Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Add Pop Up Problem


  • Please log in to reply
7 replies to this topic

#1 Foxy_0609

Foxy_0609

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 15 February 2008 - 03:58 PM

Hi,

I'm having a problem with pop-ups using IE6 sp2. I have run ad-aware, symantec anti-virus on full scans, Vundofix and the virtumondoBeGone and both shows no vundo present. I ran hijackthis and it shows no identical O2 and O2O entries. I have now run out of ideas on how to fix this?? Please help!

Thanks

BC AdBot (Login to Remove)

 


m

#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,147 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:35 AM

Posted 16 February 2008 - 12:44 AM

Hello and welcome Please foolow these instructions and post the scan log back.

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Foxy_0609

Foxy_0609
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 16 February 2008 - 09:38 AM

Hi,

Followed the instructions. Here is the log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/16/2008 at 02:49 PM

Application Version : 3.9.1008

Core Rules Database Version : 3404
Trace Rules Database Version: 1396

Scan type : Complete Scan
Total Scan Time : 00:53:00

Memory items scanned : 505
Memory threats detected : 0
Registry items scanned : 4751
Registry threats detected : 0
File items scanned : 45571
File threats detected : 75

Adware.Tracking Cookie
C:\Documents and Settings\gnadeau\Cookies\gnadeau@tracking.lsfinteractive[1].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@ad.yieldmanager[1].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@torstardigital.122.2o7[1].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@optimize.indieclick[2].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@yourmedia[1].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@track.effiliation[2].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@cgi-bin[3].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@enablemedia[1].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@doubleclick[1].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@eas.apm.emediate[2].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@statse.webtrendslive[3].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@roiservice[2].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@hitbox[2].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@www.enablemedia[1].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@atdmt[3].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@ads.pubmatic[1].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@statcounter[1].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@ad.zanox[2].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@smartadserver[2].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@ads.adbrite[1].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@1067502184[1].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@overture[2].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@ads.bleepingcomputer[2].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@casalemedia[1].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@zedo[1].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@bwincom.122.2o7[1].txt
C:\Documents and Settings\acedward\Cookies\acedward@sales.liveperson[2].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@247realmedia[2].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@2o7[2].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@ad.zanox[1].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@adbrite[2].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@adopt.euroclick[1].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@adopt.specificclick[1].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@adrevolver[2].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@ads.addynamix[2].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@ads.guardian.co[1].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@ads.mobygames[1].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@ads.multimania.lycos[1].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@ads.pointroll[1].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@adtech[1].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@adtrack[1].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@advertising[1].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@adviva[1].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@atdmt[2].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@azjmp[1].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@bannersng.yell[1].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@banner[1].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@bizrate[1].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@bluestreak[1].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@e-2dj6wgkyejcpefp.stats.esomniture[1].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@edge.ru4[2].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@ehg-rodale.hitbox[2].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@ehg.hitbox[2].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@keywordmax[1].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@media.adrevolver[1].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@mediaplex[1].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@metacafe.122.2o7[1].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@microsoftwlmessengermkt.112.2o7[1].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@overture[1].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@questionmarket[1].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@revsci[1].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@rocku.adbureau[2].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@statse.webtrendslive[1].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@tacoda[2].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@tattoofinder[2].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@track.effiliation[1].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@track.webgains[2].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@tracking.summitmedia.co[1].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@tracking.webdiversity.co[1].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@tradedoubler[1].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@tribalfusion[1].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@tripod[2].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@www.burstnet[1].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@www.tattoofinder[1].txt
C:\Documents and Settings\gnadeau\Cookies\gnadeau@xiti[1].txt
Thanks

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,147 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:35 AM

Posted 16 February 2008 - 10:49 AM

Ok so that was just cookies. what are these popups of? What antivirus and spyware tools do you have installed.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Foxy_0609

Foxy_0609
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 16 February 2008 - 11:28 AM

some of the pop-ups are advertising clothes (www.quelle.fr), others are for a casino, a dating site and clairvoyance (sorry no web site addy). I'm also getting some for some anti spyware software that uses microsoft imagery to make it look official.

on this machine I have symantec anti-virus, ad-aware plus the software that you advised me to download, hijackthis, vundofix and virtumundoBeGone.

Thanks

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,147 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:35 AM

Posted 16 February 2008 - 08:47 PM

Hello again, sorry I don't see where I told you about anything but SUPER. Anyway, I don't know where you got the tool but just in case it can be run from here. If you want to run it again and post that log, here are the instructions. To be sure it is not a malware problem.
Does your ISP offer a pop up blocker? Perhaps one like this ..POW - trainable, popup blocker for Internet Explorer.

Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • If it says "No infected files were found", right-click the list box (white box) in the main VundoFix window.
  • Select "Add More Files?" from the menu that comes up.
  • This will open a new VundoFix window that says "Paste files into the boxes below:"
  • In that window, copy and paste the following file path in the first (top) field:
    C:\WINDOWS\system32\badfile.dll <- (insert first file here with the full filepath like this example)
  • Now copy and paste the following file path in the second field:
    C:\WINDOWS\system32\badfile2.dll <- (insert second file here (if needed) like this example)
  • Click the 'Add Files' button.
  • Click the 'Close Window' button.
  • Click the 'Remove Vundo' button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt in your next reply.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot.

Edited by boopme, 17 February 2008 - 03:20 PM.
{Remove HJ Log request~~boopme}

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Foxy_0609

Foxy_0609
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:35 AM

Posted 17 February 2008 - 07:46 AM

Hi,

Sorry, I had already installed and ran vundofix and hijackthis.

Here is the file from vundofix:

VundoFix V6.7.8

Checking Java version...

Sun Java not detected
Scan started at 18:16:46 15/02/2008

Listing files found while scanning....

No infected files were found.


VundoFix V6.7.8

Checking Java version...

Sun Java not detected
Scan started at 12:48:31 17/02/2008

Listing files found while scanning....

No infected files were found.


Beginning removal...

Performing Repairs to the registry.
Done!


Thanks

Edited by boopme, 17 February 2008 - 03:21 PM.
{Remove HJT Log ~~boopme}


#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,147 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:35 AM

Posted 17 February 2008 - 10:13 PM

Hello, I've only 2 more ideas I can think of. Let's run this. If the malware is not there it will remove your background and you'll have to reset that. Print or copy the instruction page when the tool opens.. Perform steps 1 and 2.
The scan report can be found at the root of the system drive, usually at C:\rapport.txt
SmitFraudFix

Edited by boopme, 17 February 2008 - 10:13 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users