Porn target

Out of the blue, I have got a problem that the Norton anti-virus package doesn't seem to recognise as a virus. Every time I go online, I get a stream of pop-ups from a series of Russian porn sites. Even using the Search button just gives me other Russian porn sites to search!
Dick Muskett

Jack Schofield replies: This sounds like a JavaScript Trojan known as JS/Seeker, which exploits the typelib/Eyedog vulnerability that Microsoft fixed in August 1999. The source could be a malicious website or email attachment. The removal instructions can be found at the link below.

Another common Trojan you can get by visiting an unscrupulous webmaster is JS_Exception.Gen, which exploits an old vulnerability in Microsoft's VM (Virtual Machine), used to run Java applets. Removal instructions are available at the address given below.

If neither of these is the culprit, go to Housecall and run an online virus check. If it finds an infected file that is not cleanable, make a note of the name, search for it, and delete it.

However, whether or not that works, you have not finished yet. You must also clean and protect your PC. Make a note of any changes you make, so that you can undo them if necessary.

Stage 1: find and remove any code that is producing undesirable results. Go to Start|Run, type msconfig in the box and click OK. Go to the StartUp tab and make sure no odd file is being run, such as data789.tmp or whatever. Untick it to stop it from being loaded. Also, search for the file and disable it by pressing F2 and changing its name to data278.tmp.not, or something similar.

Check the Win.ini tab to make sure a virus has not been added to the start= or run= entries. Use Notepad to check the Autoexec.bat file: make sure it does not contain a line with format C: in it. Check that nothing suspicious has been added to the StartUp folder (Start| Programs|StartUp).

Try to disable any startup programs you don't really need, except Scanreg, Explorer, and SysTray. Paul Collins has compiled a good online guide to what the various programs do.

Stage 2: update your browser to remove almost all known vulnerabilities.

Install the cumulative fix from Microsoft.

Next, download and install a fixed version of the Java VM (unless you have already updated it since March 4). It may help if you turn off your virus checker and close down all unnecessary programs while you update your system.

Stage 3: use Google's code to fix your PC's Registry. The simplest way is to type www.google.com/default.reg in IE's address box, press Enter, click OK, and save the default.reg file on your desktop. Double click this file to restore the browser's defaults.

Finally, use Internet Explorer to go to your preferred home page, such as Google. Select Tools|Internet Options and click the button that says Use Current.

You can keep the default.reg file on your desk top. Browser-snatching is a growing problem, and double-clicking this file can quickly undo some of the damage.

Dialler

Being new to this internet malarky, I was looking at dubious sites that offered certain downloads without the need for a credit card. The program has squirreled its way onto my hard drive and starts up automatically.
Skinnyboy

JS: It sounds as though you have fallen victim to what is called a dialler. These are usually commercial programs and much better behaved than viruses and Trojans. Often you can uninstall them in the usual way.

Go to Start|Settings| Control Panel, run Add/Remove Programs, and search for the dialler there.

If that does not work, follow the basic approach described above, except you have one significant advantage. If you can see parts of the program, you know what they are called, and where they are. Right-click the dialler's icons, select Properties, and use Notepad to store a copy of the text in the Target box. Use Windows Explorer to find these files on your hard drive and delete them. After that, delete the icons.

Finally, go to Start|Run, type regedit in the box and click OK. Search the Registry for the company name, web addresses, and entries for its files. If you find any, select the Name entry on the left of the right-hand pane, then right-click and use Modify to make the Data values blank.

Be careful: your PC may stop working if you mess up the Registry, so it is wise to have a backup. For instructions, search Google for Q256419 (Windows 98) or Q132332 (Windows 95). In Windows Me and XP, use the System Restore facility (PC Health) to create a restore point first. In general, you can create a backup by running Regedit, selecting My Computer, clicking Registry|Export Registry File, and making sure All is selected.