FIX: Random IE Popups

Status
Not open for further replies.

rickatnight11

Posts: 20   +0
I have read multiple stories of how people are getting obligatory IE popups, sometimes even when IE isn't being used. The computer at my work recently contracted this same problem. I did the usual Adaware/Spybot scan, but they found nothing that fixed it. I searched the internet and found similar problems, but none of the solutions I found helped. After MANY attempts and different methods I came upon a solution.

Symptoms
----------
Random popups from IE ("Search the Web", "Search Inqwire", 888.com Casino ads, are the common popups)

Cause
------
There was a folder in my Program Files directory titled "Diraging". I stumbled upon it while doing a scan while in Safe Mode. Its contents were a 300meg cache folder, 2 dlls, and 2 programs. One EXE was an odd program with an "A" in a red circle as an icon, and the other RICSWAVE.exe had the IE icon. I recognized the name, and later realized that this was the title of the popup adds in the task bar. I decided to check up on it after I finished scanning, but lo and behold the folder wasn't visible in normal Windows mode. I went back into Safe mode, and found out through the Security tab (Right Click->Properties->Security) that all of the view/write/edit boxes were unchecked for all users, effectively hiding itself unless viewed in Safe Mode. It also could not be deleted in Safe Mode, so I used a common DOS technique for removing the folder.

Removal
--------
1. While in Safe Mode, open up the task manager (Ctrl+Alt+Del) and end the Explorer.exe process.
2. Keep the task manager open, and go to File->New Process
3. Type in "cmd" into the prompt to start the command prompt
4. Type the following commands in order:
cd \
cd Program Files
cd Diraging
del cache
rmdir cache
cd \
cd Program Files
del Diraging
rmdir Diraging


I don't know who makes this program, where it came from, or how it was contracted, so if anyone has any information on RICWAVE.exe or anything else related to this article please let me know. Also, I'm not familiar with many DOS commands, and I'm sure there is an easier way with one command to delete everything inside the Diraging folder, so please let me know.

Bear in mind, this may not be the extent of the infection. All I know is that this directory is what caused the popups, and after deletion did the popups stopped appearing. Please post any information on this problem, as I would like it not to happen again to me or anyone else.
 
Status
Not open for further replies.
Back