Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.
Course Of The Month
Become a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Why do websites keep appearing out of nowhere and how do I stop it?
Posted on 2006-10-22
Hello, I've been trying in my very limited way to tidy and clean my daughter's pc, which has never had any such attention since she got it. I've used CCleaner, A Squared, Norton Systemworks, Ad-Aware and am currently having a bit of difficulty getting rid of two Trojan viruses (Norton couldn't delete them), but I'm here now to ask why, when, say, checking email, other websites appear out of the blue and what I can do to stop them. They're not pop-ups, as such, well, not as I understand them, but full-page websites advertising this and that. Sometimes, too, when one appears it seems to have the effect of losing/deleting the email browser.
Hope that makes sense and that you might be able to offer some assistance. Simple language please!
Many thanks
Neil C
Hope that makes sense and that you might be able to offer some assistance. Simple language please!
Many thanks
Neil C
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
24
11
8- +4
56 Comments
Active today
hi
www
you should install the lasted windows updates and also run http://www.safer-networking.org/en/home/index.html and see if you find any malware. i will recommend running this tools on safe mode.
post back if you need more assistance
www
you should install the lasted windows updates and also run http://www.safer-networking.org/en/home/index.html and see if you find any malware. i will recommend running this tools on safe mode.
post back if you need more assistance
Thanks for your quick reply Jimmy. I have installed Windows Updates and do you mean install and run Spybot, which is the main product on the safer-networking site? As I said, I've run Ad-Aware, Norton, A Squared; is Spybot better? And perhaps you would explain what you mean by running in safe mode and how I do that.
Thanks
NC
Thanks
NC
What is your Operating System? Windows 98 and ME are no longer supported but you can still get security updates that have already been released. Regardless of the OS, as jimmymcp02 said, go to http://update.microsoft.com and check for updates. You may be prompted to install some software when you go to that site. MAKE SURE the prompts are from Microsoft and continue.
To answer you other question, SpyBot is the program you want from that site. SpyBot isn't necessarily better, but the more utilities you use the broader the scope of malware you can detect. The more nets the more fish, right?
To start in Safe Mode, repeatedly press F8 at system startup after the boot logo and you should see a "Windows Advanced Options Menu" where "Safe Mode" is an option. Make sure you have updated the Ad-Aware, SpyBot, Norton, etc. applications BEFORE you go into safe mode as you won't have network access.
After you do that, download HijackThis and save a log and post here.
HJT: http://www.spywareinfo.com/~merijn/programs.php
How-to: http://www.bleepingcomputer.com/tutorials/tutorial94.html
bcohea
To answer you other question, SpyBot is the program you want from that site. SpyBot isn't necessarily better, but the more utilities you use the broader the scope of malware you can detect. The more nets the more fish, right?
To start in Safe Mode, repeatedly press F8 at system startup after the boot logo and you should see a "Windows Advanced Options Menu" where "Safe Mode" is an option. Make sure you have updated the Ad-Aware, SpyBot, Norton, etc. applications BEFORE you go into safe mode as you won't have network access.
After you do that, download HijackThis and save a log and post here.
HJT: http://www.spywareinfo.com/~merijn/programs.php
How-to: http://www.bleepingcomputer.com/tutorials/tutorial94.html
bcohea
Thanks a lot for that. It may take me a day or two to get to that, so bear with me please. I *will* be back.
It's XP Home and only last night I installed quite a large number of updates, but will check again.
Thanks
NC
It's XP Home and only last night I installed quite a large number of updates, but will check again.
Thanks
NC
You may have to install the updates in stages, rebooting in between. Just keep updating until Windows Updates says there aren't anymore.
bcohea
bcohea
Active today
i suggest running ALL these - updated :
adaware : http://www.lavasoftusa.com/
Spybot : http://www.download.com/3000-8022-10122137.html
http://housecall.trendmicro.com/ online scan for trojans
http://www.spychecker.com/program/hijackthis.html download
http://www.hijackthis.de/index.php?langselect=english check the log
especially the housecall is very powerful !
adaware : http://www.lavasoftusa.com/
Spybot : http://www.download.com/3000-8022-10122137.html
http://housecall.trendmicro.com/ online scan for trojans
http://www.spychecker.com/program/hijackthis.html download
http://www.hijackthis.de/index.php?langselect=english check the log
especially the housecall is very powerful !
Active today
Have you turned off the Messenger service, a source of many unwanted browser windows? Go to Start -> Run -> type SERVICES.MSC and hit Enter key -> scroll down to the Messenger service in the list, double click on it, and in the window that appears, hit the Stop button for Service status, then change Startup Type to Disabled.
I understand that collins23. What I'm trying to discover is how one invites them and what one does to stop inviting them.
Getting there. Spent the entire day updating, installing Spybot, fixing and so on.
Lee, your Messenger note is interesting. Is this MSN Messenger you're referring to? If so, might make some sense as it's my daughter's - as with many, I guess - second home.
If this is MSN Messenger, presume your instructions won't prevent her signing in and messaging etc. I'd never hear the last of it!
Getting there. Spent the entire day updating, installing Spybot, fixing and so on.
Lee, your Messenger note is interesting. Is this MSN Messenger you're referring to? If so, might make some sense as it's my daughter's - as with many, I guess - second home.
If this is MSN Messenger, presume your instructions won't prevent her signing in and messaging etc. I'd never hear the last of it!
Active today
did you find any spyware?
also disable messager http://www.microsoft.com/windowsxp/using/security/learnmore/stopspam.mspx as leetutor recomended it does not affect msn messanger i have messanger service disable on my laptop and im still using msn messanger they are 2 different programs.
Also you ran the spybot and virus scans on safe mode right?
also disable messager http://www.microsoft.com/windowsxp/using/security/learnmore/stopspam.mspx as leetutor recomended it does not affect msn messanger i have messanger service disable on my laptop and im still using msn messanger they are 2 different programs.
Also you ran the spybot and virus scans on safe mode right?
Ennnceee,
Lee is referring to the Messenger service, and it is completely different from Windows Messenger. The Messenger service allows pop-ups like this:
http://www.itc.virginia.edu/desktop/docs/messagepopup/
And the full page windows you stated that you see in the original question ARE pop-ups. They just look a little different.
The best things you can do to make sure you don't get this junk again is:
1) Make sure XP is up-to-date by going to http://update.microsoft.com and also enabling Automatic Updates
2) disable the preview pane in Outlook Express or Outlook (if used)
3) run a antispyware app that runs resident such as Webroot SpySweeper, or be diligent and regular with the Spybot/AdAware/etc. (manual) scanners
4) use Firefox or Opera (just not Internet Explorer!)
5) create an account for your daughter to use that ISN'T an Administrator-level account
The last step will effectively neuter a ton of spyware. If you are logged in as a regular user-level account, most spyware will inherit those rights and will not be able to infect your system (at least as fully). Of course, you will have to log in to install apps or updates.
bcohea
Lee is referring to the Messenger service, and it is completely different from Windows Messenger. The Messenger service allows pop-ups like this:
http://www.itc.virginia.edu/desktop/docs/messagepopup/
And the full page windows you stated that you see in the original question ARE pop-ups. They just look a little different.
The best things you can do to make sure you don't get this junk again is:
1) Make sure XP is up-to-date by going to http://update.microsoft.com and also enabling Automatic Updates
2) disable the preview pane in Outlook Express or Outlook (if used)
3) run a antispyware app that runs resident such as Webroot SpySweeper, or be diligent and regular with the Spybot/AdAware/etc. (manual) scanners
4) use Firefox or Opera (just not Internet Explorer!)
5) create an account for your daughter to use that ISN'T an Administrator-level account
The last step will effectively neuter a ton of spyware. If you are logged in as a regular user-level account, most spyware will inherit those rights and will not be able to infect your system (at least as fully). Of course, you will have to log in to install apps or updates.
bcohea
Understand all that bcohea - and thanks - except 5. Perhaps you could elaborate a little.
I did think, by the way, that I had installed Google toolbar with pop-up blocker. Wouldn't that work in these circumstances?
Neil
I did think, by the way, that I had installed Google toolbar with pop-up blocker. Wouldn't that work in these circumstances?
Neil
Unfortunately Neil, pop-up blockers are not always 100% effective. There are many ways to call or generate a pop-up window and it is the unscrupulous advertisers' job to discover and take advantage of any and all ways to get visibility on your system. If they can even get 1 to 2% return on investment for all the impressions they land (which I would consider amazing for a pop-up creator), that would still mean thousands of sales since they probably had that pop-up appear on millions of user's computers. Therefore they want maximum exposure.
To answer your question about the administrator vs. limited user account: When you are logged in and you execute or start a application, that application usually inherits from you whatever rights you have. Therefore if you are an Administrator and you view a malicious web site or email, whatever process is actually doing the bad stuff in the background will have Administrator rights. Basically that means it can do pretty much ANYTHING it wants... modify the registry, delete files, change settings, etc.
But if you happen to stumble across this junk whilst logged in as a limited user then the malicious process cannot do many things to the system. No registry edits, no deletion of non-owned files, restricted settings change etc. Check out this page for the details on XP user account differences:
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/usercpl_overview.mspx?mfr=true
As the documentation above states, it does make it more difficult to install and run some applications while logged in as a limited user account. However, the "runas" command can easily remedy this. It will allow you to run certain apps as an admin that may require it.
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/runas.mspx?mfr=true
bcohea
To answer your question about the administrator vs. limited user account: When you are logged in and you execute or start a application, that application usually inherits from you whatever rights you have. Therefore if you are an Administrator and you view a malicious web site or email, whatever process is actually doing the bad stuff in the background will have Administrator rights. Basically that means it can do pretty much ANYTHING it wants... modify the registry, delete files, change settings, etc.
But if you happen to stumble across this junk whilst logged in as a limited user then the malicious process cannot do many things to the system. No registry edits, no deletion of non-owned files, restricted settings change etc. Check out this page for the details on XP user account differences:
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/usercpl_overview.mspx?mfr=true
As the documentation above states, it does make it more difficult to install and run some applications while logged in as a limited user account. However, the "runas" command can easily remedy this. It will allow you to run certain apps as an admin that may require it.
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/runas.mspx?mfr=true
bcohea
It's funny, though. I have a much older system (ten years old, small memory, W98) and I hardly get any pop-ups of any sort. Certainly don't get websites appearing out of the blue. Perhaps, perversely, it's because it's less sophisticated than my daughter's.
Still, making some progress. Have all updates now, have cleaned, virus-checked with Norton, Spybot, Ad-Aware, Housecall... Now need to attend to some of the other suggestions above.
Neil
Still, making some progress. Have all updates now, have cleaned, virus-checked with Norton, Spybot, Ad-Aware, Housecall... Now need to attend to some of the other suggestions above.
Neil
Websites appearing out of the blue without ANY prompting is a definite sign of malware infection. Please post the HijackThis log as I suggested earlier. We should make sure your daughter's computer is clean.
And regarding the fact that you get less pop-ups on your computer... there could be a number of possibilities on that. First of all, most new pop-ups are coded to take advantage of XP/2000 loopholes/vulnerabilities.
Also, and I mean no offense here, you are probably wiser in what you click on and what websites you visit. I don't know how old you daughter is and what sites she visits but Youth-related subject matter is prime picking grounds for pop-up creators. Most kids are not properly taught safe Internet usage and are easily influenced by ads. If you don't think kids are a cash cow, look at the relatively recent explosion of ring-tone/text-messaging businesses out there. What is their target consumer? Teens.
bcohea
And regarding the fact that you get less pop-ups on your computer... there could be a number of possibilities on that. First of all, most new pop-ups are coded to take advantage of XP/2000 loopholes/vulnerabilities.
Also, and I mean no offense here, you are probably wiser in what you click on and what websites you visit. I don't know how old you daughter is and what sites she visits but Youth-related subject matter is prime picking grounds for pop-up creators. Most kids are not properly taught safe Internet usage and are easily influenced by ads. If you don't think kids are a cash cow, look at the relatively recent explosion of ring-tone/text-messaging businesses out there. What is their target consumer? Teens.
bcohea
Have done the HijackThis log bcohea; was just getting to that. I mean no offence - you wouldn't tell me to do it if it wasn't quite safe - but would appreciate reassurance that the log I post here won't contain sensitive information. I can just C & P it can't I?
Oh yes, I know about the ring-tones/text business. My youngest daughter got caught up in one and it took all my expertise to get most of her money back.
Many thanks
Neil
Oh yes, I know about the ring-tones/text business. My youngest daughter got caught up in one and it took all my expertise to get most of her money back.
Many thanks
Neil
Active today
you save your log file on the hijackthis site, as i posted; and only post the link to it here
Hadn't got round to that Lee, but have looked now and it is already Stopped and Disabled.
Oh, ok nobus. Will check that when I'm able to later today (UK time) or tomorrow. A lot to get through, but getting there. Haven't had anything awry with latest scans from CCleaner, Ad-Aware, Norton Anti-Virus, Spybot (haven't got to Housecall yet), so must be making some progress.
Oh, ok nobus. Will check that when I'm able to later today (UK time) or tomorrow. A lot to get through, but getting there. Haven't had anything awry with latest scans from CCleaner, Ad-Aware, Norton Anti-Virus, Spybot (haven't got to Housecall yet), so must be making some progress.
As long as you follow nobus' advice about posting your HJT log it won't contain any personal info. Even if you posted copied and pasted the log here it shouldn't contain any personal information.
bcohea
bcohea
try ewido antispyware from http://free.grisoft.com
Will do collins23. Slowly getting through all these instructions!
Still getting websites popping up, despite all efforts so far, and currently trying to get rid of Trojan.Duntek in Maindro.dll, which Norton found but can't delete. Any ideas?
Think I've done HijackThis successfully and this should be the link:
http://www.hijackthis.de/logfiles/a26ae17b73fdd4ecf850db448229f726.html
Still getting websites popping up, despite all efforts so far, and currently trying to get rid of Trojan.Duntek in Maindro.dll, which Norton found but can't delete. Any ideas?
Think I've done HijackThis successfully and this should be the link:
http://www.hijackthis.de/logfiles/a26ae17b73fdd4ecf850db448229f726.html
When I tried that link earlier, it worked. Now it's telling me this log has been checked automatically. Confused.
Active today
I'm not sure what that message means, but: The logfile for analysis of HijackThis is only held for 3 days. It might have expired. I suggest you run another analysis and post the link for the analysis again.
Yes, I saw that it only lasted for three days, but I did a new one yesterday so should have been there. I'll try again.
Active today
just C&P on the hijackthis page then hit analyze and save the report then post the link
Jimmy, that's exactly what I did, and as I explained it was there when I tried it originally, but when I tried it a bit later (not three days later) it said as explained above. I'll try again shortly.
In the meantime I've been trying without success to get rid of this interminable Trojan.Duntek, which NAV keeps finding but won't delete or quarantine. It apparently encourages pop-up ads so could be (part of) the problem. I just went to Symatec support chat, but they want quite a lot of money to fix it on top of their annual subscription, so not falling for that. I'll keep looking for a solution and will go back to HijackThis as soon as.
In the meantime I've been trying without success to get rid of this interminable Trojan.Duntek, which NAV keeps finding but won't delete or quarantine. It apparently encourages pop-up ads so could be (part of) the problem. I just went to Symatec support chat, but they want quite a lot of money to fix it on top of their annual subscription, so not falling for that. I'll keep looking for a solution and will go back to HijackThis as soon as.
Active today
the trojan is your problem
here is an article on how to remove the trojan
http://www.symantec.com/security_response/writeup.jsp?docid=2006-102514-0554-99&tabid=3
here is an article on how to remove the trojan
http://www.symantec.com/security_response/writeup.jsp?docid=2006-102514-0554-99&tabid=3
I've run all the scans discussed above, including NAV, which found Trojan.Duntek, but which, as I said, won't delete it or quarantine it.
Trendmicro worked the first time I tried it, but, despite numerous attempts since, it won't co-operate. It just comes to a standstill before it's supposed to start scanning.
I've looked at that page jimmy, but am worried I'd be out of my depth. It seems odd to me that NAV can find it, but can't repair it. It almost makes the process pointless.
Trendmicro worked the first time I tried it, but, despite numerous attempts since, it won't co-operate. It just comes to a standstill before it's supposed to start scanning.
I've looked at that page jimmy, but am worried I'd be out of my depth. It seems odd to me that NAV can find it, but can't repair it. It almost makes the process pointless.
Active today
i think that you might have system restore enable and thats why it keeps comming back i dont think that nav is scanning the restore folder.... you might want to disable system restore and do a scan again. also make sure that the scans do not exclude the c:\restore
Think I can manage disabling system restore (should I enable it again afterwards?) but how do I make sure that scans don't exclude c:\restore?
Active today
if you want to try more scans, look here (bottom of page) :
http://www.dedigitalerevolutie.nl/toontext.asp?id=5670
http://www.dedigitalerevolutie.nl/toontext.asp?id=5670
Active today
You can disable it system restore and re enable later once eveything is fixed we can create a restore point....
As for the exclude run a scan and there should be an options tab check and see if there is a exclude files and folder make sure that is not check....I dont have nav on my pc (home version) i have the enterprise version.
As for the exclude run a scan and there should be an options tab check and see if there is a exclude files and folder make sure that is not check....I dont have nav on my pc (home version) i have the enterprise version.
Not having much luck. Disabled System Restore, scanned, picked up Trojan.Duntek again, but still wouldn't delete or quarantine; so have re-enabled SR. Did check files and folders weren't excluded.
Haven't tried all scans suggested here yet, but have done Spybot, A Squared, Ad-Aware, Norton, probably one or two others as well, but none of these has picked up T.D, if indeed this is the problem.
Tried again and again to use Trendmicro Housecall after working first time and then not. Tried numerous times, just got to the scan page and didn't do anything, until, finally, it did start to work, but then stopped and in any case the page disappeared of it's own accord! Great fun!
Still, getting ads/websites appearing from nowhere and whole system can be very slow. Considering all the XP updates, scans and so on would have hoped to make more progess by now.
Tried HijackThis again and this should be the link, if it doesn't do what happended last time. That is, the log disappeared and it was saying this has been checked automatically. They're supposed to stay for three days and I've just done it now at 10am, Thursday, UK time.
http://www.hijackthis.de/logfiles/a26ae17b73fdd4ecf850db448229f726.html
Haven't tried all scans suggested here yet, but have done Spybot, A Squared, Ad-Aware, Norton, probably one or two others as well, but none of these has picked up T.D, if indeed this is the problem.
Tried again and again to use Trendmicro Housecall after working first time and then not. Tried numerous times, just got to the scan page and didn't do anything, until, finally, it did start to work, but then stopped and in any case the page disappeared of it's own accord! Great fun!
Still, getting ads/websites appearing from nowhere and whole system can be very slow. Considering all the XP updates, scans and so on would have hoped to make more progess by now.
Tried HijackThis again and this should be the link, if it doesn't do what happended last time. That is, the log disappeared and it was saying this has been checked automatically. They're supposed to stay for three days and I've just done it now at 10am, Thursday, UK time.
http://www.hijackthis.de/logfiles/a26ae17b73fdd4ecf850db448229f726.html
Active today
im not sure of what this entries are?
O9 - Extra button: My Next Search - Toolbar - {1CBF31FC-3C23-4BA6-AF16-2
O9 - Extra 'Tools' menuitem: My Next Search - Toolbar - {1CBF31FC-3C23-4BA6-AF16-2
but there seem not to be files associated with those registries
the trojan is causing the sites to pop up.
O9 - Extra button: My Next Search - Toolbar - {1CBF31FC-3C23-4BA6-AF16-2
O9 - Extra 'Tools' menuitem: My Next Search - Toolbar - {1CBF31FC-3C23-4BA6-AF16-2
but there seem not to be files associated with those registries
the trojan is causing the sites to pop up.
I'm afraid I don't understand the significance of that Jimmy.
That link is still working, but, and this is quite bizarre, I definitely saw a 'Nasty' there when I first looked at it, but it isn't there now. How strange. I do see that it says at the bottom that it's been checked automatically, but unlike my first attempt, when the entire log disappeared, it, or most if it, is still there as I write.
Any more suggestions gratefully received. Have you looked nobus or bcohea?
And any further suggestions as to how I get rid of Trojan.Duntek without paying Symatec $70 for the privilege?
I've done some more scans, including Mcafee, but it was clear and NAV is still the only scan to pick up this trojan.
That link is still working, but, and this is quite bizarre, I definitely saw a 'Nasty' there when I first looked at it, but it isn't there now. How strange. I do see that it says at the bottom that it's been checked automatically, but unlike my first attempt, when the entire log disappeared, it, or most if it, is still there as I write.
Any more suggestions gratefully received. Have you looked nobus or bcohea?
And any further suggestions as to how I get rid of Trojan.Duntek without paying Symatec $70 for the privilege?
I've done some more scans, including Mcafee, but it was clear and NAV is still the only scan to pick up this trojan.
I think it tried to do that during the procedure, presumably without success. Wouldn't have a clue how to do it independently.
Active today
apart from a fresh install, you can still look into this :
if you want to try more scans, look here (bottom of page) :
http://www.dedigitalerevolutie.nl/toontext.asp?id=5670
if you want to try more scans, look here (bottom of page) :
http://www.dedigitalerevolutie.nl/toontext.asp?id=5670
Active today
sorry i should have been more clear
the below entries can be deleted if you wish they do not have files associated with them.
O9 - Extra button: My Next Search - Toolbar - {1CBF31FC-3C23-4BA6-AF16-2
O9 - Extra 'Tools' menuitem: My Next Search - Toolbar - {1CBF31FC-3C23-4BA6-AF16-2
Your problem is the trojan and unfortunally the only way is to follow the instructions provided before from the symantec site on how to remove .trojan.dunket
http://www.symantec.com/security_response/writeup.jsp?docid=2006-102514-0554-99&tabid=3
the below entries can be deleted if you wish they do not have files associated with them.
O9 - Extra button: My Next Search - Toolbar - {1CBF31FC-3C23-4BA6-AF16-2
O9 - Extra 'Tools' menuitem: My Next Search - Toolbar - {1CBF31FC-3C23-4BA6-AF16-2
Your problem is the trojan and unfortunally the only way is to follow the instructions provided before from the symantec site on how to remove .trojan.dunket
http://www.symantec.com/security_response/writeup.jsp?docid=2006-102514-0554-99&tabid=3
I feel your pain,
Just spent 4 hours trying to kill this thing.
Following the directions on Symantec is no good. It does not kill this!
I've tried many combinations, including hijack this, Ad-aware, Spybot, ccleaner, Yahoo spyware killer, Avast antivirus, NAV, Safe Mode. They can't kill it and they can't delete, quarantine or anything else the DLL that this sucker has placed in the system directory.
It's time to re-image. The software solutions are no good.
Just spent 4 hours trying to kill this thing.
Following the directions on Symantec is no good. It does not kill this!
I've tried many combinations, including hijack this, Ad-aware, Spybot, ccleaner, Yahoo spyware killer, Avast antivirus, NAV, Safe Mode. They can't kill it and they can't delete, quarantine or anything else the DLL that this sucker has placed in the system directory.
It's time to re-image. The software solutions are no good.
Wel, good to hear from a fellow sufferer!
Now, I *think* I know what you mean by re-image (though couldn't be certain), but wouldn't have a clue how to do it. Not the first idea. And perhaps it's something I shouldn't even attempt. As I posted earlier, Symatec reckon they can remove this remotely for around $70, but why should I pay this when I already pay for their anti-virus.
Jimmy, was the 'nasty' there when you looked at the HijackThis log? As I explained earlier there was certainly one there when I first scanned, but when I checked later if the link was still working (which it isn't now; past the three days) it had somewhow disappeared.
Now, I *think* I know what you mean by re-image (though couldn't be certain), but wouldn't have a clue how to do it. Not the first idea. And perhaps it's something I shouldn't even attempt. As I posted earlier, Symatec reckon they can remove this remotely for around $70, but why should I pay this when I already pay for their anti-virus.
Jimmy, was the 'nasty' there when you looked at the HijackThis log? As I explained earlier there was certainly one there when I first scanned, but when I checked later if the link was still working (which it isn't now; past the three days) it had somewhow disappeared.
Well, I think I've managed to get rid of Trojan.Duntek (hope you're reading this gotaluvme) by downloading and using the trial version of NOD32. It seems to have done the trick. I had a good look around Google and found someone else with a similar problem, although he said he'd transferred the HDD to another pc with NOD32 and got rid of it there. Don't know why he did that when the trial version is available for download, but still.
However, getting rid of TD doesn't appear to have solved the problem of pop-up websites.
Scuse my ignorance Nobus, but re-install what? The operating system? I don't think I'd want to try that to be honest. Perhaps we'll just have to live with the problem.
When you talk about back-up Nobus, what do you consider is the most straightforward way?
However, getting rid of TD doesn't appear to have solved the problem of pop-up websites.
Scuse my ignorance Nobus, but re-install what? The operating system? I don't think I'd want to try that to be honest. Perhaps we'll just have to live with the problem.
When you talk about back-up Nobus, what do you consider is the most straightforward way?
Active today
A backup depends on how you are organised; you should backup all your data before doing a clean install of XP.
i like to do it manual, and copy everything i need into folders in my documents, then copy my documents to another disk or usb drive.
i copy my favorites from IE, all the mail and accounts and address books from Outlook, or OE, by copying the pst file or the dbx files, or exporting them to files.
i like to do it manual, and copy everything i need into folders in my documents, then copy my documents to another disk or usb drive.
i copy my favorites from IE, all the mail and accounts and address books from Outlook, or OE, by copying the pst file or the dbx files, or exporting them to files.
A bit lost what to do now. Really don't feel competent to try reinstalling XP and although the pc is certainly running better than previously, thanks to various suggestions here, it is still throwing up websites; despite Google blocker, XP blocker and so on. Eliminating Trojan.Duntek doesn't seem to have done the trick. So, as that was the original question, not sure where we go from here.
By the way, NOD32 seems to my inexpert eyes to be pretty good. They certainly claim quite a lot for it. Does anyone have an opinion?
By the way, NOD32 seems to my inexpert eyes to be pretty good. They certainly claim quite a lot for it. Does anyone have an opinion?
Reinstalling XP is a different question.
but briefly, back up your important data files to another hard drive or CD/DVD
Copy any email files and other important info from folders if you need them.
You should have your application install disks to reinstall the apps after wiping your hard drive and reinstalling XP. Other freeware and programs can be downloaded again from the Internet.
Insert your XP CD and restart. Your computer may autorecognize it and boot from CD instead of your hard drive. Then go through the options to reformat your harddrive and reinstall XP.
Load your applications after it is done from CD, load any other important files etc. and copy your files back to your new, clean hard drive.
Right mouse click on My computer on the windows desktop and choose manage.
Rename the Administrator account to something else, and be sure and set a password that you know and isn't easily cracked. Try something like: Spyware_Writers_aRe_Crimin
Be sure and have a firewall on, either use windows firewall or get something like Zonealarm, put on Spybot Search and Destroy, Lavasoft Ad-Aware, Antivir Virus Scanner, or AVG. You can get all this stuff from download links at Majorgeeks.com
Go to windowsupdate.com and install all the updates, patches and software. go to Microsoft.com and download and install Windows Defender.
If you have Microsoft Office, go to microsoft.com/office and install all the office updates there.
Do all this, then be careful next time before installing things from non-reputable websites, pokersites, screensavers and smilies.
Apologies for absence. A dose of something nasty. PC does seem to be working better in general, thanks to much of above advice, but despite using many different cleaners and checkers still can't eradicate websites appearing out of nowhere; the original problem. Appreciate advice on reinstall, but really don't feel competent to attempt that.
I should probably close this now, but will leave open until after the holiday in case any more suggestions forthcoming.
Seasons greetings from the south coast of the UK.
Neil C
I should probably close this now, but will leave open until after the holiday in case any more suggestions forthcoming.
Seasons greetings from the south coast of the UK.
Neil C
Active today
maybe time to have a back-up of your data, and doing a fresh install, in order to have a fully operational PC
Well, still getting pop-ups, so haven't actually managed to eradicate problem, but appreciate other help and advice. Impossible to know which answer to accept or how to allocate points so will settle for re-install as answer, although don't feel competent or brave enough to attempt that myself, so will probably get someone in in due course.
Featured Post
Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.
One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Suggested Solutions
| Title | # Comments | Views | Activity |
|---|---|---|---|
| RemoteApp Printing | 5 | 106 | |
| Installing Windows XP from USB | 10 | 129 | |
| What does "Installable" mean within Diskpart Detail Volume properties? | 12 | 287 | |
| Event ID: 1008 / Source: Microsoft-Windows-Perflib | 2 | 240 |
Most of the time we are in fix when all of sudden our systems behave weirdly. Such problems cost time and effort... so it's best to take some preventive actions so that we can avoid such issues or overcome such problems more easily.
Preventive M…
Issue:
Unstable cursor in Windows XP and Windows runs extremely slow in that any click will bring up the Hour glass (sometimes for several seconds before giving you what you want) .
Troubleshooting Process and the FINAL FIX:
This issue see…
Two types of users will appreciate AOMEI Backupper Pro:
1 - Those with PCIe drives (and haven't found cloning software that works on them).
2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Attackers love to prey on accounts that have privileges.
Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
733 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.