IE Pop-ups while using FIREFOX...I suspect DNS catcher...

Status
Not open for further replies.
S

Sp00ky_E.

Posts: 8   +0
As this is my first post, I guess I should say, "HI" and thanks for even looking at this in the first place. :wave:

I very rarely use IE, but lately have been getting pop-ups.
I've been getting two kinds of pop-ups: One kind seems to be displaying links in response to my Google searches or in response to the web page I'm viewing. I did a bit of research and found that this could be a symptom of something called DNS Catcher. The other kind are advertisements for casino sites, travel agencies, etc. I've run several scans with both Symantec AntiVirus and Microsoft AntiSpyware. It found several problems, including DNS Catcher, some Trojan crap and other Adware and supposedly deleted/quarantined them but the problem still remains, however, I now seem to be getting more of the advertisement pop-ups than "search result" pop-ups.
I ran additional scans in both Normal and Safe Mode, but no threats are detected now, even though the pop-ups continue.
I doubt this'll help...but when I get a stack of the pop-ups minimized, it says "MQBETMAN" in the little taskbar block. Don't know what that could mean, but it's always consistent.

Please, please help.
 
Much better! Thanks for the tip. I'm not getting as many pop-ups now, but somehow they're still around. I got one from 888.com just now. Here's my ewido Scan report, it fixed a whole bunch of stuff, but something may have slipped through the cracks. I'd appreciate it if you'd take a look.

(I removed a few parts of the report on things that were cleaned to get it down to 100mb)

Regards, Sp00ky. :)
 
I haven't gotten to following the last post yet, but I ran ewido again and got this warning while it was cleaning:

The file "C:\Program Files\Common Files\system32.dll/gui.exe" cannot be removed because it is embedded in the archive "C:\Program Files\Common Files\system32.dll" Do you want to remove the whole archive?" Y/N

What should I do? :confused:
 
That seems to have done the trick! I'm currently pop-up free.

I've posted my HJT log, as instructed.

Thanks for all your help!
 
Run HJT in Safe Mode and let it 'fix' all these:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cgi.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=6.1&bm=ho_home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://cgi.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=6.1&bm=ho_home
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O9 - Extra button: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)
O9 - Extra 'Tools' menuitem: Freeprod Toolbar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1119009841668
O16 - DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} (CoAxTrack Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
 
I fixed those things and then ran another scan (log attached).

AdAware and Spybot are still finding problems in Normal Mode and now I'm only getting pop-ups from CheapTickets.com.
 
The only place I can think of, where this might be coming from is:

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Documents and Settings\Brittany\Programs\aim.exe

Uninstall it for the moment (Get rid of it really, it's a popular target for all sorts of mischief.)
If that does not fix it, you can always reinstall it. Backup your contacts first.

Other than that, look up online virusscanners in Google and run them all.
 
Status
Not open for further replies.

Similar threads

Cal Jeffrey
Roku is running interactive pop-up ads during live TV broadcasts
Replies
8
Views
1K
Uncle Al
Uncle Al
midian182
Linus Tech Tips halts production amid allegations of unethical behavior, inaccuracies,...
2 3
Replies
53
Views
2K
PurpleYoda
P
Cal Jeffrey
Software engineers and timekeepers rejoice as the world votes to end the leap second
Replies
11
Views
771
Hodor
Hodor

Latest posts

Back