TechSpot

Please Help, Can't remove pop-ups, have tried cleaners unsuccessfully

By telex
Jan 16, 2005
  1. Hi, I am new to this board and would greatly appreciate if I could receive some help.
    I am getting pop-ups at an alarming rate and have tried using: Spy-bot, Ad-aware, Spy-sweeper, and anti-virus with no success.
    I tried deleting some generic registry items that were associated with the pop-ups but that also did not work.
    If anyone here can offer some advice, I would be grateful.
    One of the pop-ups in particular from "grand virtual" a casino program of some sort is popping frequently and consecutively.
    The others are of adult nature.
    Thank You again,
    dave
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Go Here and follow the instructions it should help you.

    Regards Howard :wave: :wave:
     
  3. telex

    telex TS Rookie Topic Starter

    could someone please explain, in some detail, about the HijackThis program, how it works and how to use it.
    I am a little wary about downloading it because have read some bad reviews about it on the web.
    I still need help getting rid of the pop-ups as spy-bot, ad-aware, and spy-sweeper do nothing to fix the problem.
    Thanks again
    dave
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    There`s absolutely no need to worry about Hijackthis.

    I`ve been using it for quite some time without any problems.

    In fact Hijackthis has helped me and hundreds of other Techspot members get rid of loads of nasties

    Regards Howard :grinthumb
     
  5. telex

    telex TS Rookie Topic Starter

    Thanks for the replies, however, I do not understand how HijackThis works, I was wondering if someone could explain in detail how the software works and best to use it.
    Thanks
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Basically Hijack this scans your computer for running programmes etc and allows you to see and stop various programmes from being exicuted on your machine.

    Regards Howard :grinthumb
     
  7. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    If you had followed Howards advise in the firstv place and gone to the post he mentioned, you would have found: Read the HJT instructions on that website!
    Go there now, and READ them. It tells you what HJT does and how.
    www.tomcoyote.org/hjt/
     
  8. telex

    telex TS Rookie Topic Starter

    So basically, I run the HijackThis program then post the resulting log and hope that I receive useful instruction on what to remove?
     
  9. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    That is correct, got it in one.

    That`s why I said it will help you.

    The rest as they say is up to you.

    Regards Howard :D
     
  10. telex

    telex TS Rookie Topic Starter

    Log too long

    Downloaded HijackThis and tried to post the logfile but it exceeded the allowed character limit for a post.
    Not sure which information from the log is relevant....how should I go about posting the log?
    Thanks
     
  11. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Go Here and follow the instructions on how to post your Hijackthis log.

    Regards Howard :grinthumb
     
  12. telex

    telex TS Rookie Topic Starter

    HijackThis log (i hope)

    Here is my HijackThis log in TXT format.
    Thanks again
     
  13. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Did you even bother to read my first post in this thread?

    Do so now click on the link I gave you and follow the instructions.
     
  14. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Howard is right. Do your homework first, AFTER that post a new log as attachment.
     
  15. telex

    telex TS Rookie Topic Starter

    Alright, here is my NEW hijackthislog....I notice that a few of the items that I had deleted the first time have returned to the log, such as "09-your system is infected with spyware"
    any assistance would be appreciated, thanks
    sorry about my previous attempts
     

    Attached Files:

  16. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Click Start/Run and type in msconfig, then hit enter.
    See if you can UNcheck: RunOnce: [18btul.exe] C:\WINDOWS\System32\18btul.exe /k

    Reboot in Safe Mode

    UNinstall anything to do with (if you can):
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\AutoUpdate\AutoUpdate.exe
    C:\Program Files\CxtPls\CxtPls.exe
    C:\PROGRA~1\Web Offer\wo.exe

    Next, go into Task Manager (ctrl-alt-del) and try to STOP these processes (if still there):
    quoycv.exe
    ViewMgr.exe
    packager.exe
    tibs3.exe
    AutoUpdate.exe
    umdbk32.exe
    lmrredir.exe
    CxtPls.exe
    wo.exe
    satmat.exe
    farmmext.exe
    enhupdt.exe
    18btul.exe


    Next, run HJT on its own, and let it 'fix' (if still there):
    C:\WINDOWS\System32\quoycv.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINDOWS\System32\packager.exe
    C:\WINDOWS\System32\tibs3.exe
    C:\Program Files\AutoUpdate\AutoUpdate.exe
    C:\WINDOWS\System32\umdbk32.exe
    C:\WINDOWS\System32\lmrredir.exe
    C:\Program Files\CxtPls\CxtPls.exe
    O2 - BHO: ZServObj Class - {00000000-C1EC-0345-6EC2-4D0300000000} - C:\WINDOWS\ZServ.dll
    O2 - BHO: Band Class - {0007522A-2297-43C1-8EB1-C90B0FF20DA5} - C:\WINDOWS\enhtb.dll
    O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
    O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
    O4 - HKLM\..\Run: [bspftoyxyfntn] C:\WINDOWS\System32\quoycv.exe
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [satmat] C:\WINDOWS\satmat.exe
    O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
    O4 - HKLM\..\Run: [tibs3] C:\WINDOWS\System32\tibs3.exe
    O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
    O4 - HKLM\..\Run: [Enh Win Updt] C:\WINDOWS\enhupdt.exe
    O4 - HKLM\..\Run: [t3FT33S] umdbk32.exe
    O4 - HKLM\..\RunOnce: [18btul.exe] C:\WINDOWS\System32\18btul.exe /k
    O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe
    O4 - HKCU\..\Run: [c0w3RTeEW] lmrredir.exe
    O4 - HKCU\..\RunOnce: [18btul.exe] C:\WINDOWS\System32\18btul.exe /k
    O9 - Extra button: Your PC is infected with Spyware - click here to fix your PC - {FB74C951-ACA1-4e33-A94C-A9261EB2CCB7} - https://www.spydeleter.com/order2.php?KBID=1062 (file missing)
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52....apple.com/saba/us/win/QuickTimeInstaller.exe

    Delete the bold files, except MSCONFIG. When a directory is also bold, delete everything in it, including that directory itself.
     
  17. telex

    telex TS Rookie Topic Starter

    thank you

    Thanks guys......
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...