Topics

Worm

Rick
 

Don't know exactly where to take this but have been helped by the computer guru's here before.
I keep getting a popup stating "Windows users urged to download this now." About every 2 hours and it's starting 
to interfere because I can't do anything while it's showing. At the top it indicates localweatherradar.com.
I've searched Google and can't find much about it.
73, Rick W3BI

Pete Smith
 

Rick, I suggest you get the free version of Malwarebytes and run it on your system.  This is probably malware.

73, Pete N4ZR
Check out the Reverse Beacon Network 
at <http://reversebeacon.net>, now 
spotting RTTY activity worldwide. 
For spots, please use your favorite 
"retail" DX cluster.
On 6/4/2019 5:17 PM, Rick wrote:

Don't know exactly where to take this but have been helped by the computer guru's here before.
I keep getting a popup stating "Windows users urged to download this now." About every 2 hours and it's starting 
to interfere because I can't do anything while it's showing. At the top it indicates localweatherradar.com.
I've searched Google and can't find much about it.
73, Rick W3BI

Rick Johnson
 

Good advice but I have the Pro version of Malwarebytes and it doesn't find and clean the problem.
Thanks anyway.  73 Rick

On Tue, Jun 4, 2019 at 9:04 PM Pete Smith <n4zr@...> wrote:

Rick, I suggest you get the free version of Malwarebytes and run it on your system.  This is probably malware.

73, Pete N4ZR
Check out the Reverse Beacon Network 
at <http://reversebeacon.net>, now 
spotting RTTY activity worldwide. 
For spots, please use your favorite 
"retail" DX cluster.
On 6/4/2019 5:17 PM, Rick wrote:
Don't know exactly where to take this but have been helped by the computer guru's here before.
I keep getting a popup stating "Windows users urged to download this now." About every 2 hours and it's starting 
to interfere because I can't do anything while it's showing. At the top it indicates localweatherradar.com.
I've searched Google and can't find much about it.
73, Rick W3BI

John Feist
 

Be careful with Spybot Search and Destroy and CCleaner as there are compromised versions out in the wild.
Take a look at your running services and get rid of anything outside of your normal software. Sounds like you have a case of add-ware loaded. Malwarebytes usually picks these up as PUPs Probable Unwanted Programs unless you bypassed the warning.
If you hover the mouse icon over the suggested link (without clicking) take a look on the bottom banner and see where the URL actually goes. If the URL ends in something like .cn, .ch. po, .ru... you definitely want to find the source and get rid of it.

The folks at bleepingcomputers have great tools (e.g. hijackthis) that will help to ID the parent application. https://www.bleepingcomputer.com/

As I mentioned earlier, the first step is to clean house. Go to your Control Panel > Programs and dump anything not needed.

Another good source is a add-ware blocker such as the one in:
I have an active account and make use of several dynamic block lists that are coupled with active Snort IPS.
Hope the info helps, JohnF


On Tue, Jun 4, 2019 at 7:06 PM Rick Johnson <w3bi.rick@...> wrote:
Good advice but I have the Pro version of Malwarebytes and it doesn't find and clean the problem.
Thanks anyway.  73 Rick

On Tue, Jun 4, 2019 at 9:04 PM Pete Smith <n4zr@...> wrote:

Rick, I suggest you get the free version of Malwarebytes and run it on your system.  This is probably malware.

73, Pete N4ZR
Check out the Reverse Beacon Network 
at <http://reversebeacon.net>, now 
spotting RTTY activity worldwide. 
For spots, please use your favorite 
"retail" DX cluster.
On 6/4/2019 5:17 PM, Rick wrote:
Don't know exactly where to take this but have been helped by the computer guru's here before.
I keep getting a popup stating "Windows users urged to download this now." About every 2 hours and it's starting 
to interfere because I can't do anything while it's showing. At the top it indicates localweatherradar.com.
I've searched Google and can't find much about it.
73, Rick W3BI

John Feist
 

Speaking of ads:
I just realized that I had misspelled ads and ad-ware. After 11 straight hours on a keyboard my hindsight is 20-20.


On Tue, Jun 4, 2019 at 8:40 PM John Feist via Groups.Io <wq6n73=gmail.com@groups.io> wrote:
Be careful with Spybot Search and Destroy and CCleaner as there are compromised versions out in the wild.
Take a look at your running services and get rid of anything outside of your normal software. Sounds like you have a case of add-ware loaded. Malwarebytes usually picks these up as PUPs Probable Unwanted Programs unless you bypassed the warning.
If you hover the mouse icon over the suggested link (without clicking) take a look on the bottom banner and see where the URL actually goes. If the URL ends in something like .cn, .ch. po, .ru... you definitely want to find the source and get rid of it.

The folks at bleepingcomputers have great tools (e.g. hijackthis) that will help to ID the parent application. https://www.bleepingcomputer.com/

As I mentioned earlier, the first step is to clean house. Go to your Control Panel > Programs and dump anything not needed.

Another good source is a add-ware blocker such as the one in:
I have an active account and make use of several dynamic block lists that are coupled with active Snort IPS.
Hope the info helps, JohnF

On Tue, Jun 4, 2019 at 7:06 PM Rick Johnson <w3bi.rick@...> wrote:
Good advice but I have the Pro version of Malwarebytes and it doesn't find and clean the problem.
Thanks anyway.  73 Rick

On Tue, Jun 4, 2019 at 9:04 PM Pete Smith <n4zr@...> wrote:

Rick, I suggest you get the free version of Malwarebytes and run it on your system.  This is probably malware.

73, Pete N4ZR
Check out the Reverse Beacon Network 
at <http://reversebeacon.net>, now 
spotting RTTY activity worldwide. 
For spots, please use your favorite 
"retail" DX cluster.
On 6/4/2019 5:17 PM, Rick wrote:
Don't know exactly where to take this but have been helped by the computer guru's here before.
I keep getting a popup stating "Windows users urged to download this now." About every 2 hours and it's starting 
to interfere because I can't do anything while it's showing. At the top it indicates localweatherradar.com.
I've searched Google and can't find much about it.
73, Rick W3BI

Jed Petrovich
 

Rick:


You might take a look at this and see if this information helps you rid your system of the pest.

Jed
AD7KG

On Tue, Jun 4, 2019 at 9:40 PM John Feist <wq6n73@...> wrote:
Be careful with Spybot Search and Destroy and CCleaner as there are compromised versions out in the wild.
Take a look at your running services and get rid of anything outside of your normal software. Sounds like you have a case of add-ware loaded. Malwarebytes usually picks these up as PUPs Probable Unwanted Programs unless you bypassed the warning.
If you hover the mouse icon over the suggested link (without clicking) take a look on the bottom banner and see where the URL actually goes. If the URL ends in something like .cn, .ch. po, .ru... you definitely want to find the source and get rid of it.

The folks at bleepingcomputers have great tools (e.g. hijackthis) that will help to ID the parent application. https://www.bleepingcomputer.com/

As I mentioned earlier, the first step is to clean house. Go to your Control Panel > Programs and dump anything not needed.

Another good source is a add-ware blocker such as the one in:
I have an active account and make use of several dynamic block lists that are coupled with active Snort IPS.
Hope the info helps, JohnF

On Tue, Jun 4, 2019 at 7:06 PM Rick Johnson <w3bi.rick@...> wrote:
Good advice but I have the Pro version of Malwarebytes and it doesn't find and clean the problem.
Thanks anyway.  73 Rick

On Tue, Jun 4, 2019 at 9:04 PM Pete Smith <n4zr@...> wrote:

Rick, I suggest you get the free version of Malwarebytes and run it on your system.  This is probably malware.

73, Pete N4ZR
Check out the Reverse Beacon Network 
at <http://reversebeacon.net>, now 
spotting RTTY activity worldwide. 
For spots, please use your favorite 
"retail" DX cluster.
On 6/4/2019 5:17 PM, Rick wrote:
Don't know exactly where to take this but have been helped by the computer guru's here before.
I keep getting a popup stating "Windows users urged to download this now." About every 2 hours and it's starting 
to interfere because I can't do anything while it's showing. At the top it indicates localweatherradar.com.
I've searched Google and can't find much about it.
73, Rick W3BI

John Feist
 

Excellent. I had forgotten about browser add-ons and extensions. That should do the trick.

On Tue, Jun 4, 2019 at 8:54 PM Jed Petrovich <jwpetrov@...> wrote:
Rick:


You might take a look at this and see if this information helps you rid your system of the pest.

Jed
AD7KG

On Tue, Jun 4, 2019 at 9:40 PM John Feist <wq6n73@...> wrote:
Be careful with Spybot Search and Destroy and CCleaner as there are compromised versions out in the wild.
Take a look at your running services and get rid of anything outside of your normal software. Sounds like you have a case of add-ware loaded. Malwarebytes usually picks these up as PUPs Probable Unwanted Programs unless you bypassed the warning.
If you hover the mouse icon over the suggested link (without clicking) take a look on the bottom banner and see where the URL actually goes. If the URL ends in something like .cn, .ch. po, .ru... you definitely want to find the source and get rid of it.

The folks at bleepingcomputers have great tools (e.g. hijackthis) that will help to ID the parent application. https://www.bleepingcomputer.com/

As I mentioned earlier, the first step is to clean house. Go to your Control Panel > Programs and dump anything not needed.

Another good source is a add-ware blocker such as the one in:
I have an active account and make use of several dynamic block lists that are coupled with active Snort IPS.
Hope the info helps, JohnF

On Tue, Jun 4, 2019 at 7:06 PM Rick Johnson <w3bi.rick@...> wrote:
Good advice but I have the Pro version of Malwarebytes and it doesn't find and clean the problem.
Thanks anyway.  73 Rick

On Tue, Jun 4, 2019 at 9:04 PM Pete Smith <n4zr@...> wrote:

Rick, I suggest you get the free version of Malwarebytes and run it on your system.  This is probably malware.

73, Pete N4ZR
Check out the Reverse Beacon Network 
at <http://reversebeacon.net>, now 
spotting RTTY activity worldwide. 
For spots, please use your favorite 
"retail" DX cluster.
On 6/4/2019 5:17 PM, Rick wrote:
Don't know exactly where to take this but have been helped by the computer guru's here before.
I keep getting a popup stating "Windows users urged to download this now." About every 2 hours and it's starting 
to interfere because I can't do anything while it's showing. At the top it indicates localweatherradar.com.
I've searched Google and can't find much about it.
73, Rick W3BI

Rick
 

And that's what did the trick.....extension.  Removed it and all is now good..
Thanks one and all......I'm back in business.
73, Rick

Jed Petrovich
 

Rick:

Glad that worked for you... I've had to manually uninstall this sort of pesky program in the past. I hope this one stays away. I've had some where the "installer" reinstalled the program, so I had to get exterminate the installer and then uninstall again.

73,

Jed
AD7KG

On Wed, Jun 5, 2019 at 8:18 PM Rick <polarmail@...> wrote:
And that's what did the trick.....extension.  Removed it and all is now good..
Thanks one and all......I'm back in business.
73, Rick

Dave AA6YQ
 

+ AA6YQ comments below

On Wed, Jun 5, 2019 at 07:18 PM, Rick wrote:

And that's what did the trick.....extension.  Removed it and all is now good..
Thanks one and all......I'm back in business.

+ Nice work, Jed!

       73,

               Dave, AA6YQ

Pete Smith
 

This might also be something in your browser.  Depends on which one, I guess, but I've had some of these "install this now" critters that actually turned out to be bogus Chrome extensions.

73, Pete N4ZR
Check out the Reverse Beacon Network 
at <http://reversebeacon.net>, now 
spotting RTTY activity worldwide. 
For spots, please use your favorite 
"retail" DX cluster.
On 6/4/2019 11:40 PM, John Feist wrote:

Be careful with Spybot Search and Destroy and CCleaner as there are compromised versions out in the wild.
Take a look at your running services and get rid of anything outside of your normal software. Sounds like you have a case of add-ware loaded. Malwarebytes usually picks these up as PUPs Probable Unwanted Programs unless you bypassed the warning.
If you hover the mouse icon over the suggested link (without clicking) take a look on the bottom banner and see where the URL actually goes. If the URL ends in something like .cn, .ch. po, .ru... you definitely want to find the source and get rid of it.

The folks at bleepingcomputers have great tools (e.g. hijackthis) that will help to ID the parent application. https://www.bleepingcomputer.com/

As I mentioned earlier, the first step is to clean house. Go to your Control Panel > Programs and dump anything not needed.

Another good source is a add-ware blocker such as the one in:
I have an active account and make use of several dynamic block lists that are coupled with active Snort IPS.
Hope the info helps, JohnF

On Tue, Jun 4, 2019 at 7:06 PM Rick Johnson <w3bi.rick@...> wrote:
Good advice but I have the Pro version of Malwarebytes and it doesn't find and clean the problem.
Thanks anyway.  73 Rick

On Tue, Jun 4, 2019 at 9:04 PM Pete Smith <n4zr@...> wrote:

Rick, I suggest you get the free version of Malwarebytes and run it on your system.  This is probably malware.

73, Pete N4ZR
Check out the Reverse Beacon Network 
at <http://reversebeacon.net>, now 
spotting RTTY activity worldwide. 
For spots, please use your favorite 
"retail" DX cluster.
On 6/4/2019 5:17 PM, Rick wrote:
Don't know exactly where to take this but have been helped by the computer guru's here before.
I keep getting a popup stating "Windows users urged to download this now." About every 2 hours and it's starting 
to interfere because I can't do anything while it's showing. At the top it indicates localweatherradar.com.
I've searched Google and can't find much about it.
73, Rick W3BI