TechSpot

Help ... Desktop Changes And Pop Ups

By JSN
Apr 11, 2008
  1. Hi,

    My Mum D/l this pop up and I think it messed up the computer. I have Norton and SUPERAntiSpyware which removed a few things (50 xD). I Heard about HJT and got that. I ran a scan but don't know what to do delete. I will post a Log File.

    What happens is that a pop up comes from the date and time area called 'system alert'. Also the desktop changes about 30sec. after logging in saying something about a spyware threat has been dectected on my PC. Also on IE it redirects sometimes, but that doesn't really matter as I use Firefox.

    Can you please help guys ?

    Thanks

    Jee.
     
  2. JSN

    JSN TS Rookie Topic Starter

    Here

    File Log ..........
     
  3. damusca

    damusca TS Rookie Posts: 26

    Hi, looked through your hijack this report, the file which seems to be giving you problems is the one under blue yonder, if you remove that should be ok.
    Have attached a little report on blue yonder which will tell you how to remove it from the registry, take a look at this, do as it asks ( if you have any queries let me know ) run your anti - spyware virus scans again and see what happens.

    Remove the file from the registry in safe mode, that way it will not have a chance to run when you start your computer normally, just press F8 when your pc is booting up, once a second should be fine, then go to the safe mode options.

    Follow the attached info from there, you might be better printing it out first so you can see it while you are working without jumping around screens.

    David
    How to remove blueyonder-istnotifier error

    The free file information forum can help you find out if blueyonder-istnotifier.exe is a virus, trojan, spyware, adware which you can remove, or a file belonging to a Windows system or an application you can trust.

    blueyonder-istnotifier.exe file information

    The process blueyonder - Instant Support Tool Notifier belongs to the software blueyonder - Instant Support Tool by Motive Communications, Inc (www.motive.com).
    Description: blueyonder-istnotifier.exe is located in a subfolder of "C:\Program Files". The file size on Windows XP is 438359 bytes.
    The program is not visible. It is not a Windows system file. The program starts when Windows starts (see Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). It can change the behavior of other programs or manipulate other programs. The process uses ports to connect to LAN or Internet. blueyonder-istnotifier.exe is able to monitor applications. Therefore the technical security rating is 89% dangerous, however also read the users reviews.
    Important: Some malware camouflage themselves as blueyonder-istnotifier.exe, particularly if they are located in c:\windows or c:\windows\system32 folder. Thus check the blueyonder-istnotifier.exe process on your pc whether it is pest. We recommend Security Task Manager for verifying your computer's security. It is one of the Top Download Picks of 2005 of The Washington Post and PC World.

    As a matter of interest, is blue yonder your firewall, I personally believe Comodo Firewall Pro ( free ) and Zone Alarm ( free ) to be better.

    You could give one of those a try and see what happens instead of the one you currently have.

    David
     
  4. damusca

    damusca TS Rookie Posts: 26

    Hi, would also remove this as well, sorry I forgot to mention it the first time, this could be what is hi jacking your browser, it is on your log report.

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2

    You will find the registry entry under home key, current user, software, micosoft, internet explorer, main, and check the entries, also check the section for also check your settings in control panel, add or remove programmes, if you see an entry for this in there remove the programme, the registry entry should also be removed.

    When you are there, also undernet internet exporer in the registry, check registry entry, follow it through to software, if software referall is there delete the entry, if blue yonder is there, and it is not your firewall delete it.

    You should go to this site www.piiriformltd.com

    download ccleaner ( this will give you options to delete programmes from your pc and over write them, also has a registry clean up option on it as well, straightforward to use.

    defraggle ( better than the windows one by a mile )

    recuva ( this will help you recover lost files if you have deleted them by accident and they have not been over written
     
  5. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    what does this entry tell you?

    O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
     
  6. damusca

    damusca TS Rookie Posts: 26

    Blind Dragon
    I think this is meant for me, tells me he has no control panel, will leave it to you, been reading your posts each time I see them, bit on the awesome side, thought you had missed this one, hint taken
     
  7. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    feel free to help, I will just keep an eye on the thread

    Also wanted to point out for you as you help that the user may not have use of task manager/ regedit/ or msconfig

    Also this entry is usually added by a Trojan or Worm
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...