AdultFriendFinder, WinFixer and WinAntivirus pop-ups

[cenobite321]

Hi,

Do you know how to get rid of the AdultFriendFinder, WinFixer and WinAntivirus (why didn't Norton Antivirus make a lawsuit against those two?) pop-ups?

I used Xoft-Spy, Windows Defender and Norton Internet Security 2006 to scan the computer, but both say that everything is OK.

I also made a scan with the AdAware SE, but it seems to crash the computer when it is making the analysis.

But still, there are some pop-ups that tell me that there has been a security breach blah, blah .... and we invite you to download WinAntivirus. Those messages along with some pornography pop-ups from AdultFriendFinder makes me really sick puke: and I really don't know what else can I do to get rid of them.

I will appreciate any help. Thank you

P.S. I also attached my hijack this log into the message if by any case.

 

[N3051M]

read the stickys on the Securtiy and Web sub forum about removing coolwebsearch/trojans/etc by Real black stuff, follow all instructions.

update windows
scan with panda online, trendmicro housecall or ewido, then repost your hjt log

 

[RealBlackStuff]

Uninstall and delete anything to do with DAP and ARES

Then run HJT in safe mode (as described in my post about Coolwebsearch etc.) and have it fix all of these:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.la.dell.com/content/default.aspx?c=mx&l=es&s=gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.la.dell.com/content/default.aspx?c=mx&l=es&s=gen
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.la.dell.com/content/default.aspx?c=mx&l=es&s=gen
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://mx.mcafee.com/root/forgotPassword.asp?affid=105-108&langid=96&close=true&RW=1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O1 - Hosts: 209.120.136.200 community.the-underdogs.info
O1 - Hosts: 209.120.136.203 dfg.the-underdogs.info
O1 - Hosts: 209.120.136.196 files.the-underdogs.info
O1 - Hosts: 209.120.136.205 mac.the-underdogs.info
O1 - Hosts: 209.120.136.197 old.the-underdogs.info
O1 - Hosts: 209.120.136.207 ron.the-underdogs.info
O1 - Hosts: 209.120.136.194 the-underdogs.info
O1 - Hosts: 209.120.136.195 www.the-underdogs.info
O1 - Hosts: 209.120.136.209 zzt.the-underdogs.info
O2 - BHO: WTLHelper Object - {6D33B121-5C4C-4450-9D1F-7B67085CC199} - C:\WINDOWS\system32\jkhff.dll
O4 - HKLM\..\Run: [ShowLOMControl]

O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Archivos de programa\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [ares] "C:\Archivos de programa\Ares\Ares.exe" -h
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Archivos de programa\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Archivos de programa\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Archivos de programa\DAP\dapextie2.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARCHIV~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: jkhff - C:\WINDOWS\system32\jkhff.dll

When done, also delete jkhff.dll

 

[XxXBlackTalon]

If Anyone is still listening to this post

I had the same problem on my friends computer, and tried multiple ways to remove this threat. The only way that I could remove the file was to run the windows recovery console to delete the file(tried killbox and hjt, normal and safe-mode). After you have deleted the file from the console you need to boot to safe mode(ie F8) and then run a regedit and do a search for it. The "FILE" I am talking about is found by running a HJT log and looking at what is running under WINDOWS LOGON NOTIFY. This is how this particular problem runs. in your case it is jkhff.dll. So this is what you need to delete from the console and search for in the registry. Remove every reg entry that is associated with this file. Then run HJT(Still in Safe Mode) then remove any entry involving the file in question. Then reboot. Verify that the file is gone from the system32 directory and you should be set. The reason I say the file in question is b/c the file name will change from computer to computer. Mine was nnljgr.dll :knock: , but I was getting the same popups. Hope this helps someone!

 

[Tedster]

yeah, stop downloading porn, it's bad for your computer and your keyboard. (the latter gets sticky)