'Ello,

On my other comp I keep getting this random popup, no matter what I do, even if its just left on it comes up at some time. This only started happening after I reformatted my hard drive, I have downloaded nothing and I have done a virus scan/anti spy ware scan and they can't find any thing. Any one got any ideas?

err this prolly sounds well dumb but have you disabled popups in internet explorer. i used to get random ones from time to time and then when i blocked em on that they stopped for good.

get SpyBot S&D and AdAware, that should fix your popups. You prolly have some mean lil prog on your comp (that you got from visiting free porn sites =P) that throws popups every now and then.

'Ello,

On my other comp I keep getting this random popup, no matter what I do, even if its just left on it comes up at some time. This only started happening after I reformatted my hard drive, I have downloaded nothing and I have done a virus scan/anti spy ware scan and they can't find any thing. Any one got any ideas?

Make sure Windows Messanger Service is disabled:

Steps as followed for each OS (taken from: http://www.itc.virginia.edu/desktop/docs/messagepopup/ )
Disabling the Messenger Service
To remove the ability for anyone in the world to pop up messages on your computer, you can disable the Messenger service. Its easy to reverse at a later time if you wish to do so.



Windows 2000
Click Start-> Settings-> Control Panel-> Administrative Tools->Services
Scroll down and highlight "Messenger"
Right-click the highlighted line and choose Properties.
Click the STOP button.
Select Disable or Manual in the Startup Type scroll bar
Click OK


Windows XP Home
Click Start->Settings ->Control Panel
Click Performance and Maintenance
Click Administrative Tools
Double click Services Scroll
down and highlight "Messenger"
Right-click the highlighted line and choose Properties.
Click the STOP button.
Select Disable or Manual in the Startup Type scroll bar
Click OK


Windows XP Professional
Click Start->Settings ->Control Panel
Click Administrative Tools
Click Services
Double click Services Scroll
down and highlight "Messenger"
Right-click the highlighted line and choose Properties.
Click the STOP button.
Select Disable or Manual in the Startup Type scroll bar
Click OK


Windows NT
Click Start ->Control Panel
Double Click Administrative Tools
Select Services-> Double-click on Messenger
In the Messenger Properties window, select Stop,
Then choose Disable as the Startup Type
Click OK


Hope this helps,
H

yea its messenger - sounds like it anyway

bless XP and its goodness

do as the above says - and you win the game :)

It could be the messenger service, try that first.

If it still happens after that is disabled, you probably have a browser hijack installed. Some common names that come to mind, eZula, Internet Optimizer, Webhancer, TVMedia, 1800SearchAssisstant, GAIN/Gator... Some of which cannot be cleaned with Spybot or Ad-Aware. A lot of time, eZula for instance, is easiest to uninstall by installing it, then uninstalling it from the Add/Remove Programs. But there are some processes it leaves behind that reinstalls eZula without your knowledge (for which they should be sued), do a search on google for removing eZula and it will show you the steps to completely rid yourself of it.

That's just an example... there are literally hundreds of similar programs. All claim to optimize your downloads or help you search the web... Silly rabbits.

There is a nice program that helps get rid of browser Hijacks... HijackThis.exe, but it deals strictly with your registry entries, so for beginner users, it will be hard to identify which entries your should fix or leave alone.

What I've seen people do on support forums though, is run HijackThis and post the output in the thread. Then people that know what to get rid of can help you do it.

Its not Windows Services, its loads of different types of popups, some porn (no I have been no no porn sites, not with that comp any way ;) ), spy bot and addware don't seem to peek it up, I'll try the hijack think.

Thanx for the help so far.

Its not Windows Services, its loads of different types of popups, some porn (no I have been no no porn sites, not with that comp any way ;) ), spy bot and addware don't seem to peek it up, I'll try the hijack think.

Thanx for the help so far.



pffffffft... you know you've been surfing for pr0n when you got those kind
of popups... had shitloads of spyware on my comp yesterday, but spybot-sd
fixed them.

Nop, not been on porn on that comp, mainy cos I never use it, I use this comp which is faster, and the other comp with the pop ups has just had the hard drives reformatted then they came up o.O

Nop, not been on porn on that comp, mainy cos I never use it, I use this comp which is faster, and the other comp with the pop ups has just had the hard drives reformatted then they came up o.O

Guess it's magic then...

you damn porn slut El ;)

only thing you can do is make sure you've got ad-aware updated and scan the baby

You've updated your windows with absolutely windows updates?

Ultimate remove:
Goto taskmanager and locate the evil executable doing the pop ups and close it.

After that start regedit.exe and goto HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run and remove the ones that shouldnt be there. Stuff that usually ends up there is nvidia (rundll32.exe DLLFILE)/ATI, Synchronization Manager etc., remove the suspicious key(s), also check HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run and do the same there.

And the last thing you could do is to goto HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon and look what the key "Shell" is containing, if it's not explorer.exe, change it to explorer.exe (litestep modifies this btw. If you use Litestep, it wont be explorer.exe so no need to set it to explorer.exe or your litestep wont start).

If you are unsure about the registry keys, search for that particular EXE file and see where it's located, it might be antivirus/firewall/soundcard etc. If you are even more unsure, paste the registry keys here and I'll take a look.

Post a screenshot of the popup and of the processes running under Task Manager sorted by user.

I'l ltry the registry key thing next tiem it comes up and I'll post a screenie of the file being run if that don't work.

I am not 100% sure, but I just found a file running called bcray.exe, although there are no popups atm. I can't remmeber why, but ages and ages ago I remmeber having that running on this computer as well and I deleted it cos it did some thing when it ran, an't got a clue now what it was it did though. There is also a bcray.exe .pf file in my Windows/Prefetch file, not sure that means any thing to any one (doesn't to me), but I am gona delete them, I think that might be the prob.

take a screenie of some fool running up to you in plaza and going 'pop up' then running away.

I googled the filename and everything indicates it's a spyware :)

Well some ones PMed me and most people say its spy ware, so time to get rid of it. Strage that ad-ware and spy-bot (updated) didn't pick it up, well thanx for all the help all :).

DAm I'm half asleep but if your running XP Pro or Home there is something to do with IE that checks stored web pages (can't think straight right now) My daughter's computer had a problem with pop-ups just poping up without IE opened and I did something that stopped that check of web pages (Dam I can't remember what it was now) Ad-aware and spy bot didn't find anything also. Will post if I remember more.

Get ad-aware and spybot, get at least some kind of firewall going, download all of the windows updates, and if you still have problems get a popup blocker (I think the Google toolbar works). If you haven't run windows update and you haven't got a firewall, then given few days you'll have more than just spyware and popups on your comp.

EDIT: If your browser homepage constantly resets itself to any kind of search site, then you most likely need CWShredder as well. If you still have a problem try HijackThis.

Thats the wired thing, both my computers have the XP updates, both have fully uptodate Norton Anti Virus and Norton Fire wall (XP firewall is off) and bother have fully updated Spy Bot and Ad-Ware, but they have both had bcray.exe.

The only time I think I could have got it on my other comp is when I connected it to the net then installed all the antivirus/spyware stuff, so some where between connecting and installing and updating (which was don soon as I got it on the net) I got it. Those things must be prity damn fast.

Thanx for all the help :).

You have a 20 minute window on average before a freshly reinstalled PC is turned into a completely compromised zombie host, last I read. Ad-aware and SpyBot should have picked the app up - was Ad-adware set to smart scan or did you do a thorough scan of the drive? If it didn't pick it up on a thorough scan I'd suggest e-mailing tech support for one of them and let them know.

I had it scan the drive "Select drives\folders to scan" set it to scan my own drive as well, which is weird. I'll e-mail their tech support in a moment.

Sometimes when an adware gets rid of spyware it might not be able to delete the actual file so it goes to prefecth as quarantined. There could be other files hiding that reinstall the program every time you reboot as well. Best thing to do is google the process like 'bcray.exe' and people usually have forums on how to remove the crap if adware doesnt.

If adaware finds it but got trouble deleting all the files, boot Windows XP into safemode and run adaware in there, it should have no problems removing the files.

I always get these when I reinstall, some hole in the messenger service.... you can get it blocked by downloading the updates on windowsupdate... has worked like a charm for the last 5-10 reinstalls... keep getting some ads about diplomas and shit... the popup just looks like something that was sent using netsend... btw, if you're using msn (as I know you are, since I have you on it :D ) don't disable it, just patch it ;)