Bad Stuff...

I was on Face Book when it happened. Not that I think FB is related to it any more than any other website, including this one. The fake Windows Update screen came up, and I noticed it was different from the standard dialog that usually displays, so I started to investigate and my desktop gained 3 new shortcuts to **** links. I used Malwarebytes to get rid of most of the virus, but it isn't completely gone. I still get pop ups when I access certain keywords. I un-installed Java because the dialog boxes were coded in Java, and the pop-ups stopped. I went to my YouTube page and found that it would not work, so I reinstalled Java, and the pop ups started again. here is a sample of one I got on EP

My Browser blocks the page in question, but the alert still displays. I noted that in the re-direct for the pop up, the name "DrGuard" is listed as the referrer. This tells me that the Guard virus is linked to Java(script) and is buried deep in my machine. I'll keep looking for the cause, and I'll find it eventually. 

I am posting this in response to the people who think that a website can cause the pop ups, when it is indeed on the machine in question.


UPDATE: Malwarebytes reported an infected atapi driver that it was unable to repair. I downloaded the utility  "Combofix" which gave this message:

"Infected copy of c:windowssystem32DRIVERSatapi.sys was found and disinfected"

In between using the two anti malware apps, If I searched for "malware removal" on google, the searches were blocked by an unknown entity. I had also noted that my boot cd copy of malwarebytes would not open. After running combofix.exe, my boot cd works, and google searches are no longer blocked. Since then I have not had a popup like the ones I had been getting since last night, when Dr. Guard paid a visit to my computer.

If you are plagued by pop ups, try combofix, it seems to have worked for me.

AlternateSource AlternateSource
46-50, M
Mar 5, 2010