Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Irritating Browser Windows - Spyware


  • Please log in to reply
5 replies to this topic

#1 Tushar

Tushar

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:13 PM

Posted 15 March 2006 - 12:56 PM

I am continuosly facing the following problem, when i am connected to the internet

New browser windows keep opening/popping with following in address bar:

1. //popunder.paypopup.com/default.php?serverfile=&siteid=BundleWare&subid=
2. //www.buyer-shabit.com/normal/yyy102.html
3. //axilsearch.....

Tried Ad-aware and spybot....but these windows keep coming back as soon as i connect to the internet(I have a DSL connection). Can anyone help?

I have scanned my machine with Spybot & Ad-aware(6 times), but no luck. Every time i scan with Ad-aware, it keeps showing 2-3 critical files which need to be removed. These names of these files are similar to
'k4lq0e35eh.dll', 'guard.tmp'

Ad-aware does not remove them directly, but says it will remove these files, only when i reboot. On rebooting, the above files are removed from winnt\system32, but another set of dll file(s) with similar names are created.

PLEASE HELP :thumbsup:

Tushar

//Mod edit: To modify Hot Links above to protect.

Edited by KoanYorel, 15 March 2006 - 08:21 PM.


BC AdBot (Login to Remove)

 


#2 chasbrown900

chasbrown900

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:43 PM

Posted 17 March 2006 - 06:32 AM

Hey, I got the exact same problem, I think. Did you get it fixed?

Any suggestions?

Cheers :thumbsup:

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:43 PM

Posted 17 March 2006 - 10:53 AM

Try performing these online Virus scans:
[Watch the Address bar in IE. You may receive alerts that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then Click Install ActiveX component]

Trend Micro Housecall Scan
The Housecall log is saved to C:\Documents and Settings\UserName\.housecall\log\
Panda ActiveScan
ActiveScan Panda does not remove adware/spyware but will autoclean for viruses & worms.

If your using Win XP/2000, also download and scan with Ewido Anti-Malware v3.5
Ewido Install and Scan Instructions
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:11:43 AM

Posted 18 March 2006 - 06:41 AM

I am continuosly facing the following problem, when i am connected to the internet

New browser windows keep opening/popping with following in address bar:

1. //popunder.paypopup.com/default.php?serverfile=&siteid=BundleWare&subid=
2. //www.buyer-shabit.com/normal/yyy102.html
3. //axilsearch.....

Tried Ad-aware and spybot....but these windows keep coming back as soon as i connect to the internet(I have a DSL connection). Can anyone help?

I have scanned my machine with Spybot & Ad-aware(6 times), but no luck. Every time i scan with Ad-aware, it keeps showing 2-3 critical files which need to be removed. These names of these files are similar to
'k4lq0e35eh.dll', 'guard.tmp'

Ad-aware does not remove them directly, but says it will remove these files, only when i reboot. On rebooting, the above files are removed from winnt\system32, but another set of dll file(s) with similar names are created.

PLEASE HELP :thumbsup:

Tushar

//Mod edit: To modify Hot Links above to protect.


You need to be running Adaware and Spybot from safe mode so the miscreant processes aren't running and can therefiore be removed.

Then post your HJT log following the above directions explicitly.

#5 Tushar

Tushar
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:13 PM

Posted 02 April 2006 - 06:30 AM

Trend Micro HouseCall seems to have worked.

I have kept my computer under observation.

Thanks much.

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:43 PM

Posted 02 April 2006 - 06:41 AM

Thats good news Tushar.

If you are not having further problems and don't need to post a HJT log, then you should SET A NEW RESTORE POINT to prevent reinfection from an old restore point. Any malware you picked up could have been saved in System Restore and can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to set a new RESTORE POINT:
1. Go to Start > Programs > Accessories > System Tools and click "System Restore".
2. Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
3. Then go to Start > Run and type: Cleanmgr
4. Click "OK".
5. Click the "More Options" Tab.
6. Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users