Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problemes In My Angelfire Account


  • This topic is locked This topic is locked
7 replies to this topic

#1 ES1

ES1

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 11 August 2006 - 04:43 PM

Hi Guys,

I posted my log on the 4th. Here is the link to my original post.

Here is my problem:

I have a website hosted by Angelfire. I have a problem right now whenever I log in to my account there. I get a banner ad across the top which is constantly loading and reloading and causing me to lose work in the process. I have asked Angelfire about this a number of times now and they swear up and down that they don't serve ads in members' control panels. I think they may be telling the truth here because I logged into my account using a proxy server and there were no banner ads running across the top as there usually are.
I have run numerous scans using Kaspersky, ESET, Ad-Aware, Spy Bot, HiJack This, Spy Sweeper, Pest Patrol, AVERT Stinger, Ewido and SpyCatcher and all of them have found nothing. I really don't know what to do right now. I have for the moment come up with a band-aid solution by adding the web addresses of the banner ads to the restricted zones. The ad servers are Realmedia and Zedo. I was able to see their web addresses in the status bar as they loaded and add them to my restricted sites zone and that has stopped the banners from loading and displaying and ended the problem of losing my work and my work being interrupted by the ads. But there is a big black empty space now where the banner ads used to be.
I think there must be a problem on my PC. I must be infected with something which has not yet been detected. I would be most grateful to any who could help me with this problem.

I ran my HiJack This scan with no windows open or applications running in the Task Manager. I shut down Spy Sweeper and left ESET running and Windows Defender running.


Logfile of HijackThis v1.99.1
Scan saved at 1:40:01 PM, on 8/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\HijackThis.exe

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

Thanks,

BC AdBot (Login to Remove)

 


m

#2 ES1

ES1
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 11 August 2006 - 05:39 PM

Sorry about that. I didn't mean to bump my log or anything like that. I thought I posted this log in the "If you haven't had a reply in five days" forum. I'm not sure why it wound up here.
Mods, could you please move this to the "If you haven't had a reply in five days" forum?

Thanks

Edited by ES1, 11 August 2006 - 06:52 PM.


#3 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:12 PM

Posted 12 August 2006 - 06:48 AM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:


Your log is clean. In fact, it is very clean!
This is not typical malware behavior. Malware would serve you ads as often as possible, and certainly not only on a particular site.

Have you tried using a different browser? Firefox?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#4 ES1

ES1
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 12 August 2006 - 05:37 PM

Hey Buckeye_Sam!

I thought my log looked pretty clean.

I was getting the banner ads using Firefox, IE and Opera.

I have gotten rid of the ads completely in Firefox using NoScript and Adblock.

In Opera I have achieved the same results that I have in IE.
I have reduced the banner ads to blank black spaces using the Block Content feature which you access by right clicking on the offending ad(s).

It's rather puzzling. I have scanned my PC for Realmedia and Zedo and found nothing except Real Player which as far as I know is not spyware.

Thanks for your help,

#5 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:12 PM

Posted 12 August 2006 - 08:59 PM

If you are getting them on all browsers, Angelfire is serving them to you, whether they admit to it or not.

Check the source code of the page.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#6 ES1

ES1
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 12 August 2006 - 11:11 PM

Actually that's exactly what I did, I showed then the source code of the page and they never got back to me.


The source code of the page makes clear that they've embedded ads into their pages. I don't know whether it's safe or appropriate to post the source code for the page here.

I guess it's up to me now to either let it be and forget about it or to move to another web host.

In any case, thanks for your time Buckeye,

Best

#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:12 PM

Posted 13 August 2006 - 04:27 PM

Glad I could help! :thumbsup:
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:12 PM

Posted 31 August 2006 - 09:35 AM

Now that your problem appears to be resolved, this thread will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users