General Categories > Help!
Junk Pop-ups on the Forum
GreyGeek:
--- Quote from: DR4NRA on September 16, 2014, 02:54:45 PM ---They shut down and hide, or they will actually shut off the programs. I have seen some that dump so much crap in the registry and hidden folders containing the exe file that the only way to get it all was a complete wipe and reinstall.
--- End quote ---
The keyboard logger Trojans are the nasty ones. They hide in the phantom drive that Microsoft uses to store a copy of Windows, and/or they vector the boot record of the HD. EVEN IF you use your reinstall CD and reformat and reinstall Windows the phantom partition is not reformatted, nor is the boot record rewritten. The result is that after all that work of reinstalling everything to start fresh the keyboard logger loads in before the Windows OS does and sets itself above OS memory, pulls all the malware back in, and watches everything you type and keeps track of it. It stores your keystrokes in a hidden file and every so often calls home and posts the file to a compromised computer in some other part of the world. He then retrieves your info (bank name, login name and password) from that computer to his computer, usually via RCC, a relay chat channel, onto which he logs using FireFox-Tor. No IP trace of his computer tracks are created.
To clean it out entirely one must remove all partitions of the HD and combine them into one, reformat that single partition, and then re-partition it and reinstall the OS. With Windows that is impossible to do because Microsoft no longer includes an Install CD. You have to create one when you complete the Windows setup, and it only allows you to use the phantom drive to recreate Windows. That's why buying an install CD from Amazon or NewEgg is better than using the re-install CD created during the install because you can repartition and reformat the entire drive, cleaning it off, and then re-install Windows.
H2O_King89:
I run chrome with ad blocker. See if that helps.
SemperFiGuy:
Well............
SOMETHING helped.
At first, it didn't seem that Malwarebytes fixed anything. Immediately afterward running Malwarebytes, I got in touch with a Live Human Tekkie, connected by an "apparently-valid" web notice recommending that I call a phone number and walk through some repair steps.
Now.....Between MWBs and the Tekkie, the junk appears to have disappeared from the NFOA Forum page. For example, I can type this message right now free from the bizarre leaping pop-ups of yesterday. Which is a major improvement.
Still some odd things. Like....My Google search entry space has ebay ghosted in it. Any search string entered therein immediately goes directly to ebay and not to the general world-wide web. I have to enter google.com up in the URL space and press Enter to get on the web.
GreyGeek's info up above is an alarm bell to us all. Can't even wipe the computer clean and reload the operating system w/confidence. Still all that lurking stuff. I'm going to copy GG's message and give it to our university Techies (who are probably well aware of this situation) because this computer will be in their hands today. Even thought it appears cleaner for the moment, it probably isn't.
Must be one heck of a lot of money to be made by hijacking computers, because the outlay of time and energy to create this junk is enormous.
Thanks to all of you Good Guy Responders.
sfg
DR4NRA:
Sounds like it hijacked your browser settings which is typical. GG is right if it's a boot sector virus then his way is right, but most if not all virus writers leave the boot sector alone as it's more profitable if the machine runs. Then you have ransom ware which actually does play with the boot sector through 3 keys dropped in the registry which will lock the OS out of the boot and bring up a ransom screen. Then there are killer virus that actually eat everything on the drives by initiating the disc format function. Bye bye everything. Not hard or expensive to write a virus. The profit comes from you not knowing its there, passing on to friends and using your machine normally. Bank account passwords and such is where the money is.
GreyGeek:
--- Quote from: SemperFiGuy on September 17, 2014, 08:50:26 AM ---Still some odd things. Like....My Google search entry space has ebay ghosted in it. Any search string entered therein immediately goes directly to ebay and not to the general world-wide web. I have to enter google.com up in the URL space and press Enter to get on the web.
--- End quote ---
Use the Control Panel's "Uninstall Programs" to remove adware like Norton, Ebay, Yahoo and the other junk. Reboot.
If you use FireFox open a new tab and enter
about:plugins
to see what plugins are running. You shouldn't see any adware.
FireFox also has a customize setting that allows you to remove ebay and yahoo, the two main culprits in capturing your search engine results, especially 404 (page not found) results. A the left side of the text box which is to the right of the URL box is an "alternate search engine". Click on the down arrow and select "Manage Search Engines". Remove any you don't want and put them in the order you want for searching to take place.
Or, unless you have a specific reason to run Windows because of some special software, install Kubuntu and kiss all that stuff goodbye. Kubuntu's installation process and desktop looks similar to Win7 and there is a valid question as to who copied whom.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version