Avast WEBforum
Other => General Topics => Topic started by: sandy55 on August 30, 2010, 01:46:30 AM
-
I am getting instant message popups from porn sites.
I clicked on it and got this site here:
http://adultfriendfinder.com/search/g1236584-pct?18PG=1&find_sex=2&ip=auto&looking_for_person=1&photo=1&race=0&show_city=1&picid=2yoMirfLvekzHlAgKALECAA--&hr=aHR0cDovL2R2YXNlbXNlbWMub3Jncy5oay9FRkZFQ1RTK1NFWFVBTCtTSURFK1NTUkkuaHRtbA==&creative=im_box
What do I have to do to stop this?
-
Don't go there? ;)
-
Don't go there? ;)
Sometimes they follow you home, though. Or am I thinking of the real red-light district rather than the on-line one ;D
@sandy55, Going under the assumption these pop-ups are appearing not just on an adult site, but other sites when you are using your browser, maybe try this.
1. Clean out temp files with one of these>>
http://www.geekstogo.com/forum/files/download/187-tfc-temp-file-cleaner-by-oldtimer/ (http://www.geekstogo.com/forum/files/download/187-tfc-temp-file-cleaner-by-oldtimer/)
Save work before running, requires a reboot after running.
or
http://www.piriform.com/ccleaner/download (http://www.piriform.com/ccleaner/download)
2. Run Malwarebytes>>http://www.malwarebytes.org/ (http://www.malwarebytes.org/)
-
It is not that I am shocked or bothered so much that they are porn site it just so happens that is what they are :) what bothers me is the lack of security on my pc.
You assume correctly I was trying to read this :
Effects sexual side ssri
Of fluoroscopy in a given locale Effects sexual side ssri and the dose level would be the suppress the thymus gland. 68 20 34. seems to us a spreads TO the ...
dvasemsemc.orgs.hk/EFFECTS+SEXUAL+SIDE+SSRI.html - Cached
Show more results from dvasemsemc.orgs.hk
When it came up and did so consistently.
I cannot try what you have suggested just now as I have to leave but will get to it asap
will let you know how it works.
Thanks so much, Sandy.
It could be the porn came up because the word sex was in the link.
I had done a search on how ssri drugs effect the thymus.
-
I suggest:
1. Clean your temporary files.
2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! (http://www.freedrweb.com/cureit/) instead.
3. Use MBAM (http://malwarebytes.org/mbam.php) (or SUPERantispyware (http://www.superantispyware.com) or even Spyware Terminator (http://www.spywareterminator.com/)) to scan for spywares and trojans. If any infection is detected, it is better and safer to send the infected file(s) to quarantine (Chest), rather than simply deleting them.
4. Test your machine with anti-rootkit applications (http://www.antirootkit.com/software/index.htm). I suggest avast! antirootkit (http://files.avast.com/files/beta/aswar.exe) or Trend Micro RootkitBuster (http://www.trendmicro.com/download/rbuster.asp).
5. Make a HijackThis (http://www.bleepingcomputer.com/files/hijackthis.php) log to post here or this analysis site (http://www.hijackthis.de/#anl). Or even submit the RunScanner (http://www.runscanner.net/) log to to on-line analysis.
6. Clean your Hosts file (replacing it) with HostsMan (http://www.abelhadigital.com) tool.
7. Disable System Restore and then reenable it again.
8. Immunize your system with SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html).
9. Check if you have insecure applications with Secunia Software Inspector (http://secunia.com/software_inspector/).
-
So far I did the avast boot scan and found Java:Agent-AP [Trj]
It is in the chest now hoping that was the problem.
Not sure if this is normal so will run it by now often when I turn my computer on Avast has been disabled there is a yellow triangle with a ! mark in it over the Avast icon. Do others have this was it the Trj I just found do you think?
Not sure if I need to do anything else or if the problem detected was the only issue. Any thoughts?
-
ps I do not know how to clean my temporary files I know self taught and too old to have learned about computers in school as they did not exist yet.
-
clean your temp files
Temp File Cleaner by OldTimer ( will clean ALL and ONLY tempfiles )
(Note: If you are running on Vista, right-click on the file and choose Run As Administrator)
http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/
TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.
I would also check for malware with this
Malwarebytes Anti-Malware 1.46 http://filehippo.com/download_malwarebytes_anti_malware/
always run update before you scan so you have the latest database
click the remove selected button to quarantine anything found
you may post the log here
-
Change your IM settings so that you only get messages from known contacts.
-
:-\ Avast virus definition will not update now.
So far all I have done it put the Trj in the virus chest. Not sure if I should continue with the other suggestions or wait to fix this first any thoughts.
I am using windows xp and do not know how to set my instant messages. Gee seems I have a lot to learn.
I am trying to be careful and not do too many things at once. :)
-
:-\ Avast virus definition will not update now.
So far all I have done it put the Trj in the virus chest. Not sure if I should continue with the other suggestions or wait to fix this first any thoughts.
I am using windows xp and do not know how to set my instant messages. Gee seems I have a lot to learn.
I am trying to be careful and not do too many things at once. :)
What's your IM client?
Here's how for msn:
How can I keep people I don't know from sending me instant messages?
People who know your e-mail address can send you messages even if they are not on your contact list or on your Allow List. You can prevent this by adjusting your privacy settings.
To block messages from everyone who is not on your contact list or on your Allow List:
1. In the Messenger main window, click the Tools menu, click Options, and then click the Privacy tab.
2. Under My Allow List, click All others, and then click Block.
http://messenger.msn.com/help/ (http://messenger.msn.com/help/)
-
Hi Sandy55,
1. Please follow the suggestions given to you by Pondus to clean your system and install and run a Full MBAM (Malwarebytes) scan and post your log in this thread (copy and paste) for us to analyze it.
2. Leave any items sitting in the Avast Virus Chest there (do NOT delete them).
3. Reboot your machine to see if the yellow "!" disappears. If not, open the Avast GUI and see if you need an update. You might have to force a manual update: Maintenance > click on Update Engine and Virus Definitions. But usually a reboot or boot will do the trick. If not, let us know and you might need to Repair Avast: Go to Control Panel > Add/Remove programs > Avast Antivirus > Remove. Then choose Repair function in the pop-up window (Repair).
4. Don't worry about setting your IM client now. Let's see if you have any more malware on your system and make sure Avast is working properly.
Let us know how this works for you. :)
-
4. Don't worry about setting your IM client now. Let's see if you have any more malware on your system and make sure Avast is working properly.
Er... Hello!!
Insecure settings in your IM client can be the reason you get unwanted messages and virus links, dufus.
-
@ Sandy55,
How are you doing with following the instructions from Posts # 10 and 11 above? Please post your MBAB scan log (copy and paste). Thank you.
@ FreewheelinFrank,
I do not insult others (OP's or fellow Evangenlists), so I appreciate it if you do not insult me. We are here to help, so please treat each other with respect. Thank you.
-
@ Sandy55,
How are you doing with following the instructions from Posts # 10 and 11 above? Please post your MBAB scan log (copy and paste). Thank you.
@ FreewheelinFrank,
I do not insult others (OP's or fellow Evangenlists), so I appreciate it if you do not insult me. We are here to help, so please treat each other with respect. Thank you.
If you treat other members with disrespect, by telling posters to ignore their advice, then do no expect to be treated with respect yourself.
-
If a poster is complaining of "instant message popups from porn sites", the first thing you should do is confirm that the poster is using an IM client such as Windows Live, and the second thing you should do is to check that they have blocked instant messages from anybody except people on their contact list.
If you have done this and ruled out "spim", you can start getting the OP to look for malware.
If you haven't done this, you've missed out an important step. In fact you're possibly misleading the OP to think their computer could be infected when it could just be that their IM client security settings need to be changed.
If you haven't done this, and you're telling the OP to ignore advice from a forum member who is suggesting that the OP do this, then you're in the wrong: not only is there a huge gap in your knowledge, but you've been extremely rude to another forum member who could have filled in that gap had you take notice: in short, you've been a dufus.
While the torrent of unsolicited spam emails continues to rise, it is being far outpaced by the surge in unwanted messages sent to the users of instant messaging programs, analysts have warned.
The volume of so-called "spim" is set triple in 2004, according to a new report from the Radicati Group, a technology market research firm in Palo Alto, California.
The company projects that 1.2 billion spims will be sent, 70 per cent of which are porn-related.
Spimmers share some tactics with spammers. For example, they create software bots that scour internet chat rooms and web sites for IM usernames, or systematically guess them using random name generators. As with spam, the bots bombard these addresses with unsolicited messages sent in high volumes from throwaway accounts.
However, users of IM programs commonly use a "buddy list" of invited friends to limit who can send messages to them. The buddy lists can be switched off, but their widespread use makes it more difficult for spimmers to message a stranger's computer. In contrast, most users of email do not use "white lists" to filter incoming email.
http://www.newscientist.com/article/dn4822-spam-being-rapidly-outpaced-by-spim.html
-
How are you doing with following the instructions from Posts # 10 and 11 above?
@ FreewheelinFrank,
I don't want to get into a flame with you. If you notice above, I did correct my oversight into my previous posting with my above post and reflected this by telling the OP to see your Post in #10 besides my post.
What is most important is helping the OP at this point, who is not getting back to us because of this back-and-forth conversation between us, which can be intimitating to them if you look at it from their perspective. I will therefore step out of this thread and let you handle helping the OP from this point forward. Thank you.
@ sandy55,
Good luck to you and I hope everything gets resolved for you. Thank you. :)
-
If this is still bugging you then use OpenDNS Family Shield
http://www.opendns.com/familyshield/
Yahoo messenger had some problems with this kind of vulnerability some time ago and they have fixed the bug
Some sort of a malware used some loopholes in Ymessenger to pop up stuffs - It is fixed some months ago
I am not sure about other messengers
If you are on Yahoo, update it
-
Good luck to you and I hope everything gets resolved for you
-
I suggest:
1. Clean your temporary files.
2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! (http://www.freedrweb.com/cureit/) instead.
3. Use MBAM (http://malwarebytes.org/mbam.php) (or SUPERantispyware (http://www.superantispyware.com) or even Spyware Terminator (http://www.spywareterminator.com/)) to scan for spywares and trojans. If any infection is detected, it is better and safer to send the infected file(s) to quarantine (Chest), rather than simply deleting them.
4. Test your machine with anti-rootkit applications (http://www.antirootkit.com/software/index.htm). I suggest avast! antirootkit (http://files.avast.com/files/beta/aswar.exe) or Trend Micro RootkitBuster (http://www.trendmicro.com/download/rbuster.asp).
5. Make a HijackThis (http://www.bleepingcomputer.com/files/hijackthis.php) log to post here or this analysis site (http://www.hijackthis.de/#anl). Or even submit the RunScanner (http://www.runscanner.net/) log to to on-line analysis.
6. Clean your Hosts file (replacing it) with HostsMan (http://www.abelhadigital.com) tool.
7. Disable System Restore and then reenable it again.
8. Immunize your system with SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html).
9. Check if you have insecure applications with Secunia Software Inspector (http://secunia.com/software_inspector/).
Sorry I did not get back to this I am suppose to be online always here not sure what went wrong.
I did a avast boot scan which was fine then went from the bottom up with the secunia this is what they found.
rograms / Result
Version Detected
Status
Adobe Reader 6.x 6.0.0.878
This installation of Adobe Reader 6.x is insecure and potentially exposes your system to security threats!
The detected version installed on your system is 6.0.0.878, however, the latest patched version released by the vendor, fixing one or more vulnerabilities, is 9.x.
Update Instructions:
Download
Installed on Your System in:
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
Apple QuickTime 7.x 7.60.92.0
This installation of Apple QuickTime 7.x is insecure and potentially exposes your system to security threats!
The detected version installed on your system is 7.60.92.0, however, the latest patched version released by the vendor, fixing one or more vulnerabilities, is 7.68.
Update Instructions:
Download
Installed on Your System in:
C:\Program Files\QuickTime\QuickTimePlayer.exe
Google Chrome 6.x 6.0.472.63
This installation of Google Chrome 6.x is insecure and potentially exposes your system to security threats!
The detected version installed on your system is 6.0.472.63, however, the latest patched version released by the vendor, fixing one or more vulnerabilities, is 7.x.
Update Instructions:
Download
Installed on Your System in:
C:\DOCUME~1\VALUED~1\LOCALS~1\Temp\..\application data\google\Chrome\Application\6.0.472.63\chrome.dll
Macromedia Flash Player 6.x 6.0.79.0 (ActiveX)
This installation of Macromedia Flash Player 6.x is insecure and potentially exposes your system to security threats!
The detected version installed on your system is 6.0.79.0 (ActiveX), however, the latest patched version released by the vendor, fixing one or more vulnerabilities, is 10.x (ActiveX).
Update Instructions:
Download
Installed on Your System in:
C:\WINDOWS\SYSTEM32\Macromed\Flash\flash.ocx
Sun Java JRE 1.6.x / 6.x 6.0.30.5
This installation of Sun Java JRE 1.6.x / 6.x is insecure and potentially exposes your system to security threats!
The detected version installed on your system is 6.0.30.5, however, the latest patched version released by the vendor, fixing one or more vulnerabilities, is 6.0.220.4.
Update Instructions:
Download
Installed on Your System in:
C:\Program Files\Java\jre1.6.0_03\bin\java.exe
Sun Java JRE 1.6.x / 6.x 6.0.150.3
This installation of Sun Java JRE 1.6.x / 6.x is insecure and potentially exposes your system to security threats!
The detected version installed on your system is 6.0.150.3, however, the latest patched version released by the vendor, fixing one or more vulnerabilities, is 6.0.220.4.
Update Instructions:
Download
Installed on Your System in:
C:\Program Files\Java\jre6\bin\java.exe
So I guess I will go back and fix these things right?
I have fixed the msn messaging so that is no longer an issue. Thanks!
-
Sorry I did not see replies I thought I was signed in forever but it appears not??
The porn sites have not been an issue I have been doing boot scans and super spyware scans today did the secunia scan and got all this for some reason it does not seem right to me I have updated the adobe but the google chrome seems fine I am not feeling good about changing it not sure why any thougths?
grams / Result
Version Detected
Status
Adobe Reader 6.x 6.0.0.878
This installation of Adobe Reader 6.x is insecure and potentially exposes your system to security threats!
The detected version installed on your system is 6.0.0.878, however, the latest patched version released by the vendor, fixing one or more vulnerabilities, is 9.x.
Update Instructions:
Download
Installed on Your System in:
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
Apple QuickTime 7.x 7.60.92.0
This installation of Apple QuickTime 7.x is insecure and potentially exposes your system to security threats!
The detected version installed on your system is 7.60.92.0, however, the latest patched version released by the vendor, fixing one or more vulnerabilities, is 7.68.
Update Instructions:
Download
Installed on Your System in:
C:\Program Files\QuickTime\QuickTimePlayer.exe
Google Chrome 6.x 6.0.472.63
This installation of Google Chrome 6.x is insecure and potentially exposes your system to security threats!
The detected version installed on your system is 6.0.472.63, however, the latest patched version released by the vendor, fixing one or more vulnerabilities, is 7.x.
Update Instructions:
Download
Installed on Your System in:
C:\DOCUME~1\VALUED~1\LOCALS~1\Temp\..\application data\google\Chrome\Application\6.0.472.63\chrome.dll
Macromedia Flash Player 6.x 6.0.79.0 (ActiveX)
This installation of Macromedia Flash Player 6.x is insecure and potentially exposes your system to security threats!
The detected version installed on your system is 6.0.79.0 (ActiveX), however, the latest patched version released by the vendor, fixing one or more vulnerabilities, is 10.x (ActiveX).
Update Instructions:
Download
Installed on Your System in:
C:\WINDOWS\SYSTEM32\Macromed\Flash\flash.ocx
Sun Java JRE 1.6.x / 6.x 6.0.30.5
This installation of Sun Java JRE 1.6.x / 6.x is insecure and potentially exposes your system to security threats!
The detected version installed on your system is 6.0.30.5, however, the latest patched version released by the vendor, fixing one or more vulnerabilities, is 6.0.220.4.
Update Instructions:
Download
Installed on Your System in:
C:\Program Files\Java\jre1.6.0_03\bin\java.exe
Sun Java JRE 1.6.x / 6.x 6.0.150.3
This installation of Sun Java JRE 1.6.x / 6.x is insecure and potentially exposes your system to security threats!
The detected version installed on your system is 6.0.150.3, however, the latest patched version released by the vendor, fixing one or more vulnerabilities, is 6.0.220.4.
Update Instructions:
Download
Installed on Your System in:
C:\Program Files\Java\jre6\bin\java.exe