countryfreshness
asked on
"www.1861.sh" popup
Anyone know how to get rid of "www.1861.sh" site from popping up? It appears to be a Chinese ringtone sales site. I can't get rid of it, none of my spyware utilities sees it (Counterspy, Spyware Doctor, Hijackthis, Spybot, Ad Aware).
I have added it to Restricted Sites in IE but it still pops up every 1/2 hour or so.
I have since set IE to block all popups and have reset all IE security levels to their default position. We'll see how that works.
Anyone else been annoyed by this 1861.sh site??
Thanks
I have added it to Restricted Sites in IE but it still pops up every 1/2 hour or so.
I have since set IE to block all popups and have reset all IE security levels to their default position. We'll see how that works.
Anyone else been annoyed by this 1861.sh site??
Thanks
ASKER
*** Hijack This log removed by humeniuk PE ***
ASKER
It's all good. I uploaded and it checked out OK. The site seems harless enough. It seems to come from a large telecom company in China.
ASKER
I figured it out.
In the Windows\System32 folder I found and deleted the following files:
STHU1.EXE, STHU2.EXE, STHU3.EXE, D3802E40.DLL, D3802E40.EXE and D3802E40T.EXE
The DLL file I used Killbox to remove on reboot.
No popup of 'www.1861.sh' since then.
In the Windows\System32 folder I found and deleted the following files:
STHU1.EXE, STHU2.EXE, STHU3.EXE, D3802E40.DLL, D3802E40.EXE and D3802E40T.EXE
The DLL file I used Killbox to remove on reboot.
No popup of 'www.1861.sh' since then.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Upload the log at EE-Stuff.com or at any hosting sites, or if you have trouble uploading it just paste it here.