| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 29844 | 2003-02-04 07:13:00 | Porn Infestation | future (1979) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 118279 | 2003-02-04 07:13:00 | This is a Dell Box at work running XP Pro. Some Turkey has done some serious Porn Surfing. Bad Karma. I have run Adaware, Spy Bot, disabled uPnP, Shut down a bunch of services, full AV Scan, and still we get stacks of popups [very graphic and uncool in front of customers]. Internet access is ADSL through a router [Alcatel Speedtouch Pro] with everything shutdown except port 21 and 22 which are directed to two other boxes on the network. The "firewalling" feature is turned on the router [I think that means that pings won't be returned]. There must be a trojan in the box somewhere but I don't know how to find it so I give the problem to you guys to solve before I do a format and rebuild. There is a dialogue box that comes up wanting permission to download "Hot XXXX Adult Downloads" I can stop this easy enough but the popups continue even if IE is closed. The download box mentions "Proclaim" and "Telcom" [correct spelling] as companies associated with the download but I can't find anything on the net regarding removing their wares. If anyone can help that would be great otherwise it is the 'ultimate clean slate' exercise. OHMS Future |
future (1979) | ||
| 118280 | 2003-02-04 07:15:00 | There might be a dialer somewhere in there which is giving you the popups, but I don't see that as a likely option.. | Naraku Kasai (1028) | ||
| 118281 | 2003-02-04 07:34:00 | You might like to try the forum's FAQ on homepage hijacking, though this might be a different kettle of fish. Link is at top right of this page. | Susan B (19) | ||
| 118282 | 2003-02-04 08:05:00 | I had a similar problem which was originally caused by my surfing a porn site for curiosity many years ago.......It put a file in my NETWORKING folder in the Control Panel and after deleting I only had the occasional problem like once every fortnight which I eliminated by using BLOCK SENDER . Hope this helps |
olldaddy76 (2539) | ||
| 118283 | 2003-02-04 08:20:00 | try ad-aware, window washer, spybot spywareblaster, do a search for the files associated with the request to connect etc and manually delete them , I use a thing called guard IE to prevent hi jacking of my home page plus popup killer to prevent annoying popups also use pestpatrol and panda antivirus | kiwibeat (304) | ||
| 118284 | 2003-02-04 12:20:00 | Not sure if this applies to XP but if it does.......... Have a look in Start > Run > type in msconfig > press Enter. Navigate to the Startup Tab > scroll down the list and look at all the check marks of programs that are loading in the background. For a list of which ones do what and if they are required see the following two links. www.pacs-portal.co.uk www.answersthatwork.com On the second link the page defaults to _m but just change to a letter of your choice to check other listings. It is possible that you have a program running in this area and loading in the background. Remove the check marks for anything that does not need to be in there and click Apply and Ok and then restart. You will be prompted that you are using Selective Startup as it restarts, tick the box and Ok. Check your Settings > Control Panel > Add/Remove but these sort of programs don't always appear there. Check your networking and dialup area's in case they have included themselves in there but more as a precaution than anything. Does any of this help.............? |
Gordon. (2217) | ||
| 118285 | 2003-02-04 22:20:00 | Thank you Gordon - and, now I come to read the FAQ properly - Susan. Mine could hardly be described as an infestation: just a single page that became the default IE home page whenever I rebooted - which I do as little as possibel. The site itself has evidently expired and gave me a 404: but one with a highly explicit address in the browser slot :-) Ran msconfig; saw an OPQ file referencing regedit and a *.tmp file in C: Windows\System. Displayed said .tmp file, which clearly invoked the unwanted page. Swatted the file and the regedit entry. problem solved. |
argus (366) | ||
| 118286 | 2003-02-04 22:51:00 | I had a look at the Homepage Hijacking but unfortunately not the same, however the info on the regstry might be helpful. I forgot to mention I had checked MSCONFIG but there wasn't anything too exciting, I was suspicious of lsass.exe and csrss.exe as apparently there has been trojans posing as them , hence the AV Check which would have picked them up. | future (1979) | ||
| 118287 | 2003-02-05 01:52:00 | > I was suspicious of lsass.exe and csrss.exe as apparently there has been trojans posing as them , hence the AV Check which would have picked them up. don't count on it. antivirus progs don't always pick up trojens and often will ignore "comerrical" trojens. ussually you can pick up most with a firewall. |
tweak'e (174) | ||
| 118288 | 2003-02-05 06:27:00 | Have you run a Trojan cleaner at all? A search on Google will bring up a few -- a couple that I have heard recommended are cleaner3.exe and trjsetup.exe. | Susan B (19) | ||
| 1 2 | |||||