Jump to content

Welcome to MSFN Forum
Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message will be removed once you have signed in.
Login to Account Create an Account



Photo

unwanted porn site popup automatically

- - - - -

  • Please log in to reply
12 replies to this topic

#1
rickytheanuj

rickytheanuj

    Member

  • Member
  • PipPip
  • 264 posts
  • Joined 09-April 07
in my office network 2-3 computer had a problem, it automatically popup some unwanted porn site.
Nod32 antivirus is installed in that computer and i checked my computer with mcafee stringer virus remover but nothing is there.. there is nothing like that in startup and even schedule so what's the problem.. i also cleaned my web browsers' history and cookies too.. but nothing is gonna work..

help me.. or i have only way to solve is format


How to remove advertisement from MSFN

#2
-X-

-X-

    Member

  • MSFN Sponsor
  • 2,421 posts
  • Joined 08-January 04
  • OS:XP Pro x86
  • Country: Country Flag

Donator

Sounds like malware. Post a hijackthis log or something.

Download all Windows XP Post SP3 High-Priority Updates with a simple double click @ xdot.tk post-12166-0-42859000-1399044129.png ]
               If someone helps you fix a problem, please report back so they and others can benefit from the solution. Thanks!


#3
rickytheanuj

rickytheanuj

    Member

  • Member
  • PipPip
  • 264 posts
  • Joined 09-April 07
so.. wat's the sol??

#4
submix8c

submix8c

    Inconceivable!

  • Patrons
  • 4,329 posts
  • Joined 14-September 05
  • OS:none specified
  • Country: Country Flag

Sounds like malware. Post a hijackthis log or something.

Uhhh...

Someday the tyrants will be unthroned... Jason "Jay" Chasteen; RIP, bro!

Posted Image


#5
cluberti

cluberti

    Gustatus similis pullus

  • Supervisor
  • 11,252 posts
  • Joined 09-September 01
  • OS:Windows 8.1 x64
  • Country: Country Flag
The solution is gonna involve some investigative work by you to help us, because the MSFN crystal ball is in the shop currently. Please start by running hijackthis on the affected machine and attach the log to your next post here, for starters.

We're really bad even with the crystal ball at guessing, but pretty good once we have data ;).
MCTS Windows Internals, MCITP Server 2008 EA, MCTS MDT/BDD, MCSE/MCSA Server 2003, Server 2012, Windows 8
--------------------
Please read the rules before posting!
Please consider donating to MSFN to keep it up and running!

#6
herbalist

herbalist

    paranoid independent

  • Member
  • PipPipPipPipPip
  • 729 posts
  • Joined 15-December 06
  • OS:98
  • Country: Country Flag
Hijack this and instructions regarding its use are available here.

#7
MrJinje

MrJinje

    Tool™ Developer

  • Developer
  • 1,051 posts
  • Joined 14-October 09
  • OS:Server 2012R2
  • Country: Country Flag
To be honest, any corporate problem that takes longer to solve than the time it takes to provision a new machine, does not need to be solved.

You have to weigh how many hours you have worked this problem against how long it would have taken you to reformat/reinstall.

#8
cluberti

cluberti

    Gustatus similis pullus

  • Supervisor
  • 11,252 posts
  • Joined 09-September 01
  • OS:Windows 8.1 x64
  • Country: Country Flag
...until it happens twice. Then, might as well fix it and find root cause, otherwise it'll just keep re-appearing.
MCTS Windows Internals, MCITP Server 2008 EA, MCTS MDT/BDD, MCSE/MCSA Server 2003, Server 2012, Windows 8
--------------------
Please read the rules before posting!
Please consider donating to MSFN to keep it up and running!

#9
MrJinje

MrJinje

    Tool™ Developer

  • Developer
  • 1,051 posts
  • Joined 14-October 09
  • OS:Server 2012R2
  • Country: Country Flag
If it turns out to be an employee surfing for pr0n, the HR reps will have a lunch of him. We have fired many employees for violating that little policy, very embarrassing way to go.

Another way to go might be to configure that website (pr0n address) into the "Restricted Zone" via group policy, or better yet configure the DNS/gateway/router to bar access to that site. That would help prevent a future infection.

Edited by MrJinje, 07 January 2010 - 05:33 PM.


#10
herbalist

herbalist

    paranoid independent

  • Member
  • PipPipPipPipPip
  • 729 posts
  • Joined 15-December 06
  • OS:98
  • Country: Country Flag
At a place of employment, office and workstation computers should only get internet access if it's necessary for them to perform their jobs.

Reformatting might be the fastest way to fix the problem (assuming your office has all the data on these PCs backed up, but finding and fixing the actual problem could show who is the source of this problem.

#11
MrJinje

MrJinje

    Tool™ Developer

  • Developer
  • 1,051 posts
  • Joined 14-October 09
  • OS:Server 2012R2
  • Country: Country Flag
Has the OP already ruled out a browser helper object. These would be beyond all the measures the OP employed (not found in start up, clear cookies, history).

Dig around in the Manage Add-on console (IE Options) and see if there are any randomly named, unsigned, unknown BHO's and react accordingly. Disable them one by one until the pop-up stops.

Posted Image

Then after you are 100% sure you know which add-on is causing trouble, create a group policy setting that prevents usage/installation of that particular add-on.

The settings are controlled from here, via group policy.

Windows Components\Internet Explorer\Security Features\Add-on Management

Edited by MrJinje, 09 January 2010 - 02:28 PM.


#12
Guest_stefan2078_*

Guest_stefan2078_*
  • Guests
  • Joined --
Try Malwarebytes' Anti-Malware which can remove trojans, worms, adware, malware from the computer it's really a good antivirus software that has a high detection rate, consumes low system resources and is fast.

#13
rwycuff

rwycuff

    Newbie

  • Member
  • 17 posts
  • Joined 07-February 08
Mr Jingie has the right idea its either a BHO or Could be Hosts file.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users