TechSpot

adware I just cant shift!

By DJMephisto
Apr 3, 2006
  1. Hi I've cleared my PC several times with all recommended programs - all viruses gone! Theres still one thing I cant get rid of though - something is launching advertising browser windows when I'm online. I've sorted the 'hosts' file so the web pages in these advertisements dont display, but the windows themselves are still opening.

    The sites that come up are:
    ecommerce-e.com
    amaena.com
    intern-etadvertising.com
    popunder.paypopup.com
    health-yshopping.com
    beliefnetgreetings.com
    ad-w-a-r-e.com

    I suspect something hidden in the registry that is being stubborn
    This is the last step to ridding my computer of those pests!!

    I've included my HJT log file - could you take a look please?

    Cheers - Mephisto
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Hello and welcome to Techspot.

    Your system is infected with the look2me malware.

    Go HERE and follow the instructions.

    Then post a fresh HJT log.

    Regards Howard :wave: :wave:
     
  3. DJMephisto

    DJMephisto TS Rookie Topic Starter

    Hi
    Cheers very much for your advice - prob seems to have cleared up no ads in 1/2 hour browsing!!

    Included both log files

    Once again - U R D man!! :)

    Mephisto
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

    Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

    Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O14 - IERESET.INF: START_PAGE_URL=http://www.ergo.co.uk

    O17 - HKLM\System\CCS\Services\Tcpip\..\{1EAE56CE-708B-4A61-9C53-9BB71CE31490}: NameServer = 80.225.255.185 80.225.255.177 Only fix this 017 entry, if it doesn`t belong to your ISP.

    Click on the fix checked button.

    Reboot into normal mode and tunsystem restore back on.

    Your system should now be clean.

    Regards Howard :)
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.