TechSpot

lots and lots of pop ups

By lemortx
Nov 27, 2006
  1. I've looked thru all your threads, I've done everything on the thread: Viruses/Spyware/Malware, preliminary removal instructions. and I've run all the scans on the thread about what to do before posting your HJT log. Nothing has worked. I've found one virus with the AVG scanner (Trojan horse Downloader.Generic2.SWF) which AVG wiped out but when I restarted back out of safe mode after running all the required programs, I still had pop-ups with IE. And when I went to post this thread, I got a warning of a virus from McAfee about a New Poly Win32 and now I'm just getting desperate because it's driving me crazy. Please help. Here are my HJT log and my AVG log.
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Your HJT log is clean as is your AVG Antispyware log.

    It seems you`re running multiple antivirus programmes. This is not recommended and will slow your system down and cause conflicts.

    You need to uninstall two of your antivirus programmes. Personally, I recommend you get rid of Symantec/Norton and McAfee.

    If you`re still having problems, please let me know.

    Regards Howard :wave: :wave:

    This thread is for the use of lemortx only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. lemortx

    lemortx TS Rookie Topic Starter

    ?

    well do you have any other suggestions? i'd rather not uninstall McAfee because that came with the computer and i have a 15 month trial for it. i have no problem with the computer being slow. could they be causing any problems? i've run and scanned with about 15 different programs and only 2 or 3 have found problems. one was mcafee that came up with that New Poly Win32 (although it says it can't quaratine or delete it). it has also stopped another virus from coming thru.

    the symatec/norton software is running with norton ghost but i'm not exacty sure what that program does.

    if you think i could get rid of these pop-ups by getting rid of these programs and then scanning with something else, please let me know what else to do and i'll do it. thanks.
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Ok, uninstall Symantec/Norton and AVG free, then do the following.

    Click start/run and type services.msc into the run box and press the enter key.

    When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

    MessengerPlease note, this has nothing to do with MSN messenger or any other mnessenger programme.

    Close the services window.

    See if your popups go away.

    Regards Howard :)

    This thread is for the use of lemortx only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. lemortx

    lemortx TS Rookie Topic Starter

    no, still getting pop ups. would it help if i told you the type of pop ups that we're geting? we were getting winantivirius, but i haven't seen that one around in the last few days. we're gettings ones that tell you you have a virus on the computer and you need to scan with their software, one is drive cleaner, another is internet live security center and another is security update. we've also been gettings one that seem to be advertisements for other websites like ebay, test and vote registration and a few other places. the ones that have worried me the most are the ones that come up when i'm on amazon. they actually come up in the bottom right corner with what i'm actually looking at on amazon at that exact moment with prices from other websites. i think this might have happened on a few other websites as well. we've been careful not to actually buy anything online since this started mostly because of that one. hopefully this helps a little more, i probably should have told you about these to start off with. sorry.
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Ok, go HERE and download and run the four tools as instructed.

    Then, download combofix.exe. Double click combofix.exe & follow the prompts. A window will open with a warning. Type "Y" (and Enter) to start the fix. When the scan completes it will open a text window. Do not touch your mouse/keyboard until the scan has completed.[/b] The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.



    Post a fresh HJT log after doing that as well as the log files from the four tools and the combofix log.

    Regards Howard :)

    This thread is for the use of lemortx only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. lemortx

    lemortx TS Rookie Topic Starter

    I ran 3 of those 4 tools yesterday, I couldn't get the Look2Me one to work, but I just ran it and it seemed to work fine now, but didn't come up wih anything. Do you want me to run them again and then post the logs or pot the logs from yesterday?
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Please run them again and post the logs as well as the combofix log and a fresh HJT log.

    Regards Howard :)

    This thread is for the use of lemortx only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  9. lemortx

    lemortx TS Rookie Topic Starter

    here are all my new logs. i either didn't see it or they don't make one, but i don't have a log for the vundo or the look2me. neither program came up with anything either. i ran smitfraudfix, virtumundo and the vundo fix in safe mode.
     
  10. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html


    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    ladbrokesMPP

    Close control panel.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    MPPoker.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

    O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Program Files\ladbrokesMPP\MPPoker.exe

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O11 - Options group: [INTERNATIONAL] International*

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\Program Files\ladbrokesMPP<Delete the entire folder.

    Reboot into normal mode, turn system restore back on and rehide your protected OS files.

    Let me know how your system is running.

    Regards Howard :)

    This thread is for the use of lemortx only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  11. lemortx

    lemortx TS Rookie Topic Starter

    Sorry, I know we're being a HUGE pain in the ****. Ladbrokes is actually a licenced program that my husband uses to play poker online. He said he's perfectly willing to delete it if you think it will help and also delete the registry keys, but I thought that I might let you know that he thinks it's fine before we delete anything else.
     
  12. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    The reason I want you to delete that programme is because it is known to put adware on your system. I.E it can cause popups.

    So, please follow the instructions exactly, in my post above.

    Regards Howard :)

    This thread is for the use of lemortx only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  13. lemortx

    lemortx TS Rookie Topic Starter

    The pop ups are still coming up. They're very persistant. When I went to folow your last instructions, I couldn't actually do these steps because the files weren't there:

    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    ladbrokesMPP

    Close control panel.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    MPPoker.exe

    Close task manager.



    I did delete it in C:\Program Files\ladbrokesMPP
     
  14. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    This is very troublesome.

    I need you to go HERE and follow all the instructions exactly. Some of the instructions wil be duplicates of what you`ve already done. However, you should still follow them.

    See if that helps at all.

    Let me know the results.

    Regards Howard :)

    This thread is for the use of lemortx only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  15. lemortx

    lemortx TS Rookie Topic Starter

    Trend Micro has come up with ADWARE_APPOLI. It started off with 7 infections, got rid of 4 but said it couldn't do anything about the 3 other infections.
     
  16. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Can you give me the filepaths to the infected files?

    Regards Howard :)

    This thread is for the use of lemortx only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  17. lemortx

    lemortx TS Rookie Topic Starter

    It didn't give me any filepaths for the infected files.
     
  18. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    That`s a shame as without knowing where the infections are, I can`t do a right lot about it. Let`s try this.

    Download the Autoruns programme from HERE. When the programme runs, click options and make sure the "Hide Microsoft Entries" is ticked. Click the file menu and select refresh. Click the save icon and save the Autoruns log to wherever you want.

    Attach the Autoruns log here.

    Regards Howard :)

    This thread is for the use of lemortx only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  19. lemortx

    lemortx TS Rookie Topic Starter

    I've actually just run the F-Secure virus scan and it came up with two tracking cookies and a stealth application under C:\WINDOWS\SYSTEM32\KXCHTXVBFS.EXE

    It seems to be having a problem getting rid of one of the cookies, but it didn't say it couldn't get rid of the stealth application.

    It's decided it can't get rid of one of the cookies, this is what the report said:

    Result: 3 malware found
    Stealth_application (hidden item)
    C:\WINDOWS\SYSTEM32\KXCHTXVBFS.EXE (Submitted)
    Tracking Cookie (spyware)
    System (Disinfected)
    System (Submitted)

    And I guess it didn't disinfect the stealth application either.
     
  20. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Ah, maybe we`re getting somewhere.

    Download the Pocket Killbox programme from HERE. Extract it but don`t run it yet.

    Go HERE and follow the instructions for downloading and running the Ccleaner programme.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    KXCHTXVBFS.EXE

    Close task manager.

    Run the Ccleaner programme as per the instructions.

    Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted. If your computer doesn`t automatically restart, restart it manually.

    This is the filepath you need to enter into killbox.

    C:\windows\system32\KXCHTXVBFS.EXE

    Once your system has rebooted, turn system restore back on and rehide your protected OS files.

    Keep the Killbox backups for a few days and if no problems are seen, you can delete them.

    Let me know if that helps.

    I`d still like to see an Autoruns log.

    Regards Howard :)

    Edit: Just seen your other post, now merged. I have updated the above instructions.

    This thread is for the use of lemortx only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  21. lemortx

    lemortx TS Rookie Topic Starter

    I've opened a few pages so far (MySpace, Amazon and here, there were a lot of pop ups here for some reason) and none have come up so far, but I'll test it out a little more and definately let you know. Here's the AutoRun log.
     
  22. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I can find nothing untoward in your Autoruns log.

    See how it goes and post back if you have any further problems.

    Regards Howard :)

    This thread is for the use of lemortx only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  23. Marcus4

    Marcus4 TS Rookie

    trueee
    this will probably help me too
     
  24. Marcus4

    Marcus4 TS Rookie

    yep, thanks a lot
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...