Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random Pop-ups


  • Please log in to reply
7 replies to this topic

#1 KingOfLOL

KingOfLOL

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:47 PM

Posted 23 December 2006 - 08:19 AM

I keep getting pop-ups on my laptop.

They always seem to be adult ones ie. matchmaker services etc. in internet explorer (never in firefox, which is my default browser)

I also keep getting a yellow warning triangle and popup balloons from my systray. These are rapidly annoying me.

Now I have ran spybot search & destroy and adaware through them (with latest updates) aswell as Norton Antivirus (also latest updates) I have tried reinstalling ie7 and that didnt work either. I was told that using HiJack this would work, but I'm not sure what to do and i followed the warning that if you werent sure then you might delete something crucial.

the only thing that I have left (within my ability) is a complete system restart and start from scratch.

Can anyone help me?

BC AdBot (Login to Remove)

 


m

#2 rigel

rigel

    FD-BC


  • BC Advisor
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:06:47 PM

Posted 23 December 2006 - 08:48 AM

Hi KingOfLOL,

Welcome to Bleeping Computer!

I recommend following our malware removal guide. It is a step by step guide to clean your computer. It also has instructions for posting a HJT log if needed. Try that first and let us know if you have any questions.

Good luck,

rigel

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:47 PM

Posted 23 December 2006 - 11:04 AM

Hello KingOfLOL

I see you have not posted a log yet. We may be able to fix this without doing that.

If your using Win XP or 2000, do this.

First, print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please download, install and update AVG Anti-Spyware 7.5.
Be sure to print out and follow the AVG Anti-Spyware Install-Scan Instructions. DO NOT perform a scan yet.

Please download ATF Cleaner by Atribune & save it to your desktop. DO NOT use yet.

Next, follow the generic instructions for using SmitfraudFix in BC's "How to remove the Smitfraud / Generic Zlob". You will have to extract the zip file to you Desktop. (Click here for information on how to do this if not sure. Win 9x/2000 users click here. A ZIP file requires an unzipping utility. If you need one, download 7zip (its free).

After using the tool as instructed, reboot again in "SAFE MODE" and double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Then scan with AVG Anti-Spyware 7.5 per the instructions you printed out and reboot normally.
Note: Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning. Doing so can hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection.

If your still having problems after following these instructions, then follow rigel's instructions for posting a hijackthis log.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 KingOfLOL

KingOfLOL
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:47 PM

Posted 23 December 2006 - 11:45 AM

Thanks so much for the help. I will see if it works

#5 KingOfLOL

KingOfLOL
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:47 PM

Posted 23 December 2006 - 01:24 PM

Here is my AVG report Has it fixed my problem?

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 18:16:56 23/11/2006

+ Scan result:



C:\Program Files\Video ActiveX Object -> Adware.Generic : Cleaned.
C:\Program Files\Video ActiveX Object\iesplugin.dll -> Adware.Generic : Cleaned.
C:\Program Files\Video ActiveX Object\ot.ico -> Adware.Generic : Cleaned.
C:\Program Files\Video ActiveX Object\pmmon.exe -> Adware.Generic : Cleaned.
C:\Program Files\Video ActiveX Object\pmsngr.exe -> Adware.Generic : Cleaned.
C:\Program Files\Video ActiveX Object\ts.ico -> Adware.Generic : Cleaned.
C:\Program Files\Video ActiveX Object\uninst.exe -> Adware.Generic : Cleaned.
HKLM\SOFTWARE\Classes\CLSID\{5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2} -> Adware.Generic : Cleaned.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 -> Adware.Generic : Cleaned.
HKU\S-1-5-21-3794653846-2416891821-2280511692-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A1DDC19-5893-43AB-A73F-F41A0F34D115} -> Adware.Generic : Cleaned.
HKU\S-1-5-21-3794653846-2416891821-2280511692-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5D4831E0-5A7C-4A46-AFD5-A79AB8CE36C2} -> Adware.Generic : Cleaned.
HKU\S-1-5-21-3794653846-2416891821-2280511692-1006\Software\Internet Security -> Adware.IntCodec : Cleaned.
C:\Downloads\PestCaptureSetup.exe -> Adware.PestCapture : Cleaned.
C:\Downloads\FreeMyEmoticons.exe/MyEmoticons_WhenUSaveNow_Installer.exe -> Adware.SaveNow : Cleaned.
C:\System Volume Information\_restore{FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP192\A0056010.exe -> Adware.Spysheriff : Cleaned.
C:\System Volume Information\_restore{FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP189\A0055640.exe -> Adware.Systemdoctor : Cleaned.
C:\System Volume Information\_restore{FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP189\A0055643.exe -> Adware.Systemdoctor : Cleaned.
C:\System Volume Information\_restore{FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP190\A0055686.exe -> Adware.Systemdoctor : Cleaned.
C:\System Volume Information\_restore{FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP190\A0055692.exe -> Adware.WinFixer : Cleaned.
C:\System Volume Information\_restore{FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP189\A0055594.exe -> Downloader.Zlob.bgi : Cleaned.
C:\System Volume Information\_restore{FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP189\A0055612.exe -> Downloader.Zlob.bgi : Cleaned.
C:\System Volume Information\_restore{FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP190\A0055700.exe -> Downloader.Zlob.bgi : Cleaned.
C:\System Volume Information\_restore{FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP190\A0055711.exe -> Downloader.Zlob.bgi : Cleaned.
C:\System Volume Information\_restore{FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP191\A0055884.exe -> Downloader.Zlob.bgi : Cleaned.
C:\System Volume Information\_restore{FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP192\A0055987.exe -> Downloader.Zlob.bgi : Cleaned.
C:\System Volume Information\_restore{FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP192\A0056065.exe -> Downloader.Zlob.bgi : Cleaned.
C:\System Volume Information\_restore{FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP192\A0056088.exe -> Downloader.Zlob.bgi : Cleaned.
C:\System Volume Information\_restore{FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP192\A0056101.exe -> Downloader.Zlob.bgi : Cleaned.
C:\System Volume Information\_restore{FA76AAE1-0D6B-45E6-A0E5-2E9BB81BE9AD}\RP193\A0056116.exe -> Downloader.Zlob.bgi : Cleaned.
:mozilla.27:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\6e5o8545.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.14:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\6e5o8545.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.15:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\6e5o8545.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.16:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\6e5o8545.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Brian\Cookies\brian@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Costco\Cookies\costco@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Costco\Cookies\costco@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Costco\Cookies\costco@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.26:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\6e5o8545.default\cookies.txt -> TrackingCookie.Adviva : Cleaned.
:mozilla.12:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\6e5o8545.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Costco\Cookies\costco@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.31:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\6e5o8545.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Costco\Cookies\costco@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.13:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\6e5o8545.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Costco\Cookies\costco@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Costco\Cookies\costco@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Costco\Cookies\costco@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.17:C:\Documents and Settings\Brian\Application Data\Mozilla\Firefox\Profiles\6e5o8545.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Costco\Cookies\costco@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Costco\Cookies\costco@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Costco\Cookies\costco@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Costco\Cookies\costco@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Costco\Cookies\costco@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.


::Report end

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:47 PM

Posted 23 December 2006 - 03:14 PM

AVG did its job. Did you also run the smitfraudfix? Are the pop ups and yellow warning triangle in your systray gone?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 KingOfLOL

KingOfLOL
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:47 PM

Posted 23 December 2006 - 03:39 PM

They have gone but did not run the smitfraudfix

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:47 PM

Posted 23 December 2006 - 11:07 PM

Go ahead and follow the instructions for running smitfraudfix so it will remove any files that remain which AVG did not detect.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users