Annoying and constant popup ad HELL!

BigdaddyF · Jul 14, 2004

Have this annoying popup ad that adaware and spybot will not pick up on.

The ad popsup after a random time after I start using IE. Basically the window which is overlayed on the active window and tells you that it discovered a bunch of spyware on the system and points you to 'http://www.spyware-removers.org/protect.htm'.

From what I can see, a xxxx.dat file is downloaded into the /windows/temp/ directory and executed from there. The name of the 43k dat file seems to be different or randomly generated. Also the content of the popup is different, especially it senses the url of what you are looking at and it includes it in the popup ad. ie, if you were on www.microsoft.com, the popup message appears to have come from microsoft.

The only way to get rid of this problem is to delete the file. Another workaround is to disable active scripting on IE security settings, but that causes most websites to incorrectly load or not load at all.

I would like to know...there must be some program residing on the computer somewhere that is pulling the file and running it.

this is the view source of the overlay

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Untitled Document</title>
<style type="text/css">

</style>
</head>

<body>
<table width="410" height="304" border="0" cellpadding="0" cellspacing="0" bgcolor="#000000" onClick="window.open('http://www.spyware-removers.org/protect.htm','_top')" style="cursor:hand">
<tr bgcolor="#FF0000">
<td width="7" height="19" bgcolor="#000000">&nbsp;</td>
<td colspan="2" bgcolor="#000000">&nbsp;</td>
<td width="10" bgcolor="#000000">&nbsp;</td>
</tr>
<tr>
<td rowspan="3" bgcolor="#000000">&nbsp;</td>
<td height="26" colspan="2" ID="header_td"><div align="center" class="style6 style7" id="header_div">
System scan in progress...
</div></td>
<td rowspan="3" bgcolor="#000000">&nbsp;</td>
</tr>
<tr>
<td width="97" height="26"><div align="left" class="style8">Progress:</div></td>
<td width="296"><div class="style11" id="progress_div" align="left">&nbsp;</div></td>
</tr>
<tr>
<td height="57" colspan="2" valign="top"><hr>
<span class="style5"><strong>System security scanner </strong> has detected following threats on your computer:</span>
</td>
</tr>
<tr>
<td height="135" rowspan="3" bgcolor="#000000">&nbsp;</td>
<td height="109" colspan="2" valign="top"><span class="style12" id="results_span"></span>
<br>
<center></center></td>
<td rowspan="3" bgcolor="#000000">&nbsp;</td>
</tr>
<tr>
<td colspan="2"><div align="center"><span class="style14" id="flashing_span" style="visibility:hidden">Security risc level: Critical !!! </span></div></td>
</tr>
<tr>
<td colspan="2"><span class="style10" id="ad_span1" style="visibility:hidden"> is recommending you to install one of the threats-eliminators, to avoid your system security risk and eliminate all threats !!! [Click here to get one]</span></td>
</tr>
<tr bgcolor="#FF0000" height="19">
<td height="19" bgcolor="#000000">&nbsp;</td>
<td colspan="2" bgcolor="#000000">&nbsp;</td>
<td bgcolor="#000000">&nbsp;</td>
</tr>
</table>
<script language="jscript">
var c=0;
var iid=0;
var maxIter=70;
var currentIter=0;
function DoFlash()
{
if (c==0)
{
document.all.flashing_span.style.visibility="hidden";
c=1;
}else
{
document.all.flashing_span.style.visibility="visible";
c=0;
}
}
function DoScan()
{
if (currentIter<maxIter)
{
currentIter++;
var strWr="";
var i=0;
for (i=0;i<currentIter;i++)
{
strWr+="|";
}
document.all.progress_div.innerHTML=strWr;
if (currentIter==10)
{
document.all.results_span.innerHTML+="DialerActiveX/AllInOne, ";
}
if (currentIter==15)
{
document.all.results_span.innerHTML+="InetSpeak/Iexplorr/A, ";
}
if (currentIter==20)
{
document.all.results_span.innerHTML+="OnlineDialer/MaConnect, ";
}
if (currentIter==25)
{
document.all.results_span.innerHTML+="XDialer/XDial, ";
}
if (currentIter==30)
{
document.all.results_span.innerHTML+="Trojan.InternetOptimizer, ";
}
if (currentIter==35)
{
document.all.results_span.innerHTML+="ezCyberSearch, ";
}
if (currentIter==40)
{
document.all.results_span.innerHTML+="Gator/PDP/3061, ";
}
if (currentIter==45)
{
document.all.results_span.innerHTML+="Trojan.AdPopper, ";
}
if (currentIter==50)
{
document.all.results_span.innerHTML+="HuntBar/TS, ";
}
if (currentIter==55)
{
document.all.results_span.innerHTML+="ACXInstall, ";
}
if (currentIter==57)
{
document.all.results_span.innerHTML+="BrowserAid, ";
}
if (currentIter==60)
{
document.all.results_span.innerHTML+="Trojan.AdPopper.gen3";
}
}
else
{
window.clearInterval(iid);
document.all.progress_div.innerHTML="Finished, 12 threats located";
document.all.header_div.innerHTML="System scan finished";
document.all.ad_span1.style.visibility="visible";
document.all.flashing_span.style.visibility="visible";
window.setInterval("DoFlash()",300);
}
}
iid=window.setInterval("DoScan()",30);
//window.setInterval("DoFlash()",300);
</script>
</body>
</html>

mechBgon · Jul 14, 2004

Can you fill us in on:

Your version of Windows (XP Home, XP Pro, ME, 98, 2000?)
Your IE version
Whether your IE/Windows is all patched up (about 7 new patches came out today at Windows Update, by the way)
What antivirus software you've got, and is it up-to-date
Do you have a hardware firewall like a cable/DSL router?
Do you have a software firewall?
Who else uses the computer besides you?

You might give the free online antivirus scans and port scan a try, see the links in my signature for a couple. I'd also disable System Restore to eliminate the possibility of Windows restoring any bad stuff, and check out what's in your system's startup routine by using Start > Run > msconfig or using Spybot S&D 1.3's Mode > Advanced, then Tools > System Startup. That might give some clues.

Also check out the stickied thread at the top of the Software forum for more antispyware goodies Worst-case scenario, it's nothing a reformat won't fix :evil:

newbiepcuser · Jul 14, 2004

After you get this fix, you might try alternative browser like firefox. I'm using it right now and its pretty nice. Blocks pop ups too.

JustAnAverageGuy · Jul 14, 2004

Obviously you should update your definitions for Spybot and Adaware, but one of these may help you as well.

CWShredder

HijackThis. WARNING NOT ALL ENTRIES ARE BAD! USE WITH CAUTION

I recommend you try switching to Firefox as well.

AVG should help eliminate some of the problem as well.

Click on the next button (very bottom) on the Get AVG FREE page. All you need is a valid email.

adubz1 · Jul 14, 2004

Try this software @ www.webroot.com. The software is called SpySweeper and it works great. I've used other software and I think they're all garbage. Download the trial version and after install update the definitions when it asks you. Then do a full system scan, and it will remove practically everything that has infected your computer spyware wise. Let me know??

AL

Harvey · Jul 14, 2004

Check Schadenfroh's Spyware FAQ thread in the Software forum.

Get Mozilla or Netscape 7.1 (based on Mozilla 1.3). It has a great pop-up blocker.

NEVER trust a site that uses a pop-up ad to promote a spyware or pop-up blocker. :|

You can start by getting the free version of Ad-Aware. It does a good job, and it's cheap at twice the price.

BigdaddyF · Jul 14, 2004

Sorry, I forgot to mention I had Spybot, Zone Alarm and Adaware running but they did not show anything when I used it.

However, downloaded and ran the latest copy of Hijack which showed two suspicious entries;

015 Trusted Zone: http://www.mt-download.com
015 rusted Zone: http://www.myexexex.com

Deleted those two entries, and so far it looks like the problem went away.

BTW, thanks for everyone pitching in to help!

Annoying and constant popup ad HELL!

BigdaddyF

Member

mechBgon

Super Moderator<br>Elite Member

newbiepcuser

Diamond Member

JustAnAverageGuy

Diamond Member

adubz1

Junior Member

Harvey

Administrator<br>Elite Member

BigdaddyF

Member

TRENDING THREADS