Spyware/Adware?? Ebay Popup

After my computer has run for a while (approx 1-5mins), it opens an internet explorer window with an ebay search page in it. The url is not ebay, but rather the time to display is roughly 1 minute.

I have run both Adaware and Spybot and neither fixes the problem. Does anyone know what i could do to try to get rid of this?

Is there a funny-looking blue toolbar at the top of the IE window?

You may have a program running out of your startup files. You might try checking there. Type Run>msconfig and hit the Startup tab. Try to determine if there is something there that may be causing this.
What version of Windows?

Also check if it a MS Messenger Window. Turn that program OFF.

I suspect you have a piece of spyware called MyWaySpeedBar - I dealt yesterday with exactly the problem you describe.

Here is some info on removal.

OK, more info (that i should have given anyway, doh!)

I am running WinXP home
The Popup is in an internet explorer window, and appears about 3 mins after i start the system (which accesses the internet through the university network)

Mangetout, nope, no odd toolbars, tried that fix for MyWaySpeedbar, nothing.

Toddly can’t see anything in my startup files.

ftg like i say, its an IE window, not windows mwssenger, and that was turned off when i built the damn machine (the wonders of Microsoft security flaws!)

Thanks all for suggestions so far, anyone care to suggest something else? feel free to ask for more specific information on anything you think may help.

Right, this seems like it could be relevant, I am now getting script errors on every page I visit (including the SDMB). The message box reads:

Internet Explorer Script Error

An Error has occured in the script on this page.

Line: 1
Char: 1
Error: Object expected
Code: 0
URL: http://www.look2me.com/app/BWd/skin.php? V=111&M=1&R=2&ID={4EF3796B-535F-41C0-AB81-66889ACC5DFE}&username=!

I haven’t installed anything recently except for the drivers/software that came with my new microsoft keyboard.

Maybe one day I will remember to gather all relevant information before posting.:smack:

Apparently, some of these ‘helpers’ actually embed themselves into IE (I presume this works in a similar way to a virus).

One of the ways that I identified and removed some of the more elusive scumware yesterday was to fire up the System Information applet (in Start>Programs>Accessories>System Tools), look in the Software Environment>Modules Loaded categories and look down the ‘Manufacturer’ column, then do a web search on the name of anything that wasn’t manufactured by MS or another known trusted source).

Removing any undesirable entries in there entails unregistering the dll files, which in at least one case yesterday, Windows simply refused to let me do - I ended up booting from a floppy and deleting the file manually (it was a file with an awful long name - msg{847602317689415etc…dll, manufactured by ‘SimiliarSingles.com’).

However, if this is a fairly recent arrival on your computer, I’d consider using System Restore to go back to a date before the problem appeared.

Found the entry, manufactured by ‘bundleware.com’ tried a restore to before it was a problem, but that doesnt seem to solve it. Anyway, thanks alot for your help, now i just have to work out how to unregister the file.

Make a note of the file name (something.dll most likely) and its location.

Click Start>Run and type Regsvr32 something.dll /u.

Then delete the file and reboot.

If regsvr is unable to unregister the dll, then you’ll have to boot from a floppy and delete it by hand.

(replacing something.dll with the real name of the offending object, naturally)

thanks for all the help Mangetout, these scumware programs are getting more and more like viruses everyday a search on the company name revealed their slogan “Install Anything to Anyone, Anywhere!” surely thay are now on a fine line between irritating the hell out of people and actually crossing into the realm of illegal computer activity? Ah well, seem like something we will have to increasingly live with.

Certainly some of what I had to deal with yesterday was way beyond reasonable; some of the programs were surreptitiously re-installing themselves as fast as I could remove them; also, since these things typically install themselves on your system without your consent or knowledge, there’s no incentive for the authors to make the run without causing damage to your machine.

Hybrid, have you determined how this was installed? Do you think it came bundled with the keyboard software?

I have no idea how it was installed, I am sure it was not bundled with the k/b software, as that was a microsoft multimedia keyboard, with a microsoft install disk also the creation date on the .dll was November 2nd, the day after I installed it (my other one died after I spilled beer on it :smack: ).

The name of the file was:
msg{4EF3796B-535F-41C0-AB81-66889ACC5DFE}.dll, the number string being the same as the string in the script errors I was getting.

The manufacturer was listed as bundleware.com, and as i said, there seems to be some relation to look2me.com, as that was called in the script error.

I also found and deleted a registry key named Look2me.

It is of concern to me how it got installed, since without that information there is no way to avoid re-infection.

I’m wondering if some of the email viruses doing the rounds might be acting as uninvited download clients for some of this stuff.

the machine I fixed yesterday at the London office was fine a month ago, the user has not installed anything herself, or agreed to the installation of any ‘browser enhancements’, or so she says (and I do actually believe her). But the machine did suffer a virus attack a fortnight ago because the signature files weren’t current and we got hit by a brand new variant. - in the space of one month, several hundred objects relating to two or three dozen distinct spy/scumware programs have just appeared on the machine.

I found this at the Symantec site. Look2me