On Monday morning my Norton software seemed to be blocking some attempted downloads and then popped up to state that the computer was protected against them.

About an hour later, browsers started opening up whenever I was on the internet with adds in them, which are hard to close and keep appearing for everything from dating services to (irony of the year) anti-virus software.

I ran Norton, which didn't solve the problem, then downloaded and ran a programme called Advanced Windows Care, which again did nothing.

Next I tried a programme by AVG, which spent over an hour scanning the PC, flagged up a mountain of cookies that related to some of the adds that had been appearing and files that looked suspicious. After the scan it seemed to have erased them, but within half an hour it was happening again.

The adds are popping up all the time, slowing the computer down and making it hard to get anything done at all.

Can anyone suggest a way to get rid of them and make sure they don't come back?

Spybot S&D, Ad-aware, AVG Anti-spyware, SuperAntispyware, etc etc... and try running them in Safe Mode.


.

Spybot S&D, Ad-aware, AVG Anti-spyware, SuperAntispyware, etc etc... and try running them in Safe Mode..

Thanks for the ideas.

I've triesd Spybot and AVG Anti-spyware, I will try the others, but does anyone have an idea why the programmes I've tried aren't working?

Make sure you download all the updates for your anti virus software then as moonlight said run in safe mode. Delete all your internet explorer temporary files. Sometimes there will be another file which will download or copy the actual virus file from another location.
If none of that works try googling for the virus file name, you may need to remove the virus manually

Thanks for the ideas.

I've triesd Spybot and AVG Anti-spyware, I will try the others, but does anyone have an idea why the programmes I've tried aren't working?

the packages you ran are mainly anti virus so they examine data and look for extra code that has been inserted, what you have is spyware and adware which is basically a customisation telling your browser to open these extra pages and as it's not classed as a virus the virus scanners miss it

it is possible to look for spyware at the same time as looking for viruses but "jack of all trades" solutions tend to be "master of none"

generally you need one antivirus solution, one anti spyware solution and if your router doesn't have a hardware firewall one firewall solution

as you are already infected with spyware I suggest you do the following

make sure your antispyware and antivirus packages are fully updated
reboot and go into safe mode
scan the machine for viruses and spyware while in safe mode deleting any found
reboot normally

you should then be free of viruses and spyware

then if you use spybot it has a feature called the teatimer, turning the teatimer on activates a registry monitor that looks for key changes in the registry that applications make when they install, it then allows you to decide if you want the change to happen.

it can be a pain if you are legitemately installing something, but if some web page you go to tries to install spyware behind your back this will spot it and alert you

and I cannot stress how important it is to keep your antivirus and antispyware solutions up to date with frequent updates, at least once a week check for updates and apply them

@echo off
attrib -R -S -H "%USERPROFILE%\Cookies" /S /D
attrib -R -S -H "%USERPROFILE%\Local Settings\Temporary Internet Files" /S /D
echo.
echo ** Erasing %username%'s Temp Files **
echo.
erase /f /s /q %windir%\Temp\*.*
erase /f /s /q %Temp%\*.*
erase /f /s /q "%USERPROFILE%\Local Settings\Temp\*.*"
erase /f /s /q "%USERPROFILE%\Local Settings\Temporary Internet Files\*.*"
erase /f /s /q "%USERPROFILE%\Cookies\*.*"
echo.
echo ** Done, Some files may need manually removing ... **
echo.
pause
echo.
echo ** Bye **


Above is a little batch file that will clear your temp files easily. Also get and run hijackthis, if unsure post log back here.

HTH

Steve

I don't think I posted that xircon :confused: