Popups. Now in New and Extra Annoying Flash Variety. Hijackthis log included.

By RolandNPC
Feb 18, 2006
Topic Status:
Not open for further replies.
  1. I have adware of some sort.

    popup url examples:
    http://www.buyer-shabit.com/normal/yyy65.html,
    http://www.uniqueoffer-s.com/normal/yyy65.html
    http://www.hug-ediscounts.com/normal/yyy65.html
    http://www.winantiviruspro.com/pages/wa...ntiivwords

    The popups open in whatever browser I'm currently using.
    Ordinarily I use mozilla, but if I open IE, they pop up in IE.

    I also get these extremely annoying flash ones.

    System stuff:
    I'm using Windows XP SP 2.

    I've
    A) run avg on safe mode with command prompt.
    B) run adaware
    C) run spybot
    D) run Bazooka Adaware and Spyware Scanner and removed the keys, deleted the files, etc, etc in safe mode with command prompt.
    E) looked through HKEY_LOCAL_USER/software/microsoft/windows/currentversion/run etc removing keys that I know for certain I didn't put there
    F) run ewido network's trial version scanner. (I've attached the report as a text file)

    in short, everything in my library to get rid of these goddamn popups (which I can't figure out where they're coming from).

    Any help would be greatly appreciated,
    - your friendly neighbourhood NPC
  2. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    Hello and welcome to Techspot.

    Go HERE and follow the instructions exactly.

    Then post a fresh HJT log.

    Regards Howard :wave: :wave:
  3. RolandNPC

    RolandNPC Newcomer, in training Topic Starter

    Wooo, it worked!
    Thanks you guys.

    (and here's the Hijackthis log if you still want it)
  4. fretti2003

    fretti2003 Newcomer, in training

    Bout The Pop Ups An Stuff

    I HAD THIS SORT OF PROBLEM ASWELL download spy doctor u may need to download the crack aswell tho. thats a great programme i used this wen i got spyaxe trst me u dont want that lol and if u do get it thats the one with the spy sherif that gives u the blue screen with the infection notice download this it wors great http://www.downloads.subratam.org/smitRem.exe
  5. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    The main infection is now gone. However, your system is still not clean yet.

    Follow these instructions.

    Boot into safe mode. See how HERE.

    Turn off system restore.(XP/ME only) See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Open your task manager, by pressing the ctrl/alt/delete keys together.

    Click on the processes tab, and end process for(if there).

    msngms.exe
    ethernet.exe

    Close task manager.

    Click start/run, and type services.msc into the run box, and press the enter key.

    When the window appears, maximise it. Locate these services(if there). Double click on them, and if they are running, select stop. Set the startup type to disabled.

    [The Ethernet] ethernet.exe

    [Msn Configuration Loader] msngms.exe

    Maya 7.0 Documentation Server (maya70docserver) - Unknown owner - E:\Program Files\Alias\Maya7.0\docs\wrapper.exe" -s "E:\Program Files\Alias\Maya7.0\docs\Wrapper.conf (file missing)

    Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)

    Click apply/ok.

    Run HJT with no other programmes open, and have HJT fix the following, by placing a tick in the little box next to(if there).

    O4 - HKLM\..\RunServices: [Msn Configuration Loader] msngms.exe
    O4 - HKLM\..\RunServices: [The Ethernet] ethernet.exe

    O4 - HKCU\..\RunServices: [The Ethernet] ethernet.exe

    Fix all 016 DPF entries.

    O23 - Service: Maya 7.0 Documentation Server (maya70docserver) - Unknown owner - E:\Program Files\Alias\Maya7.0\docs\wrapper.exe" -s "E:\Program Files\Alias\Maya7.0\docs\Wrapper.conf (file missing)

    O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)

    Now, click on the fix checked button.

    Close HJT.

    Click start/search, and look for, and delete the following bold files(if there).

    msngms.exe
    ethernet.exe

    Reboot into normal mode, and turn system restore back on.

    Post a fresh HJT log, so I can check to make sure your system is clean.

    Regards Howard :)
  6. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    For a start. we don`t talk about cracks on here.

    Techspot does not condone any form of piracy.

    Also Spy Doctor is not a reputable programme, and should be avoided.

    See HERE for details.

    Regards Howard :cool:
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.