Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ad Served By Contextprogram?


  • Please log in to reply
4 replies to this topic

#1 doityourself

doityourself

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 30 March 2008 - 11:37 AM

I know how it happened. Trying desperately (in vain) to make an online purchase of a particular song for a local fundraising project, I resorted to installing LimeWire and trusted it to work. In the process, I clicked on song titles that I knew looked risky, and now I have a virus.

I am using Windows IE 7 on XP.

I have Norton Internet Security, and recently downloaded/ran Spybot and Ad-Aware 2007. Each has found problems but the situation has yet to be resolved.

What happens? When I open IE, another IE window opens. I see it starting to work in the task pane. The first one that ever came up was www.hornymatches.com. The most common one I see is www.rebateprocessortools.com/?ref=&cid=CD25092. However there are many more. I have added them to my Restricted Sites listing, but the sites still come up even after I restrict them. I noticed today that there are a LOT of sites on that restricted list that I didn't put there. They all start with an asterik and a comma *, Examples include *.1987324.com, *,1-extreme.biz, *1,1sexparty.com
I did NOT list these on my Restricted Sites. These new pages also open occasionally when navigating the web by using the Back/Forward buttons, or when clicking a link on a page I'm using.

Another thing that happens randomly is a small white box w/black letters slowly peeks from above the systray in the lower right corner. It reads "Ad served by ContextProgram". I have searched that phrase and come up with nothing in English.

I would appreciate any assistance on this topic. Can you believe I teach technology to people and warn them about downloading suspicious things, just like I did?? I am so disappointed in myself :thumbsup:

BC AdBot (Login to Remove)

 


#2 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:06:56 AM

Posted 30 March 2008 - 02:54 PM

we know you are infected and as you are on XP have you yet tried to use System restore to BEFORE Limewire was installed?

I would strongly suggest you uninstall limewire

you may wish to run superantispyware http://www.superantispyware.com/superantis...efreevspro.html

and asquared

http://www.emsisoft.com/en/software/free/
its exe is
http://download6.emsisoft.com/a2FreeSetup.exe

suggest you download each fully update the definitions, reboot into safe mode and run on full deep scans

please let us know what they drag up?

#3 doityourself

doityourself
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 05 April 2008 - 10:46 AM

Thanks Ruby!
Here's what I did...

I tried to run a system restore from 2 different points, and it wouldnt let me. So I installed the superantispyware and here's what it found:

Summary: Adware.ContextProgram.BHO
Company: Unknown
Description: Adware browser helper object
Threat Level (1-10): 5
Processes:
CONTEXTPROGRAM-1.DLL
CONTEXTPROGRAM-2.DLL
CONTEXTPROGRAM-3.DLL

CLSID List: {E4D1D56C-3EC9-2FSD-FAA3-4112CCDD61DC]

The Scan Summary is below:

Memory Items Detected: 1
Files Detected: 65
Registry Items Detected: 10
TOtal Threats Detected: 76

I didn't do any of the other things you recommended for two reasons. 1. This seems to have totally fixed the issue and 2. I haven't had the time.

Do you still recommend I run the other programs you suggested? What about the system restore?

Thanks for your help Ruby, I appreciate it very much!!!! :thumbsup:

#4 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:06:56 AM

Posted 05 April 2008 - 11:10 AM

I would suggest you run the a squared program and let us know what if anything it finds?

have you yet uninstalled the Limewire program??

to do the System restore you might try to temporarily disable the Norton ( but only when OFF line and completley disconnected from the internet )

do NOT forget to re-enable the Norton as soon as the Restore attempt has been completed else you WILL be running unprotected :thumbsup:

#5 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,911 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:02:56 AM

Posted 08 April 2008 - 11:22 PM

Hello doityourself,

Could you please post the entire SUPERAntiSpyware log? That log contains information that will assist us in cleaning your system.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users