run AdAware and MS Antivirus, but neither detects anything at this point other than tracking cookies. I have run Housecall and Panda, but again, only cookies. I have cleared temp files, history, and cookies. Nonetheless, when the machine is started, the popups start firing up. up to 15 windows will open at a time, and every 10 minutes or so, another group pops up. The URLS for the popups include, but are not limited to:

    banners.searchingbooth.com
    apply.blinko.com
    adserving.cpxinteractive.com
    www.entrepenuer.com
    www.yourstats.net
    ad.yieldmanager.com
    www.tipany.com
    www.popuptraffic.com
    Red Orbit
    Fun Lotto, Inc.

    And the list goes on. I have run HijackThis, but do not see anything suspicious. Here's the log:

    Edit: all inline logs deleted as I noticed them attached in another thread

    How 'bout it...anything look suspicious to you guys? My rep is at stake here...
     
    Last edited by a moderator: May 8, 2006
    bertdog, May 8, 2006
    #1
  2. bertdog

    bertdog Private E-2

    My apologies for submitting my logs in line on my last post. I didn't read your instructions before posting like I was taught in elementary school.

    I've attached them on this post. Again, my apologies.

    Bert
     

    Attached Files:

    bertdog, May 8, 2006
    #2
  3. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    Hi there :)

    Merged the two threads together with info and scans.
     
    DavidGP, May 8, 2006
    #3
  4. bertdog

    bertdog Private E-2

    Thanks, Halo. Any ideas?
     
    bertdog, May 8, 2006
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You have a bunch of problems.

    You also did not follow the directions in the READ & RUN ME FIRST Before Asking for Support sticky thread which is a requirement before posting HijackThis logs. Had you run them you would have found some of your problems mentioned in the Special Removals procedures sticky. You must run ALL steps in the READ & RUN ME and attach the logs from the two online scanners in step 6. Then do the below before attach a new HJT log.

    Run this Look2Me VX2 Removal and attach the requested log.


    Now attach a new HJT log.

    Question: Why are you running with no antivirus program, no antispyware program, and no firewall! Don't you realize how dangerous this is?
     
    chaslang, May 8, 2006
    #5
  6. bertdog

    bertdog Private E-2

    Here are the Look2Me and HJT logs. Incidentally, after running the Look2Me removal, I restarted and received a new batch of popups, some I haven't yet seen.
     

    Attached Files:

    bertdog, May 10, 2006
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please do what I request in my previous message. You have not run the steps in the READ & RUN ME sticky thread.

    And I repeat my question:
     
    chaslang, May 10, 2006
    #7
  8. bertdog

    bertdog Private E-2

    Chaslang, after following the steps in the READ & RUN ME thread, I think the machine is clean. Once again, I apologize for neglecting to follow all those steps before posting.

    In answer to your question, this machine is not mine, but is running AVG and MS AntiSpyware, and is connected to hardware firewall. AVG is, however, has not been updated, and will prompt a lecture from me to the user.

    Thanks again for the help.

    BC
    **
     
    bertdog, May 13, 2006
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    The HJT log that was posted did not show AVG or MS Antispyware. Did you mean they were just installed now after posting the logs. A software firewall is still a good idea to have even if you do have a hardware firewall.
     
    chaslang, May 13, 2006
    #9
  10. bertdog

    bertdog Private E-2

    I had temporarily disabled AVG and MSAS when I ran HJT.

    Thanks again for the help.

    BC
    **
     
    bertdog, May 15, 2006
    #10
  11. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    chaslang, May 15, 2006
    #11

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds