 |
|
| Browse | Ask | Answer | Search | Join/Login |
|
|
||||
|
Popups from serveral websites
hi,
I have been getting serveral popups from different sites in the recent week. I have been reading up on this forum and had tried many futile attemps to remove this popups. I have been getting website popups from: http://dnaads.com/servlet/ajrotator/...?zone=enternet z1.adserver.com, casemedia.com and many more. I have downloaded adaware, spybot s&d, spyblaster and hijackthis. I also have norton interenet sercurity and antivirus. I have run adaware and spybot many many times already but the popup still remains. Please help.. this is my hijackthis log: Logfile of HijackThis v1.99.1 Scan saved at 10:04:15 PM, on 6/28/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe C:\WINDOWS\system32\slserv.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Documents and Settings\Cheng\Desktop\HijackThis.exe C:\Program Files\Messenger\msmsgs.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sg.yahoo.com/ O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\.. \Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\.. \Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\.. \Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\.. \Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe O4 - HKLM\.. \Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\.. \Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\.. \Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\.. \Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\.. \Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\.. \Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\.. \Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\.. \Run: [checkrun] C:\windows\system32\elitezka32.exe O4 - HKCU\.. \Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\.. \Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\.. \Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15014/CTSUEng.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15014/CTPID.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab O17 - HKLM\System\CCS\Services\Tcpip\.. \{E6A23DD6-3324-438C-8FBC-90DE7D6BCDCC}: NameServer = 123.123.123.123 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates International Inc. - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe please help, Jn |
||||
|
||||
|
Pop-ups
Hi,
I realize you already have most of the programs listed below, but have you ran them in Safe Mode, and ran them 2 or 3 times? Here are steps to do that: If you think you already have Spyware/Advertising Ware in your computer, run these as follows: http://www.security-related.com/download2.htm Download: SpyBot Search & Destroy; 1.3 (If you use the Spyware Blaster free program, then don't set SpyBot to the Immunization feature) AdAware at: http://www.lavasoftusa.com Download: AdAware_SE V 1.06 CWShredder at: http://www.intermute.com/products/cwshredder.html (CWShredder is intended only for removal of CoolWebSearch files; placed as spyware on the harddrive). It is not a "stand alone" scan, but needs to be run. Download the free version by clicking on "Download stand alone version of CW Shredder". All 3 of the above programs run better and much faster when run in SafeMode. To get into SafeMode: Re-boot the computer, and immediately after starting up, Press and hold down, F8, at top of keypad. When the options show on the screen, use the up and down arrow keys on the keyboard to select "Safe Mode". Press Enter It's best to run the AdAware scan first; 3 times; then re-boot. Then, run the AdAware scan again 3 times; then run the SpyBot. Then, run CWShredder. Re- Boot. Reason for running so many times: Some of these trojans' files can be deleted the first time; leaving some others; but on re-boot, they re-write the files that were deleted. Running multiple times deletes most of it the first Time. If you wish to have a great program, after you clean out Spyware/Advertising Ware: Spyware Blaster 3.3 This program stops this stuff from getting into the computer in the first place, by placing URL's in the browser, stopping them instantly. You do not have to do scans with SpyWare Blaster, just update it every week with new "definitions". I really haven't used any of the spyware scanners since using this great program. http://www.javacoolsoftware.com/sbdownload.html Best wishes, fredg |
||||
|
||||
|
Popup
Hello,
This is all spyware. The other expert's advice should get rid of it, using SafeMode. Here is a link with some info about one of them: http://www.securemost.com/articles/t...server.com.htm labman24 I, fredg, and labman24 are the same person. I apologize to all those concerned for my actions. fredg |
||||
|
||||
|
Step 2 - Post Pop-Ups
After you gert rid of the spyware (and related popups), immediately get rid yourself of IE - change browsers. I prefer Avant Browser (avantbrowser.com), other alt browsers would be Netscape (.com), Firefox (mozilla.org), etc. Popups commonly arrive via IE's (6) known security exploits.
For what it worth, I can personally vouch for Avant's b/i pop-up blocker - as a 2+ year user of AB, NO popups come through... Outstanding. Good Luck. P2E |
||||
|
||||
|
Browsers
I completely agree with Press2Esc - I prefer Firefox, it has a lot of really neat features that you can personalize it with, it seems to be more stable, it is less vulnerable, and comes with a built in pop-up blocker that blocks pop-ups about 97% of the time. I have no problems with it as compared to IE where it would be constantly locking up, giving me errors, etc. www.firefox.com
|
||||
|
||||
|
First off
Okay what you need to do is get a spyware detector its kind of like a virus detector only it finds spyware when it does a scan and takes them off your comp for you. Personally I like spy bot search and destroy or spy sweeper they are two of the best I have found so far
|
||||
|
||||
|
HiJack post..
The only problem I see in your HiJack list is ctfmon.exe. Per iamnotageek.com, Ctfmon.exe monitors the active windows and provides text input service support for speech recognition, handwriting recognition, keyboard, translation, and other alternative user input technologies. In any case, if you are not using any of these technologies, get rid of it...
Other, more specific, info about ctfmon can be viewed at http://support.microsoft.com/default...;EN-US;q282599 P2E  Originally Posted by wrathz
|
||||
|
||||
|
"Elite" adware
The problem file in your HijackThis report is C:\windows\system32\elitezka32.exe, just as it is in mine. Adaware has never found it, although I have yet to try this safe mode idea, and HijackThis cannot fix it, as it reappears or possibly just continues to run after I check its box and "fix it." I got this adware in a bad link sent to me by a couple of friends over AOL Instant Messenger, although they did it involuntarily. Clicking the link (which of course contains the words sexy and funny along with various URL gibberish, which should have been obvious, but coming from a friend it seemed fine) sends a message with a link identical to the one I fell for to all online screen names on the Buddy List, and replaces any extra content toolbar in Internet Explorer (and probably other programs) with the "Elite Toolbar." It also uses the elitezka32 application mentioned above to spawn popup ads, or so I believe (strangely, a search for all files containing elite also found a similarly named "elitekza32" file, but no file with the same spelling that HijackThis shows. I also found a file called something like "elitedfn32" and deleted it, but the first file would not delete as it was "write protected or in use." while I was trying to get rid of it with HijackThis, elitekza32 disappeared from the search results list, and nothing relating to this elite adware has shown up in subsequent searches). I get the same popups this earlier fellow mentioned. Since a couple of days ago when I first received the linked IM, I have gotten the message many more times, implying that many of the people I know have gotten this link and possibly also fallen for it. I will try the safe mode trick and get back to you all. I recommend you don't open any links in any messenger program even if they seem fine.
Sam |
||||
Not your question?
Ask your question
View similar questions
| Question Tools | Search this Question |
Add your answer here.
Check out some similar questions!
Adserve pop ups how do you stop them
[ 1 Answers ]
I keep getting pop up pages from adserve how do I stop this
Pop ups OK
[ 1 Answers ]
I switched it to pop ups OK because I can't click on anything... (links) unless I press the shift button first. That is my first problem I can't click on manage attachments either if I want to load a picture on here, it makes a sound when I click but never follows through... Third problem is...
Pop ups
[ 2 Answers ]
Hi floks I hope some one can hlp ; when I'm on the internet using AOL I keep getting INTERNET EXPLORER pop ups of all sorts of web sites how can I stop this HELP HELP its driving me mad:):confused:
Pop-Ups
[ 5 Answers ]
How can I block pop-up ads on windows-98? I can't even use computer for all of them?
Pop ups
[ 1 Answers ]
? How do you stop annoying pop-ups while browsing? Thanks
View more questions Search
|
