Spread the love! TechSpot Tech Gift Shortlist 2017

AdultFriendFinder, WinFixer and WinAntivirus pop-ups

By cenobite321 · 4 replies
Apr 3, 2006
  1. Hi,

    Do you know how to get rid of the AdultFriendFinder, WinFixer and WinAntivirus (why didn't Norton Antivirus make a lawsuit against those two?) pop-ups?

    I used Xoft-Spy, Windows Defender and Norton Internet Security 2006 to scan the computer, but both say that everything is OK.

    I also made a scan with the AdAware SE, but it seems to crash the computer when it is making the analysis.

    But still, there are some pop-ups that tell me that there has been a security breach blah, blah .... and we invite you to download WinAntivirus. Those messages along with some pornography pop-ups from AdultFriendFinder makes me really sick puke: and I really don't know what else can I do to get rid of them.

    I will appreciate any help. Thank you

    P.S. I also attached my hijack this log into the message if by any case.

    Attached Files:

  2. N3051M

    N3051M TS Evangelist Posts: 2,115

    read the stickys on the Securtiy and Web sub forum about removing coolwebsearch/trojans/etc by Real black stuff, follow all instructions.

    update windows
    scan with panda online, trendmicro housecall or ewido, then repost your hjt log
  3. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Uninstall and delete anything to do with DAP and ARES

    Then run HJT in safe mode (as described in my post about Coolwebsearch etc.) and have it fix all of these:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.la.dell.com/content/default.aspx?c=mx&l=es&s=gen
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.la.dell.com/content/default.aspx?c=mx&l=es&s=gen
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.la.dell.com/content/default.aspx?c=mx&l=es&s=gen
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://mx.mcafee.com/root/forgotPassword.asp?affid=105-108&langid=96&close=true&RW=1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
    O1 - Hosts: community.the-underdogs.info
    O1 - Hosts: dfg.the-underdogs.info
    O1 - Hosts: files.the-underdogs.info
    O1 - Hosts: mac.the-underdogs.info
    O1 - Hosts: old.the-underdogs.info
    O1 - Hosts: ron.the-underdogs.info
    O1 - Hosts: the-underdogs.info
    O1 - Hosts: www.the-underdogs.info
    O1 - Hosts: zzt.the-underdogs.info
    O2 - BHO: WTLHelper Object - {6D33B121-5C4C-4450-9D1F-7B67085CC199} - C:\WINDOWS\system32\jkhff.dll
    O4 - HKLM\..\Run: [ShowLOMControl] 
    O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Archivos de programa\DAP\DAP.EXE" /STARTUP
    O4 - HKCU\..\Run: [ares] "C:\Archivos de programa\Ares\Ares.exe" -h
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O8 - Extra context menu item: &Clean Traces - C:\Archivos de programa\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Archivos de programa\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Archivos de programa\DAP\dapextie2.htm
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARCHIV~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: jkhff - C:\WINDOWS\system32\jkhff.dll

    When done, also delete jkhff.dll
  4. XxXBlackTalon

    XxXBlackTalon TS Rookie

    If Anyone is still listening to this post

    I had the same problem on my friends computer, and tried multiple ways to remove this threat. The only way that I could remove the file was to run the windows recovery console to delete the file(tried killbox and hjt, normal and safe-mode). After you have deleted the file from the console you need to boot to safe mode(ie F8) and then run a regedit and do a search for it. The "FILE" I am talking about is found by running a HJT log and looking at what is running under WINDOWS LOGON NOTIFY. This is how this particular problem runs. in your case it is jkhff.dll. So this is what you need to delete from the console and search for in the registry. Remove every reg entry that is associated with this file. Then run HJT(Still in Safe Mode) then remove any entry involving the file in question. Then reboot. Verify that the file is gone from the system32 directory and you should be set. The reason I say the file in question is b/c the file name will change from computer to computer. Mine was nnljgr.dll :knock: , but I was getting the same popups. Hope this helps someone!
  5. Tedster

    Tedster Techspot old timer..... Posts: 6,000   +15

    yeah, stop downloading porn, it's bad for your computer and your keyboard. (the latter gets sticky)
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...