I recently got tired of all the popups on my computer, the last straw was 12 porn popups which took over my screen when I started my browser. So I looked for software to remove and deny these annoyances so I could surf where I wanted to go. I installed Spywareblaster, Ad-Aware and Zero Popup. Now I am having trouble logging in to some web sites, and as this is a shared computer, I need to fix this before someone gets back from vacation. Mypoints for example says I need to have javascript and cookies enabled. So did Iwon, but I modified the settings in the internet options box of the browser and accessed IWon, but not Mypoints.
So I have some questions.
Which program could be the problem?
Should I uninstall all of them and try again?
Use a different popup program (I can't modify it.)
Any help would be appreciated.
kaymoore68

Hi kaymoore68,

Could you post your HijackThis log (http://www.tomcoyote.org/hjt/)
Download, Unzip and run HijackThis, Then click Scan > Save log, save the log as a .txt file and copy & paste its content into your next post.
Don´t fix anything yet. Most of what it finds is harmless.

Regards,

Pieter

I received kaymoore68's by mail
and had him fix several things.
One however didn't ring any bells:
O4 - HKLM\..\Run: [infus] c:\windows\system\infus.exe /noconnect

If anyone is familiar with it, let us know.

Regards,

Pieter

no, it did not work. Still cannot log into Mypoints.
Any others?

Check in Internet Options > Security, and select "Trusted Sites".
Press the "Sites" button and add the URL for the MyPoints site.
Does that help?
Please don't do the same for Iwon. Their reputation is dodgy, to say the least: http://www.safersite.com/PestInfo/db/i/iwon.asp

Regards,

Pieter

No did not help, changed the setting as requested, closed the browser, reopened then when it did not work went ahead and restarted. Still will not accept username and password at mypoints. I did also check and ensure the username and password from them is correct. (They emailed it). I was able to correct the problem with the Iwon site. It logs me in now. I will be away until tomorrow. I will check this site when I log back in. Thanks for working with me on this.

FWIW, the only candidates I found for infus were a web development application and an online pharmaceutical ordering app. I can't imagine either of those loading within the auto-run areas of the registry.

Regards,

Dan

Yup. And the /noconnect switch always makes me suspicious.
Seen that on too many dialers. :-\

Regards,

Pieter

:) Hello again, brief update,
Upon restart, Zero Popup threw up a screen that said my trial period had expired which was wrong since I only had the program three days from download to use. I don't remember how many days it was to be used, but was much more that three. I uninstalled it, and accessed Mypoints immediately and your site with a little tweaking ( your site was modified under managed sites to always allow cookies).

However, I am still looking into the energy variations on this computer, since I have not had any ( lag between sites, pauses) for the past few days. This computer accesses the internet through a cable modem as well which would also make it attractive to hackers or remote users.

I installed EMS Free Surfer mk II - I allow it to chirp when a pop up tries to open. It is a very satisfying sound.

Thank you for your help, as for the infus, don't know what it was, took it out with hijack and will continue to look for good cleaner type software. I would not have thought Zonealarm would allow this through.

Any monitoring software recommendations?

Hi kaymoore68,

I'm still interested in a copy of infus.exe, if you can provide it.

I think your question about monitoring software needs some specifying as to what you'd like to monitor.

Regards,

Pieter

infus.exe is an application program when I run a find from the start menu. How would I send it to you?

Also I am looking to monitor intrusions, such as stealing passwords to my accounts online or using my computer remotely, the last of which I think was being done prior to using spywareblaster.

In addition it sits in the C drive//windows//system, an infus uninstall sits right beside it. I have made sure to be able to view all files hidden or otherwise. No info shows when I ask for the properties such as company name etc.

Hi,

Can you compose an e-mail, click attachment and the browse to that file and doubleclick it.
It will not disappeasr from your system. I will just get a copy.

For intrusion detection: doesn't your ZoneAlarm create logs? I'm sure our firewall experts can help you out there.

Regards,

Pieter

The email is away. I forgot about the logs in Zonealarm. Since I feel someone has already remote accessed this computer, I thought maybe there would not be a record.

Hi kaymoore,

I received the file. I think it's best to delete it.
No firm name listed, which is suspicious. There is an IP address in there, formatted as a URL.
The site it points to seems to be down.

I'll see if I can interest someone in analyzing it further.

Regards,

Pieter

I have deleted it. I also used Zonealarm analyzer and downloaded myNetwatchman. Zonealarm analyzer shows one attack, and My netwatchman shows these:
Code Red/Nimda
SQL Slammer Worm
w32.Opaserv Worm
RingZero
NetBios Session Service
What to do?

If anyone is interested, I picked up a FREE copy of Popup Killer before it went commercial. I use it on all four of my machines. <Edited. See comment below. Pieter>Takes a few steps to set up but works great.

krachen,

I think if you read the EULA you OK'ed when installing that free version you will see it says you are not allowed to distribute it.

Am I right? ;)

Regards,

Pieter

I'll look. In the help about, on the version I've got, it says it is 'FREEWARE'. I noticed that when I saw it a few days later that it was stated as 'SHAREWARE'. Does this constitute a change in how I look at it?

Even freeware will make that restriction most of the times.
But I'm pretty sure they wouldn't appreciate us, allowing you to give away free copies, of a software you now have to pay for.

Regards,

Pieter

Here is the disclaimer:
This program is 100% free, which means that you can copy it, use it as in many machines as you like, and make as many backup copies as you like! But please, if you're going to copy it, copy the original setup file, so the integrity of the program is maintained.

Anyway, if you like this program and wish to make a donation in order to help me maintain it free, you're welcome to do so.

There's a secure registration that you can use to make your donations:
Click here for more information.

The disclaimer part is very short... I'm not responsible if the program (PopUp Killer) behaves in some way different from expected and because of that you loose some data, or some of your data gets damaged or... or... or... Yours is the responsibility to use the program! not mine, ok?

I understand about the distribution. I'm sure the version I have is a far cry from what it is now but I'll not offer it again.
Thanks
Just want to stay on the right road.

Thank you for understanding. :)

:D Thanks for all the help and the point in the right direction. My computer has a few bugs and glitches, and the infus.exe must have been the problem as Zonealarm analyzer reported 1 attack. Spywareblaster probably was enough for what I needed, but I felt I had to know what was being done so I installed mynetwatchman. PC Cillin and Truscan both reported no viruses, this after infus.exe was deleted. I don't have all the time I need to dedicate to this. i,e trace back, so I'll now let the new monitoring tool check the ports for me and also run spywareblaster and the other tools as well. Thanks Pieter and everyone.