General discussion

Locked

Unruly Pop-ups!

By mpennell ·
I've got a Dell machine in our office that's running Windows XP Pro with all available updates and everytime it connected to the internet, pop-ups would appear like crazy. I've got CSE, Norton AV 2005, MS Anti-Spyware, Ad-Aware, SpyBot S&amp. I've even installed HijackThis and fixed what I thought needed to be fixed. This computer did run IE as the default web browser until last week. I installed FireFox and that seemed to help Norton AV detect the popups but I'm certain this machine is infected with SpyWare. I just can't seem to pick it up with my scanners.
Everytime this machine connects to the internet via IE or FireFox now, I get a message box in the bottom right corner that says, "Norton Internet Worm Protection has detected and blocked an intrusion attempt. And everytime I refresh my browser or go to another page that message box pops up in the bottom right corner again.
When I click on the More Info link in the message box, I get this:
Intrusion: HTTP Apropos Ad Activity
Intruder: <my computer name>(my ip address)(port number)It's always a different port number.
Risk Level: Medium
Protocol: TCP
Attacked IP: adchannel.contextplus.net(64.127.103.41)
Attacked Port: http (80)
Even though Norton detects the intrusion attempt, I can't seem to get Norton to find the attacker in a virus scan.
Any help would be much appreciated

This conversation is currently closed to new comments.

3 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Sounds like a rootkit to me

by jgj In reply to Unruly Pop-ups!

This sound like a rootkit is shielding the malware on that computer.

There are a few rootkit revealers/killers around, but they aren't always that good at removing rootkits, because of the nature of the beast. Whenever a rootkit is involved (there aren't that many around, thank goodness) I take the extreme course of action - reformat and clean reinstall; because even if your rootkit killer finds and eliminates one, who's to say there isn't another one that hasn't been found?

Collapse -

You were right!

by mpennell In reply to Sounds like a rootkit to ...

It was an Apropos Rootkit. I went to sysinternals.com and downloaded RootkitRevealer and their staff at sysinternals helped me remove all traces of the rootkit. Now the PC seems to be just fine. This is the first rootkit I've ever had to deal with and it's the nastiest thing I've ever dealt with. Viruses and spyware don't hold a candle to rootkits! Thanks for the advice. I hated to hear you say that you thought I had a rootkit but the truth hurts sometimes. Anyways, thanks again for the advice. I would have never suspected a rootkit. Thanks again.

Collapse -

Same Problem

by forklift14 In reply to Unruly Pop-ups!

I am having a simlar problem in windows 2000 but there is no way that i can reformat the hard drive because it is an server for a pos system any ideas.

Back to Security Forum
3 total posts (Page 1 of 1)  

Related Discussions

Related Forums