Posted on 08/10/2003 8:58:34 PM PDT by new cruelty
Seems he has something in common with his computer....
I use the shareware AdAware (not AdAware Plus). I also use Spybot Search & Destroy.
Regular AdAware wasn't even sufficient to remove the Xupiter thing from my system (it kept reasserting itself anytime I opened a new browser window). I had to research how to manually remove it.
I've gotten reinfected with Xupiter's thing one time since but one of the 2 spyware programs successfully removed all of it.
I think that I got it from mistyping some common website name, maybe misspelling Google or using something like cocacola.com when it should have been .net (not the real site but you get the idea). The wrong site name led me to some cybersquatter's own search engine (nothing X rated) but it also sent me to popup hell.
I did a search on Xupiter to find out how to clean it but I also found some editorials that defended the software company saying that they weren't doing anything wrong. I did not consent to have this beast placed on my harddrive, they are doing something wrong. I can't place a caller ID system on your phone and get reports of who's calling you. I can't place bumper stickers on your car. I can't place a box of junk in the trunk of your car or in your closet.
The fact that the software fights to reassert itself shows that they know that some people may not be happy with it. It is computer rape; it is not consensual.
As to some mysterious desktop icons (including dialers), some SPAM emails now contain all sorts of cookies. If you have the preview pane open, they may still infect your system in the time that it takes to click on them to delete the junkmail.
If you have a MS operating system, you should always be able to hit the 3-fingered salute (ALT-CTRL-DEL) and get a list of the different processes that are running. You should be able to select the offending process with your mouse and stop it. This can also be done if you get into popup hell or a popup that fills your screen. It will also work to stop a phone dialer but the best thing to do if a self-launching exe starts to dial your phone is to pull the phone cord (or take the phone off the hook). I assume that phone dialers try to dial 1900 type numbers while some other processes just want to get your computer to log itself online so that they can "do their thing" (a cookie just reporting home). Occassionally I'm finding my computer with a log on prompt (trying to get me to go online) but I don't have any downloads, email, or webbrowsers open. I know that some websites (like Drudge) refresh the webpage periodically so leaving the browser open (with the system offline) will generate prompts to go online for a refresh.
I keep my browser default page at NULL (no startup page) so anytime something is there, it was set without my permission. The SPAMMERs have been good at buying off the politicians who have been very hesitant to make such practices illegal. Slowly some of the defenders have turned on the SPAMMERs but Pandora's box is already open.
There is a guy in King of Prussia, Pennsylvania, who writes these scripts for the Mob, to support their porn sites. He's a nasty cracker, and responsible for the endless cascade of porn windows that people get on their machines who stumble into one of his websites. The FBI couldn't get anything on him, so they took the unusual step of publishing his name and address and basically inviting him to sue them if he didn't like it.
I also noticed that these porn sites like to vacuum up disused but well-known cult sites like Jennycam -- type that into your browser window now, and you get a fast ride direct to a XXX-rated porn site.
A woman working for a Fortune 500 oil and gas company in Houston brought her latchkey "tweenaged" son to work with her one day for some reason when school was out. He hung out in the office all day, and then she was called in to a meeting -- she was secretary to a group of geologists and engineers. The son got on the computer while she was in the meeting, having thoughtlessly "left herself up", and when she came back and called the computer back from suspension, got the wicked surprise of her life. She couldn't close windows as fast as they opened -- this is how the guy in King of Prussia makes his money: he writes a script so that every "close window" command is read as a "Please open 19 more windows, and dish me the hard stuff". The poor woman had to accept the mortification of calling a senior geologist to try to help out -- her job was on the line at this point -- and when he couldn't succeed any better than she in stopping the cascade of windows, he simply hit "reset" and crashed off, and summoned ITS. Her boy probably has never heard the end of it -- his thoughtlessness could have cost his mother her job in a bad job environment. (Houston, don't let them kid you, is still experiencing a jobs depression in the energy industry that's as bad as the worst of the "bust" and has gone on twice as long now, ever since the SE Asian Bubble crashed in 1997 and the companies started firing again the following year.)
Sounds like you've paid a visit to King of Prussia.
Open Task Manager (CONT+ALT+DEL) and kill the windows and processes there.
Then go download Diskwasher and purge with that, or EvidenceEliminator ($120), they will blow off most/all of the spy/scumware. Add ZoneAlarm and SpyBot or AdAware as per previous posts. Also visit ZDNet.com and Tucows.com and do a search on Trojans: PestControl and other software similar to SpyBot is available there, most of it shareware of commercial warez. You can visit PC Magazine's online for comparo reviews of these apps:
Other contenders: Norton, Trend Micro's PC-Cillin, Kaspersky Labs AVP, and some others that you can comparatively review by surfing the archives of this online AV speciality magazine:
This magazine is subscription, but you can access all but the latest performance reviews in Pass/Fail form to see which shops and labs have a good track record against "in-the-wild" viruses thrown at them by the Virus Bulletin techies. Look for the "archives" tab.
Keep in mind that definition files have to be rigorously kept up-to-date: I received a copy of the SOBIG.E worm last month only hours after it first appeared in Asia: a HongKong-based spammer who had my e-mail address got infected and I got a copy of the virus practically before anyone could get a bulletin out. I found a current bulletin and Virupedia entry on TrendMicro's site that was so fresh the electrons were still smoking, and they'd just posted up a download packet for their AV subscribers. Grisoft wasn't as fast reacting. McAfee has been burned a few times, too, by fast-moving viruses and worms. The main key is keeping your definition files up to date and not opening attachments from Asia, or from people you don't know, with names like Message.zip (I found the SOBIG.E entry in the Trend Virupedia by searching on the attachment name: you can do the same at Symantec's SARC site or in McAfee's malware encyclopedia).
Individual responsibility, and all that.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.