Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ecard Ad Instead Of Desktop W-w-w-dot.com


  • Please log in to reply
10 replies to this topic

#1 sjpassmore

sjpassmore

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 15 February 2008 - 03:43 PM

I went looking for a V day e card and saw some warnings and got out, quick, so i thought...when i closed email page my desktop background was gone and in its place a full screen ad for a newsletter with noise making cards and a blue background with moons, also under all this is a prompt to download an adware remover(ADWARE ALERT.com)....in trying to change back to my background it would not. unable to delete this..have run antivirus,spyware to no avail...(certainly won't download their ad, spy virus software)
I have little to no computer experience and use mostly for mail and info....know little of how the rest works...help please in repairfordummies language...thanks


MOD EDIT: Moved to more appropriate forum ~ stevealmighty

Edited by stevealmighty, 19 February 2008 - 06:16 AM.


BC AdBot (Login to Remove)

 


m

#2 Monty007

Monty007

  • Members
  • 1,151 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:01:00 AM

Posted 15 February 2008 - 05:11 PM

Hi, I would recommend downloading superantispyware http://www.superantispyware.com/ update the program, then boot into safemode, from there run a full scan. Once finished reboot to windows.
MCP
MSDST

#3 sjpassmore

sjpassmore
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 18 February 2008 - 02:19 PM

Hi Monty..
Thanks for the advice...did as you said and the program identified the hijacked deskbar in my registry...i had about 35 adware problems and those were taken out....reran the scan but it did not remove the hijacker from my desktop..each time it comes up a window tells me that my homepage has been changed , doi accept or block it..i put block but it does not and the w-w-w-dot.com remains my homepage..
any other suggestions...i appreciate your help....jayb.

#4 Monty007

Monty007

  • Members
  • 1,151 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:01:00 AM

Posted 18 February 2008 - 03:53 PM

I think you should elevate this to the HighJack this section of the forum http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/ just read the instructions and one of the experts will get back to you soon.
MCP
MSDST

#5 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,713 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:30 AM

Posted 19 February 2008 - 12:45 AM

Hello sjpassmore,

Let's hold off on the HJT log for now. Let's see what else we can do first.

Please post the log from the SUPERAntiSpyware scan. You can do that this way:

double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
· Click close and close again to exit the program.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#6 sjpassmore

sjpassmore
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 19 February 2008 - 07:43 AM

Orange Blossom,
Had to go back and do it in safe mode..but the hhijacked deskbar did not show up, nor did it fix the problem...i am sending the first scan which shows the hijacked bar anout halfway down...thanks....am not even sure if i am out of safe mode.....as i said..i know very little or less!
frustrated ..thanks for any help...

dware.Tracking Cookie
C:\Documents and Settings\Susan P\Cookies\susan_p@bs.serving-sys[1].txt
C:\Documents and Settings\Susan P\Cookies\susan_p@adopt.specificclick[2].txt
C:\Documents and Settings\Susan P\Cookies\susan_p@adlegend[1].txt
C:\Documents and Settings\Susan P\Cookies\susan_p@realmedia[1].txt
C:\Documents and Settings\Susan P\Cookies\susan_p@richmedia.yahoo[2].txt
C:\Documents and Settings\Susan P\Cookies\susan_p@2o7[2].txt
C:\Documents and Settings\Susan P\Cookies\susan_p@www.googleadservices[1].txt
C:\Documents and Settings\Susan P\Cookies\susan_p@serving-sys[2].txt
C:\Documents and Settings\Susan P\Cookies\susan_p@www.googleadservices[2].txt
C:\Documents and Settings\Susan P\Cookies\susan_p@adopt.euroclick[2].txt
C:\Documents and Settings\Susan P\Cookies\susan_p@questionmarket[2].txt
C:\Documents and Settings\Susan P\Cookies\susan_p@specificclick[2].txt
C:\Documents and Settings\Susan P\Cookies\susan_p@www.googleadservices[3].txt
C:\Documents and Settings\Susan P\Cookies\susan_p@tacoda[2].txt
C:\Documents and Settings\Susan P\Cookies\susan_p@ads.pointroll[1].txt
C:\Documents and Settings\Susan P\Cookies\susan_p@tribalfusion[2].txt
C:\Documents and Settings\Susan P\Cookies\susan_p@atdmt[2].txt
C:\Documents and Settings\Susan P\Cookies\susan_p@msnservices.112.2o7[1].txt
C:\Documents and Settings\Susan P\Cookies\susan_p@toplist[1].txt
C:\Documents and Settings\Susan P\Cookies\susan_p@media.hotels[1].txt
C:\Documents and Settings\Susan P\Cookies\susan_p@partner2profit[2].txt
C:\Documents and Settings\Susan P\Cookies\susan_p@revenue[1].txt
C:\Documents and Settings\Susan P\Cookies\susan_p@msnportal.112.2o7[1].txt

Browser Hijacker.Deskbar
HKCR\Interface\{8F15B157-40D9-4B20-8D3B-B1F8B475B58D}
HKCR\Interface\{8F15B157-40D9-4B20-8D3B-B1F8B475B58D}\ProxyStubClsid
HKCR\Interface\{8F15B157-40D9-4B20-8D3B-B1F8B475B58D}\ProxyStubClsid32
HKCR\Interface\{8F15B157-40D9-4B20-8D3B-B1F8B475B58D}\TypeLib
HKCR\Interface\{8F15B157-40D9-4B20-8D3B-B1F8B475B58D}\TypeLib#Version
HKCR\Interface\{A0881AA1-68BE-41AC-9C0D-4C8A69C6C72C}
HKCR\Interface\{A0881AA1-68BE-41AC-9C0D-4C8A69C6C72C}\ProxyStubClsid
HKCR\Interface\{A0881AA1-68BE-41AC-9C0D-4C8A69C6C72C}\ProxyStubClsid32
HKCR\Interface\{A0881AA1-68BE-41AC-9C0D-4C8A69C6C72C}\TypeLib
HKCR\Interface\{A0881AA1-68BE-41AC-9C0D-4C8A69C6C72C}\TypeLib#Version
HKCR\Interface\{E827FFD9-95D1-4B49-BEB3-5D49E688C108}
HKCR\Interface\{E827FFD9-95D1-4B49-BEB3-5D49E688C108}\ProxyStubClsid
HKCR\Interface\{E827FFD9-95D1-4B49-BEB3-5D49E688C108}\ProxyStubClsid32
HKCR\Interface\{E827FFD9-95D1-4B49-BEB3-5D49E688C108}\TypeLib
HKCR\Interface\{E827FFD9-95D1-4B49-BEB3-5D49E688C108}\TypeLib#Version

#7 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,713 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:30 AM

Posted 19 February 2008 - 11:27 AM

Hello sjpassmore,

Thanks for posting the log. I'm going to turn this thread over to someone with more experience than I.

Orange Blossom :thumbsup:

Edited by Orange Blossom, 20 February 2008 - 11:09 PM.

Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,196 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:30 AM

Posted 19 February 2008 - 01:03 PM

Hello now please Download Dr.Web CureIt to the desktop:
Please print out or copy this page to Notepad as you will be in Safe Mode and unable to refer to this page.


Reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode.


Doubleclick the "drweb-cureit.exe" and click "ok" in the prompt window that will open , asking "start the express scan now".
It will first make a quick scan of your system, let it clean what it find, and when it says "done"

Click on the green screwdriver-
Uncheck –Heurestic analysis
Actions Tab- Adware-Dialers-Riskware-Hacktools, use dropdown menu and select –Move
Remove checkmark from – Prompt on action

Click on the drive(s) you want to scan . A red dot will mark the selected drive(s) . Then hit the green arrow in lower right corner It will now scan your drive(s), say yes to all
When the scan has finished, look if you can click next icon next to the files found
If so, click it and then click the next icon right below and select Move incurable
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured.

After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Please copy and paste the DrWeb.csv log results in your next reply.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 sjpassmore

sjpassmore
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 19 February 2008 - 06:15 PM

Hi boopme,
i did as you said...safe mode...express scan....and that was as far as i could go...it said no viruses found....
as i said the hijacked deskbar showed up in only the first scan suggested by orange blossom and not in any scan since...
i am still asked each time by superspyware if i want to block the homepage change...from yahoo to www.w-w-w-dot-com.com/start.php....i always say lock change but still have the homepage from www.dot!
what now...please!
sjpassmore
i appreciate your time

#10 sjpassmore

sjpassmore
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 19 February 2008 - 06:36 PM

boopme....
in a frustrated search..below it says that www.w-w-w-dot is google.com(referral) ??? am i dealing with a google problem

greg hughes - dot net - Google Pack - "A free collection of ...Note that the contents of this site represent my own thoughts and opinions, .... but I also figured Google would find a couple of things I didn't have. ...
www.greghughes.net/rant/CommentView,guid,59e867e1-3e12-4b02-9063-b2e40d8555b0.aspx - 91k - Cached - Similar pages

greg hughes - dot net - Google Pack - "A free collection of ...Note that the contents of this site represent my own thoughts and opinions, .... but I also figured Google would find a couple of things I didn't have. ...
www.greghughes.net/rant/CommentView,guid,59e867e1-3e12-4b02-9063-b2e40d8555b0.aspx - 91k - Cached - Similar pages

greg hughes - dot net - Google Pack - "A free collection of ...removing www.w-w-w-dot-com.com (www.google.com) [Referral] .... found in the Pack, but I also figured Google would find a couple of things I didn't have. ...www.greghughes.net/rant/GooglePackAFreeCollectionOfEssentialSoftware.aspx - 115k - Cached - Similar pages
More results from www.greghughes.net »

upda.exe - Program InformationAre you having trouble using this site? Then you should visit the New User ... bar to your Windows taskbar which performs searches on www.w-w-w-dot-com.com. ...
www.bleepingcomputer.com/startups/upda.exe-21738.html - 20k - Cached - Similar pages

O4 HijackThis EntriesAre you having trouble using this site? Then you should visit the New User Orientation ..... although you will find some of them listed via this method. ...
www.bleepingcomputer.com/startups/hijackthis/O4-0.html - 91k - Cached - Similar pages
More results from www.bleepingcomputer.com »

Free Web Hosting and Domain Name Registration Services by Doteasy.comBannerless free and shared hosting. Domain registrations. Located in Burnaby, BC Canada.
www.doteasy.com/ - 16k - Cached - Similar pages

eBay Forums: OT: Need advice! Daughter's computer ...www.w-w-w-dot.com.com/tracker.php? then some other stuff with numbers and .... Use of this Web site constitutes acceptance of the eBay User Agreement and ...
forums.ebay.com/db1/thread.jspa?threadID=1000647764 - 56k - Cached - Similar pages

Domain name registration & web hosting from 123-regwww.www-dot-com.com has been registered on behalf of a client by ... Login to your 123-reg control panel to start or find out more about InstantSite ...
www.www-dot-com.com/ - 13k - Cached - Similar pages


upda.exe - Program InformationAre you having trouble using this site? Then you should visit the New User ... bar to your Windows taskbar which performs searches on www.w-w-w-dot-com.com. ...
www.bleepingcomputer.com/startups/upda.exe-21738.html - 20k - Cached - Similar pages

O4 HijackThis EntriesAre you having trouble using this site? Then you should visit the New User Orientation ..... although you will find some of them listed via this method. ...
www.bleepingcomputer.com/startups/hijackthis/O4-0.html - 91k - Cached - Similar pages
More results from www.bleepingcomputer.com »

Free Web Hosting and Domain Name Registration Services by Doteasy.comBannerless free and shared hosting. Domain registrations. Located in Burnaby, BC Canada.
www.doteasy.com/ - 16k - Cached - Similar pages

eBay Forums: OT: Need advice! Daughter's computer ...www.w-w-w-dot.com.com/tracker.php? then some other stuff with numbers and .... Use of this Web site constitutes acceptance of the eBay User Agreement and ...
forums.ebay.com/db1/thread.jspa?threadID=1000647764 - 56k - Cached - Similar pages

Domain name registration & web hosting from 123-regwww.www-dot-com.com has been registered on behalf of a client by ... Login to your 123-reg control panel to start or find out more about InstantSite ...
www.www-dot-com.com/ - 13k - Cached - Similar pages


#11 Monty007

Monty007

  • Members
  • 1,151 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:01:00 AM

Posted 20 February 2008 - 12:55 AM

This is the link you are referring to http://www.bleepingcomputer.com/startups/h...his/O4-100.html and some help to remove it http://www.bleepingcomputer.com/tutorials/how-to-remove-a-trojan-virus-worm-or-malware/
MCP
MSDST




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users