Pop ups/virus

Posted by: monbron

Pop ups/virus - 05/13/13 03:39 PM

I am having a peculiar problem and it happens a lot with GB, I am getting random pop ups asking me to complete a questionaire and also a chance to win an I pod, also with GB, on the forum certain words are underlined in yellow and if I hover the mouse on them it would take me to another site which Malwarebites promptly blocks I think it says iexplore.exe.

I have Micorsoft Security Essentials and Malwarebites, I also have c cleaner and revo uninstaller, I have run full scans and looked in uninstaller to see it there is something I don't recognise but nada.

I am guessing that I have picked something up but cannot seem to get rid of it - any ideas PLEASE. think
Posted by: Jenny100

Re: Pop ups/virus - 05/13/13 04:54 PM

The first thing to do is empty your browser cache. Sometimes that's all it takes.

If the malware got past your antivirus and MalwareBytes, you probably need to have your drive scanned from an uninfected operating system. That could mean using a boot CD with an antivirus, like the Kaspersky Rescue Disk, or removing your hard drive and attaching it as a secondary drive to an uninfected computer that has an updated version of an antivirus already installed on it. Burning a Kaspersky Rescue Disc from an infected computer is probably not a good idea, but if you have a second computer maybe you could burn one from that.

If you've never burned an .iso file, or set your computer to boot from the CD drive instead of the hard drive in the BIOS Setup, you may want to just take it somewhere for a professional cleaning. Even if you manage to boot from the Kaspersky CD, you have to remember to download updates before running it or it won't find anything. YouTube has some videos on how to use it, if you want to search there.

Attaching your hard drive to an uninfected computer involves removing the hard drive and attaching it to another one, either by attaching it to a SATA cable connected to that computer or by putting it in a removable drive case. I'm not sure if you'd be comfortable doing that.

Once a virus infects, it may have the ability to control what your antivirus is able to do. So you can't trust your antivirus when that happens. Nor can you trust anything that is installed after the infection -- unless you know enough about what type of infection you have and what it is capable of doing.

You may want to consider reformatting and reinstalling Windows if you have a Windows CD. If your computer has a "rescue partition," it may or may not be infected.

I don't know what your particular malware would be called. But if someone else knows what it is, there may be other ways of getting rid of it. It may be relatively easy to remove once you know what it is and can look up removal instructions.
Posted by: Draclvr

Re: Pop ups/virus - 05/13/13 07:08 PM

Someone else recently had an issue with the underlined words and links and traveler/Gil linked to a fix that worked. Can't remember who had the problem though.
Posted by: Jenny100

Re: Pop ups/virus - 05/13/13 07:22 PM

You're right, Draclvr.
I think it was oldman in ***this thread***.

If that's the problem Monbron has, it's not as serious as I thought.
Posted by: Draclvr

Re: Pop ups/virus - 05/13/13 10:11 PM

It might still be serious... good information in your post above just in case. Maybe monbron will get lucky and the fix will be simply. And of course, I'd forgotten that it was Lanlynk that had posted the potential fix.
Posted by: monbron

Re: Pop ups/virus - 05/14/13 06:54 AM

Thanks everybody I have completed some of the advice but not restarted my computer as yet, so I will know later, I am hoping this will work so that I don't have to open my wallet!! thanks

I looked up spybot on Firefox and there are an awful lot of sites advertising it, can you direct me to the best one to choose, Please oops
Posted by: Jenny100

Re: Pop ups/virus - 05/14/13 08:15 AM

The best site for Spybot is http://www.safer-networking.org/

Download from here

The advantage of Spybot is that they have a separate download for the definitions -- what they call "Detection updates for Spybot" and it is usually updated daily.

The most effective way to use Spybot requires the use of the command line. Download both the installer and the definitions update using an uninfected computer, then transfer the two files to a USB drive. Reboot the infected computer to "Command Line Only." Insert the USB drive in the infected computer and copy the files to the infected computer's hard drive using the command line. Install Spybot using the command line, but do not run it yet. Install the definitions update (also an .exe file) and now you can run Spybot.

More stuff (possibly infected stuff) is running in the background in "Command Line with Networking" than with "Command Line Only," and most antivirus can't update their definitions without network access. But Spybot's definitions update allows you to update without network access.

The reason for using "Command Line Only" is that drivers and startup programs (including many viruses) don't start in "Command Line Only." If you install Spybot (or any other antivirus or anti-malware program) from the Windows desktop, the virus will be active and can infect it as it installs and cripple it so it can't detect the virus.

Of course your particular malware may not require this much fuss to remove. But for stubborn infections where you don't know what virus/malware you have, it's better to run Spybot from the Command Line.
Posted by: monbron

Re: Pop ups/virus - 05/14/13 09:10 AM

Thank you just one questions how do I reboot to Command line only? sorry I am not that computer literate. thanks
Posted by: InlandAZ

Re: Pop ups/virus - 05/14/13 10:36 AM

Originally Posted By: monbron
Thank you just one questions how do I reboot to Command line only? sorry I am not that computer literate. thanks

Tap F8 when you power up your PC, at the login prompt select "Safe Mode with Command Prompt".
Posted by: monbron

Re: Pop ups/virus - 05/15/13 10:15 AM

Well I got as far as the command prompt, but then I didn't know what instructions to type in, I tried install and copy but obviously they were wrong, could you possibly tell me what to say, so sorry for being an idiot but this is my first time in this area, at least I mananged to install Spybot to a USB drive ( I hope!!) oops thanks
Posted by: Creeping_Doom

Re: Pop ups/virus - 05/15/13 12:27 PM

Depending on what letter the thumb drive is , the command line should read : (thumb drive letter):/install.exe . If spybot is the only thing on the thumb drive , that should do it . If not , try setup.exe , or spybot install.exe . A spyware remover (spyware terminator or superanrispyware are much better) is almost a moot point at the moment , as the virus has to be either quarentined or removed first .
Posted by: Jenny100

Re: Pop ups/virus - 05/15/13 07:07 PM

I apologize for not answering earlier, Monbron. I've been away all day.

I'll assume you're starting at the C: prompt and not in a subfolder like C:\WINDOWS>_. If not, type

CD \

and you should get to C:\>_

The first step is to transfer the files to your infected computer from your USB drive, which you don't want to do until you boot to the Command Line. Anything that is copied while the full Windows is running could be infected by the virus as you copy it over -- and may infect your USB drive too. So wait until you're at the Command Line, then plug in the USB drive.

Of course it isn't obvious what letter your USB drive will use at the Command Line. I'd guess it would be E: or F: but it could be something else.

The easiest way I know to find out what the drive letter for the USB drive is is to use DIR to list the contents. Try


until you find it. When you find the right drive letter, it will list the contents of your USB drive.

Let's say it turned out to be F:
Now you want to copy the files from your USB drive to your sick computer's C: drive.

First, switch to the F: drive. You'd do this by entering

You should see something like
when you're done.

Now enter the line
COPY spybotsd*.* C:

That should copy both files to C: drive.

Switch back to C: by entering

You can check if the files made it over by entering
and the files should be listed along with your other files.

To run the Spybot installer, type


and follow the prompts to install. Don't let it scan yet. Just exit it when it's installed.

Now run the update file. Enter


and follow the prompts to update Spybot with the latest definitions.

Once that's done, you can run Spybot. Unfortunately, this means you have to change to the folder where Spybot installed before running it so you can't just enter SpybotSD.exe from where you are. On a 32bit Windows, it would install in C:\Program Files and you'd type

"C:\Program Files\Spybot – Search & Destroy\SpybotSD.exe"

On a 64bit Windows, it might install in C:\Program Files (x86) instead of C:\Program Files. If so, you'd type

"C:\Program Files (x86)\Spybot – Search & Destroy\SpybotSD.exe"

The quick way to type out long file and folder names at the Windows Command Line is to type the first few letters of the file or folder name and use the TAB key. This is also more accurate for files and folders that contain weird characters, like the dash in the Spybot folder name. So you'd type

and then the TAB key to fill in
"C:\Program Files"

If you want C:\Program Files (x86) you'd just use the tab key twice instead of once.

Say you're at
"C:\Program Files (x86)"

First you want to remove that quote mark Windows put at the end and add a backslash

"C:\Program Files (x86)\
now you can type the letters
and use the TAB key again, and Windows should fill it in like this

"C:\Program Files (x86)\Spybot – Search & Destroy"

(that's assuming you have 64-bit Windows and Spybot installed in your C:\Program Files (x86) folder)

To finish the command, you'd backspace to get rid of the quote, add a backslash, and spybotsd.exe" to get

"C:\Program Files (x86)\Spybot – Search & Destroy\SpybotSD.exe"

Remember that the Windows Command Line doesn't care about capital or lower case letters, but it does care about spaces, which is why you need the quote marks at the front and the end of the line.

Alternatively you could CD to the Spybot folder and just type Spybotsd

From C:\>
CD Prog
TAB key
CD Spy
TAB key

If it locates the folder, enter
to start Spybot.

If it can't find the Spybot folder, it's probably in C:\Program Files (x86) instead of C:\Program Files, so you'd type
CD ..
to back out of the C:\Program Files folder
CD Prog
TAB key twice to go to C:\Program Files (x86)
CD Spy
TAB key

If you get lost, you can always return to C: by typing

CD \

By the way, the .exe on the end of Spybotsd.exe is probably optional. Unless there's another executable Spybotsd file in the Spybot folder, like a Spybotsd.bat, Windows will automatically run Spybotsd.exe if you only type Spybotsd

Once Spybot has run, you can reboot the computer from the command line using

shutdown /r

I didn't mean for this to turn into a lesson in using the command line, but it looks like that's what happened.
Posted by: monbron

Re: Pop ups/virus - 05/16/13 09:48 AM

Thank you so much for all that very detailed instruction. Unfortunately I could not get past entering the spybot onto drive C, I was fine until then and I could see the file in 'J' I tried every conceivable combination including downloading every thing on the flash drive which included the flash drive instructions but it still ignored spybot!!?? so I have given up and called in the experts. So really a great big thanks and lets hope the experts can sort it out. urock