Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Advertisement


  • Please log in to reply
4 replies to this topic

#1 Ben Fordham

Ben Fordham

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 24 February 2007 - 03:20 PM

:thumbsup: What the heck is going on? I have contracted a trojan advertisement that constantly tells me (wrongly) that I have lots of things attacking my computer and (surprise) they want me to buy the anti virus software that will fix it. I have no intention of buying from folk like this! I cannot, no matter how hard I have tried, find and delete the annoying pop ups.

How do I get this stuff off? Help

BC AdBot (Login to Remove)

 


#2 TheYoda

TheYoda

  • Members
  • 466 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NYC
  • Local time:12:44 PM

Posted 24 February 2007 - 03:34 PM

You have infected your computer with malware :thumbsup:

Submit a HijackThis log using this tutorial into the HijackThis Logs and Analysis forum here. Any other questions feel free to ask me :flowers:

PS: Welcome to BC!!!

Edited by TheYoda, 24 February 2007 - 03:35 PM.

"A coward dies a thousand times before his death. The valiant never taste of death but once." -William Shakespeare

Fold for your future...Help us find a cure.


#3 Matthew Alan

Matthew Alan

  • Members
  • 105 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee
  • Local time:11:44 AM

Posted 24 February 2007 - 04:18 PM

Is it a little thing that pops up above the clock? That says here are today's "something" from flashfunpages.com? (or something close) if so Go to add remove programs and delete FF Fun Pages


grrrrrrrrr you moved it when I was posting

#4 fozzie

fozzie

    aut viam inveniam aut faciam


  • Members
  • 3,516 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ossendrecht/The Netherlands
  • Local time:05:44 PM

Posted 24 February 2007 - 04:44 PM

Posted Image
Download and scan with SUPERAntiSypware Free for Home Users

* Double-click SUPERAntiSypware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Udates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
* When done, select "Scan for Harmful Software".
* There are three scanning options. Choose "Perform Complete Scan" and click "Next".
* When done, a Scan Summary will appear with potentially harmful items that were detected. Click "OK".
* Make sure they all have a checkmark next to them and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* Click Preferences and then click the statistics/logs tab.
* Click the dated log and press View log. A text file will appear so you can see the results.
* Select close to exit the program.
* Scan in SAFE MODE

After that, download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in SAFE MODE using the F8 method.

Scan with DrWeb-CureIt as follows:

* Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
* Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
* Once the short scan has finished, Click Options > Change settings
* Choose the "Scan tab" and UNcheck "Heuristic analysis"
* Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
* Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
* When done, a message will be displayed at the bottom advising if any viruses were found.
* Click "Yes to all" if it asks if you want to cure/move the file.
* When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
(This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
* Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
* Save the DrWeb.csv report to your desktop.
* Exit Dr.Web Cureit when done.
* Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

#5 buddy215

buddy215

  • Moderator
  • 13,505 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:44 AM

Posted 24 February 2007 - 09:29 PM

There is adware Advertisemen (no "t")

------------------------------------------------------------
How to Remove The Avertisemen.com Malware
------------------------------------------------------------
Guide by Richard Warrender (http://www.vividreflection.com/)

Ok, here is what you need to do to remove the Avertisemen.com malware: -

1. Important! Close all Firefox, Opera and Internet Explorer windows.
2. Click Start > Run...
3. Type "regedit.exe" and press OK.
4. Get to the following location in the registry: -
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
In the pane on the right-hand side of regedit you should see a String called "AppInit_DLLs"
with a value of "pushow**.dll" where ** is some random number.
5. Right-click on this String and click Delete.
6. Click Start > Run...
7. Type "C:\windows\system32\" and press OK.
8. Click on the Search toolbar button in the explorer window that just appeared.
9. Click "All files and folders" on the search panel that has appeared on the left hand side of the window.
10. Where it says "All or part of the file name:" enter "pushow*.dll" and click Search.
11. Once the search has finished select the pushow**.dll file (there will be multiple copies if you ran the
setup file more than once).
12. Delete the selected file or files.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users