Chief Snake wrote:
What are the names of the infections that AVG or Spybot detect?
I deleted both of them. After around spending 15 minutes on FireFox yet another random window pops up.
| Runescape Bits & Bytes https://www.rsbandb.com/forums/ |
|
| Random pops up https://www.rsbandb.com/forums/viewtopic.php?f=14&t=71626 |
Page 1 of 1 |
| Author: | Mr Pink [ October 25th, 2008, 3:57 pm ] |
| Post subject: | Random pops up |
I always been getting random pop ups when I am on internet for around couple of days now. I did the most obvious ran computer for viruses using AVG scanner and scanned it for spyware using Ad-Ware. I always get a decent amount of infections (20-40 to be exact) and I delete them. The next day the same thing happens, random pops up appear, etc. I ran CC cleaner again and I get a new list of 20-40 infections. Help? |
|
| Author: | Adbot [ October 25th, 2008, 3:57 pm ] |
| Post subject: | Register and login to get these in-post ads to disappear |
| Author: | Lego Pi3 [ October 25th, 2008, 7:07 pm ] |
| Post subject: | Re: Random pops up |
my answer: get norton's |
|
| Author: | Chief Snake [ October 26th, 2008, 2:29 am ] |
| Post subject: | Re: Random pops up |
What are the names of the infections that AVG or Spybot detect? |
|
| Author: | Mr Pink [ October 26th, 2008, 9:05 am ] |
| Post subject: | Re: Random pops up |
Chief Snake wrote: What are the names of the infections that AVG or Spybot detect? I deleted both of them. After around spending 15 minutes on FireFox yet another random window pops up. |
|
| Author: | Pfkninenines [ October 26th, 2008, 10:19 am ] |
| Post subject: | Re: Random pops up |
The MRU objects aren't problems, they're just something like a history list that could be a potential security problem. CCleaner would take care of those anyway, so they're especially not a problem. The .bat file that is there is something of a concern. .bat Files essentially run a command prompt, and change something somewhere. In this case, it looks like it changes a registry key and establishes a connection with a specific IP address. Check out this site for tips on how to remove it. I'd also recommend something that should help against something like this happening in the first place, PeerGuardian2. PeerGuardian protects your computer from specific IP addresses, which is useful for anyone who ever torrents for whatever reason whatsoever. When you torrent anything (especially if you're not just downloading some Linux distro  ) there are usually agencies trying to connect to your computer in an attempt to get your IP so they can take action against you. Anyway, even if you don't torrent, you can download IP blocking lists for known trojans, known hackers, spyware, government agencies, .edu domains, etc. It's somewhat over protective in some cases, but it's easy to make it learn which sites aren't bad, or even temporarily disabling it.If you've got Spybot Search & Destroy, I'd run the Immunization tool as well. It helps protect your computer against other IP addresses in popular browser,s as well as storing the IP addresses somewhere in Windows so you shouldn't be able to go those places even on obscure browsers. |
|
| Author: | Sworder [ October 26th, 2008, 1:37 pm ] |
| Post subject: | Re: Random pops up |
Well, Virtumonde is something I had a while ago. I suggest running Malware-bytes antimalware. http://www.malwarebytes.org |
|
| Author: | Adbot [ October 26th, 2008, 1:37 pm ] |
| Post subject: | Register and login to get these in-post ads to disappear |
| Author: | Mr Pink [ October 26th, 2008, 1:45 pm ] |
| Post subject: | Re: Random pops up |
Pfkninenines wrote: The MRU objects aren't problems, they're just something like a history list that could be a potential security problem. CCleaner would take care of those anyway, so they're especially not a problem. The .bat file that is there is something of a concern. .bat Files essentially run a command prompt, and change something somewhere. In this case, it looks like it changes a registry key and establishes a connection with a specific IP address. Check out this site for tips on how to remove it. I'd also recommend something that should help against something like this happening in the first place, PeerGuardian2. PeerGuardian protects your computer from specific IP addresses, which is useful for anyone who ever torrents for whatever reason whatsoever. When you torrent anything (especially if you're not just downloading some Linux distro ) there are usually agencies trying to connect to your computer in an attempt to get your IP so they can take action against you. Anyway, even if you don't torrent, you can download IP blocking lists for known trojans, known hackers, spyware, government agencies, .edu domains, etc. It's somewhat over protective in some cases, but it's easy to make it learn which sites aren't bad, or even temporarily disabling it.If you've got Spybot Search & Destroy, I'd run the Immunization tool as well. It helps protect your computer against other IP addresses in popular browser,s as well as storing the IP addresses somewhere in Windows so you shouldn't be able to go those places even on obscure browsers. I will try removing it manually or either I can give PeerGuardian a shot Sworder_24 wrote: Well, Virtumonde is something I had a while ago. I suggest running Malware-bytes antimalware. http://www.malwarebytes.org I am downloading Malware-bytes right now. Thanks for the great and quick replies guys. Hopefully this will help me get rid of this problem. |
|
| Author: | Chief Snake [ October 26th, 2008, 8:26 pm ] |
| Post subject: | Re: Random pops up |
Virtumonde is a real ***** to get rid of and I expected that might've been your problem. If you scan again with Spybot it should give you more results, including registry entries it makes. Other files it creates are located in the system32 folder, with names that are obviously randomly generated. Of course you can never be too sure which are actually viruses so just running Spybot to detect all the bad ones is the best way to go. If Spybot finds registry problems, Start -> Run... and type in "regedit" to enter the Registry Editor, and navigate to the locations of the registry entries Spybot doesn't like (or use the Find tool, I'm not sure how well that works). Delete them. For some reason Spybot doesn't like doing this but manually it works fine. New registry entries may be made after you do this, so after deleting Virtumonde's files, it would be a good idea to rescan and make sure there are no new infections. To delete files in the system32 folder you're most likely going to encounter problems - if Spybot can't do it, neither can you, from inside Windows. This is because applications will be running that are using the files - most importantly winlogon.exe, which is a necessary component of the Windows OS and if killed by means of Task Manager, will give you a blue screen. I wasn't even able to get rid of some files in the safe mode command prompt and couldn't find any other means of doing it smoothly, so I installed Ubuntu on a new partition and had it access my Windows system32 folder to delete problem files with no difficulty at all. After installing Ubuntu I booted into Windows and ran Spybot to detect everything, wrote down a list of what I needed to delete, then rebooted into Ubuntu to delete the files manually. These are the kind of files you're looking for: 
|
|
| Author: | Mr Pink [ October 29th, 2008, 4:14 pm ] |
| Post subject: | Re: Random pops up |
Thanks for all the great responses guys. My computer certainly runs much faster and for the past 3 days now I been getting no random pop ups. |
|
| Page 1 of 1 | All times are UTC - 7 hours |
| Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |
|