Jump to content

What the...? aka Unwanted Web Pages


The Coop
 Share

Recommended Posts

-=http://s02.globewages.com/=-

-=http://www.allwindowssoft.com/content/view/39/32/=-

Lately these two pages have been popping up randomly from time to time as I browse. I have no idea what caused them. I recently did a Safe Mode spyware scan with Spybot and AdAware (which found nothing major), did a Safe Mode Virus scan with AntiVir (which found nothing), and completely uninstalled every last trace of FireFox from my system so I could make a fresh install. And yet, here they still are... popping up and officially starting to piss me off. I've gotten them over the last couple days going to IGN, Weather.com, OCR, and Filefront to name a few places. I even had the Windows one open up out of the blue while my browser wasn't open.

Any idea what could be causing these two pages to show up?

As a side note, there's also a third page that's popped up, but only twice so far. It's a car parts ordering page that actually looks pretty official, as it had descriptions, images, and even part numbers if I recall. Also, the first link used to be a hell of a lot longer. It came up as a completely blank, white page, with a monstrous url that ended with something like "http:%2F%2Fwww.weather.com" and some "affid" stuff, but I shortened it to the link above that simply says "It Works!".

Link to comment
Share on other sites

-=http://www.smartfixer.com/trial.html=-

There's a fresh page that just popped up about one minute ago. I rolled my mouse wheel about ten minutes after a page on www.shmups.com forums had finished loading, and suddenly that page popped up.

This is really beginning to annoy me, as I don't know where these things are coming from, or how they're getting through after all the cleaning I did.

Link to comment
Share on other sites

Coop - it's adware. You may want to remove the live links from your posts, the sites may be dangerous to visit with an insecure browser.

Uninstalling Firefox won't do it, these are installed elsewhere on your system. Until you find them, you can at least block the sites in question from your HOSTS file (<- link) - this will prevent them from loading.

Next, to prevent any further intrusion, I strongly suggest you install the Firefox extensions NoScript and AdBlock. NoScript will disallow any scripting language except for sites you explicitly approve - unknowingly allowing a bad site to run and possibly exploit scripts is how you got the adware in the first place. AdBlock does what its name says, and can block Flash ads and other useless junk.

To find out what got into your system, hit ctrl-alt-del, go to Processes, and Google the name of anything that looks suspicious - there are lots of sites that will tell you if any given process is known to be associated with adware/malware/etc., or if it's legit. You may also want to look into a program like Hijack This, which can log everything that's running on your PC so other people can help you analyze it.

If you need any clarification or more suggestions on what to do, lemme know!

Link to comment
Share on other sites

Well, Windows Defender didn't find anything. However, I ran a program called Easy SpyRemover, and it found these...

Vb.akv

TR/Spy.Goldun.FN.3

TR/Spy.Goldun.EI

Of course, it can't get rid of them, because you have to pay for that ability. All three are listed on AntiVir's site, yet it seems AnatiVir can't find them. I also ran Trojan Hunter, and it found one trojan (C:\WINDOWS\MSBN\setup.exe (TrojanDownloader.Zlob.566)) and removed it. However, the three above files are still there.

I also checked on some of the processes via Process Library, and nothing came up as odd. Of course, Task List said the opposite for most of the ones I checked, telling me that things like alg.exe, spoolsv.exe, wdfmdr.exe and lsass.exe were trojans to be gotten rid of.

Frankly, I'm at a loss at the moment. Three files (two "Medium", one "High" in threat) that nothing I have can seem to find or get rid of. AntiVir, Spybot, Ad-Aware, Trojan Hunter, and Dr. Web are seemingly clueless, and the one program that finds them, won't let me get rid of them. What fun!

Here's something to give you a chuckle. When I went to DL Windows Defender and Hijack This, I got that "s02" window on both sites... and this is after installing Ad Block and No Script.

Link to comment
Share on other sites

I wouldn't trust anything that lists the Windows print spooler service as a trojan. However, it's possible that the file can get infected.

It might be worth it to run msconfig and see if there's anything suspicious going on there.

Do the windows that pop up actually come from Firefox, or are they IE windows in disguise?

Also, check here for some more stuff:

http://www.spywarewarrior.com/rogue_anti-spyware.htm#online

It also lists Easy Spyremover as formerly suspect software.

Finally, when you uninstalled Firefox, did you also delete your Profile folder?

Link to comment
Share on other sites

I wouldn't trust anything that lists the Windows print spooler service as a trojan. However, it's possible that the file can get infected.

It might be worth it to run msconfig and see if there's anything suspicious going on there.

Do the windows that pop up actually come from Firefox, or are they IE windows in disguise?

Also, check here for some more stuff:

http://www.spywarewarrior.com/rogue_anti-spyware.htm#online

It also lists Easy Spyremover as formerly suspect software.

Finally, when you uninstalled Firefox, did you also delete your Profile folder?

It opens up as a FireFox window. It also opens up in IE as an IE window (it did that last night). Regarding my uninstall, I deleted every folder and file that came up in a search for "FireFox" and "Mozilla" on my PC.

That damned s02 page came up again after I went to that spyware page :(

Link to comment
Share on other sites

I figured I may as well update this.

After going to that site, I downloaded SUPERAntiSpyware. Hopping into Safe Mode, I ran it. Besides the usual tracking cookies that set off every Spyware program, it detected a Trojan buried in some odd corner of my PC (sorry I can't remember the name... I think it might have been a Vundo variant or something). It got rid of the file, and a number of things have taken place...

1) Those fucking windows seem to have stopped. I haven't gotten one since I ran the scan back on 2-17-2007.

2) FireFox had been starting a lot slower for around two weeks at the time I DLed SUPERAntiSpyware. I'd done an uninstall twice before, but nothing seemed to correct the 6-7 second to start up time that the browser had suddenly began doing (where before it had only been a second or two). FireFox had also gotten into the habit of consuming 100% or my CPU resources, causing my CPU to got hot to the point of the cooling fan kicking into high gear (this always happened after I'd closed the browser, yet the program would keep running according to the task manager). Once that file was removed, FireFox went back to normal startup time and functions. So it seems the found trojan was behind all that as well.

So it would seem (**knocks on wood**) that the problem's hopefully been solved. I don't know how that thing got in there, or where it came from, and that bothers me a little.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...