More full page pop ups!!!!

This time, as i clicked the "login" button, it sent me to

www.dailynews7.com...

Why? ATS? Why did you cross over into the realm of dumb and annoying full page pop ups?

Can't say I've ever heard of that happening to anyone before.

You might want to run a virus scan, because some malicious redirect programs can send you other places even if you click on a valid link in your browser.

Originally posted by Captain Reynolds
Can't say I've ever heard of that happening to anyone before.

You might want to run a virus scan, because some malicious redirect programs can send you other places even if you click on a valid link in your browser.

I do not have a rude tone while typing this... believe me, but this is the typical response to any kind of comments on these boards.

It's NEVER the server, and must be a virus, though usually it turns out to be quite the opposite (Viruses appearing in ads through ATS, etc, plenty of precedents here in the forums alone)

No, i don't have spyware, adware, malware, viruses, or the flu bug. It's an annoying form of advertisement that is either hosted by ATS its self, or is a 3rd party just piggy backing in on another advertisement that is being displayed in ATS.

Either way, it can be stopped, but obviously, since this is the 3rd instance that I know of (and second one that im witness to) nobody really gives a damn...because no single administrator has deemed it appropriate to respond.


[edit on 20-8-2010 by Snarf]

Originally posted by Snarf
Why? ATS? Why did you cross over into the realm of dumb and annoying full page pop ups?

We did not, and would not.

What would make you automatically assume such is the case?

On occasion, there may be rouge banner ads that would do that... but then, I and our staff would certainly know about it as we're on ATS so much that something like that would certainly be noticed. Also, we've hired a service to constantly monitor the ads that run on ATS, and there are none launching pop-ups at this time.

Did you have any other sites open?

Try Dr Web Cuteit - free virus scanner

Also run SuperAntiSpyware and Malwarebyte.

Google them and install, all free and very easy to use and very effective.

Found and removed more than 200 various viruses, trojans, malware, adware and so on in my computer using those 3 tools, which some of the other major virus scanners did not find.

reply to post by SkepticOverlord

What would make you automatically assume such is the case?

Assumptions are a dangerous thing, since they can often come across the wrong way. This assumption, though, is based on past experiences with other users on the forums who have experienced similar occurrences of the same type of full-page ads.

I've taken screen shots, posted url information, etc, and it fell on deaf ears, so i say with a respectful tone, Neglect is what led to the assumption

you can view a few examples of what i mean by checking out these threads

Ads, Ads, Everywhere The Ads

and

Full Page advertisement


the second post is where i posted a screen shot of the full page ad in question.

The post i created today has the URL of a different full page ad.



I do run Malwarebytes regularly and I run Microsoft Security Essentials now, constantly (used to have McAfee, but got tired of the service)

I can tell you with 110% certainty that i do not have viruses. I do not have adware, malware, spyware, anything remotely close to the sort.

Did you have any other sites open?

No. I had one page open, as usual, and that was ATS. I clicked "Login" button from the main page, and got the full page pop up with the URL in the original post in this thread.

[edit on 20-8-2010 by Snarf]

If you go to google, and search "antivirus" , can you access any of the major antivirus sites? If not, it means you got a virus blocking you from that - and thus this could also block your virus scanners from detecting the virus (which it could in either case)

Boot your computer in safe mode (hit f8 at startup until a screen pops up asking if you want to go into safe mode - enter safe mode with network enabled)

Then re-scan your system with all the 3 above mentioned tools. make sure to update the virus definitions in the programs first so yuo have the most up to date versions.

It really sounds like a virus problem and I'm sure you'll find something if you do the above - make sure to do a FULL SCAN on all prorgams, not just the default basic scan that is selected. It will take couple hours to scan with a full scan and it will detect lots of badware in most cases.

Clean and remove anything found, and quarantine anything that can not be cleaned.

Really try this, run the 3 programs, in safe mode, and see. I'm almost certain you will find some threats, remember FULL SCAN on all drives.

but then, I and our staff would certainly know about it as we're on ATS so much that something like that would certainly be noticed.

And, again, i hope this won't tick you off, but this type of attitude really burns me. I know you're not being malicious by saying this, but what you're basically saying is that Me, and the others who have experienced events either similar, or exactly like them, are liars.

Im not lying. I don't need to.

If the full page ads are the intent of ATS - im fine with that, but i feel obligated to voice my opinion that they're uncalled for.

But, as you say above, that is not your intentions.

So, with all due respect, I just can't see how you can write it off as being fictitious just because your staff have not encountered it.

Refer to the other 2 threads in my post above this one, and you'll see there are more members than just myself who have parroted these comments.

To compare it to something close to home:

The majority of human beings will tell you they've never seen a UFO, therefore people who claim to have, must be liars.

However....you have a site here dedicated to those "Devious few" who claim to believe.




From Rodaggam

If you go to google, and search "antivirus" , can you access any of the major antivirus sites? If not, it means you got a virus blocking you from that - and thus this could also block your virus scanners from detecting the virus (which it could in either case)

I appreciate you trying to help, but i've already clarified several times, in this thread alone...i do not have a virus. I run some of the best virus software you can get, and it comes up negative every time I run it. I can post a scan result if that'll help clear this mess up.



[edit on 20-8-2010 by Snarf]

I recommand running all 3 programs at once over the night due to the several hours it will take to scan, and running them together does not create any problems or conflicts as I do that myself.

Then once they are all done, I make sure to select all infections and clean them out and reboot and just for sake of certainity I do another scan in "normal" mode as well.

As mentioned, I used several of the major antivirus programs myself which did not detect the viruses which the 3 abovementioned programs detected, and they all detected various different things so it can be worth it.

Just trying to help as it does sound like a very typical malware problem and I never had such problems on this website, and any time I had it turned out to be malware.

Here is a free online scan you can try: housecall.trendmicro.com...

And here is another one: www.f-secure.com...

Just let those two run first of all and see if they detect something, you can surf and use your computer as normal while they do their magic. If even just one thing comes up, I suggest goin for the 3 other programs I recommanded, run them in safe mode, in addition to make sure you get a full cleansing.

Spybot is also a pretty good tool but it did not detect as much as those other 3.

here is a log file for the last scan i did with MalwareBytes. As anyone who knows about anti-virus will tell you, Malwarebytes is about as good as it gets.

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 6.0.6002 Service Pack 2

8/11/2010 5:06:06 PM
mbam-log-2010-08-11 (17-06-06).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 438180
Time elapsed: 2 hour(s), 19 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I will run 3 other virus scans and post the results here as well, just to clear up confusion.

Im telling you without a doubt in my mind, this is not my computer.


[edit on 20-8-2010 by Snarf]

Try run HijackThis and ComboFix as well and post the logs from those too.

Could shred some light on what's possibly wrong.

I had to block h**p;//cdn4.specificclick.net/

The script in this add is so bloated that it would bring up a warning box then freeze my old computer.

Once i blocked the add i have had no problems since.

Not everyone has a new computer but some advertisers don't understand this.

Even Microsoft does not understand this and they lose business because of this.

Linux is the only people that does understand.

Also, a few viruses are VERY hard to detect and get rid of.

I actually still got a virus problem that I'm unable to resolve, personally I can NOT access any anti-virus sites unless I run in safe-mode, and none of the countless of antivirus programs and scanners I have run have been able to fix this.

Maybe you got some suggestions? Been googling it like crazy and all..

Snarf,

Did you try this?
Quoted myself from other thread:

I noticed that I could not update Malwarebytes once this full page pop up occoured, and that I could not update any of my computers on my home network. I searched for an open connection (thanks guy next door) and was able to update my laptop from his wireless. So now I know the problem is with my internal network (2 wireless access ports and 3 hubs).

Problem 1) I have a cheapo Netgear WGR614 v7 wireless router that was left open with no password. This router had the DNS Name server set to automatic, but when I looked at the setup screen, the DNS name server had been set to a specific address....freakin' hackers! So I set it to automatic, updated the routers firmware, and reset it.

Problem 2) Since The DNS name server changed, the regestry needed some tweaking as follows.
Open the regestry with start>run>regedit
Go to HKEY_LOCAL_MACHINE/SYSTEM
Note that there are 4 control sets (current, 1, 2, and 3). on current, 1 and 2, navigate to services/tcpip/parameters/interfaces. There are some catagories with long letter and number codes, but within those is a place to set the DNS Name server, and iff you see numbers like this, just clear out the values (DhcpNameServer=213.109.65.44 213.109.75.130).

I cleaned out the 192.168.0.1 entries too just to be safe, even though those are local router addresses.

After restarting, I was able to update MBAM, and found nothing screwy in the software.

Full screen pop ups be gone!...Ha

I thought you might fit the second part..did you have those dhcpname servers in the reg?

hijack this results:

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\CtHelper.exe
C:\Windows\System32\Ctxfihlp.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\volpanlu.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Users\cathy\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\cathy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\cathy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\cathy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Users\cathy\AppData\Local\Google\Chrome\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = webmail.tisbook.com...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - [EF99BD32-C1FB-11D2-892F-0090271D4F88] - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - [02478D38-C3F9-4efb-9B51-7695ECA05670] - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - [06849E9F-C8D7-4D59-B87D-784B7D6BE0B3] - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Suggest - [5A263CF7-56A6-4D68-A8CF-345BE45BC911] - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - [761497BB-D6F0-462C-B6EB-D4DAF1D92D43] - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - [CA6319C0-31B7-401E-A518-A07C3DB8F777] - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - [DBC80044-A445-435b-BC74-9C25C1C588A9] - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - [FDAD4DA1-61A2-4FD8-9C17-86F7AC245081] - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - [EF99BD32-C1FB-11D2-892F-0090271D4F88] - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [CTXFIREG] CTXFIREG.EXE
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\cathy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')
O4 - Startup: CurseClientStartup.ccip
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - [2670000A-7350-4f3c-8081-5663EE0C6C49] - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - [2670000A-7350-4f3c-8081-5663EE0C6C49] - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - [92780B25-18CC-41C8-B9BE-3C9C571A8263] - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: [0CCA191D-13A6-4E29-B746-314DEE697D83] (Facebook Photo Uploader 5 Control) - upload.facebook.com...
O16 - DPF: [66F7F252-3FE1-4650-B1E5-94B2A38271C5] (ActiveView Control) - 75.41.135.58...
O16 - DPF: [8100D56A-5661-482C-BEE8-AFECE305D968] (Facebook Photo Uploader 5 Control) - upload.facebook.com...
O16 - DPF: [FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9] (Performance Viewer Activex Control) - secure.logmein.com...
O18 - Protocol: bwfile-8876480 - [9462A756-7B47-47BC-8C80-C34B9B80B32B] - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - [8C7461EF-2B13-11d2-BE35-3078302C2030] - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Intuit Entitlement Service v5.3 - Intuit, Inc. - C:\Program Files\Common Files\Intuit\Entitlement Client\v5.3\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE
O23 - Service: lxbc_device - - C:\Windows\system32\lxbccoms.exe
O23 - Service: lxdi_device - - C:\Windows\system32\lxdicoms.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Port Emulator (Star) (PortEmulator) - Star Micronics Co., Ltd. - C:\Program Files\StarMicronics\TSP100\Software\20070601\portemu_umdf_tsp100u.exe
O23 - Service: QBCRPDBService2009 - iAnywhere Solutions, Inc. - C:\Program Files\Intuit\QuickBooks Cash Register Plus 2009\bin\database\CRP1DBMgr10.exe
O23 - Service: QBCRPPDBService2009 - iAnywhere Solutions, Inc. - C:\Program Files\Intuit\QuickBooks Cash Register Plus 2009\bin\database\CRP1DBMgr10.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe

(more to come in next post)

damn long log file

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10987 bytes

I use panda and malwarebytes as a backup scanner.
The other day I had a trojan that neither one caught
and I had to scan with spyware doctor.
so it just goes to show

I'm not trying to be pushy
just sayin.
Rodaggam's advise is good advice.
his method is the proper way to go about it.

I saved this page to give to friends when they need to know.
thanks

reply to post by Danbones

I'm not trying to be pushy
just sayin.
Rodaggam's advise is good advice.
his method is the proper way to go about it.

I agree...and im not bitter about people offering their advice

I am taking up that advice, and am currently running several different tests.

Im posting DDS and Hijack this results over at bleepingcomputer, and i've run trendmicro online scan, and it produced nothing.

now im running another full scan of malwarebytes and as soon as thats done, im going to use the other alternative given in a link in a post above.

There's a chance I could be wrong, and if i am wrong, i'll be the first to admit it

reply to post by Rodaggam


Did you try to stop it with rkill?
edit for line 2

[edit on 20-8-2010 by SLaPPiE]