Solved

"www.1861.sh" popup

Posted on 2006-11-04
9
193 Views
Last Modified: 2013-12-04
Anyone know how to get rid of "www.1861.sh" site from popping up? It appears to be a Chinese ringtone sales site. I can't get rid of it, none of my spyware utilities sees it (Counterspy, Spyware Doctor, Hijackthis, Spybot, Ad Aware).

I have added it to Restricted Sites in IE but it still pops up every 1/2 hour or so.

I have since set IE to block all popups and have reset all IE security levels to their default position. We'll see how that works.

Anyone else been annoyed by this 1861.sh site??

Thanks
0
Comment
Question by:countryfreshness
  • 3
9 Comments
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 17874628
Let's look at your hiackthis log, don't fix anything though, I'd like to see what entries are there.

Upload the log at EE-Stuff.com or at any hosting sites, or if you have trouble uploading it just paste it here.
0
 

Author Comment

by:countryfreshness
ID: 17874847
*** Hijack This log removed by humeniuk PE ***
0
 

Author Comment

by:countryfreshness
ID: 17875281
It's all good. I uploaded and it checked out OK. The site seems harless enough. It seems to come from a large telecom company in China.
0
 

Author Comment

by:countryfreshness
ID: 17895211
I figured it out.

In the Windows\System32 folder I found and deleted the following files:

STHU1.EXE, STHU2.EXE, STHU3.EXE, D3802E40.DLL, D3802E40.EXE and D3802E40T.EXE

The DLL file I used Killbox to remove on reboot.

No popup of 'www.1861.sh' since then.

0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 19561237
PAQed with points refunded (125)

Computer101
EE Admin
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
OfficeMate Freezes on login or does not load after login credentials are input.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

792 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question