Also very good reading:
How to block Pop-ups?
http://windowsxp.mvps.org/
Zee
Main Topics
Browse All Topics
Loading Advertisement...
Question
Seemingly unremovable adware. How to get rid of them?
I've been having to stand three specific adware that appear randomly through IE 6 (I am guessing, but on the other hand there is no way for these ads to appear if not through IE. Or is there?).
Well, I have tried everything I knew of: AdAware, PastPatrol, Microsoft Antispyware, Hijackthis, Spybot and the like.
After some time, when I think that, at last, I've managed to remove them, tadaaa, they appear again. It's allways a set of 3 pop-up ads that remain the same for some time (3-5 days), but they change occasionally.
Of pop-up show offers free emoticons, another says "Warning - your computer may be infected with spyware" (sic), and the other, most frequently, offers casino games.
Am I doing something wrong with the anti ad software, or are they really "special"?
Thanks!
This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.
Subscribe now for full access to Experts Exchange and get
Instant Access to this Solution
- Plus...
- 30 Day FREE access, no risk, no obligation
- Collaborate with the world's top tech experts
- Unlimited access to our exclusive solution database
- Never be left without tech help again
Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.
- "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
- "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
- "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.
See what Experts Exchange can do for you.
Got a question?
We've got the answer.
Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.
Need individual assistance?
Our experts are ready to help.
If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.
Want to learn from the best?
Read articles from industry experts.
Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.
Working on a long term project?
Store your work and research.
Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.
Access the answers to your technology questions today.
30-day free trial. Register in 60 seconds.
What Makes Experts Exchange Unique?
Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.
Trusted by the world's most respected brands.
Faithfully serving IT professionals since 1996.
Try it out and discover for yourself.
30-day free trial. Register in 60 seconds.
Free Tech Articles
-
WARNING: 5 Reasons why you should NEVER fix a computer for free.
It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
-
SCCM OSD Basic troubleshooting
SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
-
Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
-
Create a Win7 Gadget
This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
-
Outlook continually prompting for username and password
There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
-
Backup Exchange 2010 Information Store using Windows Backup
There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...
Cloud Class Webinars
- Avoiding Bugs in Microsoft Access
Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
- Top 10 Best New Features in Visio 2010
Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
- IT Consultant Business Secrets Revealed
Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
- Disaster Recovery and Business Continuity
Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
- Organize Your Visio Diagrams with Containers and Lists
Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
- How to Us Objects, Properties, Events and Methods in Microsoft Access
Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...
Join the Community
Give a Little. Get a Lot.
Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.
Answers
First use Windows Update ( http://v4.windowsupdate.mi
http://www.hijackthis.de/i
Hi, caza13,
I think you mean this: http://www.hijackthis.de/l
The site didn't show anything except that I don't have a firewall neither an antivirus (which I do - Avast)...
I couldn't see anything in that saved log. I was expecting something like the following:
http://www.hijackthis.de/l
Hi!
If you get a popup, out of nowhere; that warns you about your security settings -
and tells you to go to some site to download or scan your computer - don't!
Here's some info on what may be generating these popups:
MSN messenger -
http://www.answersthatwork
Messenger service -
http://www.blackviper.com/
http://www.grc.com/stm/sho
Note: Messenger (the "Service") and MSN messenger (msmsgs.exe) are 2 different things.
RF
Try this too:
http://housecall-beta.tren
Regards,
David McGraw
caza13 and all you other fellows,
I had confused Hijack with JV16 PowerTools. Now the weird part: I can analyse log files from two of my computers through www.Hijackthis.de, but *always* get "this page could not be found" from IE when I try to analyze the PC with the pop-ups. It's as if virus/spyware is hindering one specific log file from being analyzed.
I have even tried to analyze the log file from different computers and got the same result: blank page.
I have found a lot of sexthis and sexthat in some Host folders after succesfully running HijackThis (the latest version). Deleted them and thought I was finally rid of these bastards. I turned my PC on this morning and no pop-ups. At least until the middle of the afternoon, when they once again appeared.
I am running Win XP SP1 in this computer and IE6. Updating to SP2 would not be my firts choice as its processor is a somewaht slow P3 1GHz processor and I think this might make it a little lazier. Besides this is a real challange and I`d love to defeat the bug.
Hi,
Here's the HijackThis log file:
Logfile of HijackThis v1.99.1
Scan saved at 06:28:37, on 10/03/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\Program files\Ahead\InCD\InCDsrv.e
C:\Program files\Common files\Symantec Shared\ccSetMgr.exe
C:\Program files\Common files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spools
C:\Program files\UOL\Acelerador UOL\vcn.exe
C:\Program files\Alwil Software\Avast4\aswUpdSv.e
C:\Program files\Alwil Software\Avast4\ashServ.ex
C:\WINDOWS\system32\crypse
C:\Program files\OLYMPUS\DeviceDetect
C:\WINDOWS\System32\GEARSe
C:\Program files\Borland\InterBase\bi
C:\Program files\Common files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\Explorer.EXE
C:\ARQUIV~1\NORTON~1\NORTO
C:\WINDOWS\System32\PGPsdk
C:\ARQUIV~1\NORTON~1\NORTO
C:\WINDOWS\System32\svchos
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\MsPMSP
C:\Program files\Ahead\InCD\InCD.exe
C:\WINDOWS\System32\Fast.e
C:\Program files\ScanSoft\OmniPagePro
C:\Program files\Babylon\Babylon.exe
C:\Program files\4th Software\Checklist\Checkli
C:\ARQUIV~1\ALWILS~1\Avast
C:\Program files\Common files\Symantec Shared\ccApp.exe
C:\Program files\Microsoft AntiSpyware\gcasServ.exe
C:\Program files\UOL\Acelerador UOL\AcUOLClt.exe
C:\Program files\Plaxo\2.2.0.81\Insta
C:\WINDOWS\System32\ctfmon
C:\Program files\OLYMPUS\DeviceDetect
C:\Program files\Microsoft Office\OFFICE11\ONENOTEM.E
C:\Program files\Silicon Prairie Software\MemTurbo\memturbo
C:\ARQUIV~1\MICROS~2\OFFIC
c:\arquiv~1\intern~1\iexpl
C:\Program files\Microsoft Office\Office10\msoffice.e
C:\Program files\Internet Explorer\iexplore.exe
C:\Program files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program files\Alwil Software\Avast4\ashWebSv.e
C:\Program files\Alwil Software\Avast4\ashMaiSv.e
C:\Program files\Common files\Symantec Shared\CCPD-LC\symlcsvc.ex
C:\Program files\Borland\InterBase\bi
C:\Program files\Internet Explorer\iexplore.exe
G:\___SOFTWARES PARA INSTALAR\HijackThis\Hijack
R1 - HKCU\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\Wi
R3 - URLSearchHook: CUOLSearchHook Object - {1FE8243E-0A3A-41B9-B9CE-E
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-4
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [InCD] C:\Program files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program files\ScanSoft\OmniPagePro
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dump
O4 - HKLM\..\Run: [Babylon Client] C:\Program files\Babylon\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [Checklist] "C:\Program files\4th Software\Checklist\Checkli
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast
O4 - HKLM\..\Run: [ccApp] "C:\Program files\Common files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AceleradorUOL] "C:\Program files\UOL\Acelerador UOL\AcUOLClt.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCh
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program files\Plaxo\2.2.0.81\Insta
O4 - HKCU\..\Run: [ANONYMIZER_SPYWAREKILLER]
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon
O4 - HKCU\..\Run: [hole flag] C:\DOCUME~1\Lincoln\DADOSD
O4 - Startup: MemTurbo.lnk = C:\Program files\Silicon Prairie Software\MemTurbo\memturbo
O4 - Startup: Microsoft Outlook.lnk = ?
O4 - Global Startup: Device Detector 2.lnk = C:\Program files\OLYMPUS\DeviceDetect
O4 - Global Startup: Inicialização Rápida do Microsoft Office OneNote 2003.lnk = C:\Program files\Microsoft Office\OFFICE11\ONENOTEM.E
O4 - Global Startup: Microsoft Office.lnk = C:\Program files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Mic
O6 - HKCU\Software\Policies\Mic
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2
O8 - Extra context menu item: Open with GetRight Browser - C:\Program files\GetRight\GRbrowse.ht
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-0
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://ho
O16 - DPF: {04E214E5-63AF-4236-83C6-A
O16 - DPF: {08BEF711-06DA-48B2-9534-8
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-0
O16 - DPF: {2E3C3651-B19C-4DD9-A979-9
O16 - DPF: {2FC9A21E-2069-4E47-8235-3
O16 - DPF: {644E432F-49D3-41A1-8DD5-E
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A
O16 - DPF: {AE563720-B4F5-11D4-A415-0
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-0
O16 - DPF: {C6637286-300D-11D4-AE0A-0
O16 - DPF: {D1DD51D9-C35E-4050-8660-4
O16 - DPF: {D9CE2963-8547-4C18-A4CE-D
O16 - DPF: {E37CB5F0-51F5-4395-A808-5
O16 - DPF: {F281A59C-7B65-11D3-8617-0
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-5
O17 - HKLM\System\CCS\Services\T
O23 - Service: Acelerador UOL - Unknown owner - C:\Program files\UOL\Acelerador UOL\vcn.exe" -f "C:\Program files\UOL\Acelerador UOL\acelerador.cfg" -Srun (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program files\Common files\Adobe Systems Shared\Service\Adobelmsvc.
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program files\Alwil Software\Avast4\aswUpdSv.e
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program files\Internet History Eraser\autocomp.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program files\Alwil Software\Avast4\ashServ.ex
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program files\Alwil Software\Avast4\ashMaiSv.e
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program files\Alwil Software\Avast4\ashWebSv.e
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program files\Common files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program files\Common files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program files\Common files\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypse
O23 - Service: DM1Service - OLYMPUS OPTICAL CO.,LTD - C:\Program files\OLYMPUS\DeviceDetect
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program files\Ahead\InCD\InCDsrv.e
O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - C:\Program files\Borland\InterBase\bi
O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - C:\Program files\Borland\InterBase\bi
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\ARQUIV~1\NORTON~1\NORTO
O23 - Service: Visibroker Activation Daemon (oad) - Unknown owner - C:\ARQUIV~1\Borland\vbroke
O23 - Service: VisiBroker Smart Agent (osagent) - Unknown owner - C:\ARQUIV~1\Borland\vbroke
O23 - Service: PGPsdkService (PGPsdkServ) - PGP Corporation - C:\WINDOWS\System32\PGPsdk
O23 - Service: Speed Disk service - Symantec Corporation - C:\ARQUIV~1\NORTON~1\NORTO
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program files\Common files\Symantec Shared\CCPD-LC\symlcsvc.ex
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program files\Common files\Symantec Shared\Security Center\SymWSC.exe
http://www.hijackthis.de/l
The link above is for the analysis of your log file. That is one of the largest log files that I have ever seen, and there are many things that I don't recognize. I didn't see anything that I know is bad, but you should take a close look at the O16 items and fix anything that you don't recognize. Those are ActiveX Controls in the Downloaded Programs folder. If you remove something that you need later, it will just be downloaded again when you need it.
You're making progress here, and excellent information posted by the Experts above. I agree wholeheartedly with the recommendation to update to SP2 .... here's just a 'tiny' sampling that may play a role here. I'm one who chooses to upgrade to minimize the 'recreation of wheel' syndrome, trying to fix things inheritently known problems, but then, that's just me. LOL.
Microsoft Security Bulletin MS04-044
Vulnerabilities in Windows Kernel and LSASS Could Allow Elevation of Privilege (885835)
http://www.microsoft.com/t
Release notes for Windows XP Service Pack 2 -- this includes system requirement info and other important informational links about the SP2 update.
http://support.microsoft.c
Asta
c:\arquiv~1\intern~1\iexpl
Here is another thing that I noticed. The file iexplore.exe is normally the Internet Explorer browser, but the one listed above seems to be running from the wrong folder. Usually it is listed as C:\Program files\Internet Explorer\iexplore.exe . Sometimes spyware files are disguised by using the names of system files but they are saved in a different folder.
the process running called C:\WINDOWS\System32\Fast.e
I could be mistaken, but if I recall correctly this is adware..... Find that file and move it to a different directory and reboot. See if that helps.
Second, IE is horrible. You need to be using FireFox, its way more secure and easier to use. Plus, that browser doesn't allow popups.
Hi!
Fast.exe is for "fast user switching" -
not really malware; but, a resource hog.
Can be run manually.
These lines show something problematic:
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
I'm using MVP's Host file and IEspyad and when I try to access the site above I'm blocked (good thing!).
If you have not set these yourself - I would have HijackThis fix these entries.
Good advice to update XP to SP 2.
However, make very sure that you have NO malware on your computer!
Do online scans from various vendors.
As zee says above - bad idea to have 2 active anti-virus programs running at the same time!
It's OK to have more than one installed -
only one should be in active scan mode.
Try this scanner - I've had very good success with it: often, it shows things others miss
(free version shows things, but will not fix them - pay ver. will fix them)
EScan-mwav from:
http://www.mwti.net/antivi
Good luck!
RF
Hi, every1,
I decided to update my PC to XP SP2, even running the risk of it getting slower. It didn't and I finally had one day without those ##$$%#@ pop-ups. Even ran Norton AV from another computer from my small network. It eliminated everything it found.
Today, I turned on my computer, and after sometime (1-2 hours), pop-ups. The same emoticons, casino, etc ads.
I will try some of the other suggestions I haven't yet and will let you guys know.
Thanks!
I sure hope you're making progress here. Remember things like "system restore" and check the trusted zone to ensure that problem URLs aren't there, and if you can trap the URLs to the problem sites, add them to your Restricted zone, check startup and so on, as noted earlier. Sometimes running the viruscan routines and spyware tools in Safe Mode works best, when system files aren't in use.
3 Ways to Join
Business Accounts
- Perfect for organizations
- Multiple users
- Save over 36%
- Create a Business Account
Answer for Membership
- Earn free access
- Showcase your knowledge
- No credit card required
- Sign Up to Answer
Loading Advertisement...
by: blue_zeePosted on 2005-03-07 at 15:08:30ID: 13481977
Try this:
Disable Windows Messenger PopUps
http://www.hooverwebdesign
Zee