Solved

unknown popup appearing at startup of Windows 7 Ultimate Service Pack 1

Posted on 2014-12-06
19
288 Views
Last Modified: 2014-12-19
Hello and Good Evening Everyone

            I am getting a popup of unknown origin at startup of Windows 7 Ultimate with SP1.  The popup reads as follows:  You have 164 tracks in cache to play right now with options of Remind Me Later and Play Fresh Music.  I did run the following utilities earlier which found and removed some Trojans, spyware, and some other types of malware: ComboFix, Malwarebytes, and Panda Cloud Anti-Virus.  Despite of the successful cleanup, the popup still remains which brings me to this post requesting advise.  

           Any shared suggestions or tips for resolving the popup that stays on the screen until closed will be deeply appreciated.  

          Thank you

          George
0
Comment
Question by:GMartin
  • 7
  • 5
  • 4
  • +1
19 Comments
 
LVL 10

Assisted Solution

by:10023
10023 earned 150 total points
Comment Utility
Can you see the origin on the popup in task manager....right click on the taskbar and go to "start task manager"..see if it is defined under application...then you can explore from there....by right clicking...

A little steeper learning curve but very good...use autoruns from system internals to run it down...seems like you good at running apps
Here is a tutorial
http://www.windowsecurity.com/articles-tutorials/viruses_trojans_malware/Hunt-Down-Kill-Malware-Sysinternals-Tools-Part2.html
0
 
LVL 90

Assisted Solution

by:John Hurst
John Hurst earned 150 total points
Comment Utility
Download, install and run Process Explorer from Microsoft. Once running, look down the left side tree for the Explorer heading. Look at the processes under it. If there is a strange alpha-numeric process (often the "name" of rogue startups), kill it, close Process Explorer, do NOT restart, run Malwarebytes again and then restart. See if this helps.
0
 
LVL 87

Accepted Solution

by:
rindi earned 200 total points
Comment Utility
This doesn't sound like typical malware to me. Run msconfig and check what it loads at startup. If some utility is loaded that you don't need to be loaded automatically, just uncheck it.
0
 

Author Comment

by:GMartin
Comment Utility
Hello and Good Afternoon Everyone,

            I just want to take a moment and provide some updates.  First of all, I did notice the offending entry HitsBlender within Applications of Task Manager.  I did uncheck it and saved the changes.   While it did temporarily remove the popup, it did reappear following reboot.  I did a further follow up by unchecking the offending entry of HitsBlender within msconfig, clicked Apply, clicked OK, and restarted the pc.  I am happy and very pleased to say the desktop popup is gone.  

           At this point, I do have a follow up question which is in need of resolution in order to provide full closure of this post.  Whenever I type in a web site address within IE or Google Chrome which request login credentials, the page redirects to an unknown page full of ads.  Should I use HiJackThis to resolve this issue?  If so, could someone provide a direct download link to that latest free version of it?  I believe there is a website, http://www.hijackthis.de/ which can be used to analyze the saved log file created from HiJackThis.  Based upon my personal recollections of using HiJackThis, I believe I upload the saved log file to the mentioned website address for analysis.  Each offending entry is marked with a red X and is termed a "nasty" entry which needs removal.  Seeing that the problem pc is having issues, can I possibly carry out any further troubleshooting procedures within Safe Mode with Networking?

          In closing, I apologize for these follow up questions.  I am optimistic any further shared insights will result in a comprehensive resolution to my concerns.

          Many thanks once again.

          George
0
 
LVL 10

Expert Comment

by:10023
Comment Utility
Just a thought...
Did you follow through with John's advice and rerun malwarebytes??
0
 
LVL 10

Expert Comment

by:10023
Comment Utility
I mean after you stopped the offending .exe from running??
0
 
LVL 87

Assisted Solution

by:rindi
rindi earned 200 total points
Comment Utility
If you don't use the software "HitsBlender" check in "Programs and Features" of the Control Panel and uninstall it from there. Also check there for further software to remove. In the browsers look for toolbar add-ons etc you can remove.

As I mentioned earlier, this probably isn't malware. More likely it is crapware which often gets installed along with another program you installed. Many such free software programs are financed by packing other stuff along with them. You always need to be very careful during the installation, to read all the text, and use advanced modes so you can uncheck the other software from installing too.
0
 
LVL 10

Assisted Solution

by:10023
10023 earned 150 total points
Comment Utility
0
 

Author Comment

by:GMartin
Comment Utility
Hello and Good Evening Everyone

            The only problem I am having at this point is with my browsers, both, IE and Google Chrome.  Everything else is fine.  Since the browsers work just fine in Safe Mode with Networking and not in Normal Mode, I believe I need a program specialized in removing malicious embedded code within browsers like HiJackThis.  I have downloaded and installed the latest HiJackThis within Safe Mode and found the link of http://sourceforge.net/p/hjt/support-requests/ as a support page.  At this point, I am wondering how I might can uploaded my saved HiJackThis log file to this site for analysis.  

            Any shared ideas for accomplishing this goal will be greatly appreciated.

            Thank you

            George
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 90

Assisted Solution

by:John Hurst
John Hurst earned 150 total points
Comment Utility
If the pop ups are now gone, then try doing a full IE Reset (including all data). Then restart and see if that solves it.
0
 

Author Comment

by:GMartin
Comment Utility
Hello

           Yes, I carried out a full IE Reset and restarted both the browser and Windows 7.  Unfortunately, it did not resolve the issue.  I am not exactly sure I carried out the steps that you have in mind though.  If you would, can you outline the steps as you would do it?  

           By the way, I am uploading a saved log file generated by HiJackThis to be used for future analysis by the site which isolates the entries to correctly delete.   The popups which happen are only noticed when surfing the web within Normal Mode and not Safe Mode.   The desktop popup originally reported is now gone.

           Thanks

           George
hijackthis120714.txt
0
 
LVL 90

Assisted Solution

by:John Hurst
John Hurst earned 150 total points
Comment Utility
Viruses and pop ups like viruses can be difficult to remove.

At this point, you may wish to try a Windows 7 Repair Install. Here is a Seven Forums Tutorial that can assist you.

http://www.sevenforums.com/tutorials/3413-repair-install.html
0
 
LVL 10

Expert Comment

by:10023
Comment Utility
Logfile-of-Trend-Micro-HijackThis-v2.docGeorge,
You have a lot of add-ons the browser and from the analysis trendmicro did you browser needs updating.  When deal with browsers I shut down all extensions and addons....
You have some directory problems according to trend micro...see the attached analysisLogfile-of-Trend-Micro-HijackThis-v2.doc
0
 

Author Comment

by:GMartin
Comment Utility
Hello

          Unfortunately, when the log file opens in Notepad, it consist of what appears to be machine code filled with symbols.  Can you possibly send me a link you uploaded the log file to when doing the analysis?  Will it be able to show which entries need to be deleted within HiJackThis?

          Thanks

          George
0
 
LVL 10

Expert Comment

by:10023
Comment Utility
George, it only gives recommendation...it's an iffy process...i kinda agree with John on this
One thing you can do is selectively or disable all of the extensions and addon's and make sure the directories are right per recommendations...you can generate the same report with your file by going to:
http://www.hijackthis.de/#anl
and pasting in your file for the same report.
Sorry about that office file but could not get it to render all the glitz any other way
0
 

Author Comment

by:GMartin
Comment Utility
Hello and Good Afternoon Everyone,

             I was able to resolve the original posted problem by simply going into msconfig and unchecking the offending loading entry within the Startup tab which resulted in the desktop popup.  However, there were unexpected and further popups which revealed themselves whenever any of my browsers were opened.  Despite of a battery of anti-malware utilities being run in addition to resetting the browsers IE and Google Chrome back to their default settings, the popups remained.  At any rate, I was able to fully resolve all of my issues by fully wiping and reloading Windows 7 with SP1.  Under the circumstances and seeing that I had all of my end user files backed up, I felt it would be the best option.

             In closing, I want to sincerely thank everyone for their shared insights and resourceful links. All feedback given was certainly found germane to the original concern posted.  

             George
0
 
LVL 90

Expert Comment

by:John Hurst
Comment Utility
George - you are very welcome and I was happy to help.
0
 
LVL 87

Expert Comment

by:rindi
Comment Utility
I suggest for the future whenever you install software, to carefully read the installation screens and make sure you don't select any of the useless addons that are often included too. Also make sure that you always use the PC as a standard user, and not as a user with admin rights.
0
 
LVL 10

Expert Comment

by:10023
Comment Utility
GMartin,
thanks for the excellent feedback...it helps everyone!!
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Some of the most commonly posted questions in the "Virus & Malware" Zones are related to the family of rogue malware with the date "2012" somewhere in the title. Examples: XP Antispyware 2012 XP Antivirus 2012 XP Security 2012   XP Home Sec…
You cannot be 100% sure that you can protect your organization against crypto ransomware but you can lower down the risk and impact of the infection.
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now