This page, targeted towards home users, discusses the basic steps needed from an user to stop Pop-ups, and the information to keep the system clean.
Part of the information in this page is collected from online sources, Microsoft site. Thanks and all credit due to the third-party sites, and the authors for their part.
Pop-ups can be classified as follows:
These pop-ups can be prevented by installing a pop-up blocker. Often times, these new windows display advertising that can interfere with your ability to see the content on the page you're trying to read. Adding the AD related Domains to the Restricted Zone in Internet Explorer is a good idea. Refer to the following MS-KB articles to learn how to stop pop-ups from a particular webpage.
Prevent Pop-up Ad Windows When Browsing with Internet Explorer
Windows XP Service Pack 2 now includes a built-in Pop-up blocker. You can read more about this feature, in the following pages:
If the title bar reads as "MESSENGER SERVICE" with gray Ads, then it the famous Messenger SPAM. This is applicable only for Windows 2000 and Windows XP. The "Messenger Service" [different from Windows Messenger IM] is responsible for transmitting these text-based messages. While disabling the Messenger Service can stop the pop-up Ads, it's not sufficient in the security point of view. These messages arrive to your system because there is a way for someone to transmit data to your computer via TCP and UDP ports [UDP ports 135, 137, and 138; TCP ports 135, 139, and 445 137]. This means, some intruder can do nasty things on your computer with this port open.
The BEST and HIGHLY RECOMMENDED method to prevent these type of pop-up and to harden the security of your computer is to enable the Windows XP's Firewall and upgrade to Windows XP SP2. Windows XP SP2 turns off the Messenger Service by default, and enables the Windows firewall. This blocks the ports required for Messenger Service data transmission.
For Windows XP SP2 systems:
If you're using Windows XP, and haven't updated to SP2, please do it immediately.
Never connect to internet without enabling the Firewall. Otherwise, there are fairly good chances your system gets infected. Finest example is the recent RPC NT Authority Shutdown caused by Blaster Worm, which infects "unpatched" and "unprotected" computers.
Messenger Service Window That Contains an Internet Advertisement Appears
Spyware cause the same effect as general Browser pop-ups but they are usually powered by malware Browser Helper Objects, ActiveX controls which attaches to Internet Explorer and contacts the respective AD servers to fetch ADs through internet. This not only means waste of Internet bandwidth, but your private information may also be sent to someone. You need to treat any outgoing connection without your permission, as a 'security threat'.
Your Anti-virus software may not be fully capable of detecting spyware. Therefore, it's a good idea to scan your system using a good Anti-virus package and also with a good spyware removal utility. You must update the pattern files before scanning just like what you do for your anti-virus software. This ensures good detection.
Use Hosts file to block unwanted AD servers and spyware sites
Increase your browser security settings. Read the following pages to learn how to protect the system from parasites.
Dealing with Unwanted Spyware, Parasites, Toolbars and Search Engines
(Site packed with full of security tips, advice to prevent parasites being installed)
Use an application-based firewall, such as Zone Alarm, Sygate etc. They alert you when outgoing traffic by a new application is detected. By doing this, you are preventing dialers, Trojans accessing the internet. Give equal importance to the configuration of the firewall. Look at your firewall as the gatekeeper, and only allow programs that you want to access the internet. You may then test the effectiveness of the Firewall (for inbound protection) using any of these websites. They scan your system for open ports and vulnerabilities and advice you what action to take.
grc.com/x/ne.dll?bh0bkyd2 | dslreports.com/scan | hackerwatch.org/probe
Still unable to control pop-up windows? It may be caused by a Malware running in the background. Experts in these forums help you eliminate the unwanted things from the PC by examining the HijackThis log file. Most forums provide this as a free service, with voluntary members spending a part of their time to help others. If they've helped you clean the system, see if you can return the favor in some way :-)
AumHa - HijackThis section | Spywareinfo forums | CastleCops | Wilders Security
Before approaching for help, follow the preliminary steps (run a system scan yourself using Ad-Aware, SpyBot S&D with fully updated definitions). Eliminate Malware as much as you can. A Virus scan will also help.
Don't connect to internet without enabling firewall and Anti-virus software
Increase the security settings in the browser so that Activex controls won't install automatically
Visit http://windowsupdate.microsoft.com frequently and download all Critical Updates
Subscribe to Microsoft Security Bulletin to know the vulnerabilities identified and the patches released
Use HOSTS file to block unwanted websites
Think twice before enabling an application to access the Internet if you use a third-party firewall. Gather information about a process / application name, if found suspicious.
Keep yourself updated on Rogue/Suspect Anti-Spyware Products & Web Sites
One of the finest documentations (Recommended reading)
The Parasite Fight: Finding, Removing & Protecting Yourself From Scumware