Best pop-up blocker ?

HighlandeR · 18 Jul 2006 at 21:52

Im using Nod32/sysgate which ive always found is a good combo but theres still plenty popups and winfixer/scan doctor and dozens of other spyware type popups.

Whats the best popup software u guys using out there?

Dorian · 18 Jul 2006 at 21:59

If your getting winfixer popus then you have a very high chance of a vundo infection that needs sorting. You need a HJT log to confirm this. The latest version of vundo will hide itself from hijackthis but to get around this problem simply rename the hijackthis.exe to hjt.exe then post the log to a recomended asap security forum.

HighlandeR · 18 Jul 2006 at 23:11

interesting.... its possible yet nod32/panda/micro trend and Kaspersky 6.0 all up to date scans say im 100% clean... im currently only using kaspersky 6.0 though.

I only get it at particular sites

Not a consistant thing exactly....

Regardless heres my log:

Logfile of HijackThis v1.99.1
Scan saved at 23:09:58, on 18/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\WinLauncherXP\WinLauncherXP.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
D:\eMule\eMule.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Backup\HealthCheck Kit\HC Kit\hijackthis\hjs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [GOCC] C:\Program Files\WinLauncherXP\WinLauncherXP.exe
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe"
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [HDDHealth] C:\Program Files\HDD Health\hddhealth.exe -wl
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://appldnld.apple.com.edgesuite.net/qtinstall.info.apple.com/lupin/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1144536509781
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - http://www.seagate.com/support/disc/asp/tools/en/bin/npseatools.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F72E0055-7856-4573-AE49-FD71AE52A3E7}: NameServer = 212.23.6.100 212.23.3.100
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Acronis Remote Agent (AcronisAgent) - Acronis - C:\Program Files\Common Files\Acronis\Agent\agent.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Meatball · 18 Jul 2006 at 23:19

I couldn't see anything suspicious there personally

HighlandeR · 19 Jul 2006 at 07:48

I dont think there is anything, would be ironic though considering its my job to kill malware/spyware/viruses as im a techy

Mind u the other month my software got infected with Jerio 32 and nod32 didnt see it yet customers pcs with norton/mcafee saw it hence the switch to kaspersky, I feel nod32 is bit loose with its scanning.

Ill do more research into popups, cos Ive seen Kerio firewall have the ability to close down adverts/banners/popups/spyware opening software like winfixer and any other nasties.... but it would be nice to find a freebie one so I can stick on customers pcs especially one that doesnt install spyfalcon !

Dorian · 19 Jul 2006 at 16:00

Log looks clean to me too! have you thought about using a host file to see if that helps. Kerio firewall is still a freebie for personal use, just that it has been renamed to sunbelt kerio but I have a feeling that the free version does not block ads

Have you tried an alternative browser such as opera browser to help stop pop-ups or the google toolbar for IE ?