PDA

View Full Version : Need Computer Help



Ken Salisbury
09-23-2004, 7:58 AM
I have been continually plagued with what I guess can be called a "worm" which causes unwanted pop-ups.

I have all of the latest Windows XP updates including SP2. It seems the XP firewall is not stopping this "worm" from infiltrating my system. The only way I can remove it is to follow the manual file deletion steps detailed in "Bazooka" which is a real pain to do.

I guess I could do some internet searching to find a solution to my problem, but to be honest I just don't have the time :)

SO: Does anyone know, off the top of their head, a way to block this "worm" ??

The darn thing bites my system about once a week :mad:

John Miliunas
09-23-2004, 8:36 AM
Ken, I would probably go through whatever procedure is listed to get rid of the thing. Then, I'd install the "google bar" (http://toolbar.google.com/). It gives you convenient access to "Google" and I have found it does a great job with blocking popups, although if you have SP2 on your box, that now has a popup blocker, as well. Something tells me that whatever worm it is you have, has already locked on to your system somewhere, so it's not being caught as a "new" worm by the blockers, AV, etc... If that's the case, you might want to try "hijack this" to track it down and blow it away. :cool:

Dave Brandt
09-23-2004, 9:07 AM
Ken,

You might want to try Adaware or something similar. Go to
http://www.download.com/3000-2144-10045910.html?part=69274&subj=dlpage&tag=button (CNet) for a free download. There are other software apps that may help too, but this one sure helped me!

Ken Salisbury
09-23-2004, 9:42 AM
Ken, I would probably go through whatever procedure is listed to get rid of the thing. Then, I'd install the "google bar" (http://toolbar.google.com/). It gives you convenient access to "Google" and I have found it does a great job with blocking popups, although if you have SP2 on your box, that now has a popup blocker, as well. Something tells me that whatever worm it is you have, has already locked on to your system somewhere, so it's not being caught as a "new" worm by the blockers, AV, etc... If that's the case, you might want to try "hijack this" to track it down and blow it away. :cool:

John,

I have Earthlink pop-blocker and what should be blockers in XP SP2. This worm is not locked into my system. I run Bazooka which is a good detect program and it finds Twaintech.mxtarget (forgot to mention that is the name of the worm). It requires me to manually get rid of the routine in my registry and also requires manually deleting mxtarget.dll file, and resetting my web settings in Iternet Options and then it is gone. In a week or so surfing the net the darn reappears. I can't figure out how it is getting in here. Somehow I need to find a way to keep mxtarget.dll from getting in I think.

Aaron Koehl
09-23-2004, 10:23 AM
Ken,

Here are some (non-novice) general virus/worm removal instructions specific to XP:

1. With XP,
Start your computer in safe mode. (Start > Run > msconfig > BOOT.INI > /SAFEBOOT)

2.
Clean out all of the usual startup places for anything unusual (use discretion here)):
(Start > Run > regedit. Check HKLocalMachine/Software/Microsoft/Windows/CurrentVersion/Run and RunOnce)

3.
Also, in msconfig, you can check out any "services" that look fishy.

4. Do some general directory probing in your Windows directory and subdirectories.
(Sort by DATE, and look for anything recent, or about the time of the virus problem. Delete, or rename the file if unsure).

5. Run msconfig, turn off /safeboot. Reboot.

6. (Start > Run > cmd): tasklist /svc
This will show you what's running on your system. You may need to consult liutilities.com or google to determine if your executables should be running or not, if you're not familiar. Some sneaky virii like to start themselves via svchost.exe, which the tasklist command will show you.

Oy vey.. There are many other things I could add here..

Aaron Koehl
09-23-2004, 10:26 AM
Also, don't forget the obvious, since you're having pop-up troubles:

1. INTERNET EXPLORER
Tools > Internet Options > General TAB > Settings > View Objects.
Clear out anything that looks suspicious. (It's safe to clear this completely if you're so compelled. It just means you'll have to reinstall some things via the web, which shouldn't be a big issue as these programs are typically very small, and you should get prompted anyway).

2. Add/Remove Programs
Remove any installed IE toolbars, etc. This includes OneClick, HotBar, CometCursor, Gator, et cetera.

3. To rule out subroutines started by Internet Explorer, try surfing with Mozilla, FireFox, or Opera for a while to see if the popups persist. If they do, you have an external program running invoking the browser.

Ken Salisbury
09-24-2004, 6:26 AM
Thanks Aaron,

I did all that and the proof will be if the worm resurfaces. :D

Bob Weisner
09-24-2004, 2:25 PM
Ken:

Don't know if you have this program, but Norton Internet Security 2004 does a very good job at blocking viruses & popups .

Bob