• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 321
  • Last Modified:

unknown popup appearing at startup of Windows 7 Ultimate Service Pack 1

Hello and Good Evening Everyone

            I am getting a popup of unknown origin at startup of Windows 7 Ultimate with SP1.  The popup reads as follows:  You have 164 tracks in cache to play right now with options of Remind Me Later and Play Fresh Music.  I did run the following utilities earlier which found and removed some Trojans, spyware, and some other types of malware: ComboFix, Malwarebytes, and Panda Cloud Anti-Virus.  Despite of the successful cleanup, the popup still remains which brings me to this post requesting advise.  

           Any shared suggestions or tips for resolving the popup that stays on the screen until closed will be deeply appreciated.  

          Thank you

          George
0
GMartin
Asked:
GMartin
  • 7
  • 5
  • 4
  • +1
7 Solutions
 
10023Commented:
Can you see the origin on the popup in task manager....right click on the taskbar and go to "start task manager"..see if it is defined under application...then you can explore from there....by right clicking...

A little steeper learning curve but very good...use autoruns from system internals to run it down...seems like you good at running apps
Here is a tutorial
http://www.windowsecurity.com/articles-tutorials/viruses_trojans_malware/Hunt-Down-Kill-Malware-Sysinternals-Tools-Part2.html
0
 
John HurstBusiness Consultant (Owner)Commented:
Download, install and run Process Explorer from Microsoft. Once running, look down the left side tree for the Explorer heading. Look at the processes under it. If there is a strange alpha-numeric process (often the "name" of rogue startups), kill it, close Process Explorer, do NOT restart, run Malwarebytes again and then restart. See if this helps.
0
 
rindiCommented:
This doesn't sound like typical malware to me. Run msconfig and check what it loads at startup. If some utility is loaded that you don't need to be loaded automatically, just uncheck it.
0
What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

 
GMartinAuthor Commented:
Hello and Good Afternoon Everyone,

            I just want to take a moment and provide some updates.  First of all, I did notice the offending entry HitsBlender within Applications of Task Manager.  I did uncheck it and saved the changes.   While it did temporarily remove the popup, it did reappear following reboot.  I did a further follow up by unchecking the offending entry of HitsBlender within msconfig, clicked Apply, clicked OK, and restarted the pc.  I am happy and very pleased to say the desktop popup is gone.  

           At this point, I do have a follow up question which is in need of resolution in order to provide full closure of this post.  Whenever I type in a web site address within IE or Google Chrome which request login credentials, the page redirects to an unknown page full of ads.  Should I use HiJackThis to resolve this issue?  If so, could someone provide a direct download link to that latest free version of it?  I believe there is a website, http://www.hijackthis.de/ which can be used to analyze the saved log file created from HiJackThis.  Based upon my personal recollections of using HiJackThis, I believe I upload the saved log file to the mentioned website address for analysis.  Each offending entry is marked with a red X and is termed a "nasty" entry which needs removal.  Seeing that the problem pc is having issues, can I possibly carry out any further troubleshooting procedures within Safe Mode with Networking?

          In closing, I apologize for these follow up questions.  I am optimistic any further shared insights will result in a comprehensive resolution to my concerns.

          Many thanks once again.

          George
0
 
10023Commented:
Just a thought...
Did you follow through with John's advice and rerun malwarebytes??
0
 
10023Commented:
I mean after you stopped the offending .exe from running??
0
 
rindiCommented:
If you don't use the software "HitsBlender" check in "Programs and Features" of the Control Panel and uninstall it from there. Also check there for further software to remove. In the browsers look for toolbar add-ons etc you can remove.

As I mentioned earlier, this probably isn't malware. More likely it is crapware which often gets installed along with another program you installed. Many such free software programs are financed by packing other stuff along with them. You always need to be very careful during the installation, to read all the text, and use advanced modes so you can uncheck the other software from installing too.
0
 
10023Commented:
0
 
GMartinAuthor Commented:
Hello and Good Evening Everyone

            The only problem I am having at this point is with my browsers, both, IE and Google Chrome.  Everything else is fine.  Since the browsers work just fine in Safe Mode with Networking and not in Normal Mode, I believe I need a program specialized in removing malicious embedded code within browsers like HiJackThis.  I have downloaded and installed the latest HiJackThis within Safe Mode and found the link of http://sourceforge.net/p/hjt/support-requests/ as a support page.  At this point, I am wondering how I might can uploaded my saved HiJackThis log file to this site for analysis.  

            Any shared ideas for accomplishing this goal will be greatly appreciated.

            Thank you

            George
0
 
John HurstBusiness Consultant (Owner)Commented:
If the pop ups are now gone, then try doing a full IE Reset (including all data). Then restart and see if that solves it.
0
 
GMartinAuthor Commented:
Hello

           Yes, I carried out a full IE Reset and restarted both the browser and Windows 7.  Unfortunately, it did not resolve the issue.  I am not exactly sure I carried out the steps that you have in mind though.  If you would, can you outline the steps as you would do it?  

           By the way, I am uploading a saved log file generated by HiJackThis to be used for future analysis by the site which isolates the entries to correctly delete.   The popups which happen are only noticed when surfing the web within Normal Mode and not Safe Mode.   The desktop popup originally reported is now gone.

           Thanks

           George
hijackthis120714.txt
0
 
John HurstBusiness Consultant (Owner)Commented:
Viruses and pop ups like viruses can be difficult to remove.

At this point, you may wish to try a Windows 7 Repair Install. Here is a Seven Forums Tutorial that can assist you.

http://www.sevenforums.com/tutorials/3413-repair-install.html
0
 
10023Commented:
Logfile-of-Trend-Micro-HijackThis-v2.docGeorge,
You have a lot of add-ons the browser and from the analysis trendmicro did you browser needs updating.  When deal with browsers I shut down all extensions and addons....
You have some directory problems according to trend micro...see the attached analysisLogfile-of-Trend-Micro-HijackThis-v2.doc
0
 
GMartinAuthor Commented:
Hello

          Unfortunately, when the log file opens in Notepad, it consist of what appears to be machine code filled with symbols.  Can you possibly send me a link you uploaded the log file to when doing the analysis?  Will it be able to show which entries need to be deleted within HiJackThis?

          Thanks

          George
0
 
10023Commented:
George, it only gives recommendation...it's an iffy process...i kinda agree with John on this
One thing you can do is selectively or disable all of the extensions and addon's and make sure the directories are right per recommendations...you can generate the same report with your file by going to:
http://www.hijackthis.de/#anl
and pasting in your file for the same report.
Sorry about that office file but could not get it to render all the glitz any other way
0
 
GMartinAuthor Commented:
Hello and Good Afternoon Everyone,

             I was able to resolve the original posted problem by simply going into msconfig and unchecking the offending loading entry within the Startup tab which resulted in the desktop popup.  However, there were unexpected and further popups which revealed themselves whenever any of my browsers were opened.  Despite of a battery of anti-malware utilities being run in addition to resetting the browsers IE and Google Chrome back to their default settings, the popups remained.  At any rate, I was able to fully resolve all of my issues by fully wiping and reloading Windows 7 with SP1.  Under the circumstances and seeing that I had all of my end user files backed up, I felt it would be the best option.

             In closing, I want to sincerely thank everyone for their shared insights and resourceful links. All feedback given was certainly found germane to the original concern posted.  

             George
0
 
John HurstBusiness Consultant (Owner)Commented:
George - you are very welcome and I was happy to help.
0
 
rindiCommented:
I suggest for the future whenever you install software, to carefully read the installation screens and make sure you don't select any of the useless addons that are often included too. Also make sure that you always use the PC as a standard user, and not as a user with admin rights.
0
 
10023Commented:
GMartin,
thanks for the excellent feedback...it helps everyone!!
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

  • 7
  • 5
  • 4
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now