Error Alert?

[Angel]

Hi everyone,
I was on the 'net and I received this pop up. It said to the effect
Error alert. I think that is what it said at the top. A window popped up
wanting me to download a registry cleaner. I click the close and then a gray
box that wanted me download a program with an ok button and all the buttons
at top were grayed out you could not close. I was not about to do it. I then
did the Ctrl-Alt-Del and got it out that way. This happened a couple of
times in 2 days. I had just opened a newsletter from a site I trusted and
went to the website and shortly got that. I then unsubscribed the
newsletter. Did it come from the website or someplace else? What else can I
do to prevent this type of thing happening. Any suggestions would be
appreciated.
Angel

 

[Ron Badour]

It may have come from that web site or another one--hard to tell.

Spyware/adware cause numerous system problems. I recommend you download and
use AdAware or Spybot (or both) on a regular basis and consider removing
everything these programs identify. Be aware that there are frequent
updates to these programs and you need to check for them before every use
including the first time.

AdAware: http://www.lavasoftusa.com/products/ad-aware_se_personal.php

Spybot: http://www.safer-networking.org/en/index.html


--
Regards

Ron Badour
MS MVP 1997 - 2007


"Angel" <angel@noway.com> wrote in message
news:emijAdY0HHA.4236@TK2MSFTNGP06.phx.gbl...
> Hi everyone,
> I was on the 'net and I received this pop up. It said to the effect
> Error alert. I think that is what it said at the top. A window popped up
> wanting me to download a registry cleaner. I click the close and then a
> gray
> box that wanted me download a program with an ok button and all the
> buttons
> at top were grayed out you could not close. I was not about to do it. I
> then
> did the Ctrl-Alt-Del and got it out that way. This happened a couple of
> times in 2 days. I had just opened a newsletter from a site I trusted and
> went to the website and shortly got that. I then unsubscribed the
> newsletter. Did it come from the website or someplace else? What else can
> I
> do to prevent this type of thing happening. Any suggestions would be
> appreciated.
> Angel
>
>

 

[MEB]

"Angel" <angel@noway.com> wrote in message
news:emijAdY0HHA.4236@TK2MSFTNGP06.phx.gbl...
| Hi everyone,
| I was on the 'net and I received this pop up. It said to the effect
| Error alert. I think that is what it said at the top. A window popped up
| wanting me to download a registry cleaner. I click the close and then a
gray
| box that wanted me download a program with an ok button and all the
buttons
| at top were grayed out you could not close. I was not about to do it. I
then
| did the Ctrl-Alt-Del and got it out that way. This happened a couple of
| times in 2 days. I had just opened a newsletter from a site I trusted and
| went to the website and shortly got that. I then unsubscribed the
| newsletter. Did it come from the website or someplace else? What else can
I
| do to prevent this type of thing happening. Any suggestions would be
| appreciated.
| Angel
|
|


Angel, please be cautious with what you subscribe to, and how you view those
pages. This is a common method of hackers, scammers, and not so reputable
organizations. NEVER subscribe or click accept on ANY OF THEM> which I see
you did not. What's that old saying "You've come a long way baby"...

Plain text viewing will protect you, somewhat. But only you can really
provide for your protection.

I would suggest virus and spyware scans as soon as possible, better safe
than sorry.

--
MEB
http://peoplescounsel.orgfree.com
________

 

[Angel]

Hi Ron,
I check for updates from those every day and download any updates, then
run them everyday. I delete what comes up on Spybot. I had the cookies from
them both days. I deleted the cookies from the AdAware, too before I run the
Spybot. Here is my routine: First I go to My Computer, run disk clean up,
get rid of the temp file from there. then I bring up AdAware check for
updates. If there is any, I download. I then run AdAware and delete the
cookies that come up or if anything else like a registry key comes up, I
delete that too. Then I bring up Spybot and check for updates. If there is I
download all but the three I do not use, skins, immunization and teatime.
Then I run that. I then do the *fix*. Then I run Avast! I usually do this
before I shut down the computer for the night.
Angel

"Ron Badour" <Sorry@NoAddress.com> wrote in message
news:uSNXMmY0HHA.4928@TK2MSFTNGP05.phx.gbl...
> It may have come from that web site or another one--hard to tell.
>
> Spyware/adware cause numerous system problems. I recommend you download
and
> use AdAware or Spybot (or both) on a regular basis and consider removing
> everything these programs identify. Be aware that there are frequent
> updates to these programs and you need to check for them before every use
> including the first time.
>
> AdAware: http://www.lavasoftusa.com/products/ad-aware_se_personal.php
>
> Spybot: http://www.safer-networking.org/en/index.html
>
>
> --
> Regards
>
> Ron Badour
> MS MVP 1997 - 2007
>
>
> "Angel" <angel@noway.com> wrote in message
> news:emijAdY0HHA.4236@TK2MSFTNGP06.phx.gbl...
> > Hi everyone,
> > I was on the 'net and I received this pop up. It said to the effect
> > Error alert. I think that is what it said at the top. A window popped up
> > wanting me to download a registry cleaner. I click the close and then a
> > gray
> > box that wanted me download a program with an ok button and all the
> > buttons
> > at top were grayed out you could not close. I was not about to do it. I
> > then
> > did the Ctrl-Alt-Del and got it out that way. This happened a couple of
> > times in 2 days. I had just opened a newsletter from a site I trusted
and
> > went to the website and shortly got that. I then unsubscribed the
> > newsletter. Did it come from the website or someplace else? What else
can
> > I
> > do to prevent this type of thing happening. Any suggestions would be
> > appreciated.
> > Angel
> >
> >
>
>

 

[Angel]

Hi Meb,
I did that all just before I posted the question.When I did the Spybot,
there were 2 cookies both times from that Error Alert. I did the *fix*. I
even did a through scan with Avast! I did the AdAware first. The reason I
posted is because I thought I may be missing something I ought to do.
Thanks MEB
Angel

"MEB" <meb@not here@hotmail.com> wrote in message
news:%23uzI6tY0HHA.3940@TK2MSFTNGP05.phx.gbl...
>
> "Angel" <angel@noway.com> wrote in message
> news:emijAdY0HHA.4236@TK2MSFTNGP06.phx.gbl...
> | Hi everyone,
> | I was on the 'net and I received this pop up. It said to the effect
> | Error alert. I think that is what it said at the top. A window popped up
> | wanting me to download a registry cleaner. I click the close and then a
> gray
> | box that wanted me download a program with an ok button and all the
> buttons
> | at top were grayed out you could not close. I was not about to do it. I
> then
> | did the Ctrl-Alt-Del and got it out that way. This happened a couple of
> | times in 2 days. I had just opened a newsletter from a site I trusted
and
> | went to the website and shortly got that. I then unsubscribed the
> | newsletter. Did it come from the website or someplace else? What else
can
> I
> | do to prevent this type of thing happening. Any suggestions would be
> | appreciated.
> | Angel
> |
> |
>
>
> Angel, please be cautious with what you subscribe to, and how you view
those
> pages. This is a common method of hackers, scammers, and not so reputable
> organizations. NEVER subscribe or click accept on ANY OF THEM> which I see
> you did not. What's that old saying "You've come a long way baby"...
>
> Plain text viewing will protect you, somewhat. But only you can really
> provide for your protection.
>
> I would suggest virus and spyware scans as soon as possible, better safe
> than sorry.
>
> --
> MEB
> http://peoplescounsel.orgfree.com
> ________
>
>
>

 

[Daave]

Angel wrote:
> Hi everyone,
> I was on the 'net and I received this pop up. It said to the
> effect Error alert. I think that is what it said at the top. A window
> popped up wanting me to download a registry cleaner. I click the
> close and then a gray box that wanted me download a program with an
> ok button and all the buttons at top were grayed out you could not
> close. I was not about to do it. I then did the Ctrl-Alt-Del and got
> it out that way. This happened a couple of times in 2 days. I had
> just opened a newsletter from a site I trusted and went to the
> website and shortly got that. I then unsubscribed the newsletter. Did
> it come from the website or someplace else? What else can I do to
> prevent this type of thing happening. Any suggestions would be
> appreciated. Angel

Does it look anything like:

http://www.adwarereport.com/mt/archives/Spyware.CyberLog-X.gif

Is it "suggesting" you purchase a program? And if so, might the name of
the program be one of the following:

1. WinAntiSpyware
2. AntiVirusGolden
3. SpyHeal
4. VirusBlast

Describe the popup in detail--EVERYTHING about it.

Sounds like you have a Smitfraud-type infection.

If so, have a look at:

http://forums.spybot.info/showthread.php?s=8f2f8c2b826ba30f99ee3c749c167e6c&t=10970

 

[Angel]

Daave,
No it did not look like that as seen on the link. I got away from it as
soon as I could. Then did my routine as seen in my last post to MEB. Nothing
but the cookies came up in Spybot. No virus showed up in Avast! I just
wanted to know how to prevent it from coming up. I found that the only way I
could get rid of the Box that you could not click on the close button was to
use the Ctrl-Alt-Del routine. Others may want to know also that is why I
posted it. It almost demands that you download. Some may think that because
it does not let you click close button. So Ctrl-Alt-Del routine is the way
to go to get out these situations. How did I know? Trying it. It was the
only thing that I could think of at the time and it worked! It just takes a
short time to do it and it is done.
Angel

"Daave" <dcwashNOSPAM@myrealboxXYZ.invalid> wrote in message
news:e4XAeMa0HHA.3400@TK2MSFTNGP03.phx.gbl...
> Angel wrote:
> > Hi everyone,
> > I was on the 'net and I received this pop up. It said to the
> > effect Error alert. I think that is what it said at the top. A window
> > popped up wanting me to download a registry cleaner. I click the
> > close and then a gray box that wanted me download a program with an
> > ok button and all the buttons at top were grayed out you could not
> > close. I was not about to do it. I then did the Ctrl-Alt-Del and got
> > it out that way. This happened a couple of times in 2 days. I had
> > just opened a newsletter from a site I trusted and went to the
> > website and shortly got that. I then unsubscribed the newsletter. Did
> > it come from the website or someplace else? What else can I do to
> > prevent this type of thing happening. Any suggestions would be
> > appreciated. Angel
>
> Does it look anything like:
>
> http://www.adwarereport.com/mt/archives/Spyware.CyberLog-X.gif
>
> Is it "suggesting" you purchase a program? And if so, might the name of
> the program be one of the following:
>
> 1. WinAntiSpyware
> 2. AntiVirusGolden
> 3. SpyHeal
> 4. VirusBlast
>
> Describe the popup in detail--EVERYTHING about it.
>
> Sounds like you have a Smitfraud-type infection.
>
> If so, have a look at:
>
>
http://forums.spybot.info/showthread.php?s=8f2f8c2b826ba30f99ee3c749c167e6c&t=10970
>
>

 

[Angel]

Daave,
I do not have the details because I did not stick around to find out. It
acted like it wanted to download into my computer. I clicked the close
button. then another gray block came up and you could not click on the close
button. All the buttons were grayed out except the OK button at the bottom
to download it..
Angel

"Angel" <angel@noway.com> wrote in message
news:Oub5Z%23e0HHA.5764@TK2MSFTNGP03.phx.gbl...
> Daave,
> No it did not look like that as seen on the link. I got away from it as
> soon as I could. Then did my routine as seen in my last post to MEB.
Nothing
> but the cookies came up in Spybot. No virus showed up in Avast! I just
> wanted to know how to prevent it from coming up. I found that the only way
I
> could get rid of the Box that you could not click on the close button was
to
> use the Ctrl-Alt-Del routine. Others may want to know also that is why I
> posted it. It almost demands that you download. Some may think that
because
> it does not let you click close button. So Ctrl-Alt-Del routine is the way
> to go to get out these situations. How did I know? Trying it. It was the
> only thing that I could think of at the time and it worked! It just takes
a
> short time to do it and it is done.
> Angel
>
> "Daave" <dcwashNOSPAM@myrealboxXYZ.invalid> wrote in message
> news:e4XAeMa0HHA.3400@TK2MSFTNGP03.phx.gbl...
> > Angel wrote:
> > > Hi everyone,
> > > I was on the 'net and I received this pop up. It said to the
> > > effect Error alert. I think that is what it said at the top. A window
> > > popped up wanting me to download a registry cleaner. I click the
> > > close and then a gray box that wanted me download a program with an
> > > ok button and all the buttons at top were grayed out you could not
> > > close. I was not about to do it. I then did the Ctrl-Alt-Del and got
> > > it out that way. This happened a couple of times in 2 days. I had
> > > just opened a newsletter from a site I trusted and went to the
> > > website and shortly got that. I then unsubscribed the newsletter. Did
> > > it come from the website or someplace else? What else can I do to
> > > prevent this type of thing happening. Any suggestions would be
> > > appreciated. Angel
> >
> > Does it look anything like:
> >
> > http://www.adwarereport.com/mt/archives/Spyware.CyberLog-X.gif
> >
> > Is it "suggesting" you purchase a program? And if so, might the name of
> > the program be one of the following:
> >
> > 1. WinAntiSpyware
> > 2. AntiVirusGolden
> > 3. SpyHeal
> > 4. VirusBlast
> >
> > Describe the popup in detail--EVERYTHING about it.
> >
> > Sounds like you have a Smitfraud-type infection.
> >
> > If so, have a look at:
> >
> >
>
http://forums.spybot.info/showthread.php?s=8f2f8c2b826ba30f99ee3c749c167e6c&t=10970
> >
> >
>
>

 

[Buffalo]

"Angel" <angel@noway.com> wrote in message
news:%239lCxFf0HHA.4928@TK2MSFTNGP05.phx.gbl...
> Daave,
> I do not have the details because I did not stick around to find out.
It
> acted like it wanted to download into my computer. I clicked the close
> button. then another gray block came up and you could not click on the
close
> button. All the buttons were grayed out except the OK button at the bottom
> to download it..
> Angel

Try SuperAntiSpyware (free version) and see it it finds anything. It
seems to be getting higher marks recently.
I dl'd it about two weeks ago and my system was very clean and it only found
a few irrelevent items.
I'm not endorsing it, but just suggesting that you try it to see if it finds
anything critical on your machine. Do a Google search for reviews on it.
Please post back with the results.

http://www.superantispyware.com/

 

[PA Bear]

The machine's been hijacked! Run a /thorough/ check for hijackware,
including posting your hijackthis log to an appropriate forum.

Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine2.blogspot.com/
http://www.elephantboycomputers.com/page2.html#Removing_Malware

When all else fails, HijackThis v1.99.1
(http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware with
assistance from an expert. **Post your log to
http://forums.spybot.info/forumdisplay.php?f=22,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7,
http://aumha.net/viewforum.php?f=30, or other appropriate forums for expert
analysis, not here.**

If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE, OE, Security, Shell/User)
AumHa VSOP & Admin DTS-L.org

Angel wrote:
> Hi everyone,
> I was on the 'net and I received this pop up. It said to the effect
> Error alert. I think that is what it said at the top. A window popped up
> wanting me to download a registry cleaner. I click the close and then a
> gray
> box that wanted me download a program with an ok button and all the
> buttons
> at top were grayed out you could not close. I was not about to do it. I
> then
> did the Ctrl-Alt-Del and got it out that way. This happened a couple of
> times in 2 days. I had just opened a newsletter from a site I trusted and
> went to the website and shortly got that. I then unsubscribed the
> newsletter. Did it come from the website or someplace else? What else can
> I
> do to prevent this type of thing happening. Any suggestions would be
> appreciated.
> Angel

 

[Gary S. Terhune]

I dunno... I think it was derived from the web page. I get those things
every once in a while, too. I think they purchase advertising space via some
third-party and launch themselves from there.

Still, it would be good for Angel to go through the whole formal process you
prescribe.

--
Gary S. Terhune
MS-MVP Shell/User
www.grystmill.com

"PA Bear" <PABearMVP@gmail.com> wrote in message
news:uRWaJjg0HHA.484@TK2MSFTNGP06.phx.gbl...
> The machine's been hijacked! Run a /thorough/ check for hijackware,
> including posting your hijackthis log to an appropriate forum.
>
> Checking for/Help with Hijackware
> http://aumha.org/a/parasite.htm
> http://aumha.org/a/quickfix.htm
> http://aumha.net/viewtopic.php?t=5878
> http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
> http://mvps.org/winhelp2002/unwanted.htm
> http://inetexplorer.mvps.org/data/prevention.htm
> http://inetexplorer.mvps.org/tshoot.html
> http://www.mvps.org/sramesh2k/Malware_Defence.htm
> http://defendingyourmachine2.blogspot.com/
> http://www.elephantboycomputers.com/page2.html#Removing_Malware
>
> When all else fails, HijackThis v1.99.1
> (http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
> It will help you to both identify and remove any hijackware/spyware with
> assistance from an expert. **Post your log to
> http://forums.spybot.info/forumdisplay.php?f=22,
> http://castlecops.com/forum67.html,
> http://forums.subratam.org/index.php?showforum=7,
> http://aumha.net/viewforum.php?f=30, or other appropriate forums for
> expert analysis, not here.**
>
> If the procedures look too complex - and there is no shame in admitting
> this isn't your cup of tea - take the machine to a local, reputable and
> independent (i.e., not BigBoxStoreUSA) computer repair shop.
> --
> ~Robear Dyer (PA Bear)
> MS MVP-Windows (IE, OE, Security, Shell/User)
> AumHa VSOP & Admin DTS-L.org
>
> Angel wrote:
>> Hi everyone,
>> I was on the 'net and I received this pop up. It said to the effect
>> Error alert. I think that is what it said at the top. A window popped up
>> wanting me to download a registry cleaner. I click the close and then a
>> gray
>> box that wanted me download a program with an ok button and all the
>> buttons
>> at top were grayed out you could not close. I was not about to do it. I
>> then
>> did the Ctrl-Alt-Del and got it out that way. This happened a couple of
>> times in 2 days. I had just opened a newsletter from a site I trusted and
>> went to the website and shortly got that. I then unsubscribed the
>> newsletter. Did it come from the website or someplace else? What else can
>> I
>> do to prevent this type of thing happening. Any suggestions would be
>> appreciated.
>> Angel
>

 

[Angel]

Hi PA Bear,
For your information the last time I took the Computer to a local
repair, IT REALLY WAS MESSED UP WHEN I GOT IT BACK. I will try to fix it
myself with you guys help.
Thanks,
Angel

"PA Bear" <PABearMVP@gmail.com> wrote in message
news:uRWaJjg0HHA.484@TK2MSFTNGP06.phx.gbl...
> The machine's been hijacked! Run a /thorough/ check for hijackware,
> including posting your hijackthis log to an appropriate forum.
>
> Checking for/Help with Hijackware
> http://aumha.org/a/parasite.htm
> http://aumha.org/a/quickfix.htm
> http://aumha.net/viewtopic.php?t=5878
> http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
> http://mvps.org/winhelp2002/unwanted.htm
> http://inetexplorer.mvps.org/data/prevention.htm
> http://inetexplorer.mvps.org/tshoot.html
> http://www.mvps.org/sramesh2k/Malware_Defence.htm
> http://defendingyourmachine2.blogspot.com/
> http://www.elephantboycomputers.com/page2.html#Removing_Malware
>
> When all else fails, HijackThis v1.99.1
> (http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
> It will help you to both identify and remove any hijackware/spyware with
> assistance from an expert. **Post your log to
> http://forums.spybot.info/forumdisplay.php?f=22,
> http://castlecops.com/forum67.html,
> http://forums.subratam.org/index.php?showforum=7,
> http://aumha.net/viewforum.php?f=30, or other appropriate forums for
expert
> analysis, not here.**
>
> If the procedures look too complex - and there is no shame in admitting
this
> isn't your cup of tea - take the machine to a local, reputable and
> independent (i.e., not BigBoxStoreUSA) computer repair shop.
> --
> ~Robear Dyer (PA Bear)
> MS MVP-Windows (IE, OE, Security, Shell/User)
> AumHa VSOP & Admin DTS-L.org
>
> Angel wrote:
> > Hi everyone,
> > I was on the 'net and I received this pop up. It said to the effect
> > Error alert. I think that is what it said at the top. A window popped up
> > wanting me to download a registry cleaner. I click the close and then a
> > gray
> > box that wanted me download a program with an ok button and all the
> > buttons
> > at top were grayed out you could not close. I was not about to do it. I
> > then
> > did the Ctrl-Alt-Del and got it out that way. This happened a couple of
> > times in 2 days. I had just opened a newsletter from a site I trusted
and
> > went to the website and shortly got that. I then unsubscribed the
> > newsletter. Did it come from the website or someplace else? What else
can
> > I
> > do to prevent this type of thing happening. Any suggestions would be
> > appreciated.
> > Angel
>

 

[Gary S. Terhune]

Robear said nothing about taking the machine to a shop. What he recommends
is to run HijackThis and post the log to a forum dedicated to analyzing the
HJT log that's created when you run it. Robear himself participates in one
or more of those groups that analyze the HJT log(s). Don't post the log
here, as this is not the proper place to do so. Personally, I would like you
to go to the following site and do *everything* that's suggested. HiJackThis
is the last item on the list, to be run after you've run all the other
scanners.
http://aumha.org/a/quickfix.htm

--
Gary S. Terhune
MS-MVP Shell/User
www.grystmill.com

"Angel" <angel@noway.com> wrote in message
news:ujnvh0g0HHA.1164@TK2MSFTNGP02.phx.gbl...
> Hi PA Bear,
> For your information the last time I took the Computer to a local
> repair, IT REALLY WAS MESSED UP WHEN I GOT IT BACK. I will try to fix it
> myself with you guys help.
> Thanks,
> Angel
>
> "PA Bear" <PABearMVP@gmail.com> wrote in message
> news:uRWaJjg0HHA.484@TK2MSFTNGP06.phx.gbl...
>> The machine's been hijacked! Run a /thorough/ check for hijackware,
>> including posting your hijackthis log to an appropriate forum.
>>
>> Checking for/Help with Hijackware
>> http://aumha.org/a/parasite.htm
>> http://aumha.org/a/quickfix.htm
>> http://aumha.net/viewtopic.php?t=5878
>> http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
>> http://mvps.org/winhelp2002/unwanted.htm
>> http://inetexplorer.mvps.org/data/prevention.htm
>> http://inetexplorer.mvps.org/tshoot.html
>> http://www.mvps.org/sramesh2k/Malware_Defence.htm
>> http://defendingyourmachine2.blogspot.com/
>> http://www.elephantboycomputers.com/page2.html#Removing_Malware
>>
>> When all else fails, HijackThis v1.99.1
>> (http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
>> It will help you to both identify and remove any hijackware/spyware with
>> assistance from an expert. **Post your log to
>> http://forums.spybot.info/forumdisplay.php?f=22,
>> http://castlecops.com/forum67.html,
>> http://forums.subratam.org/index.php?showforum=7,
>> http://aumha.net/viewforum.php?f=30, or other appropriate forums for
> expert
>> analysis, not here.**
>>
>> If the procedures look too complex - and there is no shame in admitting
> this
>> isn't your cup of tea - take the machine to a local, reputable and
>> independent (i.e., not BigBoxStoreUSA) computer repair shop.
>> --
>> ~Robear Dyer (PA Bear)
>> MS MVP-Windows (IE, OE, Security, Shell/User)
>> AumHa VSOP & Admin DTS-L.org
>>
>> Angel wrote:
>> > Hi everyone,
>> > I was on the 'net and I received this pop up. It said to the effect
>> > Error alert. I think that is what it said at the top. A window popped
>> > up
>> > wanting me to download a registry cleaner. I click the close and then a
>> > gray
>> > box that wanted me download a program with an ok button and all the
>> > buttons
>> > at top were grayed out you could not close. I was not about to do it. I
>> > then
>> > did the Ctrl-Alt-Del and got it out that way. This happened a couple of
>> > times in 2 days. I had just opened a newsletter from a site I trusted
> and
>> > went to the website and shortly got that. I then unsubscribed the
>> > newsletter. Did it come from the website or someplace else? What else
> can
>> > I
>> > do to prevent this type of thing happening. Any suggestions would be
>> > appreciated.
>> > Angel
>>
>
>

 

[MEB]

"Angel" <angel@noway.com> wrote in message
news:Oub5Z%23e0HHA.5764@TK2MSFTNGP03.phx.gbl...
| Daave,
| No it did not look like that as seen on the link. I got away from it as
| soon as I could. Then did my routine as seen in my last post to MEB.
Nothing
| but the cookies came up in Spybot. No virus showed up in Avast! I just
| wanted to know how to prevent it from coming up. I found that the only way
I
| could get rid of the Box that you could not click on the close button was
to
| use the Ctrl-Alt-Del routine. Others may want to know also that is why I
| posted it. It almost demands that you download. Some may think that
because
| it does not let you click close button. So Ctrl-Alt-Del routine is the way
| to go to get out these situations. How did I know? Trying it. It was the
| only thing that I could think of at the time and it worked! It just takes
a
| short time to do it and it is done.
| Angel

Okay, as usual the group is here for whatever you need. Daave suggested an
issue note: there are other variant's that are used on the net. Also note
that USUALLY it takes some input/participation from you to install, which
you MAY have avoided using your crtl/alt/del. The *pop-up* and *pop-under*
MAY have been successfully nullified.

However: First do the suggestions [which you have already done some of the
normal local search/diagnostics] including *Hijack This* that were suggested
by knowledgable parties, just to be sure.
I believe, though, likely we [the group] can quickly scan what's found. I
think this group is capable of such activity, noting of course, the group is
not recognized as expert in this issue [HiJack This logs].... there are a
number of parties that can and do research potentials, or are otherwise
competent in their fashion and others who would likely catch any errors ...

As for your querry concerning how to stop this from occurring:
Once you get any issues taken care of, then there are several browser
settings that might be checked and changed pop-up blockers to discuss [and
various delivery methods and other blocking techniques] and several other
issues. Gary T. [someone you trust] will of course be watching and guiding
....

If I remember correctly: you have installed all OS updates, and are using
FireFox as your browser, is this correct?
What version of browser [and if applicable, what browser] are you using?
What email/newsgroup program(s) and version?


|
| "Daave" <dcwashNOSPAM@myrealboxXYZ.invalid> wrote in message
| news:e4XAeMa0HHA.3400@TK2MSFTNGP03.phx.gbl...
| > Angel wrote:
| > > Hi everyone,
| > > I was on the 'net and I received this pop up. It said to the
| > > effect Error alert. I think that is what it said at the top. A window
| > > popped up wanting me to download a registry cleaner. I click the
| > > close and then a gray box that wanted me download a program with an
| > > ok button and all the buttons at top were grayed out you could not
| > > close. I was not about to do it. I then did the Ctrl-Alt-Del and got
| > > it out that way. This happened a couple of times in 2 days. I had
| > > just opened a newsletter from a site I trusted and went to the
| > > website and shortly got that. I then unsubscribed the newsletter. Did
| > > it come from the website or someplace else? What else can I do to
| > > prevent this type of thing happening. Any suggestions would be
| > > appreciated. Angel
| >
| > Does it look anything like:
| >
| > http://www.adwarereport.com/mt/archives/Spyware.CyberLog-X.gif
| >
| > Is it "suggesting" you purchase a program? And if so, might the name of
| > the program be one of the following:
| >
| > 1. WinAntiSpyware
| > 2. AntiVirusGolden
| > 3. SpyHeal
| > 4. VirusBlast
| >
| > Describe the popup in detail--EVERYTHING about it.
| >
| > Sounds like you have a Smitfraud-type infection.
| >
| > If so, have a look at:
| >
| >
|
http://forums.spybot.info/showthread.php?s=8f2f8c2b826ba30f99ee3c749c167e6c&t=10970
| >
| >
|
|

--
MEB
http://peoplescounsel.orgfree.com
________

 

[MEB]

Sorry Gary, I just posted something counter [offline]... Angel should likely
follow your suggestions...

--
MEB
http://peoplescounsel.orgfree.com
________

 

[Angel]

Hi Gary,
I beg to differ with you. Please read his post all the way to the
bottom. After his links he says if this is not your cup of tea take it to a
local reliable computer shop. I have not found a reliable computer shop
around here, there isn't many to choose from. If all else fails I will have
to call someone that a lady gave me the name and ph.#. I do not know if he
is still around.
I am making this addition to my finds. When I searched History, I found
that it had me at WWW.errorsafe.com I also found www.lime.com I did not go
to lime. When I did the find folders & files, I found 2 cookies from lime
that did not show up in AdAware and Spybot. Why didn't it? I put both
websites in the Restricted Zone. No, I did not go to that link yet. I had
company, my son. The one that mows the lawn for me. I also had him look at
the washer. The agitator is going. The spin part is ok but not the agitating
part of it. He left at 7:00PM, so back to trying the link.
Angel.

"Gary S. Terhune" <none> wrote in message
news:%23T2cPVh0HHA.4476@TK2MSFTNGP06.phx.gbl...
> Robear said nothing about taking the machine to a shop. What he recommends
> is to run HijackThis and post the log to a forum dedicated to analyzing
the
> HJT log that's created when you run it. Robear himself participates in one
> or more of those groups that analyze the HJT log(s). Don't post the log
> here, as this is not the proper place to do so. Personally, I would like
you
> to go to the following site and do *everything* that's suggested.
HiJackThis
> is the last item on the list, to be run after you've run all the other
> scanners.
> http://aumha.org/a/quickfix.htm
>
> --
> Gary S. Terhune
> MS-MVP Shell/User
> www.grystmill.com
>
> "Angel" <angel@noway.com> wrote in message
> news:ujnvh0g0HHA.1164@TK2MSFTNGP02.phx.gbl...
> > Hi PA Bear,
> > For your information the last time I took the Computer to a local
> > repair, IT REALLY WAS MESSED UP WHEN I GOT IT BACK. I will try to fix it
> > myself with you guys help.
> > Thanks,
> > Angel
> >
> > "PA Bear" <PABearMVP@gmail.com> wrote in message
> > news:uRWaJjg0HHA.484@TK2MSFTNGP06.phx.gbl...
> >> The machine's been hijacked! Run a /thorough/ check for hijackware,
> >> including posting your hijackthis log to an appropriate forum.
> >>
> >> Checking for/Help with Hijackware
> >> http://aumha.org/a/parasite.htm
> >> http://aumha.org/a/quickfix.htm
> >> http://aumha.net/viewtopic.php?t=5878
> >> http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
> >> http://mvps.org/winhelp2002/unwanted.htm
> >> http://inetexplorer.mvps.org/data/prevention.htm
> >> http://inetexplorer.mvps.org/tshoot.html
> >> http://www.mvps.org/sramesh2k/Malware_Defence.htm
> >> http://defendingyourmachine2.blogspot.com/
> >> http://www.elephantboycomputers.com/page2.html#Removing_Malware
> >>
> >> When all else fails, HijackThis v1.99.1
> >> (http://aumha.org/downloads/hijackthis.zip) is the preferred tool to
use.
> >> It will help you to both identify and remove any hijackware/spyware
with
> >> assistance from an expert. **Post your log to
> >> http://forums.spybot.info/forumdisplay.php?f=22,
> >> http://castlecops.com/forum67.html,
> >> http://forums.subratam.org/index.php?showforum=7,
> >> http://aumha.net/viewforum.php?f=30, or other appropriate forums for
> > expert
> >> analysis, not here.**
> >>
> >> If the procedures look too complex - and there is no shame in admitting
> > this
> >> isn't your cup of tea - take the machine to a local, reputable and
> >> independent (i.e., not BigBoxStoreUSA) computer repair shop.
> >> --
> >> ~Robear Dyer (PA Bear)
> >> MS MVP-Windows (IE, OE, Security, Shell/User)
> >> AumHa VSOP & Admin DTS-L.org
> >>
> >> Angel wrote:
> >> > Hi everyone,
> >> > I was on the 'net and I received this pop up. It said to the
effect
> >> > Error alert. I think that is what it said at the top. A window popped
> >> > up
> >> > wanting me to download a registry cleaner. I click the close and then
a
> >> > gray
> >> > box that wanted me download a program with an ok button and all the
> >> > buttons
> >> > at top were grayed out you could not close. I was not about to do it.
I
> >> > then
> >> > did the Ctrl-Alt-Del and got it out that way. This happened a couple
of
> >> > times in 2 days. I had just opened a newsletter from a site I trusted
> > and
> >> > went to the website and shortly got that. I then unsubscribed the
> >> > newsletter. Did it come from the website or someplace else? What else
> > can
> >> > I
> >> > do to prevent this type of thing happening. Any suggestions would be
> >> > appreciated.
> >> > Angel
> >>
> >
> >
>
>

 

[Gary S. Terhune]

As I told you in the private email, errorsafe.com is selling the very crap
we always warn people against. Have you never been to lime.com? It's a sort
of central site for "healthy living", links to spas, natural foods, etc. I
went there and nothing suggests that it's at all malicious. And not all
cookies will be flagged by anti-malware apps. Only "tracking" cookies. I
presume that the two cookies from lime.com aren't tracking cookies.

Really, I don't think lime.com is any part of your problem, but it might be
as I described earlier--that the popup was prompted by an ad. Lots of
advertising space is sold to a "broker" like doubleclick.com. They in turn
sell the space to whoever wants to advertise. Sometimes they aren't too
picky about who they sell space to. So, you can't definitely remember what
site(s) you went to that prompted the popups?

OK, I read Robear's message to the end and now I see what you're talking
about. It's standard advice. Maybe useful to you, maybe not. The message
from Robear has the look of a "boilerplate" post that he already has written
and simply posts it whenever it applies to an issue. Ignore the parts that
don't apply to you.

--
Gary S. Terhune
MS-MVP Shell/User
www.grystmill.com

"Angel" <angel@noway.com> wrote in message
news:uwSRLdj0HHA.5380@TK2MSFTNGP04.phx.gbl...
> Hi Gary,
> I beg to differ with you. Please read his post all the way to the
> bottom. After his links he says if this is not your cup of tea take it to
> a
> local reliable computer shop. I have not found a reliable computer shop
> around here, there isn't many to choose from. If all else fails I will
> have
> to call someone that a lady gave me the name and ph.#. I do not know if he
> is still around.
> I am making this addition to my finds. When I searched History, I found
> that it had me at WWW.errorsafe.com I also found www.lime.com I did not go
> to lime. When I did the find folders & files, I found 2 cookies from lime
> that did not show up in AdAware and Spybot. Why didn't it? I put both
> websites in the Restricted Zone. No, I did not go to that link yet. I had
> company, my son. The one that mows the lawn for me. I also had him look at
> the washer. The agitator is going. The spin part is ok but not the
> agitating
> part of it. He left at 7:00PM, so back to trying the link.
> Angel.
>
> "Gary S. Terhune" <none> wrote in message
> news:%23T2cPVh0HHA.4476@TK2MSFTNGP06.phx.gbl...
>> Robear said nothing about taking the machine to a shop. What he
>> recommends
>> is to run HijackThis and post the log to a forum dedicated to analyzing
> the
>> HJT log that's created when you run it. Robear himself participates in
>> one
>> or more of those groups that analyze the HJT log(s). Don't post the log
>> here, as this is not the proper place to do so. Personally, I would like
> you
>> to go to the following site and do *everything* that's suggested.
> HiJackThis
>> is the last item on the list, to be run after you've run all the other
>> scanners.
>> http://aumha.org/a/quickfix.htm
>>
>> --
>> Gary S. Terhune
>> MS-MVP Shell/User
>> www.grystmill.com
>>
>> "Angel" <angel@noway.com> wrote in message
>> news:ujnvh0g0HHA.1164@TK2MSFTNGP02.phx.gbl...
>> > Hi PA Bear,
>> > For your information the last time I took the Computer to a local
>> > repair, IT REALLY WAS MESSED UP WHEN I GOT IT BACK. I will try to fix
>> > it
>> > myself with you guys help.
>> > Thanks,
>> > Angel
>> >
>> > "PA Bear" <PABearMVP@gmail.com> wrote in message
>> > news:uRWaJjg0HHA.484@TK2MSFTNGP06.phx.gbl...
>> >> The machine's been hijacked! Run a /thorough/ check for hijackware,
>> >> including posting your hijackthis log to an appropriate forum.
>> >>
>> >> Checking for/Help with Hijackware
>> >> http://aumha.org/a/parasite.htm
>> >> http://aumha.org/a/quickfix.htm
>> >> http://aumha.net/viewtopic.php?t=5878
>> >> http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
>> >> http://mvps.org/winhelp2002/unwanted.htm
>> >> http://inetexplorer.mvps.org/data/prevention.htm
>> >> http://inetexplorer.mvps.org/tshoot.html
>> >> http://www.mvps.org/sramesh2k/Malware_Defence.htm
>> >> http://defendingyourmachine2.blogspot.com/
>> >> http://www.elephantboycomputers.com/page2.html#Removing_Malware
>> >>
>> >> When all else fails, HijackThis v1.99.1
>> >> (http://aumha.org/downloads/hijackthis.zip) is the preferred tool to
> use.
>> >> It will help you to both identify and remove any hijackware/spyware
> with
>> >> assistance from an expert. **Post your log to
>> >> http://forums.spybot.info/forumdisplay.php?f=22,
>> >> http://castlecops.com/forum67.html,
>> >> http://forums.subratam.org/index.php?showforum=7,
>> >> http://aumha.net/viewforum.php?f=30, or other appropriate forums for
>> > expert
>> >> analysis, not here.**
>> >>
>> >> If the procedures look too complex - and there is no shame in
>> >> admitting
>> > this
>> >> isn't your cup of tea - take the machine to a local, reputable and
>> >> independent (i.e., not BigBoxStoreUSA) computer repair shop.
>> >> --
>> >> ~Robear Dyer (PA Bear)
>> >> MS MVP-Windows (IE, OE, Security, Shell/User)
>> >> AumHa VSOP & Admin DTS-L.org
>> >>
>> >> Angel wrote:
>> >> > Hi everyone,
>> >> > I was on the 'net and I received this pop up. It said to the
> effect
>> >> > Error alert. I think that is what it said at the top. A window
>> >> > popped
>> >> > up
>> >> > wanting me to download a registry cleaner. I click the close and
>> >> > then
> a
>> >> > gray
>> >> > box that wanted me download a program with an ok button and all the
>> >> > buttons
>> >> > at top were grayed out you could not close. I was not about to do
>> >> > it.
> I
>> >> > then
>> >> > did the Ctrl-Alt-Del and got it out that way. This happened a couple
> of
>> >> > times in 2 days. I had just opened a newsletter from a site I
>> >> > trusted
>> > and
>> >> > went to the website and shortly got that. I then unsubscribed the
>> >> > newsletter. Did it come from the website or someplace else? What
>> >> > else
>> > can
>> >> > I
>> >> > do to prevent this type of thing happening. Any suggestions would be
>> >> > appreciated.
>> >> > Angel
>> >>
>> >
>> >
>>
>>
>
>

 

[Angel]

Gary,
I wrote you an email that I went to the beliefnet website. I went to it
many times before and this did not happen. The FIRST time that it happened
was when I got the answer from that question about the Temp file. It popped
up then. The errorsafe wanting me to download then.But it was not persistent
until yesterday.
Angel

"Gary S. Terhune" <none> wrote in message
news:ugoU0pk0HHA.1164@TK2MSFTNGP02.phx.gbl...
> As I told you in the private email, errorsafe.com is selling the very crap
> we always warn people against. Have you never been to lime.com? It's a
sort
> of central site for "healthy living", links to spas, natural foods, etc. I
> went there and nothing suggests that it's at all malicious. And not all
> cookies will be flagged by anti-malware apps. Only "tracking" cookies. I
> presume that the two cookies from lime.com aren't tracking cookies.
>
> Really, I don't think lime.com is any part of your problem, but it might
be
> as I described earlier--that the popup was prompted by an ad. Lots of
> advertising space is sold to a "broker" like doubleclick.com. They in turn
> sell the space to whoever wants to advertise. Sometimes they aren't too
> picky about who they sell space to. So, you can't definitely remember what
> site(s) you went to that prompted the popups?
>
> OK, I read Robear's message to the end and now I see what you're talking
> about. It's standard advice. Maybe useful to you, maybe not. The message
> from Robear has the look of a "boilerplate" post that he already has
written
> and simply posts it whenever it applies to an issue. Ignore the parts that
> don't apply to you.
>
> --
> Gary S. Terhune
> MS-MVP Shell/User
> www.grystmill.com
>
> "Angel" <angel@noway.com> wrote in message
> news:uwSRLdj0HHA.5380@TK2MSFTNGP04.phx.gbl...
> > Hi Gary,
> > I beg to differ with you. Please read his post all the way to the
> > bottom. After his links he says if this is not your cup of tea take it
to
> > a
> > local reliable computer shop. I have not found a reliable computer shop
> > around here, there isn't many to choose from. If all else fails I will
> > have
> > to call someone that a lady gave me the name and ph.#. I do not know if
he
> > is still around.
> > I am making this addition to my finds. When I searched History, I
found
> > that it had me at WWW.errorsafe.com I also found www.lime.com I did not
go
> > to lime. When I did the find folders & files, I found 2 cookies from
lime
> > that did not show up in AdAware and Spybot. Why didn't it? I put both
> > websites in the Restricted Zone. No, I did not go to that link yet. I
had
> > company, my son. The one that mows the lawn for me. I also had him look
at
> > the washer. The agitator is going. The spin part is ok but not the
> > agitating
> > part of it. He left at 7:00PM, so back to trying the link.
> > Angel.
> >
> > "Gary S. Terhune" <none> wrote in message
> > news:%23T2cPVh0HHA.4476@TK2MSFTNGP06.phx.gbl...
> >> Robear said nothing about taking the machine to a shop. What he
> >> recommends
> >> is to run HijackThis and post the log to a forum dedicated to analyzing
> > the
> >> HJT log that's created when you run it. Robear himself participates in
> >> one
> >> or more of those groups that analyze the HJT log(s). Don't post the log
> >> here, as this is not the proper place to do so. Personally, I would
like
> > you
> >> to go to the following site and do *everything* that's suggested.
> > HiJackThis
> >> is the last item on the list, to be run after you've run all the other
> >> scanners.
> >> http://aumha.org/a/quickfix.htm
> >>
> >> --
> >> Gary S. Terhune
> >> MS-MVP Shell/User
> >> www.grystmill.com
> >>
> >> "Angel" <angel@noway.com> wrote in message
> >> news:ujnvh0g0HHA.1164@TK2MSFTNGP02.phx.gbl...
> >> > Hi PA Bear,
> >> > For your information the last time I took the Computer to a local
> >> > repair, IT REALLY WAS MESSED UP WHEN I GOT IT BACK. I will try to fix
> >> > it
> >> > myself with you guys help.
> >> > Thanks,
> >> > Angel
> >> >
> >> > "PA Bear" <PABearMVP@gmail.com> wrote in message
> >> > news:uRWaJjg0HHA.484@TK2MSFTNGP06.phx.gbl...
> >> >> The machine's been hijacked! Run a /thorough/ check for hijackware,
> >> >> including posting your hijackthis log to an appropriate forum.
> >> >>
> >> >> Checking for/Help with Hijackware
> >> >> http://aumha.org/a/parasite.htm
> >> >> http://aumha.org/a/quickfix.htm
> >> >> http://aumha.net/viewtopic.php?t=5878
> >> >>
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
> >> >> http://mvps.org/winhelp2002/unwanted.htm
> >> >> http://inetexplorer.mvps.org/data/prevention.htm
> >> >> http://inetexplorer.mvps.org/tshoot.html
> >> >> http://www.mvps.org/sramesh2k/Malware_Defence.htm
> >> >> http://defendingyourmachine2.blogspot.com/
> >> >> http://www.elephantboycomputers.com/page2.html#Removing_Malware
> >> >>
> >> >> When all else fails, HijackThis v1.99.1
> >> >> (http://aumha.org/downloads/hijackthis.zip) is the preferred tool to
> > use.
> >> >> It will help you to both identify and remove any hijackware/spyware
> > with
> >> >> assistance from an expert. **Post your log to
> >> >> http://forums.spybot.info/forumdisplay.php?f=22,
> >> >> http://castlecops.com/forum67.html,
> >> >> http://forums.subratam.org/index.php?showforum=7,
> >> >> http://aumha.net/viewforum.php?f=30, or other appropriate forums for
> >> > expert
> >> >> analysis, not here.**
> >> >>
> >> >> If the procedures look too complex - and there is no shame in
> >> >> admitting
> >> > this
> >> >> isn't your cup of tea - take the machine to a local, reputable and
> >> >> independent (i.e., not BigBoxStoreUSA) computer repair shop.
> >> >> --
> >> >> ~Robear Dyer (PA Bear)
> >> >> MS MVP-Windows (IE, OE, Security, Shell/User)
> >> >> AumHa VSOP & Admin DTS-L.org
> >> >>
> >> >> Angel wrote:
> >> >> > Hi everyone,
> >> >> > I was on the 'net and I received this pop up. It said to the
> > effect
> >> >> > Error alert. I think that is what it said at the top. A window
> >> >> > popped
> >> >> > up
> >> >> > wanting me to download a registry cleaner. I click the close and
> >> >> > then
> > a
> >> >> > gray
> >> >> > box that wanted me download a program with an ok button and all
the
> >> >> > buttons
> >> >> > at top were grayed out you could not close. I was not about to do
> >> >> > it.
> > I
> >> >> > then
> >> >> > did the Ctrl-Alt-Del and got it out that way. This happened a
couple
> > of
> >> >> > times in 2 days. I had just opened a newsletter from a site I
> >> >> > trusted
> >> > and
> >> >> > went to the website and shortly got that. I then unsubscribed the
> >> >> > newsletter. Did it come from the website or someplace else? What
> >> >> > else
> >> > can
> >> >> > I
> >> >> > do to prevent this type of thing happening. Any suggestions would
be
> >> >> > appreciated.
> >> >> > Angel
> >> >>
> >> >
> >> >
> >>
> >>
> >
> >
>
>

 

[Daave]

Angel,

If this was just a one-shot deal and you haven't had any suspicious
popups since then, it might just have been a problem with a particular
Web site you had visited. I recall that a similar thing (aggressive
popups) happened at reddit.com [*] recently. If you configure your
browser just so and use a Hosts file, you'd be surprised how much junk
is filtered. The only reason I know about the aggressive popups is
because I read the discussion. Otherwise, I never would have known. If
you use IE, you might want to look at SpywareBlaster and a good Hosts
file:

SpywareBlaster (prevents spyware from being installed):
http://www.javacoolsoftware.com/spywareblaster.html

"Blocking Unwanted Parasites with a Hosts File":
http://www.mvps.org/winhelp2002/hosts.htm

Also, if you use Outlook Express, you need to make it as secure as
possible. Go to "Best Practices for Outlook Express" at:

http://people.cornell.edu/pages/drb1/Windows/OutLookExpress/OutLookExpress.htm

Scroll down to "Configure Outlook Express." Disabling the Preview Pane
is a good idea, and selecting IE's Restricted Sites Zone is ESSENTIAL!

Also, what are your current security settings for IE (normal Internet)?
Medium should be fine.

Oh, and while you're looking at IE's Internet Options, you will notice
that under the Privacy tab, in the Web Sites [Edit] section will be all
the sites that SpywareBlaster will block cookies from (not bad, huh?).

One other thing:

Did the Ctrl-Alt-Del only get rid of the unwanted popup? Or did it also
force your browser to quit?



* "Popups are back on reddit - just got one for DriveCleaner.com again"
http://reddit.com/info/26rj3/comments



Angel wrote:
> Daave,
> I do not have the details because I did not stick around to find
> out. It
> acted like it wanted to download into my computer. I clicked the close
> button. then another gray block came up and you could not click on
> the close button. All the buttons were grayed out except the OK
> button at the bottom
> to download it..
> Angel
>
> "Angel" <angel@noway.com> wrote in message
> news:Oub5Z%23e0HHA.5764@TK2MSFTNGP03.phx.gbl...
>> Daave,
>> No it did not look like that as seen on the link. I got away from
>> it as
>> soon as I could. Then did my routine as seen in my last post to MEB.
> Nothing
>> but the cookies came up in Spybot. No virus showed up in Avast! I
>> just
>> wanted to know how to prevent it from coming up. I found that the
>> only way
> I
>> could get rid of the Box that you could not click on the close
>> button was
> to
>> use the Ctrl-Alt-Del routine. Others may want to know also that is
>> why I
>> posted it. It almost demands that you download. Some may think that
> because
>> it does not let you click close button. So Ctrl-Alt-Del routine is
>> the way
>> to go to get out these situations. How did I know? Trying it. It was
>> the
>> only thing that I could think of at the time and it worked! It just
>> takes
> a
>> short time to do it and it is done.
>> Angel
>>
>> "Daave" <dcwashNOSPAM@myrealboxXYZ.invalid> wrote in message
>> news:e4XAeMa0HHA.3400@TK2MSFTNGP03.phx.gbl...
>>> Angel wrote:
>>>> Hi everyone,
>>>> I was on the 'net and I received this pop up. It said to the
>>>> effect Error alert. I think that is what it said at the top. A
>>>> window
>>>> popped up wanting me to download a registry cleaner. I click the
>>>> close and then a gray box that wanted me download a program with an
>>>> ok button and all the buttons at top were grayed out you could not
>>>> close. I was not about to do it. I then did the Ctrl-Alt-Del and
>>>> got
>>>> it out that way. This happened a couple of times in 2 days. I had
>>>> just opened a newsletter from a site I trusted and went to the
>>>> website and shortly got that. I then unsubscribed the newsletter.
>>>> Did
>>>> it come from the website or someplace else? What else can I do to
>>>> prevent this type of thing happening. Any suggestions would be
>>>> appreciated. Angel
>>>
>>> Does it look anything like:
>>>
>>> http://www.adwarereport.com/mt/archives/Spyware.CyberLog-X.gif
>>>
>>> Is it "suggesting" you purchase a program? And if so, might the
>>> name of
>>> the program be one of the following:
>>>
>>> 1. WinAntiSpyware
>>> 2. AntiVirusGolden
>>> 3. SpyHeal
>>> 4. VirusBlast
>>>
>>> Describe the popup in detail--EVERYTHING about it.
>>>
>>> Sounds like you have a Smitfraud-type infection.
>>>
>>> If so, have a look at:
>>>
>>>
>>
>
http://forums.spybot.info/showthread.php?s=8f2f8c2b826ba30f99ee3c749c167e6c&t=10970

 

[Angel]

Hi MEB,
I am going to try this again I hope it goes through. I have tried about
5 times today to send this but it never showed up. The one that did, was the
one I sent to ask why I was having trouble. I sent a couple after that.
No, I am not using firefox. I am using Internet explorer. Last night I
was still receiving pop ups. I even had one when I was trying to use the
site for the*fix* that PABear and Gary mentioned in their posts. I KNOW that
the pop up was not from that click on site. It was a Sexy Girl pop up. Of
course I used the close button. Then I got the grey box titled Microsoft
something. Whoever is doing it they are trying to mimic the Windows boxes.
In the box it said that I have been visiting Adult Sites. Not true. They
wanted me to download Drive Cleaner. I then did my routine even though it
was 1:30AM I was tired. Nothing showed up on neither except except the usual
cookie that I did the *fix* on. I think that it was adrevolver. That was
Spybot. AdAware had the usual cookies. Avast! showed nothing.
You asked if when I used the 3 finger salute caused any problems. The
thing that happened was one of my icons disappeared, the hotkey one.
I tried to save the instructions to my desktop. All I got was the
borders of it. I tried to do the print the only thing that came up was page
1 with a side bar. That did not do me any good.
I only have I computer, so I cannot type it out. My
handwriting/printing I cannot sometimes read when it gets cold.
I have another problem. I used to have my explorer buttons across the
top, now they are at the bottom when I open Outlook Express. When I type a
post they are across the top. When I read the posts they are on the side you
have to click on a button at the top and the button is not marked in any
way.
Angel

"MEB" <meb@not here@hotmail.com> wrote in message
news:ed0FrJi0HHA.4476@TK2MSFTNGP06.phx.gbl...
>
>
> "Angel" <angel@noway.com> wrote in message
> news:Oub5Z%23e0HHA.5764@TK2MSFTNGP03.phx.gbl...
> | Daave,
> | No it did not look like that as seen on the link. I got away from it
as
> | soon as I could. Then did my routine as seen in my last post to MEB.
> Nothing
> | but the cookies came up in Spybot. No virus showed up in Avast! I just
> | wanted to know how to prevent it from coming up. I found that the only
way
> I
> | could get rid of the Box that you could not click on the close button
was
> to
> | use the Ctrl-Alt-Del routine. Others may want to know also that is why I
> | posted it. It almost demands that you download. Some may think that
> because
> | it does not let you click close button. So Ctrl-Alt-Del routine is the
way
> | to go to get out these situations. How did I know? Trying it. It was the
> | only thing that I could think of at the time and it worked! It just
takes
> a
> | short time to do it and it is done.
> | Angel
>
> Okay, as usual the group is here for whatever you need. Daave suggested
an
> issue note: there are other variant's that are used on the net. Also note
> that USUALLY it takes some input/participation from you to install, which
> you MAY have avoided using your crtl/alt/del. The *pop-up* and *pop-under*
> MAY have been successfully nullified.
>
> However: First do the suggestions [which you have already done some of
the
> normal local search/diagnostics] including *Hijack This* that were
suggested
> by knowledgable parties, just to be sure.
> I believe, though, likely we [the group] can quickly scan what's found. I
> think this group is capable of such activity, noting of course, the group
is
> not recognized as expert in this issue [HiJack This logs].... there are a
> number of parties that can and do research potentials, or are otherwise
> competent in their fashion and others who would likely catch any errors
....
>
> As for your querry concerning how to stop this from occurring:
> Once you get any issues taken care of, then there are several browser
> settings that might be checked and changed pop-up blockers to discuss
[and
> various delivery methods and other blocking techniques] and several other
> issues. Gary T. [someone you trust] will of course be watching and guiding
> ...
>
> If I remember correctly: you have installed all OS updates, and are using
> FireFox as your browser, is this correct?
> What version of browser [and if applicable, what browser] are you using?
> What email/newsgroup program(s) and version?
>
>
> |
> | "Daave" <dcwashNOSPAM@myrealboxXYZ.invalid> wrote in message
> | news:e4XAeMa0HHA.3400@TK2MSFTNGP03.phx.gbl...
> | > Angel wrote:
> | > > Hi everyone,
> | > > I was on the 'net and I received this pop up. It said to the
> | > > effect Error alert. I think that is what it said at the top. A
window
> | > > popped up wanting me to download a registry cleaner. I click the
> | > > close and then a gray box that wanted me download a program with an
> | > > ok button and all the buttons at top were grayed out you could not
> | > > close. I was not about to do it. I then did the Ctrl-Alt-Del and got
> | > > it out that way. This happened a couple of times in 2 days. I had
> | > > just opened a newsletter from a site I trusted and went to the
> | > > website and shortly got that. I then unsubscribed the newsletter.
Did
> | > > it come from the website or someplace else? What else can I do to
> | > > prevent this type of thing happening. Any suggestions would be
> | > > appreciated. Angel
> | >
> | > Does it look anything like:
> | >
> | > http://www.adwarereport.com/mt/archives/Spyware.CyberLog-X.gif
> | >
> | > Is it "suggesting" you purchase a program? And if so, might the name
of
> | > the program be one of the following:
> | >
> | > 1. WinAntiSpyware
> | > 2. AntiVirusGolden
> | > 3. SpyHeal
> | > 4. VirusBlast
> | >
> | > Describe the popup in detail--EVERYTHING about it.
> | >
> | > Sounds like you have a Smitfraud-type infection.
> | >
> | > If so, have a look at:
> | >
> | >
> |
>
http://forums.spybot.info/showthread.php?s=8f2f8c2b826ba30f99ee3c749c167e6c&t=10970
> | >
> | >
> |
> |
>
> --
> MEB
> http://peoplescounsel.orgfree.com
> ________
>
>
>