TechSpot

I can't seem to get rid of these pop ups!

By chassc
Aug 20, 2005
Topic Status:
Not open for further replies.
  1. Hijack log is attached. I have been working on this for four days...ANY help is appreciated.

    What I've tried (in no certain order):
    abi remover
    nailfix
    cc cleaner
    ewido
    microsoft antispyware
    popup stopper antispyware
    hoster
    lspfix
    panda
    spybot
    unhook

    It <<appears>> aurora is gone however I'm not certain.

    I have norton antivirus 2005 and it was running.

    I have two children and a wife who have access - I think it was infected through them. After this fix any ideas on how to limit other users accesses or permissions would be appreciated.

    Attached Files:

  2. Spike

    Spike TS Rookie Posts: 2,371

    I don't mean to be difficult, but it appears that the HJT log you've posted isn't complete. Could you please check and post a new log if required?

    In terms of preventing re-infection, You might like to try the post on preventing infection in XP at the top of this forum.

    Anyways, if you could repost that HJT log, it migh be helpful.
  3. chassc

    chassc TS Rookie Topic Starter

    Repost

    Thanks for taking a look. Here is the additional log you requested.

    Attached Files:

  4. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 8,165

    Put HijackThis in e.g C:\HJT and NOT on your Desktop or in Temp!.
    C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.828\HijackThis.exe

    Boot in Safe Mode.
    Switch System restore OFF, see how here.
    In Windows Explorer, turn on "show all files and folders, including hidden and system". See how here.
    Next, open Windows Task Manager.

    On Windows 95/98/ME, press CTRL+ALT+DELETE.
    On Windows NT/2000/XP, press CTRL+SHIFT+ESC.
    Click the Processes tab, select the process (if there), click End Process for:
    ViewMgr.exe
    dinst.exe
    321102.exe
    trycrt.exe

    Next, try to UNinstall anything to do with (not delete yet!):
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

    Next, run a HJT scan and (if still there) place a tick-mark in the little square before:
    ...................................................................................................
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
    O4 - HKLM\..\Run: [SysEntry] 321102.exe
    O4 - HKLM\..\Run: [lpt] trycrt.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://webcam.gsu.edu/activex/AMC.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
    ...................................................................................................
    Now click on the Fix Checked button in HJT.

    When done, from between the above dotted lines, delete the highlighted bold files.
    When a \directory-name\ is bold, delete everything in it, including that directory itself.
    Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
    Repeat this for ALL [usernames].
    Delete all files and directories from: C:\WINDOWS\Temp (except files dated from TODAY).
    Boot normal. When all OK, switch System Restore back on.

    Also, STOP using Internet Explorer. Go to www.getfirefox.com and Install Firefox and USE it. (IE is only for Windows-updates from now on!)
    Upon installation, it will get all the favorites from IE.
    Tell the wife and kids to NOT use IE anymore under any circumstance (otherwise deathpenalty, go to bed without dinner, etc. etc.)
  5. chassc

    chassc TS Rookie Topic Starter

    Thanks!

    Your suggestions appear to have worked!

    I have passed on the info (and consequences) to the family to use Firefox!!!

    THANKS FOR THE HELP!!!
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.