Solved

Spyware Alert Pop-Up Ads

Posted on 2007-03-29
6
7,303 Views
Last Modified: 2008-03-03
Somehow I got an anti-spyware ad stuck in my system tray. Every 15 seconds or so a balloon pops up that tells me I have possible spyware on my system and I should download the latest anti-spyware programs. Needless to say, I don't trust this, I don't want it, I didn't download it, but I can't get rid of the message.

I just ran Spybot Search and Destroy, Lavasoft's AdAware, and Webroot Spy Search. My NAV is up to date and functioning properly, and I have my pop-up blocker enabled. Even as I am typing this, the balloon saying "System Alert!" has popped up, stalling anything I'm working on. I just "X" it, but it keeps coming back.

The anti-spyware that's being pushed is: "Spy Locked," "Malware Wiped," and "Pest Capture," but if I go to those web sites I'm notified that they can't be opened. I'm sure they are all bogus, but I'd like to get rid of the ad popping up.

I'm using Windows XP.  Thank you!
0
Comment
Question by:Trisha5
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 88

Expert Comment

by:rindi
ID: 18818526
Use msconfig to disable the msm messenger service. Then check if the popups still show.

Check your system for malware using a bootable LiveCD, the UBCD4Win and use it to clean the system.

http://ubcd4win.com
0
 

Author Comment

by:Trisha5
ID: 18819867
Thank you very much.  That did not resolve the problem, but I appreciate the response just the same.  I'm going to have somebody take a look at the computer "in person" this weekend or early next week, so that should resolve it.  Thanks again.  I appreciate your wonderful responsiveness.

0
 
LVL 23

Expert Comment

by:phototropic
ID: 18819894
This sounds like a Smitfraud infection. Take alook at this:

http://www.bleepingcomputer.com/forums/topic58401.html

Download the smitfraudfix.exe tool and run a search. If the infection is found, follow the instructuions in the link above.
0
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 500 total points
ID: 18827255
phototropic is spot on!
It is smitfraud and it can be removed easily with smitfraudfix, no need to pay someone to clean it(the Tech guy might not even know smitfraud, lol)

Just run smitfraudfix(option 2) in safe mode and that's all it's needed, then run option 3 in normal mode to make sure they can't come back.

It's also helpful if you post the rapport.txt(result) to see if it came with a new variant.

SUPERAntispyware also removes smitfraud. It's a good on-demand free scanner(if you don't want to pay for the real-time monitor) with updates all year round.
http://www.superantispyware.com/
0
 

Author Comment

by:Trisha5
ID: 19420571
Sorry if I didn't close it out correctly.  When I said "Thanks," and explained that I was going to have somebody take a look at it, that was the end of it.  Hope it's closed out okay now.

T
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
XTBL Ransomware 8 342
.Code New Varient 5 102
Comments needed on ransomware & mitigation methods 12 166
Does every computer hit with Ransomware use a different key to unencrypt? 10 122
INTRODUCTION "Virut" is a nasty, polymorphic file infector, and it infects every executable and screensaver file on access.  Some variant also infects .htm, html, .rar and .zip archives, and latest variants infects php and asp.  It patches system…
Most PC repair technicians (if not all) always start their cleanup process by emptying the temp folders before running any removal tools. It makes sense because temp folders are common places for malware installers to lurk and removing all the junk …
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question