# Something has hacked my computer



## armophob (Nov 13, 2006)

Every time I log in to the site I am getting popup tabs and windows.
There is a banner ad with a bunch of links about boobs that shows up.
And at the top right notification it says "1" but when you click on that it opens a advertisement on a new tab.


----------



## Stewart Vernon (Jan 7, 2005)

Are you sure your computer/browser hasn't been compromised? The behavior you are describing sounds exactly what I have heard from people who have had adware installed on their computers.


----------



## MysteryMan (May 17, 2010)

armophob said:


> Every time I log in to the site I am getting popup tabs and windows.
> There is a banner ad with a bunch of links about boobs that shows up.
> And at the top right notification it says "1" but when you click on that it opens a advertisement on a new tab.


I agree with Stewart. Run a virus scan on your PC. Then go to Malewarebytes and use their free download. Also check your Firewall settings.


----------



## jimmie57 (Jun 26, 2010)

armophob said:


> Every time I log in to the site I am getting popup tabs and windows.
> There is a banner ad with a bunch of links about boobs that shows up.
> And at the top right notification it says "1" but when you click on that it opens a advertisement on a new tab.


I am not seeing anything like that.
As the others have said, run Malwarebytes or similar to see if it gets some unwanted visitor off your machine.


----------



## armophob (Nov 13, 2006)

I appreciate the link.
I ran it and found issues.
But they did not fix this.
I believe all of you that is my machine.

I have run Spybot, AdAware, Mcafee.
But this is only popping up when I log in here.
It is even running banner text under the Thread title.

I fills a reply with the banners

This may it for my XP.

RIP



jimmie57 said:


> I am not seeing anything like that.
> As the others have said, run Malwarebytes or similar to see if it gets some unwanted visitor off your machine.


----------



## jimmie57 (Jun 26, 2010)

armophob said:


> I appreciate the link.
> I ran it and found issues.
> But they did not fix this.
> I believe all of you that is my machine.
> ...


Malwarebytes is better at finding that kind of stuff than the ones you listed, at least in the past for me it has.


----------



## jimmie57 (Jun 26, 2010)

armophob said:


> I appreciate the link.
> I ran it and found issues.
> But they did not fix this.
> I believe all of you that is my machine.
> ...


Have you run CCleaner ? After you run it and get all of the old data removed from your computer, run the Registry . Sometimes stuff gets in there and causes a problem like you have. This sometimes finds bad stuff in there.
It is FREE also.


----------



## dpeters11 (May 30, 2007)

I personally would not connect to the Internet using XP, just not safe enough for my comfort.


----------



## armophob (Nov 13, 2006)

I will try it.
As far as I can tell it is going after Firefox not IE.
I don't get the pop ups and opening tabs yet in IE.
I wiped out FF and reloaded it but it found it again.
I will try more tonight.



jimmie57 said:


> Have you run CCleaner ? After you run it and get all of the old data removed from your computer, run the Registry . Sometimes stuff gets in there and causes a problem like you have. This sometimes finds bad stuff in there.
> It is FREE also.


----------



## Stewart Vernon (Jan 7, 2005)

Some of those can be particularly nasty and leave themselves in a few places so they can come back if not completely eradicated.

Also, sometimes you get lucky and they only attach to one Web browser and not another.


----------



## jimmie57 (Jun 26, 2010)

armophob said:


> I will try it.
> As far as I can tell it is going after Firefox not IE.
> I don't get the pop ups and opening tabs yet in IE.
> I wiped out FF and reloaded it but it found it again.
> I will try more tonight.


Sometimes the only way to get rid of bad things is to start the computer in Safe Mode so that it does not load everything and then run the virus software.
Good luck.


----------



## harsh (Jun 15, 2003)

If you haven't run Malwarebytes, you haven't done what you need to do.

Make sure you allow it to do its update thing and after it reboots your system (this is almost guaranteed based on what you describe), run it again.


----------



## Hoosier205 (Sep 3, 2007)

dpeters11 said:


> I personally would not connect to the Internet using XP, just not safe enough for my comfort.


Same goes for me...except I would blacklist any variety of Windows.


----------



## armophob (Nov 13, 2006)

I ran it as soon as you posted it.


If a Mod wants to move this thread now that it is known PC issue.



If you haven't run Malwarebytes, you haven't done what you need to do.

Make sure you allow it to do its update thing and after it reboots your system (this is almost guaranteed based on what you describe), run it again.


----------



## armophob (Nov 13, 2006)

Woo Hoo!! I am fixed.

There is a tab Firefox under Startup in CCLeaner that helped me find it. That tab showed me a hidden Add-On that was starting up every time I opened FF.


jimmie57 said:


> Have you run CCleaner ? After you run it and get all of the old data removed from your computer, run the Registry . Sometimes stuff gets in there and causes a problem like you have. This sometimes finds bad stuff in there.
> It is FREE also.


----------



## jimmie57 (Jun 26, 2010)

armophob said:


> Woo Hoo!! I am fixed.
> 
> There is a tab Firefox under Startup in CCLeaner that helped me find it. That tab showed me a hidden Add-On that was starting up every time I opened FF.


Excellent.
I love CCleaner and Malwarebytes. I use them about once a month even tho I have Norton running all the time.
I still have 3 computers with XP on them. The newer ones I have use Win 7 and 1 new laptop uses Win 8.1.


----------



## Scott Kocourek (Jun 13, 2009)

Glad to hear you got it figured out. Amazing what we can learn here.


----------



## TheRatPatrol (Oct 1, 2003)

Scott Kocourek said:


> Glad to hear you got it figured out. Amazing what we can learn here.


You got that right. Everything I've learned about Directv I've learned here.

"You alright, I learned it by watching you".


----------



## Rich (Feb 22, 2007)

Scott Kocourek said:


> Glad to hear you got it figured out. Amazing what we can learn here.


Never ceases to amaze me. Don't know what I'd do without the site.

Rich


----------



## Rich (Feb 22, 2007)

jimmie57 said:


> Excellent.
> I love CCleaner and Malwarebytes. I use them about once a month even tho I have Norton running all the time.
> I still have 3 computers with XP on them. The newer ones I have use Win 7 and 1 new laptop uses Win 8.1.


I've been using Malwarebytes since you first mention it. Now I gotta try CCleaner. Get a new lawn tractor?

Rich


----------



## Rich (Feb 22, 2007)

jimmie57 said:


> Excellent.
> I love CCleaner and Malwarebytes. I use them about once a month even tho I have Norton running all the time.
> I still have 3 computers with XP on them. The newer ones I have use Win 7 and 1 new laptop uses Win 8.1.


Which CCleaner do you use, the free one or the one the others?

Rich


----------



## dennisj00 (Sep 27, 2007)

I've been fighting pup.optional.Goobzo infection on desktop and laptop for the past 3-4 days. It would change the Home Page on IE to Google and the additional tabs. (Both 8.1 OS)

Malwarebytes would detect and quarantine but in a few minutes it would redirect IE. I filed a report with MB yesterday and the laptop almost became unusable yesterday that I restored a restore point which seemed to fix it.

This morning I got an email from MB with a few steps to do on the desktop (some I had already done from googling) and log files to return. In 4 or 5 emails with more checkers / fixers / logfiles over the last 5 hours, it appears to be gone.

I had a proxy server infection.

I'd recommend getting a license for the real-time MB (which I had even though it didn't block this one.) I'd also recommend creating a restore point every couple of weeks.

The only thing I can contribute this one to is I tried - without success - to install the Amazon downloader on the desktop. Things got wonky after that.


----------



## dennisj00 (Sep 27, 2007)

I also don't understand the mentality of the virus / malware writer. Why would I advertise that I loaded something on your machine by changing the homepage?


----------



## jimmie57 (Jun 26, 2010)

Rich said:


> Which CCleaner do you use, the free one or the one the others?
> 
> Rich


Hey man, I am retired and living on SS. FREE any time I can get it.
However, I am running Norton 24/7 live. Norton is supplied by Comcast FREE.
About once a month I run Malwarebytes but it almost never finds anything.
CCleaner is the same about once a month. I like it to selectively get rid of old files, run the Registry part of it after programs update ( they leave a lot of old files and registry entries sometimes ).
The tab for editing the startup files to run is very easy to cull out things set to run that you just do not need.


----------



## harsh (Jun 15, 2003)

dennisj00 said:


> I also don't understand the mentality of the virus / malware writer. Why would I advertise that I loaded something on your machine by changing the homepage?


If you're doing it for international recognition, you make sure people know about it.

If you're doing it to build up a bot network or infiltrate someone's private network, you don't.


----------



## harsh (Jun 15, 2003)

dennisj00 said:


> Malwarebytes would detect and quarantine but in a few minutes it would redirect IE. I filed a report with MB yesterday and the laptop almost became unusable yesterday that I restored a restore point which seemed to fix it.


Some of these infections involve several independent infection tools all looking out for each other. The real danger is will come when they find some way of reliably wiping out the restore points and we'll have to fall back on actual backups.


----------



## djlong (Jul 8, 2002)

I got hit with something that had similar symptoms (replace "windows with boos" with "windows demanding fake Java/Flash updates"). I keep a pretty tight set of computers here and NO product could find ANY problem.

...until, on a lark, I tried using OpenDNS for my DNS servers. Long story short, I thought my ISP's DNS server was compromised. Nope - I was infected with "The Moon":

The Moon? What's so different?

- It didn't come from me, my browsing or any program I ran.
- It didn't live in any PC, tablet, phone or game system.
- It was PLANTED in my ROUTER (Linksys) by an outside criminal scanning IP addresses.
- It worked because Linksys had a not-too-obvious setting that allowed outsiders to admin your router (not so bad) but it DID NOT NEED THE ROUTER'S PASSWORD (which I changed the moment I fired i up) - BAD BAD BAD!

A firmware upgrade ended up taking care of the problem. Now visitors (like my kids) can use my WiFi and I don't have to get them to finagle using OpenDNS.


----------



## harsh (Jun 15, 2003)

Here's some background on "The Moon":

http://thehackernews.com/2014/02/linksys-malware-moon-spreading-from.html

I'm surprised that this is the first I've heard of this and very much appreciate the heads up.


----------



## dpeters11 (May 30, 2007)

djlong said:


> I got hit with something that had similar symptoms (replace "windows with boos" with "windows demanding fake Java/Flash updates"). I keep a pretty tight set of computers here and NO product could find ANY problem.
> 
> ...until, on a lark, I tried using OpenDNS for my DNS servers. Long story short, I thought my ISP's DNS server was compromised. Nope - I was infected with "The Moon":
> 
> ...


I say never allow remote administration, regardless of password. Linksys also had a bad bug where you could disable Wireless Protected Setup (which is easily exploitable when in range, at least with their implementation) in the GUI but it didn't actually do anything.


----------



## Rich (Feb 22, 2007)

dpeters11 said:


> _*I say never allow remote administration*_, regardless of password. Linksys also had a bad bug where you could disable Wireless Protected Setup (which is easily exploitable when in range, at least with their implementation) in the GUI but it didn't actually do anything.


I agree. When I started that thread about the call to D* the other day, the call never got to the next step after, "Let's wipe out your history first", which I'm sure would have been a request to take over my computer. Every time I've done that (haven't allowed anyone to do that for an awfully long time) my computer wasn't the same afterwards.

Which router would you suggest? I've had a Linksys 4200 for a few years, haven't had any problems with it, but after reading your posts...

Rich


----------



## dpeters11 (May 30, 2007)

Rich said:


> I agree. When I started that thread about the call to D* the other day, the call never got to the next step after, "Let's wipe out your history first", which I'm sure would have been a request to take over my computer. Every time I've done that (haven't allowed anyone to do that for an awfully long time) my computer wasn't the same afterwards.
> 
> Which router would you suggest? I've had a Linksys 4200 for a few years, haven't had any problems with it, but after reading your posts...
> 
> Rich


I bet it wasn't going to be a remote session, I don't think they have that setup.

Personally, I like Netgear. The other potential option is to replace the firmware with something like DD-WRT, but if yours is a v2, that's not compatible.

Belkin owns Linksys now, but that won't get me to buy one


----------



## Rich (Feb 22, 2007)

dpeters11 said:


> I bet it wasn't going to be a remote session, _*I don't think they have that setup.*_
> 
> Personally, I like Netgear. The other potential option is to replace the firmware with something like DD-WRT, but if yours is a v2, that's not compatible.
> 
> Belkin owns Linksys now, but that won't get me to buy one


I think that was the first time I ever called about a computer problem. I don't know whether they can do that or not. Netgear, huh? Perhaps I'll give one of them a try next time. Thanx.

Rich


----------



## dennisj00 (Sep 27, 2007)

I gave up on Linksys when I couldn't load DD-WRT anymore.

I'm very pleased with the several ASUS locations I've installed.


----------



## camo (Apr 15, 2010)

Be careful where you download CCleaner.


----------



## harsh (Jun 15, 2003)

Going overboard on a high-end router if you're not going to use it as a VPN or print server is a waste of money.

If you've never been "into" your router and don't fancy doing so, the most basic model that meets your Wi-fi desires is probably just fine.

Dual-band is probably way over the head of 80% of router users.


----------



## dpeters11 (May 30, 2007)

harsh said:


> Going overboard on a high-end router if you're not going to use it as a VPN or print server is a waste of money.
> 
> If you've never been "into" your router and don't fancy doing so, the most basic model that meets your Wi-fi desires is probably just fine.
> 
> Dual-band is probably way over the head of 80% of router users.


The most basic models are riddled with security holes that don't get fixed. They have poor implementations of WPS that make it trivial to get into the network regardless of a WPA2 passcode.

Vulnerabilities in routers is exactly how XBox Live and PSN were taken down.

I am very much aware that even if a fix were available, most users wouldn't apply it, but I think that's different than an issue that won't be fixed by the ISP or manufacturer. But better routers generally have better security out of the box, such as an improved WPS implementation (my Netgear for example will only allow an incorrect WPS password to be entered 3 times, after which it must be cold booted.


----------



## harsh (Jun 15, 2003)

dpeters11 said:


> The most basic models are riddled with security holes that don't get fixed.


Apparently the high-end routers don't fare much better. The last few listings I've seen for routers on the CERT vulnerability list have been for Cisco and the top-end ASUS (N66) routers. Cisco gets a shocking number of listings.

There's a certain correlation between complexity and vulnerability and the more remote control or plug and play features that are offered, the higher your chances of trouble.

I'm not recommending buying China Inc. routers. I'm suggesting a sufficient router from a reputable brand.


----------



## Laxguy (Dec 2, 2010)

harsh said:


> Some of these infections involve several independent infection tools all looking out for each other. The real danger is will come when they find some way of reliably wiping out the restore points and we'll have to fall back on actual backups.


Not those of us smart enough to have chosen Macintosh years ago. Read 'em and weep.


----------



## satcrazy (Mar 16, 2011)

camo said:


> Be careful where you download CCleaner.


PLEASE explain. I understand CCleaner is very good. No one answered Rich's question tho. free /or buy?

my 2 cents:
My netgear "hub" has worked like a champ for years. I would buy netgear again.
My desktop on my older xp was hi jacked sometime ago, and nothing I used to fix it worked. I was seemingly dead in the water.
"safe mode" on start up was the answer.


----------



## jimmie57 (Jun 26, 2010)

satcrazy said:


> PLEASE explain. I understand CCleaner is very good. *No one answered Rich's question tho. free /or buy?*
> 
> my 2 cents:
> My netgear "hub" has worked like a champ for years. I would buy netgear again.
> ...


I did answer his question but to repeat it, Free.

http://www.piriform.com/ccleaner


----------



## satcrazy (Mar 16, 2011)

You're right.

I have to wonder though, is there much difference between the two?

Anyone have the pd. version?


----------



## jimmie57 (Jun 26, 2010)

There is a comparison if you click on the link in my previous post. It is about 3/4 of the way down the page.
I run mine about once a month and do not see a need for it to run live and automatic update.


----------



## dpeters11 (May 30, 2007)

satcrazy said:


> PLEASE explain. I understand CCleaner is very good. No one answered Rich's question tho. free /or buy?
> 
> my 2 cents:
> My netgear "hub" has worked like a champ for years. I would buy netgear again.
> ...


Safe mode is a step in the process of fixing something, running in safe mode all the time isn't a solution unless I'm misunderstanding.


----------



## peds48 (Jan 11, 2008)

Laxguy said:


> Not those of us smart enough to have chosen Macintosh years ago. Read 'em and weep.


yep, I have owned Mac for the past 8 years and not a single sign of a malware much less a virus.

Sent from my iPhone 6 using Tapatalk


----------



## jimmie57 (Jun 26, 2010)

satcrazy said:


> PLEASE explain. I understand CCleaner is very good. No one answered Rich's question tho. free /or buy?
> 
> my 2 cents:
> My netgear "hub" has worked like a champ for years. I would buy netgear again.
> ...


You start up in "safe mode" when you have a problem with the software that is running in normal mode. This allows the program to run with minimal add in things running. When the add in thing is a malware of some kind it can usually be found during the machines running in safe mode. Once the malware is found and removed you should return to normal startup mode.


----------



## satcrazy (Mar 16, 2011)

camo said:


> Be careful where you download CCleaner.


"camo" posted be careful where you download CCleaner. The question is Why?

As far as safe mode, I ran Ad aware [ I think that was it, it's been awhile] in safe mode to clean up my hi-jacked desk top. It worked like a charm.
If it sounded like I run my pc in safe mode all the time, well, that's a mis-understanding.

I password protected everything and Never get on the internet as admin.

works for me.

The Please explain part was in reference to "camo's" post


----------



## coolman302003 (Jun 2, 2008)

satcrazy said:


> I password protected everything and *Never get on the internet as admin.*


This is solid advice, for day-to-day internet browsing there is no need to run as an administrator. I think ~98% or more of the exploits require elevated (administrator) privileges to execute. If you do have a program that needs it then its really simple to have only that program run as an administrator; usually you just simply right click it and select that option in the properties (one time and it will do it from then on).


----------



## hdtvfan0001 (Jul 28, 2004)

coolman302003 said:


> This is solid advice, for day-to-day internet browsing there is no need to run as an administrator. I think ~98% or more of the exploits require elevated (administrator) privileges to execute. If you do have a program that needs it then its really simple to have only that program run as an administrator; usually you just simply right click it and select that option in the properties (one time and it will do it from then on).


I'll add this (in response to the other question about downloading C Cleaner):

This utility program is great at cleaning up the inevitable "junk" that saturates hard drives from Internet browsing. In addition, it provides access to non-stable or broken additions to the registry, often caused by downloads, installs, and in some cases...unwanted attempts at changes.

The reference by "camo" regarding "be careful" is correct, in that many sites offer a download of this nice program - the problem is that a number of those secondary sites bring along tons of additional "junk" when using those sites. The best place to download and install it is from the company that owns it (Piriform). It comes in a free version, (OK for most users) as well as 2 pay versions:

http://www.piriform.com/ccleaner

Having used it now for more than a year on 3 different PCs (the free version), the results have been outstanding from regular use (about once a month).


----------



## dpeters11 (May 30, 2007)

peds48 said:


> yep, I have owned Mac for the past 8 years and not a single sign of a malware much less a virus.
> 
> Sent from my iPhone 6 using Tapatalk


I've been using Windows since 3.1 and I haven't either.


----------



## Rich (Feb 22, 2007)

dpeters11 said:


> I've been using Windows since 3.1 and I haven't either.


When I was teaching at the college, I kept getting discs from the workbooks I was supplied with that had viruses on them. Caught everyone of them. Aside from that, I've just been using Microsoft Essentials and I haven't had any problems.

Rich


----------



## billsharpe (Jan 25, 2007)

I've used MSE on Vista and Win 7. I'm currently using Windows Defender on Win 8.1. So far no problems.

The only hiccup was back in Win 3.1 days. I got an e-mail from my editor with a "Fireworks" attachment. Running the attachment displayed some simplified fireworks on my screen but also attached the malware to any messages I wrote after that.

Strictly my fault. :eek2:


----------



## Rich (Feb 22, 2007)

billsharpe said:


> I've used MSE on Vista and Win 7. I'm currently using Windows Defender on Win 8.1. So far no problems.
> 
> The only hiccup was back in Win 3.1 days. I got an e-mail from my editor with a "Fireworks" attachment. Running the attachment displayed some simplified fireworks on my screen but also attached the malware to any messages I wrote after that.
> 
> Strictly my fault. :eek2:


Aww. I got it wrong again. I'm using Windows Defender too.

Rich


----------



## satcrazy (Mar 16, 2011)

hdtvfan0001 said:


> I'll add this (in response to the other question about downloading C Cleaner):
> 
> This utility program is great at cleaning up the inevitable "junk" that saturates hard drives from Internet browsing. In addition, it provides access to non-stable or broken additions to the registry, often caused by downloads, installs, and in some cases...unwanted attempts at changes.
> 
> ...


Thanks.
I wasn't sure if it meant a web site or my PC.

Also, does it make a difference if my HD is solid state? [ effectiveness]


----------



## satcrazy (Mar 16, 2011)

I use MSE.

What is the difference between that and Windows defender?


----------



## dpeters11 (May 30, 2007)

satcrazy said:


> Thanks.
> I wasn't sure if it meant a web site or my PC.
> 
> Also, does it make a difference if my HD is solid state? [ effectiveness]


Solid state makes no difference.

On Windows 7 and Vista, you install Security Essentials, which provides more protection than Defender itself (which is built in.) On Windows 8, Defender and Security Essentials are merged into Defender and integrated. It's still considered a baseline AV.


----------



## satcrazy (Mar 16, 2011)

Thanks D :righton:


----------



## hdtvfan0001 (Jul 28, 2004)

Here's a piece that answers the question "Do I need anything besides Windows Defender?"

http://blogs.microsoft.com/cybertrust/2014/01/16/do-i-need-anything-besides-windows-defender/

What I have learned over the years is that _*depending on who you talk with, you'll get a wide variety of responses*_ to that same question.

What impacts the effectiveness of any antivirus/spam/adware, and other protection is the user habits, websites they visit, hardware firewalls and corresponding protections, as well as any complimentary products (if used).


----------



## dpeters11 (May 30, 2007)

hdtvfan0001 said:


> Here's a piece that answers the question "Do I need anything besides Windows Defender?"
> 
> http://blogs.microsoft.com/cybertrust/2014/01/16/do-i-need-anything-besides-windows-defender/
> 
> ...


Very true. I use Defender built into Windows 8 and 10 fine. I do not have my parents use it.


----------

