Solved

"www.1861.sh" popup

Posted on 2006-11-04
9
190 Views
Last Modified: 2013-12-04
Anyone know how to get rid of "www.1861.sh" site from popping up? It appears to be a Chinese ringtone sales site. I can't get rid of it, none of my spyware utilities sees it (Counterspy, Spyware Doctor, Hijackthis, Spybot, Ad Aware).

I have added it to Restricted Sites in IE but it still pops up every 1/2 hour or so.

I have since set IE to block all popups and have reset all IE security levels to their default position. We'll see how that works.

Anyone else been annoyed by this 1861.sh site??

Thanks
0
Comment
Question by:countryfreshness
  • 3
9 Comments
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 17874628
Let's look at your hiackthis log, don't fix anything though, I'd like to see what entries are there.

Upload the log at EE-Stuff.com or at any hosting sites, or if you have trouble uploading it just paste it here.
0
 

Author Comment

by:countryfreshness
ID: 17874847
*** Hijack This log removed by humeniuk PE ***
0
 

Author Comment

by:countryfreshness
ID: 17875281
It's all good. I uploaded and it checked out OK. The site seems harless enough. It seems to come from a large telecom company in China.
0
 

Author Comment

by:countryfreshness
ID: 17895211
I figured it out.

In the Windows\System32 folder I found and deleted the following files:

STHU1.EXE, STHU2.EXE, STHU3.EXE, D3802E40.DLL, D3802E40.EXE and D3802E40T.EXE

The DLL file I used Killbox to remove on reboot.

No popup of 'www.1861.sh' since then.

0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 19561237
PAQed with points refunded (125)

Computer101
EE Admin
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
This video discusses moving either the default database or any database to a new volume.
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now