I got a call from a friend of mine that he was having problems with his computer and he needed help. I went over there thinking that I would simply run a few updates and POOF nomore problems but I was wrong. MS Update would not connect, and nor could I install any new programs onto the system. When I asked exactly what was wrong he said that he noticed the problem when he couldnt access his Paypal account. After scanning with Norton System Works and Ad-Aware there was no problems althought those were up to date. We decided to reformat his system, I deleted the partition, reformated useing NTFS file system and reinstalled his XP home. All seemed well, we connected to the MS update site to download 42 critical updates (LOL) and i left. An hour later in my car he called me back. MS updates wouldnt finish downloading and now he has random male inhancement pop-ups on his system! I cant believe this, I reformatted the HD! BTW, his laptop is now infected too, same symptoms. What kinda of whatever will cause a system to

A. not be detected by Norton System Works Pro 2004 or Ad-Aware Pro V6.0
B. Not let Windows Update run
C. Cause Pop-ups even though Pop up Stopper Proffesional is running?

I would greatly appreciate any help.

PS the Lap top is running XP pro also was updated

Possibly this may help:http://fileforum.betanews.com/detail.php3?fid=1083556301

or:http://fileforum.betanews.com/detail.php3?fid=1040919764

Burn it. Send it to hell. But seriously, you formatted the whole hard drive? And it came back? Are you using a backup image disc or a regular windows disc. Cause if its a backup disc, maybe it got infected during backup and now you are simply restoring the "malware".


Weird, maybe something on the master boot record? I have never heard of adware being able to sustain a format and still come back like that. Maybe it was installed with a program that was reinstalled after the format. Did you or he reinstall ANY 3rd party software after the format?

He did reinstall AOL 9.0 on the laptop after i left as for the Desktop not that I am aware of. He told me that he set his email back up. Could have been in his email I suppose but i figure that it would of had to be a new one since i reformated. As for the reinstall of both OS's I used the actual MS disks and their serial codes not the recovery disks. As I said before.. Completly baffeling to me....How can somthing like that come back so fast after a new Format? And not caught by Norton nor Ad-Aware? I made sure that both were fully updated before I left. They were the only programs that were put back on and Windows Update was downloading when I left. I will try the new Sasser Worm update that was linked to me. Although those are not the symptoms, willing to try anything :) TY for your help.

Sounds like whatever happened happened before he was able to secure his computer.

Unplug internet.
Format system.
Install Anti-Virus software.
Change your security settings to medium high (Internet Explorer)
Plug in internet.
Gather updates.

Make sure you are using any media that could reinfect the computer, floppys, other infected computers on his network.

Remember it is important that you keep the computers segmented and off the network and only allow one at a time access to the internet strictly for updates and nothing else, this will help you diagnose problems and generally resolve your problem quicker.

Also you can make your system more secure by turning off those damn services, which I have compiled a list on my cheap looking website. cannedinfo.tripod.com (Under the microsoft services) And disable that damned "Remote Registry" setting.

Happy hunting :p

Might want to power up a firewall after reformatting, it can block the blaster/sasser I believe before the patches are applied.

I'm guessing he has a network set up in his place. Make sure no other computer is connected to the network and then clean the system. Then clean any other systems. There are a few viruses that will infect any other computer connected to a lan that they are on.