Popups. Now in New and Extra Annoying Flash Variety. Hijackthis log included.

Status
Not open for further replies.
R

RolandNPC

I have adware of some sort.

popup url examples:
http://www.buyer-shabit.com/normal/yyy65.html,
http://www.uniqueoffer-s.com/normal/yyy65.html
http://www.hug-ediscounts.com/normal/yyy65.html
http://www.winantiviruspro.com/pages/wa...ntiivwords

The popups open in whatever browser I'm currently using.
Ordinarily I use mozilla, but if I open IE, they pop up in IE.

I also get these extremely annoying flash ones.

System stuff:
I'm using Windows XP SP 2.

I've
A) run avg on safe mode with command prompt.
B) run adaware
C) run spybot
D) run Bazooka Adaware and Spyware Scanner and removed the keys, deleted the files, etc, etc in safe mode with command prompt.
E) looked through HKEY_LOCAL_USER/software/microsoft/windows/currentversion/run etc removing keys that I know for certain I didn't put there
F) run ewido network's trial version scanner. (I've attached the report as a text file)

in short, everything in my library to get rid of these goddamn popups (which I can't figure out where they're coming from).

Any help would be greatly appreciated,
- your friendly neighbourhood NPC
 
Bout The Pop Ups An Stuff

I HAD THIS SORT OF PROBLEM ASWELL download spy doctor u may need to download the crack aswell tho. thats a great programme i used this wen i got spyaxe trst me u dont want that lol and if u do get it thats the one with the spy sherif that gives u the blue screen with the infection notice download this it wors great http://www.downloads.subratam.org/smitRem.exe
 
The main infection is now gone. However, your system is still not clean yet.

Follow these instructions.

Boot into safe mode. See how HERE.

Turn off system restore.(XP/ME only) See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Open your task manager, by pressing the ctrl/alt/delete keys together.

Click on the processes tab, and end process for(if there).

msngms.exe
ethernet.exe

Close task manager.

Click start/run, and type services.msc into the run box, and press the enter key.

When the window appears, maximise it. Locate these services(if there). Double click on them, and if they are running, select stop. Set the startup type to disabled.

[The Ethernet] ethernet.exe

[Msn Configuration Loader] msngms.exe

Maya 7.0 Documentation Server (maya70docserver) - Unknown owner - E:\Program Files\Alias\Maya7.0\docs\wrapper.exe" -s "E:\Program Files\Alias\Maya7.0\docs\Wrapper.conf (file missing)

Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)

Click apply/ok.

Run HJT with no other programmes open, and have HJT fix the following, by placing a tick in the little box next to(if there).

O4 - HKLM\..\RunServices: [Msn Configuration Loader] msngms.exe
O4 - HKLM\..\RunServices: [The Ethernet] ethernet.exe

O4 - HKCU\..\RunServices: [The Ethernet] ethernet.exe

Fix all 016 DPF entries.

O23 - Service: Maya 7.0 Documentation Server (maya70docserver) - Unknown owner - E:\Program Files\Alias\Maya7.0\docs\wrapper.exe" -s "E:\Program Files\Alias\Maya7.0\docs\Wrapper.conf (file missing)

O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)

Now, click on the fix checked button.

Close HJT.

Click start/search, and look for, and delete the following bold files(if there).

msngms.exe
ethernet.exe

Reboot into normal mode, and turn system restore back on.

Post a fresh HJT log, so I can check to make sure your system is clean.

Regards Howard :)
 
fretti2003 said:
I HAD THIS SORT OF PROBLEM ASWELL download spy doctor u may need to download the crack aswell tho. thats a great programme i used this wen i got spyaxe trst me u dont want that lol and if u do get it thats the one with the spy sherif that gives u the blue screen with the infection notice download this it wors great http://www.downloads.subratam.org/smitRem.exe
Click to expand...

For a start. we don`t talk about cracks on here.

Techspot does not condone any form of piracy.

Also Spy Doctor is not a reputable programme, and should be avoided.

See HERE for details.

Regards Howard :cool:
 
Status
Not open for further replies.

Similar threads

S
Inactive All Browsers Run Slow and Freeze Up, Tons of Pop Ups In Chrome
2
Replies
47
Views
8K
Broni
Broni
T
  • Locked
Inactive AVG popups at start and other issues, multiple computers meltdown.
Replies
1
Views
3K
Broni
Broni
M
  • Locked
Inactive Unwanted home page and new tab in mozilla after installing a free program
Replies
1
Views
4K
Broni
Broni

Latest posts

Back