I use mozilla firefox, but I get alot of pop-ups. these pop-ups are using IE, even though i dont havent it open. the pop-ups also come up even when NO browser is open, and often minimize games in playing. ive ran ad-aware 6.0, spybot seach and destroy, and pest patrol....all of them are up-to-date, HOWEVER, when i run a search, nothing is detected. how do i get rid of this? also, is their a pop-up blocker that doesnt require a browser to be open?

Assuming you're running either XP or W2K, check to make sure the "Messenger" service is disabled...Start | Run |Type services.msc and click OK | Scroll down to "Messenger", right-click and select "Properties" | "General" tab | Under "Startup type", choose 'Disabled' and then choose the 'Stop' button. After the service is stopped, click OK. Nothing in Windows or any real third-party applications should be affected by this.

The Messenger service is used to instant message others on the same LAN (using the "net send" command). It uses ports 135 and 139, and spammers have found a way to use this service to feed you pop-ups. A good firewall (or disabling the service altogether) will stop them, as ports 135 and 139 should NEVER be wide open to the internet.

> set firefox to be your default browser
I'm using ffox .08 so this may be diff than .09
> tools | options | Web features | check the pop up windows box

hope this helps


*edit
ahh - good point redduc

http://www.ocforums.com/showthread.php?t=307720

that thread there may help as well, although i'm thinking redduc900 has hit the nail on the head. tell me, did you change your name? i've been here since 2001, and i don't remember seeing you around redduc900, although you seem every informative and knowledgable in the recent posts i've seen.

You could also try downloading Spybot and Ad-Aware from www.download.com. These are great little utilities for removing spyware. They are freeware and have free updates.

Oops, sorry. Didn't read your post thorough enough, Pollux.

Yes, turn Messenger service OFF, then I would download CWShredder too, google for it. Next, I would DISABLE system restore (if running XP), right click my computer, properties, system restore tab, check to 'Turn off system restore'. Then I would reboot into safe mode, rerun ad-aware, spybot, and CWShredder. Keep running til all is clean. Reboot, reenable system restore and go and download Spywareblaster, this will keep activex malware out of your system.

Two more proggies to try are spysweeper from webroot ( www.webroot.com) and hijackthis!. The former is in my experience a bit more thorough than ad aware, the seoond is very good ant getting rid of remanents (especially the ones that reinstall the spyware after it is removed)

Another thing to try is to go into the msconfig menu and unclick anything you dont recognize. Then search the registry with regedit and delete any key with "toolbar" in the name (there are a few exeptions, use common sense)

ok, i turned the messenger off, and it seemed to have worked, but i just got another pop-up this morning...no browser open.

ok i just tried the disabling system restore and reboot and scan in safe mod thing...still pop-ups.

ok i just tried the disabling system restore and reboot and scan in safe mod thing...still pop-ups.
Did you run CWShredder? Do you have any funky programs in add/remove programs that you know YOU didn't intentionally install? Go to Start>Run and type msconfig... what is checked?

Pollux, I'm hoping you tried the things listed in that thread i referenced. As for CWS Shredder, the program is no longer updated, and hasn't been for a month or so if I remember correctly, so it will no longer seek out and remove newer CWS Variants, it will however still get rid of older versions...

Did you follow my instructions for deleting your Index.dat file? Your symptoms sound very familiar to a re-occuring infection caused by spyware in those files.

Tell me, did you change your name? i've been here since 2001, and i don't remember seeing you around redduc900.
I have the same user name as I've always had Mr. Chambers...I just haven't been around for the past five or six months. I've always preferred the MS OS forum, and is primarily where I used to regularly hang out at, which could be why you don't remember seeing me around...I don't usually post in the other forums that often.

nevermind

I have the same user name as I've always had Mr. Chambers...I just haven't been around for the past five or six months. I've always preferred the MS OS forum, and is primarily where I used to regularly hang out at, which could be why you don't remember seeing me around...I don't usually post in the other forums that often.

yah it's true, the redduc has been AFK for quite some time, (me myself was wondering what was going on, not seeing the very helpful m$ posts)

i deleted the index.dat files....im still getting pop-ups...how am i supposed to stop this!??

i deleted the index.dat files....im still getting pop-ups...how am i supposed to stop this!??

well lets break this down. shall we?

you disabled the messenger service?

you downloaded and installed and updated adaware and spybot, and maybe even spysweeper?

you restarted into safemode, and deleted all temp files, and cookies?

still in safemode, you deleted the index.dat files from all User accounts in XP?

while still in safemode, you did a full system scan with adaware/spybot/spysweeper/cws shredder/etc, fixing all the entries it found/restarting in safemode once more and scanning/fixing until no more entries are found?

you then restarted normally, and STILL have poppups?

I have the same user name as I've always had Mr. Chambers...I just haven't been around for the past five or six months. I've always preferred the MS OS forum, and is primarily where I used to regularly hang out at, which could be why you don't remember seeing me around...I don't usually post in the other forums that often.

Ah yes, that could probably be it. I've only recently been trying to help in this section. Glad to have you back though, at any rate :)

well lets break this down. shall we?

you disabled the messenger service?

you downloaded and installed and updated adaware and spybot, and maybe even spysweeper?

you restarted into safemode, and deleted all temp files, and cookies?

still in safemode, you deleted the index.dat files from all User accounts in XP?

while still in safemode, you did a full system scan with adaware/spybot/spysweeper/cws shredder/etc, fixing all the entries it found/restarting in safemode once more and scanning/fixing until no more entries are found?

you then restarted normally, and STILL have poppups?

YES, and it's getting rediculous. I get all types of pop-ups, and they come up roughly every 10 minutes. Any other suggestions????

I wrote this for the frontpage... Malware Warfare (http://www.overclockers.com/tips1166/), but it basically outlines what everyone else has already walked you through, except for a couple oversites.

I want to know if you disabled, or stopped the messenger service. These are two different things. Disabling means it will not ever start up again, Stopping means it will turn back on after you next reboot.

At this point we need you to run hijack this and post the logs here - this will give us an idea of what is running in the background and where we need to focus our efforts. Without that log, I have nothing further to suggest for you. :-/

Post a printscreen of the next pop up you get so we can see the type of window its in.

Post a printscreen of the next pop up you get so we can see the type of window its in.

here u go:

http://img78.photobucket.com/albums/v256/deathbym0nkeyz/popup3.bmp

http://img78.photobucket.com/albums/v256/deathbym0nkeyz/popup2.bmp

Those arent Window Messenger windows but Internet Explorer. I would Delete cookies and temp internet files. Run CWS SHreddar and ad aware. Then I would Download Firefox and make that my default browser.
Also did you download any off those annoying programs and are still using them that have spyware built in like kazaa, or any GAIM programs, or those annoying weathercast programs, if so I would uninstall them.

you may not like this answer but. I fixed a friends computer that did the same. I hade to write down every spyware it found, search it online, and go program by program removing files, registry entries. But if you really wan't to end this all, the be all end all is a format.

You all are just doing the run around when all pollux needs to do is...

POST THE HIJACKTHIS LOG!

BTW, I'm not sure which approach you are taking to skin the windows in that way, but it could likely be part of your spyware problem.

automattic: He is already running firefox - first post. ;)

You all are just doing the run around when all pollux needs to do is...

POST THE HIJACKTHIS LOG!

here:

you need to get rid of the bozm6ca.exe processes running... Those are exe's running from a temp directory, with what appears to be a randomly generated filename (filename not recognized on google). Those are coming from somewhere not good... Looking further at log currently.

Stylexp.exe is spyware related, and I believe anything from tgtsoft is probably evil. A lot of this customization stuff is malware.

Remove these:
R3 - URLSearchHook: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310}_ - (no file)
O2 - BHO: (no name) - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar3_28.dll
(this is not malware related, but I hate the radio toolbar thing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: QuickSearch SearchBar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - C:\Program Files\QuickSearch\QuickSearchBar3_28.dll
O4 - HKLM\..\Run: [BozM6cA.exe] C:\windows\temp\BozM6cA.exe
O4 - HKLM\..\Run: [BozM6cA] C:\windows\temp\BozM6cA.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

Conclusion:

You are infected with New.Net Searchbar.

I didn't find anything else specifically from what I looked up, but you should be able to remove everything I listed without messing anything up too bad.

thanks. i removed them all except stylexp. are there any other safe and free utilities i can use to configure my xp theme?

awesome, i just got an aol pop-up...now what?

Uninstall style XP. It is the problem.

Have you run spybot S&D and adaware with the latest updates? Run them again, then restart, then report your hijackthis log again so we can see if anything is coming back.

You must install stylexp from the utility, or it will recreate itself. You should also delete those files which the registry entries are pointing to, that were reported by hijackthis. Disabling system restore and going through safemode for all of this is also a good idea.

You must install stylexp from the utility, or it will recreate itself.

???

does windowblinds have spyware?

I believe it does also. Most all of that stuff is junk... Doesn't windowblinds come from stardock?

Stardock is really terrible.

Is skinning your windows really that important? :)

There is probably something that is safe, I believe there is something that patches a theme file which just allows you to add more themes, but uses the standard windows display properties appearances tool. It doesn't come with any spyware loaded application.

I believe it does also. Most all of that stuff is junk... Doesn't windowblinds come from stardock?

Stardock is really terrible.

Is skinning your windows really that important? :)

There is probably something that is safe, I believe there is something that patches a theme file which just allows you to add more themes, but uses the standard windows display properties appearances tool. It doesn't come with any spyware loaded application.

where can i get that? also, even after removing stylexp, im still getting those pop-ups. im think im just going to back up my files on dvdr's and reformat.

thanks. i removed them all except stylexp. are there any other safe and free utilities i can use to configure my xp theme?

Wow i did not realize style was spyware- what a bunch of scumbags!
----


I dont customize with style xp by the way. I make an unattended install cd. You need to download a patched uxtheme.dll, replace it in the i386 folder and wite the .theme files. You can now select style xp themes under the normal themes menu for windows. No software required :)
Of course, you have to format and use the unattended.
More detailed info at mnfn.org.

You can patch uxtheme.dll from within windows... it doesn't have to be done from an install CD if that was what you were saying, I'm not sure.

Now that you have uninstalled stylexp, you should be able to perform all of the scans with adaware, spybot, and hijackthis and actually be able to permanently remove the problems.

Or you can reinstall because it may be quicker.

if you dont have a software firewall get one it might give you an idea what is trying to access the net and you can shut them down one a a time. I know if I drop the firewall in the family computer stuff starts poping up. I dont know what I block but I defiently block something.

Also this may be the best and easy solution. Back up everything you want to save and just reformated you computer. That solution prouble the easiest and the one with the fewest headarchs

you know I have always wondered, itsn't spyware, malware, ect illegal? I mean it is a program being installed on your computer with out your consent???

you know I have always wondered, itsn't spyware, malware, ect illegal? I mean it is a program being installed on your computer with out your consent???

In reality, alot of it is installed when you install other programs, or browse certain websites, and that user agreement flashes on the screen, you know, the one no one reads and everyone clicks "Yes!" to.

There are laws currently being developed to make it "illegial" but most of the companies are overseas anyway, and how effective has the anti-spam law been? i still get upwards of 100 spam msg's a day.