Badmovies.org Forum

I don't know about you guys, but for the last couple of days I've been getting weird pop-up download boxes here on this site.

They don't pop up all the time.  They show up after so many page views.
It's the familiar grey downlowd box that asks you if you want to either RUN a program, SAVE it or click CANCEL

It looks like this:
(http://www.noadware.net/download/dwnld-alert-box.gif)

Here's what the file type says:

File name: bc_leaderboard.js
File type: JScript Scriptfile
From: content.zedge.no

I should also mention that the file name, file type and where it's from change each time one pops up.
I've had at least 6 or 7 of them in the last couple days.
I wrote a few of them down.
Here's another example:

File name: sona_729x90new.js
From: www.hi5.com

I Googled them and from what I can tell, they're Javascript files and they only show up here at Badmovies.org.
I don't get them at any other site.

I've also ran four different spyware and adware removal tools and they all found nothing on my p.c.

I keep thinking....didn't this problem happen a few years ago here?
I swear it did and Andrew had to fix it.

You guys also getting the same pop-up boxes here?



Post Edited (09-13-05 07:30)

Ah....
I found the old thread about spyware and such HERE (http://www.badmovies.org/bbs/read.php?f=2&i=63777&t=63658)

I ran that TrendMicro virus scanner again and it found nothing.
This download box is different from that achtungachtung box that constantly popped up on me last year.  
These new boxes ONLY appear here at Badmovies.org.

What's the deal?



Post Edited (09-13-05 05:45)

I get nothing like that at all. It's spyware or some type of virus I'd bet.  Try Spybot or Ad-aware if you haven't done them yet. If you can find out what they are, there should be some kind of removal tool for them.

odinn7 wrote:

> I get nothing like that at all. It's spyware or some type of
> virus I'd bet.  Try Spybot or Ad-aware if you haven't done them
> yet. If you can find out what they are, there should be some
> kind of removal tool for them.
>

Spybot Search & Destroy and AdAware are two of the four tools I used to try to detect it with.
Both are up to date and found nothing.
(I'm almost religious when it comes to keeping my anti-spyware tools up to date...I check for updates everyday)

Now build me a nice countertop Odinn!  LOL!



Post Edited (09-13-05 08:14)

ASHTHECAT wrote:


> Spybot Search & Destroy and AdAware are two of the four tools I
> used to try to detect it.
> Both are up to date and found nothing.
> (I'm almost religious when it comes to keeping my anti-spyware
> tools up to date...I check for updates everyday)
>
> Now build me a nice countertop Odinn!  LOL!
>

>
> Post Edited (09-13-05 07:38)

Search your drive for files with those names or similar names. Other than that, I can't help you. Hopefully one of the computer geniuses will be along shortly.


Also, get it straight...I don't BUILD countertops. I run the CNC department and PROGRAM the machine to CUT the countertops. I'm the upper crust here...builders are below me...lol

lol....sorry odinn.
I pictured you using a tape measure and a saw to build countertops out of a piece of wood.

I got several of those yesterday (pop-ups, not countertops).  And of course, I just got one right now.  It asks me if I want to download a file called sona_728.90new.js.  All the ones I've gotten have been from a place called www.hi5.com, and I only get them here.

I don't get any pop ups either.

So I'm not the only one!

Andrew...it appears your site has been compromised.

I just got another one as I was editing this post.



Post Edited (09-13-05 08:18)

I'll have to send Andrew an e-mail to let him know.
At least I ain't the only one here getting those annoying boxes.

I e-mailed Andrew about this problem.
Hopefully he's able to rectify it.

No annoying boxes popping up here, though I think that I used to get pop-ups of some sort a while back, though this doesn't seem to be a problem nowadays.

I wonder, is it a conspiracy out to target a specific few?

Now I just got one from celebritywonder.com.

Switch browsers?

Firefox (http://www.mozilla.org)

Couple tech points:

1.  Andrew's forum MIGHT be compromised, but it might not.  There's many ways YOUR box could be infected and it be manifesting itself when you visit this site.  For example, a spyware app could read your cookies for a site you visit often, and activate then.

2.  Antivirus and antispyware tools in general are reactionary; they are only as good as your last update.  This means that there will always be malware in the wild that you are not protected against.  Your best solution, as usual, is PREVENTION rather than cure.  First tip to prevention?  DON'T USE WINDOWS.  Your second tip?  If you *MUST* use Windows, DON'T USE INTERNET EXPLORER.  Period.

Windows has a very bad security model concerning how it interprets file type.  Windows learns what kind a file something is from it's name; it is very, very easy to fool.  Linux (and other Unix variants, such as OS X on the Mac) don't do this.  They determine file type from the data within the file.  For example, I can name a text file myfile.exe.  Windows will think it is executable code (very bad), but Unix-like systems will 'know' it is a text file.  MUCH, MUCH safer.

You mentioned scanning with Adaware and Spybot.  Are the defs up-to-date?  (Hint: I don't run ANY antivirus or spyware software, AT ALL, PERIOD.  Guess which OS I'm not using).

3.  Worm/spyware infection on your computer (if this is infection on your own box) generally happens due to something you've done.  There are very few true self replicated viruses in the wild these days.  A worm by definition REQUIRES user interaction to infect the host.  This may mean that your PREVENTION efforts might require a self-examination of habits and practices.

Do you download a lot of free software, screensavers and other stuff?
Do you click a lot of banner ads?
Do you respond to ANY spam at all, even 'to remove from list'?
etc.  The list goes on.

4.  Are you running a popup blocker?  If so, and this is still getting through, I'd say your box is p0wned and the popup blocker has been disabled.  Firefox includes it's own (very effective) popup blocker, as well as mature javascript managment tools.  (Internet Explorer never seems to really trust the security settings you request in Options, so it is not very secure even if you request it).

5.  If the issue is infection of Andrew's forum, we need to understand WHY only two people of many are seeing the effect.  I can guess why some of us are not seeing it, but we need data. This would help know if the problem is on the forum side or the client side.



Post Edited (09-13-05 09:24)

EEeeeeeeeeewwwwwww!!!!!! You guys are infected! Stay away from me.

ulthar wrote:


> You mentioned scanning with Adaware and Spybot.  Are the defs
> up-to-date?  (Hint: I don't run ANY antivirus or spyware
> software, AT ALL, PERIOD.  Guess which OS I'm not using).
>
> 3.  Worm/spyware infection on your computer (if this is
> infection on your own box) generally happens due to something
> you've done.  There are very few true self replicated viruses
> in the wild these days.  A worm by definition REQUIRES user
> interaction to infect the host.  This may mean that your
> PREVENTION efforts might require a self-examination of habits
> and practices.
>
> Do you download a lot of free software, screensavers and other
> stuff?
> Do you click a lot of banner ads?
> Do you respond to ANY spam at all, even 'to remove from list'?
> etc.  The list goes on.

No...I'm very savvy when it comes to those things.

> 4.  Are you running a popup blocker?  If so, and this is still
> getting through, I'd say your box is p0wned and the popup
> blocker has been disabled.  Firefox includes it's own (very
> effective) popup blocker, as well as mature javascript
> managment tools.  (Internet Explorer never seems to really
> trust the security settings you request in Options, so it is
> not very secure even if you request it).

I use Yahoo pop-up blocker.

> 5.  If the issue is infection of Andrew's forum, we need to
> understand WHY only two people of many are seeing the effect.
> I can guess why some of us are not seeing it, but we need data.
> This would help know if the problem is on the forum side or the
> client side.

Obviously, if two of us are seing the same pop-ups, it can't be a coincidence.

And I've tried Firefox and hated it

I'm not getting any pop-ups. My pop-up blocker isn't blocking anything at this moment.

I suppose you guys are gonna make me walk around in a big plastic bubble now?

I'm running internet explorer, and 3 pop-up blockers.  I've got the whole Norton internet security package which updates itself automatically.  I just downloaded the newest Ad-aware update and ran that, found 7 objects.  I see Spyware Blaster requires you to buy their updates now.  I'll have to run Spybot today.  I might as well have Norton scan for viruses as long as I'm at it.  In the two years I've had it, it's never found a virus on my computer, but it's blocked quite a few people have tried to send me in e-mails.

Funny, I rebooted my computer and now I'm not getting the pop-ups any more.  For like 1/2 hour now.

Scott wrote:

> I'm not getting any pop-ups. My pop-up blocker isn't blocking
> anything at this moment.

That's the thing....my pop-up blocker cannot block these pop-ups.

Mr. Hockstatter wrote:


> Funny, I rebooted my computer and now I'm not getting the
> pop-ups any more.  For like 1/2 hour now.

I can surf for up to 1/2 hour to an hour and eventually, one of those boxes will come up.
And ONLY here.
I even restarted my p.c. twice and they still pop up.
I got another one when I posted this post.

It's NO coincidence.
I believe that this site has been compromised.



Post Edited (09-13-05 09:47)

Something must be going on and sounds like some have already e-mailed Andrew.

Mr. Hockstatter wrote:

> I got several of those yesterday (pop-ups, not countertops).
> And of course, I just got one right now.  It asks me if I want
> to download a file called sona_728.90new.js.  All the ones I've
> gotten have been from a place called www.hi5.com, and I only
> get them here.

That's the EXACT same pop-up box I got.

Ash and Mr. Hockstatter:
Please cover your mouth when you post...we don't need you spreading your germs to infect us also.

ASHTHECAT wrote:

>
> It's NO coincidence.
> I believe that this site has been compromised.
>

Ash, once again, the forum MAY be infected, but maybe not.  That others are NOT seeing the problem is significant, too.  It *IS* possible that YOUR computer (and Mr. H's) is infected.  I'm only saying this to emphasize that right now, we cannot jump to conclusions to solve such a problem.

I understand ulthar.
Notice how it appears to be Operating System sensitive?

It's obviously something to do with IE.

ASHTHECAT wrote:

> I understand ulthar.
> Notice how it appears to be Operating System sensitive?
>
> It's obviously something to do with IE.

Not necessarily; in the poll thread, there are others using WinXP and IE (I believe Odinn is one) that are seeing no problem.

I agree it's probably IE related, though.  Sorry you did not like Firefox.  It may take some getting used to, but it is a FAR superior product, and problems like this will be minimized.

Okay, some facts:

1. Folks with popup blockers active that are NOT getting this behavior report that their popup blocker is not blocking anything.

2. Only IE seems to be involved.

3. With Mozilla, I 'allowed popups from' badmovies.org, and have not seen anything while browsing lots of messages in multiple threads.  I'm running Linux; anyone running  Windows with popup blocking care to attempt this?

4. The only two systems reportedly affected are pre Windows XP SP2.

*My* preliminary conclusion (others welcome):  this is a local, client infection of some kind, not a 'popup' being served by badmovies.org.  I could be wrong, but that's where the data seem to be leading at the moment.

In other words, I don't think this is a 'popup' in the normal sense (a served web site issuing script commands to open a window), but is a local executable or script on the client computer.

Ash, will you try an experiment?  With the Popup "open," go to task manager (Ctrl-Alt-Delete, click Task Manager) and write down every process in your process list.  Either post the list, or do a Google search for all of them yourself.  Unless it is something VERY sophisticated (some malware infections trojan the task manager executable to hide themselves), the culprit should be there if it is a local executable infection.

Quote3. With Mozilla, I 'allowed popups from' badmovies.org, and have not seen anything while browsing lots of messages in multiple threads. I'm running Linux; anyone running Windows with popup blocking care to attempt this?

My pop-up blocker alerts me every time it stops something and it hasn't given me an alert yet. I will shut it off and see what happens but I'm really doubting it's anything here.


***EDIT*** I disabled the pop-up blocker and I got nothing. It really doesn't look like it's a problem here unless it's just related to SP1 or below.



Post Edited (09-13-05 11:54)

I do use Win XP/2000, depending on which machine I'm at, but generally I'm using Mozilla, and have checked the "no pop-ups" box.

Sure, I can do that....but
Is there any way to copy & paste the running processes within Task Manager?
It would take a long time to write each one down individually.

I just did a scan for viruses and it didn't find anything.  But, I'll still wear my little white mask if you guys want.

ASHTHECAT wrote:

> Sure, I can do that....but
> Is there any way to copy & paste the running processes within
> Task Manager?
> It would take a long time to write each one down individually.

You can try it, but task manager probably won't allow you to cut and paste from the list.  There are API calls you can run (for example from a C/++ program) to enumerate the running processes, and I know Windows Management Instrumentation (WMI) can be used for this.  Those approaches, though, are probably beyond the scope of what we need to do this.

Or, take a couple of screen shots (enough to be able to see them all) like you did for the popup itself.  We can eliminate a lot of the running tasks as "normal" Windows processes without having to search them all.

Also posted this to the other thread about the issue.

I am off today, just finished up having drill weekend for the Reserve Marines.

Looked into this for some time now and I cannot replicate the problem with either of my systems.  That would be XP with Sp2 running both Mozilla and IE.  Nor does the older Win98 box do this, trying with either Mozilla or IE.  I must have reloaded various pages, mostly the message board, over 100 times with each browser.

Both of my computers run software firewalls and are located behind a hardware firewall.

I looked through all of the ads running on the site and cannot find anything that references the domain that Ash pointed out.

The funny thing here is that Mr. Hockstatter rebooted and stopped getting them, like it was a process running in memory, but not in the startup for the OS.  I wonder if this is some sort of worm that uses a flaw in IE to attempt to download further code to finish compromising the computer.  That would explain why Hockstatter stopped seeing it after a reboot.

Ash, try giving me a Hijack this log:

Download Hijack This from Major Geeks (http://www.majorgeeks.com/download3155.html)

It really does appear to be something affecting the computers in question, rather than coming from the site.

Here's the HijackThis log from my p.c.
------------------------------------------------------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 8:32:52 PM, on 9/13/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\eVGA\ResChanger2004\ResChanger2004.exe
C:\program files\valve\steam\steam.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Jamey\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKCU\..\Run: [ResChanger2004] C:\Program Files\eVGA\ResChanger2004\ResChanger2004.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://presence.games.yahoo.com/yog/y/ks12_x.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

Are you running a firewall ASH? With Windows 98 I did not have any problems with boxes like this, but when I went to Windows 2000 I started getting boxes usually suggesting that there was a problem with my computer, but on occasion for a download. I installed a firewall and the problem stopped. I did the same for a friends's computer as he was being constantly annoyed with these boxes; they stopped for him as well.

I broke down and installed Service Pack 2.
The firewall wasn't up before but now it is.



Post Edited (09-13-05 22:01)

This is an adware program:
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1

There are a couple of files on there that I do not like.  We had a problem with ITunes stuff causing weird errors on computers in Iraq.  Also, I definitely do not trust that Party Poker program.  

Unfortunately, I do not have time to check through all of these.  There are trojans and worms that will replace legitimate processes - it gets tedious checking all those.  Please continue to let me know the details it is giving you, like which sites the things are coming from.

You also might want to ensure that you have the latest version of Java installed.  I mention this because I saw the ones were .js files.

http://java.sun.com/j2se/1.5.0/download.jsp (http://java.sun.com/j2se/1.5.0/download.jsp)

(You want JRE 5.0 update 4.)

The Pre SP2 Firewall is a well-known piece of crap.

Thanks for the help guys!
I downloaded and installed that Java file.

What exactly will that do for my computer?

If you don't know...I'm not telling you.

i use ad-aware and spybot. To tell the truth i don't run them very much...hardly ever and when i do they never find anything. and i visit ALL types of sites that would normally download spyware and stuff on my pc. I use SPYWAREBLASTER (which helps prevent the download of active x spyware and browser hijackers). I i block third party cookies. I set my active x controls so they do not automatically download.

I also disabled my internet explorers INSTALL ON DEMAND (on the advanced settings..both of them) this is very important to do.

My IE is custom set,, and I never have popups anymore on my home computer. I never have have spyware. Just in case i have HijackThis (advanced program i don't recommend anyone using unless you know what you are doing) but if you tweak your IE settings that can be enough.

ASHTHECAT wrote:

> I downloaded and installed that Java file.
>
> What exactly will that do for my computer?


It will keep it awake at night. (http://www.smileys.ws/sm/grinning/00000021.gif)

Susan wrote:

> i use ad-aware and spybot. To tell the truth i don't run them
> very much...hardly ever and when i do they never find anything.
> and i visit ALL types of sites that would normally download
> spyware and stuff on my pc.

So what's a nice lady like you doing at a site like this?

Got another one today.  

name:  zedo468X60.js
type:  JScript Script file
from:  www.strangecosmos.com

Somebody was asking what tasks were running while these things come up.  

File Download
phorum - bad movies
inbox - outlook express
windows media player
explorer
Ccapp
Fs20
Internat
Spampal
Em.exec
systray

All looks like normal stuff except of course the File Download.

raj i keep asking myself that same question
night after night....after night

Susan wrote:

> raj i keep asking myself that same question
> night after night....after night


Hmmm...seems to talk talk to herself alot, huh raj. (http://www.smileys.ws/sm/grinning/00000021.gif)

Well, the problem seems to be gone now.
After I installed Service Pack 2, that Java thing, a few updates and restarted my computer about 50,000 times, it seems to have disappeared.

Cool!
That pop-up was getting seriously annoying.



Post Edited (09-16-05 17:02)