popups in safe mode, cause unknown

Discussion in 'Malware Help (A Specialist Will Reply)' started by DCTJCF, Jan 8, 2006.

  1. DCTJCF

    DCTJCF Private E-2

    I was attempting to repair a friends system, and it just has me baffled. First, the person has full adaware SE + norton + adwatch +uses firefox + thunderbird on my recomendation, since it makes things a good deal safer usually. I updated all of them, rebooted into safe mode, ran all of them, and they all came back clean! Now, the popups seem to have a rand function. Approx once a minute it will do one of four things (and yes, it does it in safe mode)
    1. Nothing
    2. Popup an add from a random website for a $50 pop-up removal app (I can't recall the apps name atm)
    3. Popup a Flash add
    4. Popup an add from a seemingly random website, but ALWAYS ending in yyy65.html for the address. I've seen it pull up at least 50 different sites while I was trying to sort it out.

    I ran Hi-rack this, system was clean as a whistle, or so HJT showed it, no strange anything, and I even went through the whole list and verified each file/setting on it's as being legit by either knowledge from doing this all the time or tracking the file down and comparing it with a known good version on my home XP laptop. Checking all the services in the administrative tools shows nothing amiss, same with looking in msconfig just for sh*ts and giggles. The system is a XP Home HP box, and seems in perfect condition expect for that, and the **** things just keep coming and coming. I don't have access to the box again until monday, but I am clueless where to find whatever is doing this. Any and all advice would be welcome.

    (Note: removing the flash DPF stoped the flash adds, but instead it would popup blank IE windows asking to download the flash component each time a flash one would have otherwise shown)

    Ty

    Clueless in NE
     
    DCTJCF, Jan 8, 2006
    #1
  2. Shadow_Puter_Dude

    Shadow_Puter_Dude MG Authorized Malware Fighter

    Welcome to MajorGeeks.com, please follow the steps below:

    - Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
    • Make sure you check version numbers and get all updates.
    After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis:

    Downloading, Installing, and Running HijackThis
     
    Shadow_Puter_Dude, Jan 8, 2006
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds