WinAntiSpyware2006 ,Popup Virus

[howard_hopkinso]

I must admit, I`m running out of ideas fast.

I don`t know where they`re respawning from.

The only thing I have left to suggest is run the four tools in this thread HERE. Make sure you redownload them as they are updated regularly.

Run each tool from safe mode with system restore turned off.

See if that helps any. If it doesn`t, then I`m afraid this has me stumped.

Regards Howard

Edit: I`d also like you to run this online scanner HERE.

This thread is for the use of slopjaw only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[slopjaw]

Nasty Pop-ups

Ran the 4 tools,they turned out good, ran the active scan , see attachment,Iguess i'm gonna do a system recovery on this thing and it will be like new again, what do you think ?

 

[howard_hopkinso]

I think you`re probably right.

I`m sorry I wasn`t able to get rid of your popup problem.

It`s not often I fail to get the job done, but I`m buggered if I can solve this one.

You could try running these two programmes. I don`t know if they`ll help, but it`s worth a try.

ATF cleaner. Follow the instructions for ATF cleaner.

CleanUP.

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programmes menu).
Set the programme up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):

* Empty Recycle Bins
* Delete Cookies
* Delete Prefetch files
* Cleanup! All Users

Click OK
Press the CleanUp! button to start the programme.

It may ask you to reboot at the end, click NO.

Regards Howard

 

[slopjaw]

Nasty Pop-ups

Hi Howard, Just wanted to let you know i went ahead and did a system recoverey on the PC and its running fine ,it took a couple hours to get it up and running again ,had to download all the win updates ,sp2, get norton up and running ,i went ahead and put ad-aware on there for her also. Out of all the spyware programs that you had me download which would you sugest to put on that pc , i want to install something else that she can use to keep it cleaned up, i know the bigest thing i can install is not to let her kids download a bunch of junk on there. Anyway i want to say thanks again for all your help ,and that i learned alot of new things that i can do to to keep my old clunker up and running better also , out of all of this i hope i made a new friend out there and i'll check in every now and than just to say HAY !!!!!! Thanks

 

[howard_hopkinso]

I`m glad your problem is solved mate. I`m just sorry you had to resort to a reformat.

Here`s what I recommend you should have on your system.

Ad-Aware/SS&D(spybot search and destroy)/Ewido/Spyware Blaster. Just Google for these.

AVG free or Avast antivirus programmes and either the free Zonealarm or Kerio firewall programmes.

You can get them from HERE, HERE, HERE and HERE.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of slopjaw only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[slopjaw]

nasty pop-ups

hi howard ,i'm back at it again, i'm messing with a dell 4400 this time , it dos'nt seem to be as bad as the last one, i've ran a bunch of the scanners and they have found a bunch of junk , i just ran hi-jack and i would like you to take a look and see if you see anything .

 

[slopjaw]

nasty pop-ups

heres a new hjt log

 

[howard_hopkinso]

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

Go to add remove programmes in your control panel and uninstall anything to do with(if there).

NZSearch
Viewpoint
Viewpoint Manager
VSToolbar
NetZero<Only remove this, if it`s not your ISP.

Close control panel.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

ViewMgr.exe
exec.exe<part of NetZero See above.
nzspc.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll

O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [UolRegToolbar] "C:\Program Files\NetZero\exec.exe" ZB_7hdj7fhn7fh 0x00010000<only fix this, if it isn`t from your ISP.

O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun[/b]<Only fix this if it isn`t from your isp.[/b]

O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\Program Files\NZSearch
C:\Program Files\VSToolbar
C:\Program Files\Viewpoint

C:\Program Files\NetZero<Only delete this, if it isn`t from your ISP.

Reboot into normal mode, turn system restore back on and rehide your protected OS files.

Post a fresh HJT log and let me know how the system is running.

Regards Howard

This thread is for the use of slopjaw only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[slopjaw]

Pop-ups

Followed all your instructions to the T ,I did'nt remove the net zero stuff yet because he was useing that as his ISP, he says he gonna change his isp ,i'm trying to talk him into dsl for he is still in the stone age with dail-up ,i'm pretty sure net zero is his problem because i hav'nt had hardly any pop-ups since i'v had this machine hooked up to my isp (cable) though he said he got so many that his machine locked up and would not do anything ,he also is lacking ram ,only 128 ,he is going to have to add that for sure, at least 512 mb. this maching did need a good clean up which i did ,heres a new and fresh HJT, take a look and let me know if anything else needs done, i'm gonna give the pc back monday and when he gets dsl i'll go and finish the job so to speak, i believe if he keeps net zero he will have problems again. Thanks

 

[howard_hopkinso]

Apart from the netzero entries, that HJT log is clean.

The reason I say apart from Netzero is because if your friend is using the so called free version, undoubtedly, that`s why he`s getting popups.

I agree you should try and persuade your friend to change his ISP.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of slopjaw only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[slopjaw]

Thanks again, i have been surffing around for awhile now and not 1 pop-up,this thing runs great except for a lack of speed. have a great weekend.

 

[slopjaw]

Nasty pop-ups

hi howard its me again ,i'm at it again messing with another pc with pop-up problems, dell 8300 i ran all programs and heres the hijack log file, could you check it out please ,thanks

 

[howard_hopkinso]

That computer is absolutely riddled with nasties.

Go HERE and follow all the instructions exactly.

Post a fresh renamed HJT, along with an AVG Antispyware log.

If you don`t feel like doing all that and your friend has no objections, then a reformat may well be quicker and easier.

Regards Howard

This thread is for the use of slopjaw only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[slopjaw]

Thank Howard, went ahead and reformatted.