Help with JS/Psyme virus and Pop Ups

Discussion in 'Computers' started by Luke_Y, Jul 21, 2004.

  1. Luke_Y

    Luke_Y Second Unit

    Joined:
    Aug 20, 2001
    Messages:
    424
    Likes Received:
    0
    Trophy Points:
    0
    I am having trouble on my wife's notebook with the JS/Psyme virus and porn popups.

    About 5 minutes after getting on the internet, or just plugging in the wireless card you get a popup from a porn site (same site every time). You close that and five minutes later you get a bunch of popups at once that are hard to get a handle on but you can if you are quick enough (again the same sites every time).

    AVG finds the virus and identifys it as JS/Psyme in the temporary internet files and will remove it. But... even if I go in and empty temporary internet files, delete cookies, clear history, and empty the Java Plug in cache... The next time you connect to the internet or put in the wireless card, same thing.

    I installed SpyBot and AdAware, ran the scans and they didn't find anything. That was after running AVG and dumping all of the caches.

    Any help on where this thing is hiding and why it keeps coming back?
     
  2. Stacey

    Stacey Stunt Coordinator

    Joined:
    Feb 10, 2002
    Messages:
    174
    Likes Received:
    0
    Trophy Points:
    0
    It sounds like you might want to use a Firewall to help protect your computer...try Zone Alarm (free and easy to use)...

    Also...

    Something to consider from Mcafee:

    Disabling System Restore

    Windows ME and XP utilize a restore utility that backs up selected files automatically to the C:_Restore folder. This means that an infected file could be stored there as a backup file, and VirusScan will be unable to delete these files. You must disable the System Restore Utility to remove the infected files from the C:_Restore folder.

    WindowsME


    1. Right click the My Computer icon on the Desktop and click on Properties.
    2. Click on the Performance tab.
    3. Click on the File System button.
    4. Click on the Troubleshooting tab.
    5. Put a check mark next to 'Disable System Restore'.
    6. Click the 'OK' button.
    7. You will be prompted to restart the computer. Click Yes.

    Note: To re-enable the Restore Utility, follow steps one to seven and on step five remove the check mark next to 'Disable System Restore'.

    WindowsXP

    Disabling the System Restore Utility (Windows XP Users)

    1. Right click the My Computer icon on the Desktop and click on Properties.
    2. Click on the System Restore tab.
    3. Put a check mark next to 'Turn off System Restore on All Drives'.
    4. Click the 'OK' button.
    5. You will be prompted to restart the computer. Click Yes.

    Note: To re-enable the Restore Utility, follow steps one to five and on step three remove the check mark next to 'Turn off System Restore on All Drives'.
     
  3. Luke_Y

    Luke_Y Second Unit

    Joined:
    Aug 20, 2001
    Messages:
    424
    Likes Received:
    0
    Trophy Points:
    0
    Stacey, I forgot to mention that I already disabled system restore early on in the process, and will leave it off until I am sure that this is resolved.

    Our home LAN is behind a hardware firewall so I don't know that I need another.

    From what I understand, this is just a little java script that is hiding somewhere and opens IE windows (popups) to particular web sites when there is an internet connection.

    The only info I can find is to turn off system restore, dump all the above mentioned files/caches and reboot. It should be gone, but it's not [​IMG]
     
  4. Stacey

    Stacey Stunt Coordinator

    Joined:
    Feb 10, 2002
    Messages:
    174
    Likes Received:
    0
    Trophy Points:
    0
    To check if it is a Java problem:

    1)go to your Internet Explorer, Tools, Internet Options, Security tab and Custom Level.

    Look down the list for Microsoft VM and click in the little "disable" button. Also look further Down for Scripting and Scripting of Java Applets and again disable.

    2)go to the Advanced Tab and look down the list for Microsoft VM and unclick any selections and restart your computer.

    You may also want to check your Installed Programs for anything "fishy" that may have been installed without your knowledge.

    The last place I can think to look is in in your "Downloaded Program Files" Folder. Items in here run in the background and anything suspicious here you can check the Properties of and if in doubt, Delete but keep a copy in a separate folder (or don't perminately empty your Deleted Items).

    Hope this can help.
     
  5. Kimmo Jaskari

    Kimmo Jaskari Screenwriter

    Joined:
    Feb 27, 2000
    Messages:
    1,528
    Likes Received:
    0
    Trophy Points:
    0
    Check out http://www.spywareinfo.com/~merijn/ (or http://merijn.org but it was DDoS:ed I believe). Good tools to get elusive highjack software out of your system, but requires a bit of knowledge to use properly.

    And, while I realize it's beginning to become tiresome to hear for some people, it's nevertheless good advice for most people: download either Mozilla from http://www.mozilla.org or Opera from http://www.opera.com and use one of those instead. IE is bug-ridden, insecure and prone to these highjackings in a way neither of those is.
     

Share This Page