Forum Moderators: phranque
Noticed two occurances yesterday that seemed to be unconnected to each other, but it turns out they were.
All of a sudden my computer's DSL connection starts blazing through graphics-intensive sites, but I was also getting numerous pop-ups from everywhere, even on safe sites like Google, etc.
Disabled Windows Messaging...no help. (I thought for sure that's what the problem was.)
Ran Norton Anti-V...nothing found.
Ran Lavasoft Adaware...nothing found.
Ran BHODemon (cool utility)...found a registry entry for "WinShow."
Used BHODemon to disable WinShow...no help.
Went through the registry and ripped out everything with WinShow on it...no help.
I was just about ready to give it the old...(FORMAT C:\<ENTER>)...treatment when I finally figured the nasty little thing out. I finally made the connection between the continuing pop-ups and the increase in perceived computer speed.
The attacking program had not only installed WinShow to start the pop-ups, but it had DISABLED Norton Anti-V, (which accounted for the perceived increase in computer speed) AND made changes to my firewall settings to allow the pop-ups to continue even after the WinShow scumware had been removed.
Very nasty little critter.
did you report it to adaware?
what about hijackthis?
of course, don't forget about spybot - search and destroy...
Win ME
IE 6.0.2800.1106
128-bit
Update Version: SP1
After I manually got rid of the scumware, I upgraded Adaware to the latest version, and found even more remaining bits of the scumware. So, if I'd originally used the latest version of Adaware, it would have removed the scumware, but it still wouldn't have found the changes the scumware made to my firewall.
It was a smart little thing.
So, if I'd originally used the latest version of Adaware, it would have removed the scumware, ...
I run AdAware about once a week, and almost always start by clicking on the "Check for updates now" link. They are really very good at keeping their definitions files updated.
Oh. Just for the record? It's been well over a month since I've gotten an update from AA. On the other hand, Spybot has had two.
It's been my experience that what one doesn't snag, the other one will. Case in point: Avenue A tags you when you visit Hotmail. AA does NOT catch, but Sb does. I've also noticed some will get snagged by AA that slip right thru Sb.
Run 'em both...frequently.
:)
Pendanticist.
I run both AdAware and Spybot several times a day.
Now of course its my turn to say Holy Moly :)
Might I gently ask what neigborhoods you visit or would that be too indiscreet? :(
Now that I've had some time to think about it, I probably got it from a "site-downloader" utility that I installed, although the pop-ups didn't start until two days or so afterwards.
Of course, if I were a scumware-guy, that's exactly how I'd set it up to run.
If I find the name of it I'll post it.
Actually, I'm constantly perusing the Internet for quality links to add to my eduational portal. In doing so, I manage to collect about 50+ of these little critters a day. To have the morning scumware still residing on my HD in the afternoon, does not work for me.
The 'Noids? Nope. An ounce of prevention is worth a pound of cure is a phrase I believe in religiously.
It's not so much where I visit, as it is who plants what that causes me concern. I mean to say I've found scumware/tracking cookies/trojans on some surprising sites. Ones that I thought would NEVER planted them too.
One can never be 'too' careful.
Pendanticist.
