Spyware that I can't seem to remove

Posted on 2005-04-07
Last Modified: 2013-12-04
I have a PC that keeps getting pop-ups even if IE is not open.  The PC is running XP and has a broadband connection.  The firewall was turned off so I turned it on.  It has Norton Anti-virus running and Adaware for spyware.  I made sure Messenger was disabled.  I downloaded Spyware Doctor and ran it and it found many things.  I clean them and run it again and the pop-ups come back.  I even tried running it in safe mode.  I downloaded hijackthis and ran it and I have the log file from it.  If anyone can help me with this it would be greatly appreciated.
Question by:dyarosh
    LVL 12

    Accepted Solution


    Run your HJT log file through the Automatic analysis site here:
    And post a LINK to it back here.

    LVL 10

    Expert Comment

    It looks like there is a new method being used.
    Each window has a name. POP-UP Blockers detect commands Particulary with "_blank" attribute.
    So to avoid this, script at the beggining of the page detects the current name of the window, renames the window. Reloads the old Window name with the desired web page. This is known as Pop Under, and blockers are not yet very good at stopping them.

    Of course as blockers get better, spammers get better. Opportunity is the Mother of invention.
    What I would like to see is these companes Fined everytime a pop-up ad is discovered.
    regardless if they are the culprit or not. Make it up to the company to stop the spammer to reduce the fines.
    LVL 25

    Expert Comment

    Banthor,,,, pop up blockers dont remove spyware,, just hide their end result... he is asking how to remove the spyware itself.
    also,, spammers send email, not pop ups

    i agree with rossfingal's solution about hijack this, it is a good tool.  But nothing is 100%.  In addition to hijackthis i would also run at least one ofther spyware/adware tool.

    try spybot and adaware, both are free, updated regularly and good tools.
    LVL 10

    Expert Comment

    That is assuming that the pop-ups are coming from spyware. What I was stating is that Spyware is not the only source of Pop-ups, and that seeing pop-ups does not mean you are infected with a piece of spyware.

    I am  a big fan of Ad-Aware, but nothing is 100%.
    LVL 38

    Expert Comment

    by:Rich Rumble
    Your using XP... be sure to turn off System Restore then use all the anti-spyware programs you can get- Once system restore is off, then remove. M$ will place the pest's right back on next reboot, ty M$. after this is disabled, the suggestions above will do wonders. You CAN re-enable it after a reboot, personally i leave it off.
    LVL 7

    Expert Comment

    look in the registy under HKey_current_user\software\microsoft\windows\currentversion\run.
    Anything which points to \program files or \documents & settings is potentially spyware.
    Search on google for each exe name to identify whether they are legitimate.
    I have found this to be more upto date than many anti-spyware programs
    LVL 16

    Expert Comment


    Download Codestuff Starter...
    Because applications/malware that run on startup can create that kind of results... and they dont always hide at
    currentversion\run where the average user will search...
    Also turn off restore, before the removal.

    Hope this helps.
    LVL 7

    Expert Comment

    also worth checking which processes are running under the context of the logged in user

    Expert Comment

    I would go to and download processexplorer and autoruns to see what rogue processess are running and potentially regenerating the spyware infections.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Scale it in WD Gold

    With up to ten times the workload capacity of desktop drives, WD Gold hard drives employ advanced technology to deliver among the best in reliability, capacity, power efficiency and performance.

    Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
    The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
    In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now