Elusive PopUp source - PLEASE HELP!

By bertdog
May 8, 2006
  1. I'm a computer tech that does quite a lot of work on personal computers, particularly malware removal, but this one has me absolutely stumped.

    I have a laptop whose user clicked a link in an AIM message and subsequently received an infection that shut down his Internet connection. Once I got the connection restored, all hell broke loose - popups galore. I spent several days cleaning the machine, but there is still something on there that has proven to be very elusive. I have ran AdAware and MS Antivirus, but neither detects anything at this point other than tracking cookies. I have ran Housecall and Panda, but again, only cookies. I have cleared temp files, history, and cookies. Nonetheless, when the machine is started, the popups start firing up. up to 15 windows will open at a time, and every 10 minutes or so, another group pops up. The URLS for the popups include, but are not limited to:
    Red Orbit
    Fun Lotto, Inc.

    And the list goes on. I have ran HijackThis, but do not see anything suspicious. The log is attached. I've also ran FindQool, RKTools, and WinPFind, and can post those logs if desired.

    Thanks for any help in advance. I'm pulling my hair out over this one. My reps at stake!

  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    The only thing I can see in your HJT log that is undesirable, is the AOL toolbar.

    I suggest you uninstall this from add remove programmes.

    I also suggest you let HJT fix this entry.

    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe as it`s not clear what it does exactly. You can always restore it later if need be.

    Then, go HERE and follow the instructions in the order they are given.

    Let us know if this help.

    Regards Howard :wave: :wave:
  3. bertdog

    bertdog TS Rookie Topic Starter


    The Ati2mdxx.exe file is associated with the video card. I tried removing that from the equation, thinking it was corrupted, but no luck. I'll follow your recommendations and see what that does.

    Thanks for the reply. I'll keep you "posted".
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...