Is this a firewall problem
Thread Starter
Join Date: Jul 2012
Location: spacetime
Posts: 263
Likes: 0
Received 0 Likes
on
0 Posts
Is this a firewall problem
If say I view the BBC webpages and scroll down to a hyperlink that is in a sentence and click on it, I keep getting a popup thats asking me to either buy an iphone 5 or play bingo on line. I run Norton and checked the firewall and all seems ok, but why is this getting through? I haven`t altered any settings and popups are still allegedely blocked. Anyone else noticing this?
Spoon PPRuNerist & Mad Inistrator
That is NOT normal behaviour. Sounds like some malware has got you. A browser hijack or some such.
Malwarebytes is your friend.
Ensure that your AV program is up to date.
It's not a firewall problem it's a virus / malware problem.
Also, don't run as an Administrator equivalent - use a standard user account unless you actually need the admin rights.
SD
Malwarebytes is your friend.
Ensure that your AV program is up to date.
It's not a firewall problem it's a virus / malware problem.
Also, don't run as an Administrator equivalent - use a standard user account unless you actually need the admin rights.
SD
Join Date: Jan 2012
Location: .
Posts: 2,173
Likes: 0
Received 0 Likes
on
0 Posts
"I run Norton and checked the firewall and all seems ok"
Thats part of your problem
The Norton firewall (besides being useless) is so difficult to make sense of that for many its impossible to know if its working. Taken alongside the fact that the antivirus part of the Norton programmes simply doesn't work very well, then I'd suggest the problem is almost self-inflicted.....
Run both of these two programmes over the machine and see what you find
Downloads - SurfRight
ComboFix Download
Thats part of your problem
The Norton firewall (besides being useless) is so difficult to make sense of that for many its impossible to know if its working. Taken alongside the fact that the antivirus part of the Norton programmes simply doesn't work very well, then I'd suggest the problem is almost self-inflicted.....
Run both of these two programmes over the machine and see what you find
Downloads - SurfRight
ComboFix Download
Thread Starter
Join Date: Jul 2012
Location: spacetime
Posts: 263
Likes: 0
Received 0 Likes
on
0 Posts
Problem fixed now. The odd thing is I ran malwarebytes on Monday and it found
zilch, however ran it again last night and it said it was eight days out of date
,
but its sorted now. Have to say I have no confidence in this firewall whatsoever. I hear most people think Norton is the top anti virus checker etc but I remember I got a trojan horse from one of the broad sheet sport pages a while back. So which anti virus is preferred by ppruners?
zilch, however ran it again last night and it said it was eight days out of date
![Roll Eyes (Sarcastic)](https://www.pprune.org/images/smilies2/icon_rolleyes.gif)
but its sorted now. Have to say I have no confidence in this firewall whatsoever. I hear most people think Norton is the top anti virus checker etc but I remember I got a trojan horse from one of the broad sheet sport pages a while back. So which anti virus is preferred by ppruners?
Guest
Join Date: May 2008
Location: Somewhere between E17487 and F75775
Age: 80
Posts: 725
Likes: 0
Received 0 Likes
on
0 Posts
Yeah, keep up to date. Ran AVG free earlier this week, nothing found, but as hard drive seemed busy and computer slow, I just ran MalWare today after lunch and got 6 registry key hits.
Interestingly this week I also found both IE and Chrome home pages had been switched to some search engine I hadn't heard of, so restored the original home page on both.
Interestingly this week I also found both IE and Chrome home pages had been switched to some search engine I hadn't heard of, so restored the original home page on both.
Join Date: Jan 2012
Location: .
Posts: 2,173
Likes: 0
Received 0 Likes
on
0 Posts
I've said it before, and I'll repeat it again: for most users behind a router, the default Microsoft Firewall is perfectly adequate. In most cases people don't know how to set up firewalls and end up with them disabled or incorrectly set.
Only time anything better is needed, is if the PC is directly connected to the internet, or if you have users with unsafe browsing habits.
A firewall isn't designed to protect against this kind of attack anyway: you need a good antivirus / antimalware program, preferably with some kind of HIDS detection
One of the most consistent is still the free AVAST! program, as long as you turn on the "antiPUP" scanning and automate the cleanup routines
Only time anything better is needed, is if the PC is directly connected to the internet, or if you have users with unsafe browsing habits.
A firewall isn't designed to protect against this kind of attack anyway: you need a good antivirus / antimalware program, preferably with some kind of HIDS detection
One of the most consistent is still the free AVAST! program, as long as you turn on the "antiPUP" scanning and automate the cleanup routines
Join Date: Jul 2008
Location: uk
Posts: 894
Likes: 0
Received 0 Likes
on
0 Posts
Should you decide to remove Norton, be aware that it has hooks and tentacles which are as pervasive as any malware in your machine and requires extra removal techniques.
A simple uninstall will not touch it.
A simple uninstall will not touch it.
Join Date: Jan 2008
Location: Bracknell, Berks, UK
Age: 52
Posts: 1,133
Likes: 0
Received 0 Likes
on
0 Posts
![Wink](https://www.pprune.org/images/smilies/wink2.gif)
http://www.pprune.org/computer-inter...ss-access.html
http://www.pprune.org/computer-inter...s-mc-afee.html
http://www.pprune.org/computer-inter...ssentials.html
http://www.pprune.org/computer-inter...ribulator.html
http://www.pprune.org/computer-inter...y-mouse-2.html
http://www.pprune.org/computer-inter...ection-w7.html
Ho-hum
![Smilie](https://www.pprune.org/images/smilies/smile.gif)
Join Date: Jan 2012
Location: .
Posts: 2,173
Likes: 0
Received 0 Likes
on
0 Posts
Sorry Mike, you can't claim prior art on this one! I've been drilling it into customers for years. Look at it as a case of conceptual convergent evolution: given similar problems, we independently came to the same conclusion
Last edited by Milo Minderbinder; 25th Jan 2013 at 00:34.
Join Date: Jan 2008
Location: Bracknell, Berks, UK
Age: 52
Posts: 1,133
Likes: 0
Received 0 Likes
on
0 Posts
Not claiming prior art, just great minds, etc etc.
Thread Starter
Join Date: Jul 2012
Location: spacetime
Posts: 263
Likes: 0
Received 0 Likes
on
0 Posts
Going back to my original post it would appear after some searching that the underlined blue text is something called intellitxt, and is created by vibrantmedia an advertising scam that hijacks just about every webpage. Further searching shows something called Greasemonkey will put a stop to it but it requires a little more computer knowledge than I have. Norton, Avast and AVG dont highlight it as a virus, and Malwarebytes ignores it. I thought at first it had worked but wrong again. No one else seen this?
Thread Starter
Join Date: Jul 2012
Location: spacetime
Posts: 263
Likes: 0
Received 0 Likes
on
0 Posts
Milo, Yes I did run the Hitman Pro and it certainly got rid of browser hijackers namely Blecko and other irritants, but when I read the contents of the Combofix website I was a little apprehensive of downloading it due to the warnings. If you can assure me its safe to download and run then I will try again. Many thanks for your input.
Join Date: Jan 2008
Location: Bracknell, Berks, UK
Age: 52
Posts: 1,133
Likes: 0
Received 0 Likes
on
0 Posts
Milo, Yes I did run the Hitman Pro and it certainly got rid of browser hijackers namely Blecko and other irritants, but when I read the contents of the Combofix website I was a little apprehensive of downloading it due to the warnings. If you can assure me its safe to download and run then I will try again. Many thanks for your input.
Join Date: Jan 2012
Location: .
Posts: 2,173
Likes: 0
Received 0 Likes
on
0 Posts
Combofix is an absolutely essential tool in clearing malware. I use it on a daily basis, and I suspect Mike probably does as well
Just make sure you download it from the link I posted - there are a number of fake download sites out there
Just make sure you download it from the link I posted - there are a number of fake download sites out there
Join Date: Jan 2008
Location: Bracknell, Berks, UK
Age: 52
Posts: 1,133
Likes: 0
Received 0 Likes
on
0 Posts
In the meantime, I wrote this guide a year or so ago and whilst it may not clear the latest most virulent viruses it's worth a try first anyway.
How to get rid of most viruses
FIRSTLY, if you get a screen saying you have viruses and the notification doesn’t appear to come
from your installed antivirus package, don’t click anywhere – just press and hold the power button
on the computer to turn it off – you will lose what work you had open, but you might have saved
yourself from a virus infection.
1) From a rebooted computer, If you can, open Internet Explorer (or Firefox, Google Chrome,
etc) and go to Google
2) Google for “Malwarebytes Antimalware” and download the free version
3) Install and update Malwarebytes (if you choose “Run” when downloading in step 2 above,
you can just follow all the instructions and it should update and run Malwarebytes for you).
4) Instead of just running Malwarebytes straight away, you need to boot into Safe Mode with
Command Prompt. This is done by:
a. Restarting your PC and hitting the F8 key approx. once per second from the time you
see the Dell splash-screen. If you are successful, you will get a black & white text
window giving you options including the Safe Mode with Command Prompt you’re
after. If you’re unsuccessful, the PC will continue to boot into Windows (and you’ll
see the Windows splash-screen) – in this case, reboot and try again. If you have lots
of problems getting to this stage, call me.
b. Once you’re able to choose Safe Mode with Command Prompt, do so. This will give
you a ‘strange’ version of your Windows desktop (as the screen resolution etc will all
be ‘wrong’) – don’t panic!
c. When you are logged in in Safe Mode, there should be a black & white text box (the
Command Prompt) in the middle of the screen – at this prompt you need to type the
following commands:
• CD \Program Files (or CD \Program Files(x86) if you’re using a 64bit
computer)
• CD Malwarebytes Anti-Malware
• MBAM
d. The above (ignoring the bullet points and noting that there’s a space between “CD”
and the rest of the command, and that you press Enter at the end of each line)
should ensure you get a Malwarebytes window open up. At this point, you should
choose the options to run a Full Scan.
e. The Full Scan will take some time (maybe up to a couple of hours depending upon
the size and speed of your computer), at the end of which you’ll be presented with a
list of viruses and/or malware that it found. At this point, note down the virus
names you find (don’t worry about duplicates) and then choose the option to delete
all the malicious files.
f. Once this has completed, exit the program then type EXIT at the command prompt.
This should restart the computer (although if it doesn’t, then you may need to use
brute force and press & hold the power button to turn it off).
5) When all of this has completed, you *should* be left with a computer that’s either 100%
fixed, or about 95% fixed. I would suggest you try and run a quick scan from Malwarebytes
(without bothering with Safe Mode) to see whether it finds anything else (it shouldn’t).
How to get rid of most viruses
FIRSTLY, if you get a screen saying you have viruses and the notification doesn’t appear to come
from your installed antivirus package, don’t click anywhere – just press and hold the power button
on the computer to turn it off – you will lose what work you had open, but you might have saved
yourself from a virus infection.
1) From a rebooted computer, If you can, open Internet Explorer (or Firefox, Google Chrome,
etc) and go to Google
2) Google for “Malwarebytes Antimalware” and download the free version
3) Install and update Malwarebytes (if you choose “Run” when downloading in step 2 above,
you can just follow all the instructions and it should update and run Malwarebytes for you).
4) Instead of just running Malwarebytes straight away, you need to boot into Safe Mode with
Command Prompt. This is done by:
a. Restarting your PC and hitting the F8 key approx. once per second from the time you
see the Dell splash-screen. If you are successful, you will get a black & white text
window giving you options including the Safe Mode with Command Prompt you’re
after. If you’re unsuccessful, the PC will continue to boot into Windows (and you’ll
see the Windows splash-screen) – in this case, reboot and try again. If you have lots
of problems getting to this stage, call me.
b. Once you’re able to choose Safe Mode with Command Prompt, do so. This will give
you a ‘strange’ version of your Windows desktop (as the screen resolution etc will all
be ‘wrong’) – don’t panic!
c. When you are logged in in Safe Mode, there should be a black & white text box (the
Command Prompt) in the middle of the screen – at this prompt you need to type the
following commands:
• CD \Program Files (or CD \Program Files(x86) if you’re using a 64bit
computer)
• CD Malwarebytes Anti-Malware
• MBAM
d. The above (ignoring the bullet points and noting that there’s a space between “CD”
and the rest of the command, and that you press Enter at the end of each line)
should ensure you get a Malwarebytes window open up. At this point, you should
choose the options to run a Full Scan.
e. The Full Scan will take some time (maybe up to a couple of hours depending upon
the size and speed of your computer), at the end of which you’ll be presented with a
list of viruses and/or malware that it found. At this point, note down the virus
names you find (don’t worry about duplicates) and then choose the option to delete
all the malicious files.
f. Once this has completed, exit the program then type EXIT at the command prompt.
This should restart the computer (although if it doesn’t, then you may need to use
brute force and press & hold the power button to turn it off).
5) When all of this has completed, you *should* be left with a computer that’s either 100%
fixed, or about 95% fixed. I would suggest you try and run a quick scan from Malwarebytes
(without bothering with Safe Mode) to see whether it finds anything else (it shouldn’t).
Spoon PPRuNerist & Mad Inistrator
Mike-Bracknell,
You know the rules, no advertising or self promotion in the forums.
You are welcome to take out paid advertising on PPRuNe.
SD
You know the rules, no advertising or self promotion in the forums.
You are welcome to take out paid advertising on PPRuNe.
SD