Pop-up spam

anyone get these on their computer? it’s a grey window that pops up with spam on it, there’s one “cancel” button on it. some of them are pretty raunchy. any way to prevent them?

Have you tried using pop-up stopper software such as Free Surfer? I run Mozilla’s free Phoenix browser sometimes, and that automatically kills pop-ups.

I have had that too and my Norton anti-virus software has been picking up trojans, backdoors, and lovegate virus. I think it has something to do with that.

I would get Ad-Aware from lavasoft.de and update your virus definitions and do a scan with each. This should help solve the problem.

Now I just need to put a firewall on my PC. Need to talk with the computer lads about that.

CYA
Okami

You can also disable JavaScript in your browser. This will prevent popups and other annoyances. However, some websites require JavaScript to be enabled in order to function (others just use it to make themselves a little more convenient), so you’ll have to turn it on when using them, and off again afterwards.

thanks, thanks, thanks! rascal, mpdf, I may not have explained clearly enough, not sure if you understood. these don’t come up when browsing web pages, they just pop out of nowhere. they look kind of like the window that comes up when you right click somewhere on the screen with your mouse. will try your suggestions though!

Oh! I think I remember reading about some adware that does that. By any chance did you install either Kazaa or Bonzi Buddy? There was also one which put creative cursors on the screen, can’t remember what it’s called though. (Comet Cursors, maybe? Ah-ha! That was it.)

Okami probably got it – run Ad-Aware and see what it says. There might also be some information at GRC.com but I haven’t been able to spot it in a few minutes of looking now.

I just dug around for a sec, and this site has information on detecting and deleting a bunch of different annoyances:

pchell.com/support/spyware.shtml

I’ve been getting those grey popups too recently. They pop out of nowhere, not just when you load a site. PopUpStopper isn’t catching them.

I get these too from time to time. I assume people out there spam based on IP address … I heard something about this before and did a quick search on Google. Perhaps this will help out in the mystery of the pop-up dialogs:

astalavista.com/library/chat … nger.shtml
8help.ohio-state.edu/913.html

Jeremy

I had the comet cursor and another one that was even more annoying. They install themselves somewherein your ‘My Programs’. You have to go and uninstall, but I remember them being sneaky and saying that you couldn’t uninstall them because they were in use. It took me ages to get rid of them.

Brian

I did some research and I think this will be handy.
You have the lovegate virus like me. This website explains it all:

canada-av.com/sensible/home. … enDocument

They’re grey popup boxes and mention porn sites and other crap right? Same thing I have. I’m looking to find the root that they are coming from because my computer keeps spotting it trying to stick netservices.exe on my system all the time. It’s gotten trojans on my system twice but Ad-aware nailed them both times. You also probably got a window once with some guys face in the corner telling you about netmeetings too.

Any info on how to keep this from constantly popping up on your system?

Okami

Okami, it sounds like this one spreads via email attachments, so at some point you probably opened up an infected email. If you use an antivirus program to eliminate it, and DON’T OPEN EMAIL ATTACHMENTS after that, you should be ok.

zdnet.com.com/2100-1105-985702.html

News Security

LoveGate worm carries nasty payload

Special to ZDNet
February 24, 2003, 9:18 AM PT

The LoveGate worm (w32.lovegate@m) is currently spreading in Taiwan, Australia, France, and Japan.

LoveGate (also known as Supnot) spreads via shared network files as well as by sending copies of itself via e-mail. LoveGate also contains a backdoor Trojan that allows remote users to have access to an infected PC. Mac and Linux users are not affected by LoveGate. Because LoveGate spreads via e-mail and could damage system files, this worm rates a 6 on the ZDNet Virus Meter.

How it works
At least 10 known subject lines, body texts, and file attachments have been associated with this worm. In general, do not open attached files that arrive via e-mail without first saving them to the hard drive and scanning them with your antivirus software.

LoveGate spreads via networked PC systems. It searches for shared folders and copies itself as one of the following files:

fun.exe
images.exe
news_doc.exe
s3msong.exe
pics.exe
billgt.exe
midsong.exe
PsPGame.exe
hamster.exe
setup.exe
tamagotxi.exe
joke.exe
docs.exe
searchurl.exe
card.exe
pics.exe

The worm also spreads by replying to messages in your inbox with infected copies of itself. This method is slower than sending copies of itself to everyone listed in an address book, for example. LoveGate contains its own SMTP engine, allowing it to send e-mail without using your current e-mail client.

When active on a PC, LoveGate copies itself to the System folder as

WinGate.exe
rpcsrv.exe
syshelp.exe
winrpc.exe
WinRpcsrv.exe

LoveGate includes a Trojan horse that, when active, uses the following filenames:

Ily.dll
1.dll
Reg.dll
Task.dll

The Trojan opens port 10168, allowing a remote user access to an infected PC. Information about the infected PC, including any system passwords, may also be e-mailed back to the virus author.

Removal
A few antivirus-software companies have updated their signature files to include this worm. This will stop the infection upon contact and in some cases will remove an active infection from your system. For more information, see Central Command, F-Secure, McAfee, Norman, Sophos, Symantec, and Trend Micro.

My problem is that I can’t get rid of it. I have the fixlgate from norton and run about 6 virus scans a week. It still keeps popping up, like Jason in Friday the 13th movies.

Ad-aware has actually been quite good at getting rid of the trojan horse as Norton Symantec seems incapable of picking it up or dealing with it. It normally stops it from affecting files but it has slipped trojans on my system twice(Ad-Aware worked) and copied all the above mentioned files onto my computer(Norton virus scan that time).

I just want to know how to get rid of it, permanently. Any help greatly appreciated.

Okami

I had an annoying virus I couldn’t get rid of a while ago. A friend who’s really good with computers helped me. He couldn’t get rid of it either. I had a lot other problems too, so here’s what he did.

I have a partition on my harddrive. I saved the filesI wanted onto the D.

Reformatted the C and reinstalled XP onto it.

Copied the files from the D back tot he C.

Reformatted the D.

Installed all the programs I need again.

Drastic maybe, but it’ll not only get rid of the virus but clean up all that useless bullshit lying around your hard drives.
Using the partitions saves the need for fiddly backups onto discs.

Brian

If it keeps coming back, I would guess that either (1) your antivirus software isn’t up-to-date and so isn’t removing it properly, or (2) you keep getting infected by opening emails with it.

Which mail program and version are you using? If you have Microsloth Outlook, there used to be a problem with “preview” – if you use that split-window view, where you get a preview of the message in the lower panel, it might be executing the virus every time you preview a message. (That’s what used to happen; I don’t know if it still does. Knowing Microsloth, though, it still works the same way, i.e., the way that leaves your system most vulnerable to viruses.)

May I suggest looking on your hard drive to find out which of the filenames the virus is using this time (see list in post above), then running your antivirus software, then looking to make sure that the virus file(s) was(were) deleted? If it’s still there, and if you’re sure that your antivirus files are up-to-date, it’s possible that the virus damaged your antivirus software so that it won’t work. Some of them do that nowadays.

I too was getting this spam and it started after I installed an add-in to msn messenger. I have since removed this add-in and the pop-ups have stopped.

I just want to confirm with those who have been receiving the pop-ups whether or not they have installed the add-in for msn messenger. If not, then it might just be a coincidence.

There was never any pop-ups before I installed the new add-in. Can anyone confirm that this is the source of the problem?

thanks for the tip on ad-aware Okami, it deleted a whole bunch of stuff. don’t know if it will stop the pop-ups but i was able to get a 300kbs video stream in all morning, one that was previously dropping out on me every time i tried. coincidence?

If you have HotBar installed, you’ll get a bunch of random pop ups, but I don’t think any of them are raunchy. If you’re getting raunchy ones, stop visiting those web sites :smiley:

What exactly do these pop ups look like? I know there is some Windows Messenger Service spam going around where a gray box with text pops up and there’s only an “OK” button. This only occurs on WinXP and Win2k.

ha, you’re on to me. one in particular has come up rptdly, all in Chinese with some pretty sick things on it. I had installed hotbar before, thought I had got rid of it but ad-aware identified a bunch of hotbar components

[quote]
What exactly do these pop ups look like? I know there is some Windows Messenger Service spam going around where a gray box with text pops up and there’s only an “OK” button. This only occurs on WinXP and Win2k[/quote]

Exactly like that. I usually have AOL Messenger on, could that be it?

Check out this link. If it’s what you’re getting, the solution is to disable Windows Messenger(instructions there).

itc.virginia.edu/desktop/docs/messagepopup/

That is the things i’ve been getting. I followed the steps there, thanks!