Solved

unknown popup appearing at startup of Windows 7 Ultimate Service Pack 1

Posted on 2014-12-06
19
293 Views
Last Modified: 2014-12-19
Hello and Good Evening Everyone

            I am getting a popup of unknown origin at startup of Windows 7 Ultimate with SP1.  The popup reads as follows:  You have 164 tracks in cache to play right now with options of Remind Me Later and Play Fresh Music.  I did run the following utilities earlier which found and removed some Trojans, spyware, and some other types of malware: ComboFix, Malwarebytes, and Panda Cloud Anti-Virus.  Despite of the successful cleanup, the popup still remains which brings me to this post requesting advise.  

           Any shared suggestions or tips for resolving the popup that stays on the screen until closed will be deeply appreciated.  

          Thank you

          George
0
Comment
Question by:GMartin
  • 7
  • 5
  • 4
  • +1
19 Comments
 
LVL 10

Assisted Solution

by:10023
10023 earned 150 total points
ID: 40485058
Can you see the origin on the popup in task manager....right click on the taskbar and go to "start task manager"..see if it is defined under application...then you can explore from there....by right clicking...

A little steeper learning curve but very good...use autoruns from system internals to run it down...seems like you good at running apps
Here is a tutorial
http://www.windowsecurity.com/articles-tutorials/viruses_trojans_malware/Hunt-Down-Kill-Malware-Sysinternals-Tools-Part2.html
0
 
LVL 92

Assisted Solution

by:John Hurst
John Hurst earned 150 total points
ID: 40485059
Download, install and run Process Explorer from Microsoft. Once running, look down the left side tree for the Explorer heading. Look at the processes under it. If there is a strange alpha-numeric process (often the "name" of rogue startups), kill it, close Process Explorer, do NOT restart, run Malwarebytes again and then restart. See if this helps.
0
 
LVL 88

Accepted Solution

by:
rindi earned 200 total points
ID: 40485377
This doesn't sound like typical malware to me. Run msconfig and check what it loads at startup. If some utility is loaded that you don't need to be loaded automatically, just uncheck it.
0
 

Author Comment

by:GMartin
ID: 40485754
Hello and Good Afternoon Everyone,

            I just want to take a moment and provide some updates.  First of all, I did notice the offending entry HitsBlender within Applications of Task Manager.  I did uncheck it and saved the changes.   While it did temporarily remove the popup, it did reappear following reboot.  I did a further follow up by unchecking the offending entry of HitsBlender within msconfig, clicked Apply, clicked OK, and restarted the pc.  I am happy and very pleased to say the desktop popup is gone.  

           At this point, I do have a follow up question which is in need of resolution in order to provide full closure of this post.  Whenever I type in a web site address within IE or Google Chrome which request login credentials, the page redirects to an unknown page full of ads.  Should I use HiJackThis to resolve this issue?  If so, could someone provide a direct download link to that latest free version of it?  I believe there is a website, http://www.hijackthis.de/ which can be used to analyze the saved log file created from HiJackThis.  Based upon my personal recollections of using HiJackThis, I believe I upload the saved log file to the mentioned website address for analysis.  Each offending entry is marked with a red X and is termed a "nasty" entry which needs removal.  Seeing that the problem pc is having issues, can I possibly carry out any further troubleshooting procedures within Safe Mode with Networking?

          In closing, I apologize for these follow up questions.  I am optimistic any further shared insights will result in a comprehensive resolution to my concerns.

          Many thanks once again.

          George
0
 
LVL 10

Expert Comment

by:10023
ID: 40485767
Just a thought...
Did you follow through with John's advice and rerun malwarebytes??
0
 
LVL 10

Expert Comment

by:10023
ID: 40485769
I mean after you stopped the offending .exe from running??
0
 
LVL 88

Assisted Solution

by:rindi
rindi earned 200 total points
ID: 40485770
If you don't use the software "HitsBlender" check in "Programs and Features" of the Control Panel and uninstall it from there. Also check there for further software to remove. In the browsers look for toolbar add-ons etc you can remove.

As I mentioned earlier, this probably isn't malware. More likely it is crapware which often gets installed along with another program you installed. Many such free software programs are financed by packing other stuff along with them. You always need to be very careful during the installation, to read all the text, and use advanced modes so you can uncheck the other software from installing too.
0
 
LVL 10

Assisted Solution

by:10023
10023 earned 150 total points
ID: 40485772
0
 

Author Comment

by:GMartin
ID: 40485940
Hello and Good Evening Everyone

            The only problem I am having at this point is with my browsers, both, IE and Google Chrome.  Everything else is fine.  Since the browsers work just fine in Safe Mode with Networking and not in Normal Mode, I believe I need a program specialized in removing malicious embedded code within browsers like HiJackThis.  I have downloaded and installed the latest HiJackThis within Safe Mode and found the link of http://sourceforge.net/p/hjt/support-requests/ as a support page.  At this point, I am wondering how I might can uploaded my saved HiJackThis log file to this site for analysis.  

            Any shared ideas for accomplishing this goal will be greatly appreciated.

            Thank you

            George
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 92

Assisted Solution

by:John Hurst
John Hurst earned 150 total points
ID: 40485945
If the pop ups are now gone, then try doing a full IE Reset (including all data). Then restart and see if that solves it.
0
 

Author Comment

by:GMartin
ID: 40485963
Hello

           Yes, I carried out a full IE Reset and restarted both the browser and Windows 7.  Unfortunately, it did not resolve the issue.  I am not exactly sure I carried out the steps that you have in mind though.  If you would, can you outline the steps as you would do it?  

           By the way, I am uploading a saved log file generated by HiJackThis to be used for future analysis by the site which isolates the entries to correctly delete.   The popups which happen are only noticed when surfing the web within Normal Mode and not Safe Mode.   The desktop popup originally reported is now gone.

           Thanks

           George
hijackthis120714.txt
0
 
LVL 92

Assisted Solution

by:John Hurst
John Hurst earned 150 total points
ID: 40485965
Viruses and pop ups like viruses can be difficult to remove.

At this point, you may wish to try a Windows 7 Repair Install. Here is a Seven Forums Tutorial that can assist you.

http://www.sevenforums.com/tutorials/3413-repair-install.html
0
 
LVL 10

Expert Comment

by:10023
ID: 40486010
Logfile-of-Trend-Micro-HijackThis-v2.docGeorge,
You have a lot of add-ons the browser and from the analysis trendmicro did you browser needs updating.  When deal with browsers I shut down all extensions and addons....
You have some directory problems according to trend micro...see the attached analysisLogfile-of-Trend-Micro-HijackThis-v2.doc
0
 

Author Comment

by:GMartin
ID: 40486069
Hello

          Unfortunately, when the log file opens in Notepad, it consist of what appears to be machine code filled with symbols.  Can you possibly send me a link you uploaded the log file to when doing the analysis?  Will it be able to show which entries need to be deleted within HiJackThis?

          Thanks

          George
0
 
LVL 10

Expert Comment

by:10023
ID: 40486077
George, it only gives recommendation...it's an iffy process...i kinda agree with John on this
One thing you can do is selectively or disable all of the extensions and addon's and make sure the directories are right per recommendations...you can generate the same report with your file by going to:
http://www.hijackthis.de/#anl
and pasting in your file for the same report.
Sorry about that office file but could not get it to render all the glitz any other way
0
 

Author Comment

by:GMartin
ID: 40510000
Hello and Good Afternoon Everyone,

             I was able to resolve the original posted problem by simply going into msconfig and unchecking the offending loading entry within the Startup tab which resulted in the desktop popup.  However, there were unexpected and further popups which revealed themselves whenever any of my browsers were opened.  Despite of a battery of anti-malware utilities being run in addition to resetting the browsers IE and Google Chrome back to their default settings, the popups remained.  At any rate, I was able to fully resolve all of my issues by fully wiping and reloading Windows 7 with SP1.  Under the circumstances and seeing that I had all of my end user files backed up, I felt it would be the best option.

             In closing, I want to sincerely thank everyone for their shared insights and resourceful links. All feedback given was certainly found germane to the original concern posted.  

             George
0
 
LVL 92

Expert Comment

by:John Hurst
ID: 40510004
George - you are very welcome and I was happy to help.
0
 
LVL 88

Expert Comment

by:rindi
ID: 40510108
I suggest for the future whenever you install software, to carefully read the installation screens and make sure you don't select any of the useless addons that are often included too. Also make sure that you always use the PC as a standard user, and not as a user with admin rights.
0
 
LVL 10

Expert Comment

by:10023
ID: 40510218
GMartin,
thanks for the excellent feedback...it helps everyone!!
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

It started not too long ago. It was at first annoying. My keystrokes seemed to be randomly generated, not the ones I typed on the keyboard. For some reason this only happened in certain applications (especially browsers such as IE11, Firefox and Chr…
You cannot be 100% sure that you can protect your organization against crypto ransomware but you can lower down the risk and impact of the infection.
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now