Pop up Ad's problem

[Stu Austin]

Hello all.
Using Internet Explorer, if I go to any web page with ad's, I keep getting these pop up messages saying I have a problem and they say they can "fix" the problem.
I went to my Norton site and got a tech rep on and he looked at my computer and said for a fee of 99 dollars he could fix it. I declined thinking I may of gotten routed to a "fake" site and did not want to give out my credit card info.
Anybody else having similar problems like this within the past 24 hours?

stu

[Cpt.Jericho]

Nope, I don't use IE. But it seems you have a nasty one on your computer.

[Terre]

Could give malwarebytes a try, maybe in safe mode.

[Antilogic]

Nuke from orbit and start again.

[Tracker001]

Could give malwarebytes a try, maybe in safe mode.

Just remember any malware / virus hunter can produce false positives.




I'll also right click the add > click properties > Copy the url . Then goto internet options > security > and past the url into the "Block" (Piss off-go away) section .

Most of the time you can just add to "Block" the offending Main URL , of the www : // we send out trash dot com / <> =?. junk

[Stu Austin]

Could give malwarebytes a try, maybe in safe mode.

Thanks! Downloaded it, installed, turned off my Norton's for 15 minutes, let the malware program do its thing and it found 64 objects and under Heuristic Analysis it found 163. It checked marked 3 for removal and I let it delete all 163.
The 3 that were check marked was "Highjack.RegEdit".
The other files looked like they were named "PuP.xxxx.xxxxx"

Went to other sites now and have no more problems (Hopefully).
stu

[felter]

The Microsoft Windows Malicious Software Removal Tool is supposed to be pretty good at removing these, but it's not the fastest, mind you that also depends on the many different aspects of your computer.

Click on your start button (win 7) and type in MRT and press enter, as you have already found some malware I would recommend you do a full scan, but as I said this can take some time to do and when I say some time, I mean hours.

[amtct]

Read the thread "Pope's aids problem" need sleep i guess

[Stu Austin]

The Microsoft Windows Malicious Software Removal Tool is supposed to be pretty good at removing these, but it's not the fastest, mind you that also depends on the many different aspects of your computer.

Click on your start button (win 7) and type in MRT and press enter, as you have already found some malware I would recommend you do a full scan, but as I said this can take some time to do and when I say some time, I mean hours.

Thanks! So that's how you start MRT. For months tried to figure out how to do it. I did a Quick Scan and the other malware program cleaned it. MRT didn't find anything. Going to wait for the next update to it to do a full system scan.
stu

[Morkonan]

Hello all.
Using Internet Explorer, if I go to any web page with ad's, I keep getting these pop up messages saying I have a problem and they say they can "fix" the problem.
I went to my Norton site and got a tech rep on and he looked at my computer and said for a fee of 99 dollars he could fix it. I declined thinking I may of gotten routed to a "fake" site and did not want to give out my credit card info.
Anybody else having similar problems like this within the past 24 hours?

stu

There is no antivirus or antimalware site or company that will charge you a fee to remove a virus as a standard course of business. And, for those that do, you won't be getting popups from them....

What you had was likely just a piece of scamware or, worse - the beginnings of ransom-ware. Likely, the person you talked to would have installed a virus on your machine, if given remote access, and then told you it would cost you a lot more money if you ever wanted to see your data again...

Malwarebytes is good stuff and it is usually the "go to solution" for anyone when they have a virus that whatever crap they have installed on their machine happened to let sneak past.

Norton used to be decent stuff, now it's... less decent. Though, I do have to give them kudos for providing information and tools. The fact is that no matter how much antivirus software you have on your machine, it can't protect a user from themselves. What you click on, where you go, what you download, what you install... That's up to you and that's how viruses get on your system, generally.

Anything with a "pup.xxx" is a "Potentially Unwanted Program." What that means is that while it may not actually be malware or a virus, it may be doing things or have access to things that you might not want it to. At the very least, you should check these things out.

Most of the time, they're garbage programs installed alongside other software or that come pre-installed on your machine. Manufacturers do a lot of these deals with software companies in order to offset the production costs of a computer. So, if you bought a pre-packaged system, it may have a lot of these sorts of things on it. And, the cheaper your computer was, the more likely its filled with that sort of stuff. Most of it is not likely to be outwardly malicious, but you'll have to figure that out on your own. Deleting them, en masse, isn't a bad idea. If you later find that some software won't work, you can undelete whatever it's asking for if you think it wise. (Or, just delete it, as well. )

IE sucks. It sucks ass. It sucks hard. Oh, and it sucks. There are also times when it sucks. Don't touch it. Leave it alone. It is not your friend. It does not like you. It is waiting for the opportunity to screw you over. If given a chance, it will kill you in your sleep... Use Firefox. Chrome is Google's attempt to get as much information on your personal habits as Microsoft and all it wants to do is to indoctrinate you into the Temple of Google...

On MSRT/MRT, or Microsoft's Malicious Software Removal Tool - This tool will run, automatically, every time its signature file is updated by Microsoft during a Windows Update. However, it has no heuristics and a very limited signature file that scans for specific problems. BUT, if it does detect a problem, it can work fairly well and can guide you on what to do. Yet, it is no substitute for an antivirus program. At best, it's going to be pure luck that MSRT/MRT catches anything. One saving grace for that tool is that it could also scan for rootkits, a long time ago. Now, MSoft has other tools for that too, IIRC. (There are also good, free, ones out there.)

Malwarebytes has, somewhat, gone much more commercial than they used to be. These days, MWB is almost "annoyware" if you just use the free version. But, I do recommend them, anyway, as their track record in producing anti-malware programs for free, programs that have saved many a user, over the years, is unblemished. Also, Spybot, Search and Destroy, is a good piece of free anti-malware. And, its latest incarnation is a bit more robust than it used to be.

You did the right thing. Instead of believing something that sounded suspicious, you decided to ask a community of tech-savvy people. Good for you! Keep doing that sort of thing.

However, what you need to do is to figure out exactly what caused the problem in the first place. You say it was popups? OK, well, there are a couple of ways to cause that behavior on your system. The most likely cause is you visited a site that was compromised or maliscious and, IE, being a giant stinking pile of giant crappy suck, happily let whatever scripts were on the site run whatever they wanted. (Remember - IE WILL kill you in your sleep if you are not watchful...)

Your first line of defense against something like this is going to be to use Firefox and to install NoScript.

Here is Firefox. Get it, install it, do not use any other browser. You can import your bookmarks and such from IE, if you wish - https://www.mozilla.org/en-US/firefox/new/

Before you do anything else, install NoScript. It takes some getting used to, but it prevents unwanted scripts from running when you visit a site. Gradually, you will learn what scripts you need to allow for the normal operation of a trusted site and which ones you do not. I will prevent normal popup scripts and the like, but it will also take you some time to figure out how to customize your allowed scripts and such for sites you frequently visit. But, you NEED this kind of knowledge, these days. Here is NoScript - https://addons.mozilla.org/en-US/firefo ... /noscript/

There are other scriptblockers out there, like NoScript+. But, NoScript is about as good as you can get without totally screwing over honest advertisers. It's also clean and easy to use.

Here is Malwarebytes, one of the most popular anti-malware programs, that are free, there is. It's good, reliable, and has some resident capabilities: https://www.malwarebytes.org Yes, it will popup from time to time, using an update cycle that is not user-configurable at this time. Either just close it, when it does, or you can exit the program completely by right-clicking it on your taskbar and exiting. BUT, keep it updated and run it from time to time.

Here is Spybot, one of the oldest and greatest freeware anti-malware packages - https://www.safer-networking.org/ Use it!

Something else you might want, Microsoft Security Essentials, if you don't already have it: http://windows.microsoft.com/en-us/wind ... s-download This is a good, lightweight, anti-virus. It's not perfect, but it is good freeware and will not screw around too much with your system.

I used to be a long-time Norton fan, but it just got heavier and heavier and more intrusive and complicated as it has evolved. I used it when nobody knew who they were all the way up until sometime around 2005 or so. But, after that, I got fed up with it and moved on. I recommend that you do, as well. It's likely that your problem was related to a popup that IE allowed through, not Norton, either because it wasn't configured correctly or IE was just... engaging it its usual suckitude. As a consumer, you need to know about the software you're depending upon to protect you and how the market changes from year to year. Read some guides and decide for yourself if you need to change your anti-virus software. Some suggested review for reading:

http://www.tomsguide.com/us/best-antivi ... -2588.html
http://www.pcmag.com/article2/0,2817,2372364,00.asp

Search for others. HOWEVER, don't be gullible and click on sites that have an url like "bestvirusscanner.zomgz.ugottaclickit.com.info" and crap like that. Those are honeypots looking for people that don't know what they're clicking on, most of the time.

General Computer Security issues: https://www.consumer.ftc.gov/topics/computer-security

Checking your firewall software and settings: https://www.grc.com/intro.htm (Port Scanner)

Online, free, virus scanner, just in case you think you may need it: http://housecall.trendmicro.com/

PS - Sorry for the wall of text, but if you're calling some random dude because you clicked on a popup... Well, you need information and you need it fast!

But, I want to also say that you, the user, are the primary security problem associated with your computer. If you want to improve your online security in a meaningful way, you will have to improve your knowledge and your browsing habits in a meaningful way. Do that. Once you do that, and use and keep updated critical security software as well as practice good online security habits and safe-surfing rules, that will protect you as much as you can possibly be protected. So... do these things.

[Stu Austin]

@Morkonan
Thanks for the good writeup! I downloaded Firefox and am now using it.
stu

[Morkonan]

@Morkonan
Thanks for the good writeup! I downloaded Firefox and am now using it.
stu

Outstanding! You're doing the right thing! If you ever encounter a site that is written exclusively for IE, you can always just run IE for that site so it displays properly. (There aren't many of those anymore, but some older online forms may use things that only work well in IE.)

I strongly advise you to get the Firefox add-on NoScript, if you haven't already. It will take a little time to get used to, but it's worth it - You are the one in charge of your own security and add-ons like NoScript and others will help you do that, as long as you know how to use them properly.

Good luck and good job in working through your initial problem in a logical way. You did the right thing, now you just need the right weapons to protect you out there in the internet-jungle.

[Terre]

My current Firefox plug-in's are, AdblockPlust, using filter sets Warning Removal, EasyList, EasyPrivacy and Fanboy's Annoyance List, along with NoScript and Ghostery, for blocking trackers and web beacons. Some take time to fit to your needs, but you learn a lot about how websites are constructed, especially the ways in which ad networks track their visitors.

[amtct]

My current Firefox plug-in's are, AdblockPlust, using filter sets Warning Removal, EasyList, EasyPrivacy and Fanboy's Annoyance List, along with NoScript and Ghostery, for blocking trackers and web beacons. Some take time to fit to your needs, but you learn a lot about how websites are constructed, especially the ways in which ad networks track their visitors.

after all those I guess your browser has less adds than streets in North Korea

will have to check some of those.I never heard of "Ghostery".

[Terre]

My current Firefox plug-in's are, AdblockPlust, using filter sets Warning Removal, EasyList, EasyPrivacy and Fanboy's Annoyance List, along with NoScript and Ghostery, for blocking trackers and web beacons. Some take time to fit to your needs, but you learn a lot about how websites are constructed, especially the ways in which ad networks track their visitors.

after all those I guess your browser has less adds than streets in North Korea

will have to check some of those.I never heard of "Ghostery".

The word, 'sparse' comes to mind.

Ghostery is an opt-in blocker https://www.ghostery.com/en/.

[matthewfarmery]

Personally, I would also ditch Norton, I not used it in ages and personally wouldn't recommend using it. That program also has a problem with steam games, marking many as viruses (false positives) as I seen this a lot when browsing steam forums. Its probably one of the worst AVs for doing that.

Personally I use outpost pro and Nod32, and MRB also installed.

While Malwarebyes is now starting to use a commercial model, one thing mind, if you did happen to buy a license before they switched to the new model, then that company will still honour that license. (so the program will remain paid forever)

I think they switched, as they were finding it harder to survive and with malware been a huge issue and updates and bandwidth also needs to be taken into account. Still, the program is good, and certainly V2 is way better and easier to use then 1.3.

[Morkonan]

...and certainly V2 is way better and easier to use then 1.3.

And, this is the Holy Grail of anti-malware programs. The more difficult an antivirus/anti[malware programt is to use and configure, the more likely it is that the user either won't use it properly or will misconfigure it. Or, they will just opt to configure it to use the most basic, trouble-free, of settings, which usually renders it no more capable at detecting computer intrusions and malware than an average ball-point pen...

[theeclownbroze]

Step 1. Delete/nuke from orbit Norton anything on your computer

Step 2. Install Avast antivirus and run a boot time scan, check for rootkits and PUPs in the check boxes in preferences.

Step 3. Install malwarebytes and run a scan/fix of your system but make sure you turn off avast.

Step 4. Turn off malwarebytes and install hitman pro and use the trial and do a scan and clean.

Step 5. Install "Adwarecleaner" and Nuke your PC's malicious software from orbit just to be sure.

Step 6. Don't use IE.....EVER!

[Antilogic]

Step 5. Install "Adwarecleaner" and Nuke your PC's malicious software from orbit just to be sure.

The only way to be (almost) mostly sure is to reformat the drive(s). Lots of AV software is great but it's never going to be a fully secure solution.

[Tracker001]

Akamai

29 sept 2015
Security firm discovers Linux botnet that hits with 150 Gbps DDoS attacks ;

.... that its Security Intelligence Response Team has discovered a massive Linux-based botnet that's reportedly capable of downing websites under a torrent of DDoS traffic exceeding 150 Gbps. The botnet spreads via a Trojan variant dubbed XOR DDoS. This malware infects Linux systems via embedded devices like network routers then brute forces SSH access. Once the malware has Secure Shell credentials, it secretly downloads and installs the necessary botnet software, then connects the newly-infected computer to the rest of the hive ......

http://www.engadget.com/2015/09/29/linu ... gbps-ddos/

Also > PC World

well this should be fun > not !