AdultFriendFinder, WinFixer and WinAntivirus pop-ups

By cenobite321
Apr 3, 2006
Topic Status:
Not open for further replies.
  1. Hi,

    Do you know how to get rid of the AdultFriendFinder, WinFixer and WinAntivirus (why didn't Norton Antivirus make a lawsuit against those two?) pop-ups?

    I used Xoft-Spy, Windows Defender and Norton Internet Security 2006 to scan the computer, but both say that everything is OK.

    I also made a scan with the AdAware SE, but it seems to crash the computer when it is making the analysis.

    But still, there are some pop-ups that tell me that there has been a security breach blah, blah .... and we invite you to download WinAntivirus. Those messages along with some pornography pop-ups from AdultFriendFinder makes me really sick puke: and I really don't know what else can I do to get rid of them.

    I will appreciate any help. Thank you

    P.S. I also attached my hijack this log into the message if by any case.

    Attached Files:

  2. N3051M

    N3051M Newcomer, in training Posts: 2,800

    read the stickys on the Securtiy and Web sub forum about removing coolwebsearch/trojans/etc by Real black stuff, follow all instructions.

    update windows
    scan with panda online, trendmicro housecall or ewido, then repost your hjt log
  3. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

    Uninstall and delete anything to do with DAP and ARES

    Then run HJT in safe mode (as described in my post about Coolwebsearch etc.) and have it fix all of these:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.la.dell.com/content/default.aspx?c=mx&l=es&s=gen
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.la.dell.com/content/default.aspx?c=mx&l=es&s=gen
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.la.dell.com/content/default.aspx?c=mx&l=es&s=gen
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://mx.mcafee.com/root/forgotPassword.asp?affid=105-108&langid=96&close=true&RW=1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = VĂ­nculos
    O1 - Hosts: 209.120.136.200 community.the-underdogs.info
    O1 - Hosts: 209.120.136.203 dfg.the-underdogs.info
    O1 - Hosts: 209.120.136.196 files.the-underdogs.info
    O1 - Hosts: 209.120.136.205 mac.the-underdogs.info
    O1 - Hosts: 209.120.136.197 old.the-underdogs.info
    O1 - Hosts: 209.120.136.207 ron.the-underdogs.info
    O1 - Hosts: 209.120.136.194 the-underdogs.info
    O1 - Hosts: 209.120.136.195 www.the-underdogs.info
    O1 - Hosts: 209.120.136.209 zzt.the-underdogs.info
    O2 - BHO: WTLHelper Object - {6D33B121-5C4C-4450-9D1F-7B67085CC199} - C:\WINDOWS\system32\jkhff.dll
    O4 - HKLM\..\Run: [ShowLOMControl] 
    O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Archivos de programa\DAP\DAP.EXE" /STARTUP
    O4 - HKCU\..\Run: [ares] "C:\Archivos de programa\Ares\Ares.exe" -h
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O8 - Extra context menu item: &Clean Traces - C:\Archivos de programa\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Archivos de programa\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Archivos de programa\DAP\dapextie2.htm
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARCHIV~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: jkhff - C:\WINDOWS\system32\jkhff.dll

    When done, also delete jkhff.dll
  4. XxXBlackTalon

    XxXBlackTalon Newcomer, in training

    If Anyone is still listening to this post

    I had the same problem on my friends computer, and tried multiple ways to remove this threat. The only way that I could remove the file was to run the windows recovery console to delete the file(tried killbox and hjt, normal and safe-mode). After you have deleted the file from the console you need to boot to safe mode(ie F8) and then run a regedit and do a search for it. The "FILE" I am talking about is found by running a HJT log and looking at what is running under WINDOWS LOGON NOTIFY. This is how this particular problem runs. in your case it is jkhff.dll. So this is what you need to delete from the console and search for in the registry. Remove every reg entry that is associated with this file. Then run HJT(Still in Safe Mode) then remove any entry involving the file in question. Then reboot. Verify that the file is gone from the system32 directory and you should be set. The reason I say the file in question is b/c the file name will change from computer to computer. Mine was nnljgr.dll :knock: , but I was getting the same popups. Hope this helps someone!
  5. Tedster

    Tedster Techspot old timer..... Posts: 10,074   +13

    yeah, stop downloading porn, it's bad for your computer and your keyboard. (the latter gets sticky)
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.