Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 198
  • Last Modified:

Spyware that I can't seem to remove

I have a PC that keeps getting pop-ups even if IE is not open.  The PC is running XP and has a broadband connection.  The firewall was turned off so I turned it on.  It has Norton Anti-virus running and Adaware for spyware.  I made sure Messenger was disabled.  I downloaded Spyware Doctor and ran it and it found many things.  I clean them and run it again and the pop-ups come back.  I even tried running it in safe mode.  I downloaded hijackthis and ran it and I have the log file from it.  If anyone can help me with this it would be greatly appreciated.
1 Solution

Run your HJT log file through the Automatic analysis site here:
And post a LINK to it back here.

It looks like there is a new method being used.
Each window has a name. POP-UP Blockers detect window.open commands Particulary with "_blank" attribute.
So to avoid this, script at the beggining of the page detects the current name of the window, renames the window. Reloads the old Window name with the desired web page. This is known as Pop Under, and blockers are not yet very good at stopping them.

Of course as blockers get better, spammers get better. Opportunity is the Mother of invention.
What I would like to see is these companes Fined everytime a pop-up ad is discovered.
regardless if they are the culprit or not. Make it up to the company to stop the spammer to reduce the fines.
Banthor,,,, pop up blockers dont remove spyware,, just hide their end result... he is asking how to remove the spyware itself.
also,, spammers send email, not pop ups

i agree with rossfingal's solution about hijack this, it is a good tool.  But nothing is 100%.  In addition to hijackthis i would also run at least one ofther spyware/adware tool.

try spybot and adaware, both are free, updated regularly and good tools.
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

That is assuming that the pop-ups are coming from spyware. What I was stating is that Spyware is not the only source of Pop-ups, and that seeing pop-ups does not mean you are infected with a piece of spyware.

I am  a big fan of Ad-Aware, but nothing is 100%.
Rich RumbleSecurity SamuraiCommented:
Your using XP... be sure to turn off System Restore then use all the anti-spyware programs you can get- Once system restore is off, then remove. M$ will place the pest's right back on next reboot, ty M$.

http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm after this is disabled, the suggestions above will do wonders. You CAN re-enable it after a reboot, personally i leave it off.
look in the registy under HKey_current_user\software\microsoft\windows\currentversion\run.
Anything which points to \program files or \documents & settings is potentially spyware.
Search on google for each exe name to identify whether they are legitimate.
I have found this to be more upto date than many anti-spyware programs

Download Codestuff Starter...
Because applications/malware that run on startup can create that kind of results... and they dont always hide at
currentversion\run where the average user will search...
Also turn off restore, before the removal.

Hope this helps.
also worth checking which processes are running under the context of the logged in user
I would go to www.sysinternals.com and download processexplorer and autoruns to see what rogue processess are running and potentially regenerating the spyware infections.

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now