Popups
MoveCloseDeleteAdmin

TV ClubHouse: Archive: All Things Technical for BB 2003 (computer stuff): Popups

Jalynne

Monday, August 18, 2003 - 08:25 am EditMoveDeleteIP
Maybe someone here will have a suggestion for me. All of a sudden I've started getting a ton of popups from "windows messenger". It's not the chat program, but some other program, sending messages. I ran Ad-Aware and Spybot, but it didn't help.

I use a pop-up stopper, but I can tell when it's stopping one. I disabled it so I could see what these all are. Most of them are messages trying to take me to a pay program to stop ads.

Do any of you have any idea what's going on, or how to stop this windows messenger from sending all these?

Draheid

Monday, August 18, 2003 - 09:59 am EditMoveDeleteIP
Jalynne, Here is a copy of a message I posted in the Computer help thread a few days ago. I am certain it will help you too:
Regarding the current virus/worm problem rampant on the internet over the last couple of days, for anyone else not yet affected by this I STRONGLY urge you to install a firewall on your computer. You can get an excellent FREE firewall by Clicking Here to download ZoneAlarm from ZoneLabs. After you have downloaded and saved this file, run it and follow the prompts to install.

The problem people are having is both a vulnerability in Windows AND the open ports exposed to the internet where this exploit is being done. A firewall such as Zonealarm should prevent that from happening by closing those ports from being accessed.

You will still need to apply the appropriate patch to your system. Please go HERE to view instructions and download the patch.

Hope this helps.

Ketil

Monday, August 18, 2003 - 10:00 am EditMoveDeleteIP
If you are running WinXP, then the messenger service is probably the culprit. It has been abused by spammers and is easy to disable without any ill effects.

Click on Start, then Run and type in services.msc. Click OK and the Services window will come up. Find Messenger and double click it. Once it is open, look for Startup type: and change it to Disabled. Click OK, then close back out to your desktop and reboot.

Ketil

Monday, August 18, 2003 - 10:08 am EditMoveDeleteIP
To follow up Draheid, concerning the Blaster worm, there may be a new, more deadly worm on the prowl. This just came in this morning from NTBugtraq:


Quote:

Apparently we've got a new DCOM based worm on the loose this morning. The AV folks are apparently still checking into it. Looks like it deletes blaster if found and even is nice enough to patch your system if it needs it...or course after it's already nailed you. What it does after that...good question so far.

Via incidents.org/sans.org site:

http://isc.sans.org/diary.html?date=2003-08-18

Jeffrey Thomas




I suggest anyone who has not patched, to get patched. Also, follow Draheid's advice with concern to firewall. And keep your antivirus up to date.

Jalynne

Monday, August 18, 2003 - 10:27 am EditMoveDeleteIP
Thanks, everyone. I had already installed the patch. Your suggestion worked Ketil. That was exactly my problem. Thanks again!!

Chy

Thursday, September 11, 2003 - 08:06 am EditMoveDeleteIP
Ketil, I'm only on a window 98, could I try that, too ?

I was told about a program on Google.com but it looks like I didn't have the right spelling that's why I'm here. "toolbar.google.com" is what I have.

Chy

Thursday, September 11, 2003 - 08:18 am EditMoveDeleteIP
Just tried Ketil's suggestion while DLing Drah's Zone thing.

I don't even hve the services. msc file. But I think I have the same problem Jalynne had. Many of these popyps look very legit, claimed to be from the Microsoft IE. it takes me to ads to convince a payment before they stop popups for me. That is blackmail in my book!

Chy

Thursday, September 11, 2003 - 09:11 am EditMoveDeleteIP
Help!
Hi, Draheid, I downlaoded the ZoneAlarm. I tried to follow the prompts but I think I may have gave some wrong answers since the disgusting "Enlargement... " popups still come. In fact, I think I have even more popups asking me to buy programs to prevent popups!!!

In the meantime I'm totally dumbfounded about Zone's question, if I wanted to keep "Run a DLL as an App". Says it could be something I need .... I'm confused!

Please help!

Ketil

Thursday, September 11, 2003 - 09:52 am EditMoveDeleteIP
I'll let Draheid answer the zone alarm question, since I use a hardware firewall solution.

As for the messenger service, that is strictly for NT systems. Windows 98 does have a program called WinPopup, which is used to communicate between computers on a network. However, they are not the same and I don't think WinPopup can be exploited in the same manner as the messenger service.

Do you have some type of popup stopper? Are you getting the popups even when not surfing the internet via your web browser?

If the popups only happen while your browser is open, then a popup stopper will probably fix your problem. There are several out there. However, Google is now including the feature in their toolbar AND you get easy access to search functions via google.

Chy

Thursday, September 11, 2003 - 10:13 am EditMoveDeleteIP
Thank you Ketil for answering.
I think the popups come as soon as we are online. When kids use only Instant Message, is that a browser open?

I don't have popup stopper, I'm trying to find a good one. But this pc is kind of small, and slow as it is. I'm going to see the Google one now, thanks for the tip.

Draheid

Thursday, September 11, 2003 - 10:15 am EditMoveDeleteIP
Chy: Have you run AdAware and a Virus Scan on your computer? The problem you described earlier sounds suspiciously like either adware or spyware and running a check for those should help remove them for you.

As for ZoneAlarm, you only need to setup zones if you have a network with other computers in the same location, in order to allow access between computers. If you are simply connected directly to your internet connection then you do not need to configure any zones.

If you checked the 'Remember this' button to a question from ZoneAlarm and answered yes to it then that program now has unlimited access to the internet. If you are unsure of what programs you have authorized, you can bring up the ZoneAlarm control panel and click on 'Program Control' on the left and 'Programs on the tab on the top right. A list of programs that have attempted to access the internet will be listed along with the decision you made for that program. There you have two options. If you click on each 'Check' mark, you can change it to a '?' mark (in each column next to that program) in order that ZoneAlarm will ask you the next time that program tries to access the internet. The other option is to right-click on each line and select 'Remove'. Either way, I suggest you not change anything that looks like it belongs there, such as Internet Explorer, AOL, etc. unless you are having problems with those programs and you see they have been 'X' marked to prevent access in which case I would change that to a '?' mark also.

Hope this helps. If you have any more questions or need clarification on something here, please let me know.

Chy

Thursday, September 11, 2003 - 10:54 am EditMoveDeleteIP
Thank you so much for the help, Draheid!
But I am very slow on this, please bear with me.

Did I understand correctly that since my pc is only connected with a server, I don't need to have the Zone? I did go in the control section, the only one I left with red check marks is the Callwave.com, since not all my contacts have my cell numbers.... All the others already have '?' marks and I left them alone for now.

I then went and got the Google toolbar(Thank you, Ketil!). No more ugly popups so far but sometimes they only come when I re-connect with internet.

I do have a Norton Antivirus program, that's how I found out I was e-mailed a msg containing virus even though it said it came from Microsoft.

But I don't know what spyware or adware are. Are they alreay in my existing program or shall I go somewhere to downlaod them?

I did follow your check-up a while back(mid Aug.) about the Worm. I had a green box saying Stealth. Thank you for that one, also!

After I post this one, I'm going to disconnect and re-connect again. If popups pour on me again, I'll tell!

Chy

Thursday, September 11, 2003 - 11:07 am EditMoveDeleteIP
Well, when I reconnected, the box popup said I did something illeagle and after I click on okay, all windows were wiped out and I had to go click on Favorite and find my way back. But no popups with embarrassing things so far!! I like that. That's the main thing, I was living with topten search of whatever, but when the popups come with horrible words, I don't want to know my 13 y.o.is looking at that!

Have to go to rehearsals now, thanks for all the helps I recieved and all the helps yet to come!

Draheid

Thursday, September 11, 2003 - 11:39 am EditMoveDeleteIP
Chy: Yes, you need to have ZoneAlarm installed. There is a section in ZoneAlarm for people who have their computer 'networked' (connected) to other computers in the same location. This does not seem to be your situation therefore you do not need to worry about THAT feature of ZoneAlarm. (Hope that makes sense).

AdAware6 is a program you can download from www.lavasoft.ru that will examine your computer for Advertising programs and some 'Spyware' that may have been installed on your system without your knowledge. A lot of these programs are designed to retrieve advertisements from the internet and display them on your screen. Some also collect information about where you 'surf' and report that information back to a server that collects such info and sells it to companies - that function is called 'SpyWare'.

Normally, when you have a '?' next to a program in ZoneAlarm, that is telling it to ask you for permission to access the internet. You should look closely at the dialog that opens asking for that permission. If the program is not something that you recognize, make a note of it then deny access. Then you should try looking up that program on the internet (use Google or similar search) and see what exactly it is and why you would want to run it. If it is something you recognize or know to be ok to access the internet, then next time check the 'Remember this...' box and allow it to access. If however it is something you do NOT want to access then check the 'Remember this...' box and deny. That should prevent future questions from ZoneAlarm.

Hope that helps.

Note: Click here to download AdAware6 direct

Chy

Thursday, September 11, 2003 - 06:12 pm EditMoveDeleteIP
Thank you Draheid.

I do have ZoneAlarm on, now that I know I could change settings in control area, it's easier. Hope my kids will learn it.
The Google toolbar seems to work well also, it keeps telling me how many it blocked which is very satisfying.

I've downloaded the AdAware6 following your link, took all the steps. But nothing different show up this end. Am I doing it right?
Sorry, you didn't know you'd met someone really helpless.

Draheid

Thursday, September 11, 2003 - 06:49 pm EditMoveDeleteIP
Chy: Once you downloaded the program, did you tell it to install and then run the program after it was installed. It is possible that your system is 'clean' of adware and spyware however I recommend running it now and again every so often just to make sure you stay 'clear' of these type of programs.

In case you haven't installed and run the program, first locate the file (aaw6.exe) and double-click on that to perform the installation.

Once the installation is complete, click on 'Start - Programs - Lavasoft Ad Aware 6 - Ad Aware 6' to have the program scan your computer for anything that might be on there. It is similar to running a virus scanner in that it will look over your entire hard drive for anything known to potentially cause you trouble.

Hope that helps.

Blue2

Sunday, September 14, 2003 - 09:19 am EditMoveDeleteIP
Hi, to turn off windows messenger follow the instructions on the page FAQ at the link below. It is posted at the top to switch it to off

www.81x.com/arius/123

Blue2

Sunday, September 14, 2003 - 09:32 am EditMoveDeleteIP
Sorry to post twice but seems there are many dif problems mentioned in this thread. First it is true Adaware is widely used but many tech ppl consider Spybot Search and Destroy a much better program for removing spyware. We all get it and everyone should use one or the other wkly. Both free of course.


The pop ups are coming from windows messenger and zone alarm has no control over this, do turn off messenger with instructions in the FAQ at the link provided.

He is right you still need an antivirus and preferably a firewall, If you are using a router that is a great firewall. A free online simple to use (and ppl don't have problems with it the way most do with Zone Alarm) is Sygate, free and can be downloaded at link.

You all need to use an antivirus and just like your Spybot (or Adaware) remember to check for updates regularly , or your programs become semi obsolete.

A great free pop up block widely used is EMS Free Surfer MK II .. download below!! it also has a washboard tool (this empties temp files on demand) and can also lock your homepage in place (often change/hijacked by spyware).

I'll post the site again with the free downloads and help pages.. cheers all

P.S. a good site for help with techies galore are the msg boards at: www.techtv.com

the website for downloads is again: www.81x.com/arius/123

Draheid

Sunday, September 14, 2003 - 09:38 am EditMoveDeleteIP
Blue2: If you include the 'header' of http:// on your link, the board will automatically convert that to a clickable link for you.

Also, I saw earlier you were asking about posting graphics on the board. To do this, use the formatting tag in your message of \image{alt-tag} then preview/post the message. Once you've posted the board will prompt you to browse for and upload the graphic image. In the preview you will see a temporary 'place holder' image - don't worry about that, it will be replaced with the successful upload of your image.

Hope that helps.

Edit to add: Or you could create your own clickable link with the formatting tag like this:
\newurl{http://your.link.here,Your Description}
also, any commas in the url should have a \ in front to allow them to be part of the link instead of the description.

Chy

Monday, September 15, 2003 - 08:42 am EditMoveDeleteIP
Dear Draheid, thank you so much for the tip. I did not know I have to go dig it up and run it! Shows how little I know about pc! Really, I just wanted to read my Chinese papers and BB things online with out being "Hijacked" every other minute.

My teenagers(17 & 13) were not too eager to help me, now I know why. They claimed I'd erased some AIM ability, some songs and kids sites....
When I ran the AdAware6, it found 583 suspects. I tried investigating for a while, but it was so time consuming I just deleted most of them. I think that's what cleaned up the most! (Earlier I'd try to trace each popups myself and went in to my program to delete things myself, files like Huntfly and any Gain...THIS WAS SO MUCH BETTER & EASIER!)

Now I still have the Google toolbar up there informing how many it'd blocked.(pretty satisfying! Thanks to Ketil.) Zone Alarm is set to only check-marked Adaware, Callwave, Aim, Norton AntiVirus and Windows. It's been great! No interruptions! Thank you so much! I truly appreciate your help, /b{Draheid}! I'm so glad I found this place. I'm so glad I found you, and you don't even know me! Thanks again!