I feel like an idiot.

I clicked on a link that I found through google, as shown below:

the lepers are cleansed. - houston restaurant rickshaw rally ...
houston restaurant rickshaw rally rickshaw Then answered Haggai. (houston
restaurant rickshaw rally rickshaw / cartes du jura postales). ...
zzz.bymerlin.com/houston-restaurant-rickshaw/rally-rickshaw.html - 8k - Cached - Similar pages

sets homepage to zzz.uchase.com/directory.php?a=1006

DO NOT GO TO THESE WEBPAGES! THEY HAVE MALICIOUS CODE!


and it installed something on my computer (something called "pup") as well as tried to start Microsoft Outlook (I don't use Microsoft as my e-mail client). It also put a bunch of porn shortcuts on my computer.

Now it keeps opening up new windows on my browser and there are Outlook Inbox icons on my taskbar that I can't close. :(

Please take pity on a stupid person and help me. How do I find out what it installed and get it off?

schwa? did you try ctrl-alt-del to close the program? the not being able to close...is it just the computer overloading from programs being opened a whole lot?

schwa? did you try ctrl-alt-del to close the program?

Yes, Task Manager will not close the "Inbox" files it opens. When I try, it opens another browser window.

What does schwa mean?

Yes, Task Manager will not close the "Inbox" files it opens. When I try, it opens another browser window.

What does schwa mean?
schwa = say what?
are you using windows9x or 2000 or xp? with the last two, clik on the processes tab to find 'pup' and end that process

schwa = say what?
are you using windows9x or 2000 or xp? with the last two, clik on the processes tab to find 'pup'.

Hmmm ... can't find anything with the name "pup." Could it be called something else?

This sounds like my bad boy:

Today's third Trojan, Pup.A goes memory resident and opens different advertising web pages in Internet Explorer whenever it is run. When the user tries to close them, the Internet Explorer window is minimized, pointing to a web page that contains a PHP routine. This routine accesses certain web addresses, without the user realizing, and sends out information on the creator of the Trojan, who receives money in exchange for the number of visits received.


Now how to get rid of it?

I assume you're using IE. You can set the home page to whatever the normal way but you have a rogue program that will set it back, most likely when you start your computer. These programs take advantage of a bug in ActiveX that do not require you to give permission. When this is done with you have two choices: use IE and keep patching it, or use a different browser.

Now, to get rid of that shit. You can do it manually by searching for *.hta files. The thing is, there might be some legitimate ActiveX controls. You could do the slow process of renaming each one to *.htabackup, rebooting, and seeing if your homepage has been reset to the evil site or not, until you've figured out which one is the bad one.

Or you could run Spybot, which should detect and remove it for you. That, with AdAware, gets rid of 70% of these hijackers.

http://www.safer-networking.org/ - SpyBot
http://www.lavasoft.de/software/adaware/ - AdAware

If those don't detect it, then it's prolly a tricky one that install an .exe somewhere, or tamper with the startup files. You'll need to figure out which one it is and do a series of cleansing steps. Refer to this page for specific instructions: http://www.pchell.com/support/spyware.shtml

Hmmm ... can't find anything with the name "pup." Could it be called something else?

Now how to get rid of it?

Aiya. That's worse. Are you running any recently-updated antivirus program? That's about the only thing that can get rid of it.

If you don't have one, Kaspersky is my recommendation: http://www.kaspersky.com/download.html?type=d&chapter=804207&obj_id=2363159

If it needs a key PM me. I think it will run for 30 days without one though.

Thank you, bluemonq and ism, for your help. I am running my virus scanner and it is still scanning.

sigh.

Is virus software not enough protection from malicious code websites? This is only the second time I've been nabbed in all the time I've been on the web. But it seems like bugs are getting nastier and nastier.

Thank you, bluemonq and ism, for your help. I am running my virus scanner and it is still scanning.

sigh.

Is virus software not enough protection from malicious code websites? This is only the second time I've been nabbed in all the time I've been on the web. But it seems like bugs are getting nastier and nastier.Did you get this fixed...?

oh, you can also do a free online scan with www.trendmicro.com if you can't get rid of it. and scan with spybot and adaware. usually catches most things that can be malicious.

have you also kept your windows updated? like that little icon in your start button? that'll keep your system patched against security flaws.

And don't forget rebooting in safe mode. Or rebooting using the system configuration utility (msconfig.exe)

Thank you, bluemonq and ism, for your help. I am running my virus scanner and it is still scanning.

sigh.

Is virus software not enough protection from malicious code websites? This is only the second time I've been nabbed in all the time I've been on the web. But it seems like bugs are getting nastier and nastier.

the problem with malicious code sites it that usually it's an activex at work, and the only 100% safe way to approach it is with activex turned off (though that also screws the legit sites)... (tempted to do so to see what the site actually is) or with safari on a mac :rolleyes:

Thanks again to everybody.

Okay, in case anybody else gets whacked with this, here's what I did:

- Searched for files containing pup and exe and looked at their dates and properties. Also looked at recently modified files to see if I could find anything suspicious.

- Deleted file called pup.exe

- Renamed two files privacy.hta and wmptour.hta at ism's suggestion

- Deleted file test[1].xml

- Deleted file DC184.xml, which my scan software confirmed was infected

At Mcafee's suggestion (http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100446), I looked for changes in the REGEDIT but couldn't find them. Mcafee says PupA will often create a run key using the file winpup32.exe (which I didn't find) and will create a marker register key called pup "12212".

Instead I did a system restore to yesterday's date. I then updated my virus definitions and scanned again. Seem to be clean so far.

Okay--is this totally crazy? I've been thinking about either using another browser or setting up a computer solely for dedicated internet use.

uhm.... if you did a system restore, won't that delete all the other stuff you did?

uhm.... if you did a system restore, won't that delete all the other stuff you did?

Well, I wanted to get rid of the executables as soon as possible. I don't know that the restore would delete those.

uhm.... if you did a system restore, won't that delete all the other stuff you did?

he did a rollback, not an actual restore. it's one of xp's shining features.

Okay--is this totally crazy? I've been thinking about either using another browser or setting up a computer solely for dedicated internet use.

just learn to take care of the one you have first. you've posted more computer woe threads than anyone else ^_^;;;

do u have spybot:search and destroy?

also lavasoft adaware

and Spysubtract are good programs

btw visage, what kinda site was it? porn site i take it?