problems with pop-ups (cassava, dating direct et al)

By cremaster714
Feb 26, 2006
Topic Status:
Not open for further replies.
  1. I am getting lots of pop-ups and going crazy as neither spybot nor ad-ware will detect anything. Have read the coolwebsearch post but, although i did delete some items, i'm still getting the pop-ups and am not sure about fixing more stuff as I'm afraid I might tamper with something I could need. Anyhelp would be much appreciated. HJT log attached. Thanks!
  2. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    Hello and welcome to Techspot.

    Boot into safe mode. See how HERE. http://www.bleepingcomputer.com/forums/tutorial61.html

    Turn off system restore.(XP/ME only) See how HERE. http://www.bleepingcomputer.com/forums/tutorial56.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE. http://www.bleepingcomputer.com/forums/tutorial62.html

    Open your task manager, by pressing the ctrl/alt/delete keys together.

    Click on the processes tab, and end process for(if there).

    teekids.exe
    mslaugh.exe

    Close task manager.

    Run HJT with no other programmes open, and have HJT fix the following, by placing a tick in the little box next to(if there).

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost

    Fix all 01-Hosts entries.

    O4 - HKLM\..\Run: [Microsoft Inet Xp..] teekids.exe
    O4 - HKLM\..\Run: [Windows Automation] mslaugh.exe
    O4 - HKCU\..\Run: [LDM] \Program\

    O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html

    Fix all 016-DPF entries.

    Fix all 018-Protocol entries.

    Now click on the fix checked button.

    Close HJT.

    Click start/search, and Locate, and delete the following bold files(if there).

    teekids.exe
    mslaugh.exe

    Click start/run, and copy and paste this into the run box, and press the enter key.

    notepad c:\windows\system32\drivers\etc\hosts

    When notepad opens. Delete everything in your hosts file except 127.0.0.1 localhost. Close notepad. You will be prompted to save the file. Click yes.

    Reboot your system into normal mode, and turn system restore back on

    Go and follow the instructions in this thread HERE

    Then post a fresh HJT log.

    Regards Howard :wave: :wave:
  3. cremaster714

    cremaster714 Newcomer, in training Topic Starter

    thanks

    Hello there,

    Thanks a lot for your help. I have followed your instructions but I am still getting some more pop-ups. I am attaching another HJT log... Thx a lot!
  4. cremaster714

    cremaster714 Newcomer, in training Topic Starter

    Btw, don´t know if it might help, but after running spy sweeper it has found this (Along with loads of spycookies´)

    Adware found: blazefind
    Adware found: blazefind_adstat
    Adware found: metadirect
    Trojan Horse found: msblast
    Adware found: orbit explorer
    Adware found: searchrelevancy
    Trojan Horse found: topconverting downloader
    Adware found: winad
    Adware found: ist software
    Adware found: ist yoursitebar
    Trojan Horse found: ukvideo
    Adware found: blazefind
    Adware found: blazefind_adstat
    Adware found: metadirect
    Trojan Horse found: msblast
    Adware found: orbit explorer
    Adware found: searchrelevancy
    Trojan Horse found: topconverting downloader
    Adware found: winad
    Adware found: ist software
    Adware found: ist yoursitebar
    Trojan Horse found: ukvideo

    Cheers!
  5. Tedster

    Tedster Techspot old timer..... Posts: 10,074   +13

    cookies are not spyware.

    boot in safemode and use your anti-trojan to clean your system.
    also turn off system restore before doing so.
  6. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +19

    I can`t see any evidence in your HJT log, that you`ve run the Ewido programme.

    Go HERE and follow the instructions.

    Then post a fresh HJT log.

    Regards Howard :)
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.