Popups.exe

Pat Kelly · Post by **Pat Kelly** » 25 Apr 2006 11:23 am

Just starting getting a flickering on the screen, like a quick pop up flashing on and off. Checking TM showed a process called popups.exe running. Killing this got rid of the problem. However it retuns on reboot. Any clues on what is happening here or where this came from.
Pat

Wiz Feinberg · Post by **Wiz Feinberg** » 25 Apr 2006 7:12 pm

You are infected with the RazeSpyware infector package. Removal is complex, and has been covered on the Spywareinfo forum, on this page.

You may want to sign up for an account so that you may Post a request for personal assistance there. You will be asked to download HijackThis and possibly other tools. and perform several higher level operations to remove this threat. There is a reasonable expectation of success in removing this threat.

------------------
Bob "Wiz" Feinberg
Moderator of the SGF Computers Forum
Visit my Wiztunes Steel Guitar website at: http://www.wiztunes.com/
or my computer troubleshooting website: Wizcrafts Computer Services,
or my Webmaster Services webpage.
Learn about current computer virus and security threats here.
Read Wiz's Blog for security news and update notices

[This message was edited by Wiz Feinberg on 25 April 2006 at 08:13 PM.]

Jim Peters · Post by **Jim Peters** » 25 Apr 2006 7:33 pm

Wiz, what do you think of this?
http://www.spywareremove.com/removeRazeSpyware2.html

Wiz Feinberg · Post by **Wiz Feinberg** » 26 Apr 2006 6:42 am

I would first try scanning and repairing a computer with available tools of know repute before downloading an unknown fix tool. You may have other infectors besides popup.exe.

These include:

Personal spyware removal help is available from volunteers on these forums:

------------------
Bob "Wiz" Feinberg
Moderator of the SGF Computers Forum
Visit my Wiztunes Steel Guitar website at: http://www.wiztunes.com/
or my computer troubleshooting website: Wizcrafts Computer Services,
or my Webmaster Services webpage.
Learn about current computer virus and security threats here.
Read Wiz's Blog for security news and update notices

[This message was edited by Wiz Feinberg on 26 April 2006 at 08:20 AM.]

Pat Kelly · Post by **Pat Kelly** » 26 Apr 2006 11:51 am

thanks Wiz. as you say this looks like a convoluted process.Can't spend much time on this until the weekend but I'll keep you posted. BTW I ran the program in Jim's link and it gave my system the all clear. Popups.exe is still lurking however.

Wiz Feinberg · Post by **Wiz Feinberg** » 26 Apr 2006 1:12 pm

Pat;
Since popups.exe survived the raze tool, that means you are infected with a different piece of malware, that happens to use the same program file name, or is sharing the file used in the other attack vector. That's why I recommended running several spyware detection tools. Ad an anti virus scan using the very latest definitions.

If people could deal with running as a limited user, for their day to day browsing and email, none of these infections could take control of their computers. Every piece of malware I have seen requires Administrator level account privileges to install itself at all. I have instructions for doing this on my security blog and in my FAQs, on my website (see the links in my signature).

------------------
Bob "Wiz" Feinberg
Moderator of the SGF Computers Forum
Visit my Wiztunes Steel Guitar website at: http://www.wiztunes.com/
or my computer troubleshooting website: Wizcrafts Computer Services,
or my Webmaster Services webpage.
Learn about current computer virus and security threats here.
Read Wiz's Blog for security news and update notices

[This message was edited by Wiz Feinberg on 26 April 2006 at 02:12 PM.]