Trojan or something....

[Dr. J]

I have a very annoying issue on my PC

Every now and then with IE open, a random window will popup and direct me to some bogus security site wanting to install sw to "secure" my PC. There is no pattern to the popups AFAIK, and I have run AVG, SpyBot and Hijack this and can't find anything!

AVG will *sometimes* intercept the browser spawns and warn of visiting "dangerous" sites but doesn't prevent the popups in the first place.

Any more ideas?

[trunkwontopen]

post your hijackthis log.
theres a new strain of the Vundo virus out there.

[laalaa99stl]

Use sysinternals autoruns to manually identify and disarm any BHO's that look suspicious.

[Dandrop]

Lately, these trojans/spyware/malware have been pretty aggressive and sometimes harder to catch.

Aside from the programs you used, i suggest downloading Malwarebyte's Anti Malware [download.com] and SuperAntiSpyware [superantispyware.com].

I've gotten a lot of stuff out that the other programs you mentioned failed to eliminate.

[acr]

Quote from Dandrop : Lately, these trojans/spyware/malware have been pretty aggressive and sometimes harder to catch. Aside from the programs you used, i suggest downloading Malwarebyte's Anti Malware [download.com] and SuperAntiSpyware [superantispyware.com]. I've gotten a lot of stuff out that the other programs you mentioned failed to eliminate.

The above two are real good. Also try Dr. Web's Cure-it as it is good at detection and pretty good at removal. Also it does not need installed. Search this forum for a link to it. I would post it but am dealing with computer issues myself.

[JoyceTee]

Quote from Dr. J : I have a very annoying issue on my PC Every now and then with IE open, a random window will popup and direct me to some bogus security site wanting to install sw to "secure" my PC. There is no pattern to the popups AFAIK, and I have run AVG, SpyBot and Hijack this and can't find anything! AVG will *sometimes* intercept the browser spawns and warn of visiting "dangerous" sites but doesn't prevent the popups in the first place. Any more ideas?

In IE set Privacy options to NOT accept 3rd party cookies. Also, install a customs host file
http://www.abelhadigital.com/ in settings set it to overwrite the hosts file when it does updates. Also use IE Spyads with Zoned Out, you can find all this information at http://www.spywarewarrior.com/uiuc/resource.htm Also d/l and install Spyware Blaster and update it weekly or if u want auto update then make a donation. All these programs are FREE and will keep you squeaky clean, but 1st you need to get rid of the spyware you have on there, run the Malwarebyes as recommended but also run Ad Aware and SpyBot in SAFE mode. This type of spyware is known to hide from these programs so if you run in safe mode it's not running and can't hide. Always when trying to remove spyware/trojans etc. run programs in safe mode if possible. Also look in your add/remove programs see if you have anything installed that says "browser redirect". Turn on windows pop up blocker or else use google toolbar and enable pop up blocker.
The programs listed above for protection will not get rid of spyware you already have on there, you must get rid of the spyware 1st then install, hostsman, ie spyads/zoned out and spyware blaster, enable pop up blocker and set privacy options to not allow 3rd part cookies. You shouldn't have any more problems after you do the above. You can PM me or email me if you need help.

Good luck!!!

[acr]

Quote from JoyceTee : In IE set Privacy options to NOT accept 3rd party cookies. Also, install a customs host file http://www.abelhadigital.com/ in settings set it to overwrite the hosts file when it does updates. Also use IE Spyads with Zoned Out, you can find all this information at http://www.spywarewarrior.com/uiuc/resource.htm Also d/l and install Spyware Blaster and update it weekly or if u want auto update then make a donation. All these programs are FREE and will keep you squeaky clean, but 1st you need to get rid of the spyware you have on there, run the Malwarebyes as recommended but also run Ad Aware and SpyBot in SAFE mode. This type of spyware is known to hide from these programs so if you run in safe mode it's not running and can't hide. Always when trying to remove spyware/trojans etc. run programs in safe mode if possible. Also look in your add/remove programs see if you have anything installed that says "browser redirect". Turn on windows pop up blocker or else use google toolbar and enable pop up blocker. The programs listed above for protection will not get rid of spyware you already have on there, you must get rid of the spyware 1st then install, hostsman, ie spyads/zoned out and spyware blaster, enable pop up blocker and set privacy options to not allow 3rd part cookies. You shouldn't have any more problems after you do the above. You can PM me or email me if you need help. Good luck!!!

I agree with adding SpywareBlaster- http://www.javacoolsoftware.com/s...aster.html

I have tried the host file stuff before and did not like it. I just use Ad Muncher and everything works fine- no manual updates or an ever enlarging host file. It's not freeware but is one of the best programs I have ever purchased. It also is avialable via trial pay or whatever the name is. Using a browser such as Opera with the Fanboy ad block list or Firefox with Ad Block Plus (and Easylist and its other components) also do pretty well. But that is just my 2 cents worth.

[Lvcian]

IE = bad =[

You can also try Spybot S&D. I've used this program for years now and have not had any spyware/malware at all. Granted that I use a more secure web browser.

http://www.safer-networking.org/e...index.html

[JoyceTee]

Quote from acr : I agree with adding SpywareBlaster- http://www.javacoolsoftware.com/s...aster.html I have tried the host file stuff before and did not like it. I just use Ad Muncher and everything works fine- no manual updates or an ever enlarging host file. It's not freeware but is one of the best programs I have ever purchased. It also is avialable via trial pay or whatever the name is. Using a browser such as Opera with the Fanboy ad block list or Firefox with Ad Block Plus (and Easylist and its other components) also do pretty well. But that is just my 2 cents worth.

I don't know how long ago you tried the customs host file, but if it''s been a while try the new hostsman.exe, it's really great and so is Zoned Out. I found the old customs hosts program awkward and quit using it, but the new one is great and yes it does make a large host file, but as you know there are ever increasing sites that put all that nasty stuff on your PC and this will stop most of it.

[radford]

Quote from Dandrop : Lately, these trojans/spyware/malware have been pretty aggressive and sometimes harder to catch. Aside from the programs you used, i suggest downloading Malwarebyte's Anti Malware [download.com] and SuperAntiSpyware [superantispyware.com]. I've gotten a lot of stuff out that the other programs you mentioned failed to eliminate.

I havent had that problem in eons but a few years ago I had some terrible problems. As long as you avoid various sites it rarely happens.

If you go to questionable sites usually using sex or cracks, cracked software as bait its high risk. However those are the obvious ones. I never fall for those. The ones I fell for is when you do a casual search for music for trojan fighters or AVG etc there used to be some bogus sites. I went to one and it trashed my PC. It installed so many ads and crud that it was obviously meant to screw up your PC as a prank.

I also got a few hijack type crap too which were impossible to fix without a complete reformat.

[M0T49]

Still using IE7?

I made the switch to Firefox 3.0 You might want to consider Firefox as well. It's lightyears ahead of IE7.

[acr]

Quote from JoyceTee : I don't know how long ago you tried the customs host file, but if it''s been a while try the new hostsman.exe, it's really great and so is Zoned Out. I found the old customs hosts program awkward and quit using it, but the new one is great and yes it does make a large host file, but as you know there are ever increasing sites that put all that nasty stuff on your PC and this will stop most of it.

If I didn't have the set up I currently have I might give it a whirl. Or just use shoot it up a notch and go for proxomitron.

[Dr. J]

Thanks for the very constructive help.

I found it was "Trojan horse Adload_r.AQ"

AVG picked it up when it tried to spawn a new IE window. I did some searching, rebooted in safe mode, ran a full scan and ran some other utlities - AVG deleted a few things so we'll see if it worked.