Possibe Virus? "I HATE Pops!"

Maybe someone here can help on this.
I think my machine (Windows 98 SE) may have a virus (or at least some spyware/adware).

I come home from work the other day and notice all these windows open on the desktop. All of the windows are titled "I Hate Pops! - Microsoft Internet Explorer provided by America Online ". The system sits here, constantly cycling through them, and you can really do nothing else. In the middle of each screen is this big red stop sign that states "STOP POP-UPS ", with a button that states "Click here to find out how! ". I have never clicked the button. I simply go to each window and close the window (click X corner icon). However, at some time later, the screen (s) will start coming back up.

I've run spybot and adaware and deleted everything they found. I always keep my NAV current, but did a full system scan anyways.

Another thing I noticed as welll - when I came home the other day, there was a new icon on the desktop. I think it was called "SDS ". I forget, because I did a properties on it, and deleted the icon and the folder (it was in the programs folder). I had first checked to see if I could uninstall the thing, through the control panel, but it was not listed. There are 4 users in the house for this computer, and nobody installed this software.

Here is what I think happened - the night before this "problem" started, my wife tried to send an 80 MEG file via email (not too savvy, eh?). In any event, I think she said the next morning, Outlook Express was still trying to send this thing (at least it still showed up in the outbox). I'm thinking that possibly a TCP/IP Port had gotten open and maybe someone hacked into my machine and placed this POPS! stuff in it.

Please help! Any ideas on what to do from here? Does anyone know folks who wrote spybot or adaware who could send this email to them?

Thanks as usual,

 

rtstanley--If you can't find any malware with any of these programs (AdAware, Spybot, HiJackThis--with, as PeteC has said, latest updated reference files) you can post your problem at the AdAware forum.
http://www.lavasoftsupport.com/
It sure sounds like malware to me.
And, while I do not think this has much to do with that large email, get a firewall.

P.S. I gather you use AOL, so you could ask their tech support, too.

 

Hello rtstanley,

To add to Pete's to do actions: read the Safe Browsing article at the top of the Security/Viruses section. Most Browser security breaches are from lax ActiveX settings.

*I'm thinking that possibly a TCP/IP Port had gotten open and maybe someone hacked into my machine and placed this POPS! stuff in it.*

Unless you're running without a firewall, that's a low probability.

Regards - Charles

 

Because you said these messages are displaying on your desktop, go to admin tools, services, scroll down and disable Messenger. It comes enabled by default, and is not needed unless you need to relay messages from a network admin to each workstation. Some companies are exploiting this service and sending direct ads to the desktop. This is not the same thing as the instant messaging client MSN messenger (that also comes enabled by default.) Try this in addition to the other suggestions you have been given, and let us know how you fare.

Johanna

 

I had noticed that your IE may have been installed by AOL, and now you seem to have some sort of software installed without your knowledge. Go into Internet Options, click on the Security tab, then click on the Trusted Sites icon. Now, click on the Sites button. Check to see if free.aol.com is listed there. If it is there, remove it. I would then go into Restricted Sites, and put it in there.

 

A word or two from my experience.

Be VERY CAREFULL.and WATCH CAREFULLY when installing new software. Especially Software purchased on a CD. IT MAY INSTALL AOL

Two out of three of my latest installs tried to do that. And every one wound up with a FREE AOL ICON on the desktop.

One program was from Broderbund. I forget where the other was from.

DO NOT click on that Right click and send to the recycle bin so that no one does. ( at least that is what I do )

BillyBob

 

Holly Toledo !!!!!

I have to apply some of my own ideas and try to find out where the item in the start menu AOL FOR Broadband came from.

BB

 

broni--Outlook Express 6 has a box which can be unchecked on the Tools|Options|General tab| "Automatically log on to Windows Messenger ".
However the program that usually causes popups is Messenger Service, which is different from Windows Messenger.
http://www.lavahelp.com/articles/v6/03/05/0302.html
But you right that Windows Messenger supposedly is not found on PC's running Win98.

 

broni--It is possible we do not disagree.
There are three different programs.
Messenger Service, MSN Messenger and Windows Messenger.
The differences are more or less explained in the third paragraph here
http://messenger.msn.com/Help/Issues.aspx
As you can see, Messenger Service is a well-known provider of spam pop-ups, although that was not what it was supposed to do. I have already provided one reference to it. Here is another.
http://support.microsoft.com/default.aspx?scid=330904
A quote from that article says "The Messenger service is not related to your Web browser, e-mail program, Windows Messenger, or MSN Messenger." Unfortunately, it does not say where it does come from

MSN Messenger, is a legitimate MS supplied messenger service.
http://messenger.msn.com
Any one can get MSN Messenger, and it can be uninstalled from Control Panel|Add/Remove Programs.

As you have seen from the first reference, Windows Messenger is not the same as MSN Messenger. From MSN Messenger Help
http://messenger.msn.com/Help/

"How are MSN Messenger and Windows® Messenger different?Windows XP comes with Windows Messenger, which remains available even after MSN Messenger 6.1 is installed on your computer.

Here are some things to keep in mind:

Only Windows Messenger can connect to the Communications Service and Exchange Instant Messaging, which are only used in corporations.
Some programs, such as Outlook, Outlook Express, and Remote Assistance, connect to Windows Messenger by default. When you are signed in to MSN Messenger, you may appear offline to people who connect to these programs and have you listed as a contact.
MSN Messenger and Windows Messenger can run at the same time, but only one will start automatically. You can start the other program from your list of programs (in Windows, click the Start button, point to All Programs, and then click the program you want to start).
In most cases, MSN Messenger will start automatically whenever you start Windows, unless you turn off this setting in your Messenger options. However, if you have set up Windows Messenger for corporate instant messaging and to start automatically when you start Windows, then it will continue in this manner and MSN Messenger will not start automatically.
You can be signed in to both MSN Messenger and Windows Messenger at the same time, but not with the same .NET Passport account. For instance, you can sign in to MSN Messenger with your Passport and then sign in to Windows Messenger with a different Passport account or with your corporate instant messaging account.
When both programs are running, you will see icons for each in your Windows taskbar (near your computer's clock). You can tell them apart by pointing to them with your mouse. When you point to an icon, a message appears telling you which program it is.
If you are signed in to one Messenger program with your Passport and then sign in to the other one using the same account, you will be automatically signed out of the first program. "

I do not know how someone with Win98 can get Messenger Service (and hope never to find out). There are removal tools for all WinOS's except Win98. Among which
http://www.dougknox.com/xp/tips/xp_messenger_remove.htm

 

rtstanley--So, any success? Did you ever run HiJackThis? Did you check that the reference files for AdAware, Spybot and HiJackThis are up to date?
What about markp62's idea on "free.aol.com "?
I am not at all sure that Messenger Service is your problem. But if you still have the problem, take a look here
http://www.dougknox.com/xp/tips/xp_messenger_remove.htm
Down near the bottom is a "Note" and it starts a few sentences that offer a way, editing the Registry, to disable Messenger Service. Just looking at it, I would think it might work in Win98. If you are comfortable editing the Registry and especially if you make a backup of that section before making changes (to restore if necessary), you might try it.
Also came across this at www.google.com
http://www.google.com/search?source...Internet+Explorer+provided+by+America+Online"
but I don't think anyone has the same problem you do.
The "Microsoft Internet Explorer provided by America Online" thing seems part of AOL 8. But "I Hate Pops "???

Good luck.

 

I suspect no one cares, but I finally found out the source of Messenger Service
http://www.grc.com/stm/shootthemessenger.htm

"What is the Messenger Service?

Starting back with Windows NT, and carried forward into all subsequent operating systems, Microsoft included a simple way for users on a network to send each other short "pop-up" messages. Network administrators might have used it to notify everyone of system-wide events. It was a nice idea, though in its original form it never caught on widely. There is a standard command line program "Net Send ", that can be used to generate these messages, and there's also a GUI (Graphical User Interface) application to do the same.


If you're curious to see the graphical interface: On Windows 2000 or XP, right-click on "My Computer "/ "Manage ". Then under "System Tools" right-click on "Shared Folders ". Choose "All Tasks" and finally "Send Console Message..."


You probably didn't know any of that was there, and neither do most people. It's a never-used feature that has been replaced by the various well known, popular, and feature-rich instant messaging systems. "

 

98 does have the WinPopUp service for networks, easily disabled through the Start\Programs\Startup, WinPopUp.Exe starts it, although this is a reach. It displays network messages like the Messenger service on Windows NT/2000.
This is automatically installed with Client for Microsoft Networks, but is not enabled at startup automatically.
BillyBob, glad to see that you are around and well again.

 

welch jim
Thank you for accurately typing out all the descriptions of the flavors of Messenger. It can quite confusiing, and I wanted to reply in more detail, buy you beat me to it! I am not the best left handed typist to start with! You did a good job explaining The Mess!
Cheers!
Johanna

 

Yep post a hijackthis log,, best not to attempt fixing
yourself please, that would or might make it harder to fix

for referance only see this
Navpop + Ihatepops Hijackthis Log
navpop + IHATEHOPS
(this may be the same person ? "mrbiglive ")

http://forums.net-integration.net/index.php?showtopic=9646


PS I think winpopup can be used if installed even if not in the startup folder(not that this has anything to do with the problem)

Regards
Lonny

 

Johanna--Thanks for your kind words. I know I was long-winded, but writing it helped me sort things out for myself!!
BTW, while I often rail against MS for not writing very clearly, at least they always make the difference among the three (all of which they invented) and do not fall into the trap of referring to the non-existent Windows Messenger Service.
Lonny Jones--Looks like a good find. Hope rtstanley lets us know the outcome.
markp62--Thank heavens no WinPopUp on my PC!!

 

Have the same problem on a Windows XP machine...also at the same time, stated to get the same style of popup for "internet Cleaning" and my start page changed to Popnav.com.

Currently working through all of the suggestions here and will await developments....

Edit: I have found that the Popnav.com on seems to have replaced my '40# error' (server not found/page not found...) pages. They all three started at the time, which seems to be around the same time mentioned in the OP. Hope this helps....