Results 1 to 2 of 2

Thread: Ads and trojans

  1. #1
    Otaku Kikieru may be famous one day Kikieru may be famous one day Kikieru's Avatar
    Join Date
    Mar 2005
    Thanked 0 Times in 0 Posts

    Ads and trojans

    If you`ve already got a firewall and a anti virus, or anti spyware/adware software installed and you still get ads/popups. Maybe this can help you, no its not software.

    I've got an anti spy/adware installed but I still get ads...

    ...DID YOU READ THE TERMS AND CONDITIONS fully, despite how boring it is,some anti spy/ad ware do there job but also act as adware and spyware, strange huh, read the terms and conditions and youll probally find a little section reserving the right to send you ads and to submit info about you. If so then uninstall it.

    ...I STILL GET POPUPS, is the popup a WEB PAGE, or using a web browser, if so then you need to find out the domain responsable, view the source of the ad, right click and click "view source" or click "properties" (prefered), your looking for the domain such as "FastClick" which will be contained in "" if so, go into start menu and click search, search your file system for the domain name and remove all items, generally the'll will be cookies (*.txt) and web pages (*.html). This should sort it. ps... is a ad server, avoid it.

    ...NOPE STILL GOT THE PROBLEM, web pages still popup, its probally a trojan, prob a downloader type such as Krepper.P, trojan downloaders connect to sites and then download more trojans, Ads, spys etc. Get a good AntiVirus (AVG works well and its free, Www.GriSoft.Com)

    I GET POPUPS FROM A PROGRAM, if the popup is not a web page then Open TaskManager , Right click the taskbar and click TaskManager or press Ctrl + Alt + Del (win XP), or Start > Run > "TaskMgr" .

    now look in the aplications window and right click the program that the popup belongs to, click "goto process", The process should be Csrss.exe which is a System program (Client Server Runtime Process), dont end its process or delete the program, its also used by other programs (Xp should'nt allow you to do this any way).

    Next go into the start menu > Control panel > Administritive tools > click on "Services". In the list go down to "Messenger", right click and select "Properties", Click the Stop button and change set the startup type to `Disable', no need to restart, This should stop Popups.

    If any problems with other application occur becouse of this change, reverse the process.

    Techincal Details:
    ...The popups are remotely executed, The spammer will get your IP curtesy of NetBios Browsing, Ports 137 and 139, and its useless blocking these ports as popups are rerouted by default port 135, Once they've got your IP they will send messages to all IPs ranging from 0 to 255 in the last field of your IP. Check your firewall level, if its on medium or less, or you dont have one you will be victim to this type of Ad attack.

    Try it yourself, go into DOS (Type either Command or CMD in start > run), type...

    NET SEND [Your Computer Name or IP adress here] ["Message you want to send"]
    ...Without [] brackets, a space seperating adress and the IP

    For syntex help type "NET SEND /?"

    Any one who has any advice or methods please post reply

  2. #2
    Grouchy Old Anime Otaku LenMiyata has become well known LenMiyata has become well known LenMiyata has become well known LenMiyata's Avatar
    Join Date
    Jan 2005
    Silicon Valley, California
    Thanked 172 Times in 147 Posts
    Grumble Grumble Grumble

    This belongs in the Tech Forum... Moving...

    As for disabling the Messenger service (not to be confused with Instant Messenger), there's a handly little utility called 'Kill the Messenger' available at

    For Removing Adware/Spyware, try the Microsoft Spyware Removal Beta (as it's been getting good reviews for spotting and removing spyware and trojans, this must be a side-effect of all the technical support calls that Microsoft has to deal with...) available at

    And of course, keep your system current with Window's Update. Even if your using the Firefox browser, IE code is still available on you computer, and can be exploited by trojans and malicious websites.
    FAVOURITE THREADS EXPLAIN why, or risk an infraction.
    Rantings of a Grouchy Old Anime Otaku


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts