Scots Taffer on 13/5/2004 at 20:25
hey, the past few days when I've been on ttlg at home and when I close down firefox, there's a tiny pop-up window that appears called Portal and it displays a pic of Albert Einstein and says do you know your IQ?
It looks totally suspect, because when I try to enlarge it, it looks like there's a command window behind it but that automatically resizes as soon as I let go...
I was reading recently about a trojan that was floating around but I've updated my virus scanners and done a scan, so that doesn't seem to be it.
Anybody else seeing this?
David on 14/5/2004 at 07:17
That's certainly not a TTLG thing I am aware of :weird:
mOdEtWo on 14/5/2004 at 07:56
I was going to say it was caused by IE infected by a backdoor/spyware, but I see you're using firefox. Is the popup window opened in IE or firefox?
I doubt this has anything to do with TTLG tho.
MsLedd on 14/5/2004 at 08:09
Most definitely not a TTLG thing. I'd say you've got yourself a bit o' spyware going there.
Run an updated (
http://lavasoft.element5.com/software/adaware/) Ad-Aware scan and delete whatever it finds, then reboot. If it still happens, ctrl+alt+del and bring up Task Manager too look for any unknown/weird programs/processes. If you find something you can't account for, make a note of the filename and "End Task". Then search your hard drive for that file, rename the file (don't delete it yet) giving it a .bak extension.
Post back what you find here. What version of Windows are you running?
Another thing you can do is when the popup is onscreen, hit CTRL+N to open it in a new (fullsize) browser window to get the URL from which it originates. Then search your system (and registry) for files containing that URL (root).
Scots Taffer on 14/5/2004 at 10:27
XP - I found the .exe bataboutkind.exe. I've removed it and will reboot.
edit: Seems to be gone. Hopefully no one knows the extent of my pygmy pr0n collection... ¬¬
MsLedd on 15/5/2004 at 01:59
Did you find where the command to run the program was? You should get rid of that too.
Scots Taffer on 15/5/2004 at 08:55
Think so, I deleted the folder from program files and a file from Windows prefetch.
