AGGRESIVE POP UP

[theram 22]

Just started to have horendous problems with some kind of virus. It started a couple of weeks ago, I think via random dial up. I got a couple of windows opened up asking about dial up settings (I'm on broadband), and must have clicked the wrong thing trying to close it. Next thing this pop up opens up. A bill from MBS secure billing for a 3 month subscription to MySexworld, whatever that is. I closed it up, but it kept returning. Then it began to lock my computer up for 2 minutes so I could not close it.time has lengthened to 5 minutes and it returns twice daily.! It's a nightmare. It has a severity of bill indicator which is gradually rising. Eventually, I rang the number diplayed, and spoke to some African girl, telling her that I had never ordered and did not want said MySexworld. She said I MUST have accessed it once, but she would stop future billing but I must pay the first request. (£39.99) Obviously, I have no intention of disclosing my credit details, but I'm also at a loss as what to do next? I'm on AOL and have all the McAfee stuff but to no avail. When I do a computer check up no issues are founf, yet I am starting to have reall difficulty even signing on! I have called AOL technical support, but it is an Indian call centre, and the language barrier is impenerative. The pop up bill is on an internet explorer page, but I can not find anything to remove in programmes that looks as if it may do anything. Help!!

[gimmble 144]

Hi,

Try a program called Ad-Aware which is free and I found it to be a little miracle worker.

cheers

rodney

[BigusDicus 9,720]

Ad Aware is very good. I use it along with several others.

 

http://www.lavasoft.com/products/ad_aware_free.php

 

is a link to their website for the free version.

 

 

I do not think you could have been billed anything that you would be legally bound to. I assume you did not give them a credit card #. What was the # you dialed? Have you checked your phone bill yet?

[joekicker 53]

I do not think you could have been billed anything that you would be legally bound to. I assume you did not give them a credit card #. What was the # you dialed? Have you checked your phone bill yet?

 

BD, usually these are like what you'd call a 1-900 number, and it goes on the phone bill. You get to not pay your phone company, which is always a barrel of laughs, eh?

 

theram, did you think of asking your best friend Mr Google about "mysexworld"?

 

The Guardian has been on to this malware.

 

http://www.guardian.co.uk/technology/2007/...logysection.it1

 

Some instructions here, although anti-spyware software like Ad-Aware and Spybot S&D is always your first line of (easy) defence.

 

http://forums.moneysavingexpert.com/showth....html?p=5217012

Edited October 16, 2007 by joekicker

[BigusDicus 9,720]

You probably got it from visiting a website. It is amazing what you can pick just by clicking onto a site.

 

BD, this is like what you'd call a 1-900 number, and it goes on the phone bill. You get to not pay your phone company, which is always a barrel of laughs, eh?

 

Joe,

 

My guess would be the phone call is where they nailed him. He will find out soon enough.

Edited October 16, 2007 by BigusDicus

[tigerpiss 0]

I have NOD 32, a great anti virus, spybot , Adaware and also Clean up. Since I got these I've had no problems whatsoever.

[kolobos 0]

Removal Instructions for MBS

[Eneukman 1]

Removal Instructions for MBS

 

Useful information there.

 

I use Zone Alarm firewall, AVG anti-virus (picked up a Trojan the other day), AdAware (just updating my version just now) CCleaner and SpyBot.

 

On a slightly different vein, when I look at Processes in task manager, there are many programmes running that I have no idea what they do or why they are needed.

 

Some of these are -

 

Dot1XCfg.exe - zlclient.exe - ctfmsn.exe - CFSServ.exe - E_5413S2.EXE - ApptEx.exe

 

Any suggestions as to what these programmes are and whether they are needed (unless I'm running a specific application)?

 

Alan

[joekicker 53]

Any suggestions as to what these programmes are and whether they are needed (unless I'm running a specific application)?

 

Probably this is what you have:

 

Dot1XCfg.exe - Intel Network Connection

Zlclient.exe - ZoneAlarm

ctfmsn.exe - probably a Trojan infection from the Raidys family

CFSServ.exe - Toshiba configuration

E_5413S2.exe - dunno, looks like possible malware dropped file

ApptEx.exe - possibly a malware dropper

 

The last two I am not at all certain about in any manner but you need to check out them and your pet ctfmsn.

 

Note that program NAMES are not always indicative. Any one or any software can change a name. "msn" is typically something associated with the cybersex aid from Microsoft, but "ctfmsn" seems to be a popular name for a malware infection.

[Eneukman 1]

Probably this is what you have:

 

Dot1XCfg.exe - Intel Network Connection

Zlclient.exe - ZoneAlarm

ctfmsn.exe - probably a Trojan infection from the Raidys family

CFSServ.exe - Toshiba configuration

E_5413S2.exe - dunno, looks like possible malware dropped file

ApptEx.exe - possibly a malware dropper

 

The last two I am not at all certain about in any manner but you need to check out them and your pet ctfmsn.

 

Note that program NAMES are not always indicative. Any one or any software can change a name. "msn" is typically something associated with the cybersex aid from Microsoft, but "ctfmsn" seems to be a popular name for a malware infection.

 

Thanks for that - Intel, Zone Alarm & Toshiba are all fine, but I'll investigate the others when I have time. I have SpyBot and AdAware and they haven't picked anything up though that of course doesn't mean that they're not malaware etc.

 

Alan

Edited October 16, 2007 by Eneukman

[theram 22]

Thanks gimmble, tried Ad-Aware but to no avail. Cheers kolobos, have downloaded spyhunter and will run tonight after work.

[theram 22]

SpyHunter looks good, but is asking for £££s before it will actually remove anything. No problem if it DOES, but it may not. . Had a problem with McAfee taking DD payments even though I was already getting their stuff free with AOL. My mistake I know. Generally speaking, do these things come free or do we pay? Never had a spyware prob before, and a bit of a technophobe. This one is a nightmare and has got to go! Just what I don't need 6 days before wheels up

[joekicker 53]

Looks like you were pretty lucky here in not being able to buy what you wanted. This could be your turning point of karma.

 

Please. Do NOT get McAfee, Norton, Symantec. They are tougher to get rid of, and cost much more than just going ahead and making the sex-line calls.

 

There is brilliant free software to try before you spend money on anything EXCEPT THE THREE ABOVE.

 

Spybot Search and Destroy

http://www.safer-networking.org/

 

Spyware Terminator

http://www.spywareterminator.com/

 

Comodo BOClean

http://www.comodo.com/boclean/boclean.html

 

SUPERAntiSpyware (Free Edition)

http://www.superantispyware.com/

[alexist 12]

Theram

 

This happened to me earlier this year. Google MBS Management and it will give you info. There are also a couple of sites which give info on how to remove it (didn't work for me). As time passes it will keep popping up and each time it freezes your computer and it takes longer to get rid of the pop up.

 

I could not get rid of the pop up even after quite a few letters and e-mails. I did not phone in case it was a premium rate phone number. MBS just kept saying that I or someone using my computer had signed up for the site. What (eventually) worked for me was sending them the same letter every couple of days but not putting postage on the envelope, instead I wrote "postage to be paid by recipient". It amazed me how quickly this tactic got their attention.

[joekicker 53]

What (eventually) worked for me was sending them the same letter every couple of days but not putting postage on the envelope, instead I wrote "postage to be paid by recipient". It amazed me how quickly this tactic got their attention.

 

Can you expand a bit on this? You seem to be saying that this scum actually controlled your computer, and was able to turn off the pop-up?

[theram 22]

Thats right joekicker, you can phone them up and an Arican lady will tell you that they are jaming your computer on behalf of the sex line, and will continue to do so at an increasing rate, up to 30 mins lock, 5 min break, 30 mins lock totally rendering your computer useless. Nice aren't they.

 

I've just run spybot by the way without success. Its icon is now locked on my screen and unable to clear. grrrr

[joekicker 53]

Sorry, but I'm still not clear.

 

Can they turn it off? If so, how?

 

I've just run spybot by the way without success. Its icon is now locked on my screen and unable to clear. grrrr

 

My tiny bit of research on this unique problem says you may have to reformat and reinstall everything, starting with Windows. Hard to believe that, but never say "never".

 

On the other hand, there is no anti-malware program that catches all infections/infestations, let alone fixes them.

 

When you run such programs, I recommend strongly you boot from nothing into safe mode, or better still into DOS mode depending on the program's capabilities of course. I recommend that you PHYSICALLY disconnect the Internet.

Edited October 16, 2007 by joekicker

[brotherbuzz 3,186]

Can try the instructions here:

 

http://www.411-spyware.com/remove-microbillsys

 

As the TG's say........"up to you".

 

I feel for ya ram. Having someone take control of your PC sucks. Another guy said he used Windows "System Restore" and eliminated the problem. Basically it just resets your system to the way it was on a particular previous date.

[Eneukman 1]

Further to my ealier post, I did a Google search on the various processes I mentioned and they are all seem to be OK depending on where the file is located. I'll check that out when I get some time.

 

Alan

[theram 22]

I am "touching wood here", but spybot search and destroy seems to have done the trick. However, I had worse problems getting rid of spybot which jumped ll over everything and wouldn't even let me start up AOL. Ultimately, I set McAfee virus zapper onto spybot, and spybot onto MBS, and left them to fight for 3/4 hours and it seems to be clear for now. As I say, touch wood! So in a round about way joekicker, thanks. Also, yes...they giveth and taketh away the pop up. How, I don't know. Bastards!

[theram 22]

Bad news I'm afraid. It's back! Anyway, I just hit another car up the arse tonight (2mph), while gancing at a lingerie shops current display on the Woodford Road. No damage to his,but radiator burst on mine. Clearly, this is not my time!!! Hopefully I can get to the garage at early doors tommorow (8am) and get it sorted B4 work at 15.45. If not...fuck 'em. I'll go sick and kill the last few days befor escape to LOS. I'll deal with the virus on my return. See how it copes with being ignored for a fortnight. Then follow the pester is as pester does route I think. Anyway, thanks for all your input/help and maybe see you in Patts over the next 2/3 weeks. who knows? Aint life shit at times?

 

ps: We have a Bob Dylan series on at the moment here on BBC 4. Listening to it now in the background. I must say, that man was a genius. Wish he was younger, or I was older. Definately missed out on something there methinks.

 

take care all...

[joekicker 53]

Bad news I'm afraid. It's back! Anyway, I just hit another car up the arse tonight (2mph), while gancing at a lingerie shops current display on the Woodford Road. No damage to his,but radiator burst on mine. Clearly,

 

Sorry about the accident, glad about the casualty rate.

 

If your car is truly TU, you should (really, SHOULD) get out the Windows CD and start all over. Format the disk, reinstall Windows. It's tedious, but since you won't be going to work as planned anyhow...