[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

"www.1861.sh" popup

Posted on 2006-11-04
9
Medium Priority
?
199 Views
Last Modified: 2013-12-04
Anyone know how to get rid of "www.1861.sh" site from popping up? It appears to be a Chinese ringtone sales site. I can't get rid of it, none of my spyware utilities sees it (Counterspy, Spyware Doctor, Hijackthis, Spybot, Ad Aware).

I have added it to Restricted Sites in IE but it still pops up every 1/2 hour or so.

I have since set IE to block all popups and have reset all IE security levels to their default position. We'll see how that works.

Anyone else been annoyed by this 1861.sh site??

Thanks
0
Comment
Question by:countryfreshness
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
9 Comments
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 17874628
Let's look at your hiackthis log, don't fix anything though, I'd like to see what entries are there.

Upload the log at EE-Stuff.com or at any hosting sites, or if you have trouble uploading it just paste it here.
0
 

Author Comment

by:countryfreshness
ID: 17874847
*** Hijack This log removed by humeniuk PE ***
0
 

Author Comment

by:countryfreshness
ID: 17875281
It's all good. I uploaded and it checked out OK. The site seems harless enough. It seems to come from a large telecom company in China.
0
 

Author Comment

by:countryfreshness
ID: 17895211
I figured it out.

In the Windows\System32 folder I found and deleted the following files:

STHU1.EXE, STHU2.EXE, STHU3.EXE, D3802E40.DLL, D3802E40.EXE and D3802E40T.EXE

The DLL file I used Killbox to remove on reboot.

No popup of 'www.1861.sh' since then.

0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 19561237
PAQed with points refunded (125)

Computer101
EE Admin
0

Featured Post

Tech or Treat! - Giveaway

Submit an article about your scariest tech experience—and the solution—and you’ll be automatically entered to win one of 4 fantastic tech gadgets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As I write this article, I am finishing cleanup from the Qakbot virus variant found in the wild on April 18, 2011.  It was a messy beast that had varying levels of infection, speculated as being dependent on how long it resided on the infected syste…
Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question