Anyone had this before

Discussion in 'privacy problems' started by toploader, Sep 1, 2005.

Thread Status:
Not open for further replies.
  1. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
    when i finished my dial up session i pulled the plug had been using it with firefox with no problems.

    anyhoo when i come back to the computer half hour later i find that there are 65 IE windows open (all blank) - i had not been using IE. i tried to close them but it just kept opening new ones.

    the system locked up couldn't do anything including alt cntl delete

    would not power off until i held power off button down for 5 seconds.

    on reboot everything is back to normal

    wonder what that was all about?
     
  2. cooldude123

    cooldude123 Guest

    I think that it is a prem rate dialler.

    Calls 1.50 minute numbers and comes off your phone bill only happens to dial up customers but im not so sure because i am on broadband and it also happened to me !
     
  3. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
    hi cd - ran a scan with spybot - found nothing - if it was a dialer it didn't connect because i physically pulled the plug from the wall when i finished the dialup session.

    haven't had any repeats - appears to be a once off.
     
  4. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
    had another instance today - same thing - uplugged dialup went shopping when i got back - 60+ IE blank windows open. (despite IE not in use and ActiveX disabled) alt cntl delete didn't work could not close them as a group - tried to close them individually but more opened - somehow by very fast clicking managed to get the windows open down to 45 at which point was able to do a group close.

    once again Adaware, A2 and Spybot scans run clean - no apparent nasties.

    interestingly when i right clicked on the UnHackMe icon in the tray (checking what was still working) it just disappeared. as it was the last software to be installed before this problem started occurring i have uninstalled it as a precaution.

    this only happens when i unplug a dialup session - i have often gone shopping leaving the dialup connection on with no problems.

    it's what i call a cute glitch - doesn't really bother me now just curious as to why it does it.

    the obvious choice is some kind of dialer - but i'm pretty sure that is not the problem and i've never had any probs with browser hijacks etc.

    may have to buy a super heavyweight scanner like spycop just to be on safe side. there is always the question as to how much one can rely on free scanners.

    am filing this one under idiosyncrises of post modern semi-complex systems for time being.
     
    Last edited: Sep 6, 2005
  5. tuatara

    tuatara Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    772
    This is known malware, try a2free at www.emsisoft.com

    that probably will solve your problem.

    And don't use IE unless you have too.
    Try a real browser instead, like
    Firefox, opera , mozilla , Deer Park, or use Maxthon

    Install an AntiMalware prevention tool like Tiny Personal Firewall 2005 Pro
    or Process Guard etc.
     
  6. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
    hi tuatara - i have a2 it ran clean - and yes i do use firefox - i don't use IE at all - something in the machine starts up IE when i unplug my dialup (though not every time)

    may give pg or antihook a test drive
     
  7. Beefcarver

    Beefcarver Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    263
    Location:
    michigan
    I would use crap cleaner regularly. www.ccleaner.com to clean things out. I
    agree 100% about a2 free and would also start using bitdefender free too.
    and do online scans regularly with Trend micro's housecall or other Online scanners... Internet explorer and dial up are a nasty and risky combination.
     
  8. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
    thanks for the ccleaner link bc
     
  9. tuatara

    tuatara Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    772
  10. tuatara

    tuatara Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    772
    BTW , i don't want to offend you, but to be honest, i have really bad experiences with AVG, if install NOD32 or Kaspersky after my customers
    computers have running for a while with AVG, it always end up, with finding a lot of virusses/ unwanted things/malware

    You can also do an online free scan at:
    http://housecall.trendmicro.com/
    or:
    http://www.bitdefender.com
     
  11. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
    good point, tuatara - no offence taken - i've been thinking about whether to upgrade to a more heavyweight A/V - Kaspersky looks favourite at the moment.
    i ran a kaspersky online scan last week - no probs reported.

    i'm not sure this is a malware problem - it may just be a glitch somewhere.
     
  12. tuatara

    tuatara Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    772
    it is the fact that, only after an half an hour that this happens,
    made me think that it is malware, if it starts directly after
    unplugging the modem, it could have been hardware..

    And i've seen the same problem at one of my customers pc's before,
    then the problem was solved with a anti malware progs.

    And i hope that Kaspersky 6 or 2006 will be out soon,
    i've seen the Beta and i am impressed.

    Kaspersky can of course find more unwanted software then NOD32
    but NOD32 is faster, has better heuristics and uses less system resources.

    I think the can't really be compared, because they are two different things.

    But i certainly prefer those 2 above the rest ...

    And 3th for me is Sophos, which has by far the best support
    and information for their customers.
    (but is extremely expensive) ..
     
  13. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
  14. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
    interesting cos he/she also uses firefox XP SP2, a-squared, spyware blaster, spybot, and adaware.
     
  15. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
    i've had a gander at my add/remove program list and decided to remove all extraneous material - one i didn't like the look of was viewpoint plugin - probably not the culprit but surplus to requirements anyhoo.

    i think i prefer to remove things from the system manually rather than let a program do it all for me with one click - it might get carried away and delete something i want.
     
  16. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    You could trial Ewido.
     
    Last edited: Sep 6, 2005
  17. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
    hi Hammer - i did have ewido installed for a while - had a problem - my computer just froze solid while running a scan - decided to uninstall to be on the safe side.

    multiple windows starting is not really a big problem at the moment just one of those curious things that happens from time to time. my system seems ok in all other respects. it could be a trojan but i've ran a fair few online scans etc and nothing is being picked up.

    this has only started happening in the last couple of weeks - somewhere on the net someone will have had this problem and fixed it - just a matter of finding it :D
     
  18. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
  19. G-Force

    G-Force Guest

    And it could be YOU!
    Hi Toploader,

    I'm no expert but it might be worth you're while to check out some of the "Process & Thread" utilities over at SysInternals. Filemon and/or ProcessExplorer may help you pinpoint the source of that dialup thread.


    GF
     
  20. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
    thanks G-Force - i've had a good look round the system - all processes seem to be in order but as i posted earlier i have had a mini cleanup. so far today there has been no repeat - i left the modem unplugged for a couple of hours - will keep an eye on it to see if there are any more occurances.
     
  21. tuatara

    tuatara Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    772
    hope you solved your problem, 56 windows that open
    and an Avitar with John cleese that never gets tired with his silly walk.

    Most of the time when i see or here something about John Cleese
    when ICT related it is the SPAM song ..

    b.t.w. "i mentioned once but got away with it" ...

    :)
     
  22. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
    ah yes i should of checked for a fawlty.monty trojan - tuatara ;)
     
  23. Ailric

    Ailric Guest

    This is puzzling. If Kaspersky didn't find anything, I'm inclined to believe it's not malware.
    There is a setting in Internet Explorer that will dial a connection whenever one is not present. Is that checked?
    Internet Properties>Connections
     
  24. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
    there are three options Ailric....

    never dial a connection
    dial whenever a network connection is not present
    always dial default connection (this is my current setting)

    i've changed the setting to never dial a connection for the time being.

    i should point out that this is an intermittant problem - i've disconnected twice from the net today for long periods and have not had any problem.

    thanks for your help.
     
    Last edited: Sep 7, 2005
  25. Ailric

    Ailric Guest

    I hope this works. If it does, glad to be of help.
     
Thread Status:
Not open for further replies.