Snarkpit Forum Index » General Banter » Adware
Adware
1
2 next page »
Post Reply
Quote
 Re: Adware
Posted by Sim on Mon Jun 21st at 2:18pm 2004

Long time since I've been here. Slowly been moving away from HL, but I could use some help with adware.

I have the AVG monitor thingy running in the background, and yesterday while browsing The Underdogs (henceforth HOTU) it popped up a message saying that I's downloaded a trojan installer and told me to run the scanner. I ran it and it picked up two similiar .exe files. I'm not sure if they've run or not, I don't remember downloading anything like that, the only way I can think of it downloading through my actions is if I accidentally clicked Yes on the "Do you want to download and run..." box which pops up a lot at HOTU. I followed the path and found the files in C:Documents and Settings[username]Local SettingsTemp and another one in a folder inside it. Both files were deleted, and while I was at it I also saw an executable called adware_installer or something similar. I deleted it (past the recycle bin). That was yesterday, and now I've found that ads keep popping up when I go to sites. I've checked other sites too and it isn't a coincidence, there must be some adware running on my PC. I've updated and run Ad-Aware, Spybot and AVG, but the only thing that turned up were a few tracking cookies in Ad-Aware. I can't see anything suspicious in Add/Remove programs, but I have a lot of programs and some I don't know the use of. While I was typing I've had several pop-ups and I recognise at least one from HOTU, but I'm not sure if they came from there. In the HOTU news page there has recently been mention of them removing self-installing ads, which could be where they are coming from. But still, surely one of the scanners would have picked up something if (assuming they are from HOTU) they are quite old? I've tried closing all browser windows and restarting, so it can't be a Javascript loop running. I'm confused about how I haven't had any adware up until yesterday, when I deleted the installer. Surely nothing would happen from deleting the installer though, unless it's some strange program that installs itself but only activates when you delete the installer. I'm really stuck now, but if anyone has a program I can use or something to try I'd be grateful.





Quote
 Re: Adware
Posted by Loco on Mon Jun 21st at 2:22pm 2004

Only thing I can think of is running msconfig and unchecking anything suspicious. I've had to do this on several machines because of people on games sites! Then, if you're on XP, run the task manager and stop any processes that look suspect. [addsig]



Quote
 Re: Adware
Posted by $loth on Mon Jun 21st at 2:26pm 2004

Download adaware from....http://www.download.com/Ad-aware/3000-8022-10214379.html?tag=lst-0-2 and run that, but after it has found all the adaware and has quarentined it, make sure to delete it from the quarentine folder. [addsig]



Quote
 Re: Adware
Posted by Sim on Mon Jun 21st at 2:41pm 2004

Sloth - I think I mentioned I've run Ad-Aware, but thanks for the advice.

Loco - I've looked in the task manager but I can't find anything suspect, here are the programs I am unsure of:

JAVAW.EXE (SYSTEM)
HJAVAW.EXE (SYSTEM)
NVSVC32.EXE (SYSTEM)
jconfigNT.exe (SYSTEM)
INETD32.EXE (SYSTEM)
Ctsvccda.exe (SYSTEM)
OffMan.exe (USER)
CTFMON.EXE (USER)
realsched.exe (USER)
SPOOLSV.EXE (SYSTEM)
LSASS.EXE (SYSTEM)
SERVICES.EXE (SYSTEM)
CSRSS.EXE (SYSTEM)
SMSS.EXE (SYSTEM)

What's the stuff in the Services tab of msconfig? And also will my computer run fine if I untick something from Services or Startup?





Quote
 Re: Adware
Posted by Gwil on Mon Jun 21st at 2:44pm 2004

http://vil.nai.com/vil/stinger/ - useful utility for clearing some of the more common trojans/the lsass/svchost worms

nvsvc32 is a nvidia app i believe.. there is a website somewhere with a list of processes/programs you can/cant trust on xp..

let me go dig it up for you
[addsig]



Quote
 Re: Adware
Posted by Gwil on Mon Jun 21st at 2:53pm 2004

? quote:
free antivirus with updates

http://www.grisoft.com/html/us_downl.htm?session=6858ed7ef791b041a34337ad204c6659
also www.lavasoft.de < adware removal tool
also http://lockdowncorp.com/bots/downloadswatit.html < trojan removal tool

still looking for the xp processes list, dont delete any of those files - i can guarantee some are essential
[addsig]



Quote
 Re: Adware
Posted by Gwil on Mon Jun 21st at 2:57pm 2004

Reply #3

Bring up your task manager and check if theres more than one instance of "svchost" running, or "svohost" as well - also, which OS are you using?
[addsig]



Quote
 Re: Adware
Posted by G.Ballblue on Mon Jun 21st at 2:57pm 2004

ARGh. My dad knows a website that lists what start up programs are harmful or not (like spy ware, or even non spy ware crap that windows auto matically loads up).

Until my dad gets home, I can't give you the url... Sorry.

Two tips though: Do a search, found in your start button in windows, and search for Zupiter. If you have zupiter than well,..... I see a re installation of windows in order. No kidding. Zupiter is the king of all spy ware. I'm saying that if you remove zupiter to fast from your hardrive without checking what programs it has "latched on to", you can screwch a program, be it a game, or browser, or even a critical program windows needs.

I didn't see this next one in your task bar, so it looks like you're all set for the next one Look for LoadQM. It's not spyware, it's part of the "useless crap that windows automatically loads up". All's I heard of it is that it trys to "arrange" things in your browser for easy usage, but all it really does is eat up resources.

One more thing: Did you purposely capitalize those process names? Don't do that. Some spyware programs try to fool you by using a name that looks almost identical to the actual program.

Perfect example: What I have: SVChost

The spyware could go by: SVCh0st

Don't worry if you have like 4 or 5 of that program running at once... It does that to me... quit often.... (NO, I don't think those are the spyware versions

Unticking things from startup....No... You could have trouble if you untick the wrong thing. Generally, "freindly" programs are ones that will cause you trouble if you untick them. Most of them are essential to windows running. Keyword: MOST. There are some that if you untick, or delete, nothing happens

Spyware are ones that if you untick, they will try to turn themselves back on. Sometimes. If you delete them from your hardrive these things could happen:

  • The spyware goes away, no harm done to your computer
  • The spyware deletes, but next time you go onto a specific website (website that contains this spyware), it tries to install itself again (defeats the purpose).
  • In a worse case scenario, the spyware deletes, AND deletes a program that you use frequently, such as a game. It doesn't delete the program, but if damages a critical file that the program needs.

My dad is knows more about this than I do... I think. I'll ask him about it when he gets home

I hope most of this information is accurate and helpful

Yippiy Ki Yay!

[addsig]



Quote
 Re: Adware
Posted by Gwil on Mon Jun 21st at 3:10pm 2004

Guide to running tasks, and whats safe/not safe

http://www.answersthatwork.com/Tasklist_pages/tasklist.htm

[addsig]



Quote
 Re: Adware
Posted by Orpheus on Mon Jun 21st at 3:10pm 2004

to much to read, so i will post and hope it helps:

if a spyware program is in use at the time you are attempting to remove it, the program will/might fail to do so..

i suggest, if you can to allow adaware to run at the next bootup..

also i recommend you run msconfig, and disable everything non-essentual..

lastly, if adaware is proving ineffective, uninstall it and run spybot..

i prefer spybot, cause adaware sometimes confuses a real program for a spy one

[addsig]



Quote
 Re: Adware
Posted by Sim on Mon Jun 21st at 3:34pm 2004

I have 5 SVCHOST.EXE files, 3 in SYSTEM, one in LOCAL SERVICE and one in NETWORK SERVICE. None of the names I have listed have been changed by me, I have rewritten them in my post in the same case as the task manager.

I am running Windows XP

Stinger found nothing, SwatIt took mere seconds and found nothing.

I've noticed a few things since my last post:
-The entry on the taskbar for The Snarkpit tends to glow orange (recently updated) after about 10 seconds if the window is not selected.
-I seem to get adware at different intervals. I'm not too sure how it occurs, but I've had this window open and it hasn't sprouted adware for 10-20 minutes, but I opened a new window and got two pop-ups in thirty seconds. Maybe it slows down? I'm not sure, but I still don't want to browse when I know my PC is being scrutinized.





Quote
 Re: Adware
Posted by G.Ballblue on Mon Jun 21st at 3:36pm 2004

? posted by Sim


-I seem to get adware at different intervals. I'm not too sure how it occurs, but I've had this window open and it hasn't sprouted adware for 10-20 minutes, but I opened a new window and got two pop-ups in thirty seconds. Maybe it slows down? I'm not sure, but I still don't want to browse when I know my PC is being scrutinized.

Do you get popups when your comp is just sitting there doing nothing? If so, then

it sounds like you don't have your fire wall on... used to happen to me ONLY when my fire wall was off...

Webiste URL ::: What Gwil said

Yippiy Ki Yay!

[addsig]



Quote
 Re: Adware
Posted by scary_jeff on Mon Jun 21st at 4:04pm 2004

If you want to know what a process is, you can just google the exact filename. I think using a router is the best way to avoid any kind of spyware or virus. I am behind a router and can run an unpatched system for days with no problems.

If you haven't got a router, you can make one out of a 486, even if it has no hard drive. Search for FreeSCO.



Quote
 Re: Adware
Posted by Sim on Mon Jun 21st at 4:11pm 2004

I only get pop-ups when a browser is loaded. And don't have a software firewall, but I think we have a router or something on our network which has the same effect.

I used that site to look up each process and along with googling, the only one I couldn't find was OffMan.exe (USER)

I've checked and we do have a router.

Thanks for all of the help. The ads haven't popped up recently which is quite strange, but I am doubtful that the adware has gone or got bored and removed itself. I'd rather have the pop-ups actually, at least then I know I have active spyware.





Quote
 Re: Adware
Posted by scary_jeff on Mon Jun 21st at 5:03pm 2004

? quote:
I think we have a router


What are the first two numbers of your IP address?



Quote
 Re: Adware
Posted by Cassius on Mon Jun 21st at 5:07pm 2004

Get the Google toolbar.

Oh, and

Yippiy Ki Yay!





Quote
 Re: Adware
Posted by Sim on Mon Jun 21st at 6:19pm 2004

Jeff - 10.0 I believe, why do you want to know?

Cassius - Why get Google toolbar?





Quote
 Re: Adware
Posted by Orpheus on Mon Jun 21st at 7:07pm 2004

? posted by Cassius

Get the Google toolbar.

its not 100% foolproof, but it works rather well.

[addsig]



Quote
 Re: Adware
Posted by G.Ballblue on Mon Jun 21st at 7:12pm 2004

? posted by Cassius

Get the Google toolbar.

Oh, and

Yippiy Ki Yay!

-.- ::takes out a baseball bat::

Yippiy Ki Yay!

[addsig]



Quote
 Re: Adware
Posted by scary_jeff on Mon Jun 21st at 7:38pm 2004

To make sure your router is working as a normal router.




1
2 next page »
Post Reply