:bringit:

I have NO IDEA what www.popuppers.com is, but I must get 100 + popups from this site every day! Does anyone know why, and how I can stop it? I also get a couple of other popups from the same couple of sites ALL the time! They are driving me crazy! I have run every program I know to run. I just totally reformatted my computer, and now, when I ran Trend Micro Housecalls PC, it said I had 18 trojan viruses!!! How is that possible, when I just reformatted, and I did a virus scan after I put all of my "stuff" back on, and there were NO viruses?! HELP!!! Please email me as well at jenna4now2@aol.com

Thanks!

Jennifer Z.

:loco:

There is a list of things you need and should be doing...in no particular order.

Make sure your anti-virus software is up-to-date, also what software are you using? There is some debate but you can't go wrong with Norton Anti-virus or AVG, AVG is free so it's my personal choice.

Next get ad-aware the newest free version (6 or 7 not sure) install it updated it and run it.

Also don't ever EVER install those oh so helpful internet explorer toolbars. MSN has one Yahoo has one and google has one that are all basically legit. However only the Google one has a good working active pop-up blocker.

But beyond that if you don't want pop-ups don't use internet explorer you should use FireFox for your browser it's small it's fast and I've never gotten a pop up with it. There are a few sites that you need IE for and only use it for them.

As to your problems. If you had any viruses on the files you were putting back onto your system they could have come with them. Depending on what anti-virus software you are using a lot of times 'Trojans' are incorrectly reported and aren't specifically trojan viruses but are cookies that you get off the net that are mining data. Which is sounding more likely given what you have described.

Most probably a bad spyware issue you have there, which is slightly different than a virus.


Some things I would do to prepare first is go into Internet Explorer (if you use that), click on Tools, Internet Options.

- Click on the Security tab.
- Make sure the "Security level for this zone" is set to default / medium.
- Click on the Trusted Sites green circle, then click on the Sites button.
- Usually it should be completely empty; make sure bad websites aren't actually being "trusted." Once done, click OK.
- Click on the Privacy tab and make sure the settings are set to Medium.
- Click on the Advanced tab and uncheck the following:

1. Enable Install On Demand (Internet Explorer)
2. Enable Install On Demand (Other)
3. Enable third-party browser extensions (requires restart)


Like Kryyst mentioned, get LavaSoft Ad-Aware. The latest version is SE, and it is available here -> http://www.download.com/Ad-Aware-SE-Personal-Edition/3000-8022_4-10319876.html?tag=lst-0-2. It's pretty straightforward to use.


After that's complete, download Spybot Search & Destroy here -> http://www.download.com/Spybot-Search-Destroy/3000-8022-10122137.html?part=dl-spybot&subj=dl&tag=but. It's not as straightforward, but please don't be discouraged by it if you have problems. We'll be here to help.


Next I would download HiJack This, located here -> http://www.spychecker.com/program/hijackthis.html. There's an option in there to save the log; once it's saved, post it on here so we can take a look at what's running.

Thanks so much.. I have Spybot, AdAware, etc... but I still get this one pop up from PopUppers.com ALL THE TIME!!! I might have mining software instead of actual Trojans, but I just want to make sure! thanks again!

Jennifer Z.

Thanks so much.. I have Spybot, AdAware, etc... but I still get this one pop up from PopUppers.com ALL THE TIME!!! I might have mining software instead of actual Trojans, but I just want to make sure! thanks again!

Jennifer Z.

Try posting your HiJack This log.

If you're running Windows XP and have not updated to Service Pack 2, there is a service installed called "Messenger" (not related to MSN or windows messenger) that has a huge exploit in it that allows people to broadcast messages to your PC over networks and the internet. To disable it, click Start, Control Panel, double click Administrative Tools, double click Services, scroll down until you see messenger. If it is running, click the underlined Stop link on the left side of the window, then right click on "Messenger", click properties, and where it says Startup Type, select "Disabled", and click OK.

I have used ALL the spyware and ad-ware programs to be found, but I still cannot get popuppers.com to stop popping up. I have a firewall, but it still comes up. Now it isn't popping up on Internet Explorer anymore, but AOL, which it didn't do before. I am running Windows 2000 Pro, and it only started popping up after I did a complete reformat. I virus-scanned everything before I reinstalled it, and I virus scanned after I reinstalled everything. Now, though, these little trojan viruses keep showing up, although I suspect some might be spyware or data mining programs. What can I do? I HATE this popuppers.com thing, as it now, as I said, pops up on AOL instead of IE, and it goes down into a deep lower right corner, very minimized, and I have to scroll down my usually normal sized screen to find it and close it. HELP!!

Jennifer Z.
jenna4now2@aol.com

they could be windows messenger ads. not the IM program, but the windows service. do this, go to control panel, admin tools, then go to services. in services, scroll down until you see Messenger, click it, then click stop. see if that helps. otherwise, go to www.grisoft.de and download the free version of AVG antivirus. this thing will find viruses that norton and mcaffee never find. install that and let it scan your computer.

one last thing you can try, sometimes these scumbag adware developes will let you uninstall their shit software. look in add/remove programs to see if there's an entry for popuppers.com or not.

Thanks for the advice. However, the messenger idea you gave me was already disabled. Now, instead of popping up on IE, it pops up on AOL, which it didn't before. It is not listed in add/remove programs, and there is no folder in program files for it. I have searched for it as well, and there is nothing there. It's driving me nuts!!! Help!

Jennifer Z.

_Post_your_HiJack_This_log_right_here_

did you try avg antivirus? and yeah please post your hijack this log.

All else fails.......fdisk.....formatc...........On my old system my brother went on a browsing spree one day and when I got home from work I had crap poppin up all over. I use popupstopper pro and it wouldnt stop anything, he must to have clicked all kinds of crap like "free games" and "install soandso". Spybot and Adaware took care of alot of them but some just refused to die so I fdisk'd and reformatted my HD then smacked my brother in the back of the head....

I'm having the same problem as Jenna, and have done pretty much all the same things. Here is my Hijack Log:

Logfile of HijackThis v1.97.7
Scan saved at 7:21:48 PM, on 11/7/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\system32\carpserv.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\medload.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Diablo II\Game.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Dragon\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
N3 - Netscape 7: user_pref("browser.startup.homepage", "www.google.com"); (C:\Documents and Settings\Dragon\Application Data\Mozilla\Profiles\default\mmb48654.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Dragon\Application Data\Mozilla\Profiles\default\mmb48654.slt\prefs.js)
O1 - Hosts: 3466709097 www.your.com
O1 - Hosts: 3466709097 your.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SAClient] "C:\Program Files\Comcast\BBClient\Programs\RegCon.exe" /admincheck
O4 - HKLM\..\Run: [ComcastSUPPORT] C:\Program Files\Support.com\bin\tgkill.exe /cleaneahtioga /start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [loads.exe] C:\WINDOWS\medload.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [Boost XP Service] C:\Program Files\Boost XP\bxservice.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: iOpus Internet Macros (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O9 - Extra button: Help (HKCU)
O9 - Extra button: Support (HKCU)
O9 - Extra button: ComcastHSI (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/drakken/us/win/QuickTimeInstaller.exe
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} -

Thanx for the help.

Get rid of that about:blank line and I'd also axe those weather.exe refrences but that's just me.