 |
|
| Browse | Ask | Answer | Search | Join/Login |
|
|
||||
|
Help removing adserver.sharware popups
http://adserver.sharewareonline.com/...?Referrer=acpa
The above link is what keeps popping up when I open my homepage and try to type in a url and sometimes when I try to open a page from Google. I'd just updated my Ad-Aware to their new program today and it helped with many popup problems I've had this past few days. I finally got rid of the DSO Exploit (5) errors that Spy Bot kept bringing up. I just cannot get rid of this Irritating pop up from adserver. Thanks in advance. |
||||
|
||||
|
Pop-Up
Hi,
This pop-up is probably already located itself in your Registry. Here are steps to rid a computer with most Spyware/Malware/Advertising programs: If you think you already have Spyware/Advertising Ware in your computer, run these as follows: http://www.security-related.com/download2.htm Download: SpyBot Search & Destroy; 1.3 AdAware at: www.lavasoftusa.com Download: AdAware_SE CWShredder at: http://www.download.com/CWShredder/3...ml?tag=lst-0-1 (CWShredder is intended only for removal of CoolWebSearch files; placed as spyware on the harddrive). It is not a "stand alone" scan, but needs to be run. All 3 of the above programs run better and much faster when run in SafeMode. It's best to run the AdAware scan first; 3 times; then re-boot. Then, run the AdAware scan again 3 times; then run the SpyBot. Then, run CWShredder. Re- Boot. Reason for running so many times: Some of these trojans' files can be deleted the first time; leaving some others; but on re-boot, they re-write the files that were deleted. Running multiple times deletes most of it the first Time. If you wish to have a great program, after you clean out Spyware/Advertising Ware: SpyWare Blaster 3.2 Great, free, program that STOPS spyware, trojans, home page hijacks, etc, BEFORE they get into your computer. Check it out at CNET at link: http://www.download.com/SpywareBlast...ml?tag=lst-0-2 Two Tips: If you notice the little green computer lights that show your dial-up connection to the internet staying on when they shouldn't be, located on the bottom right of the system tray, disconnect immediately and run AdAware. These lights staying on means that some URL is sending or receiving spyware/advertising ware to or from your computer, most of the time. Other Tip: After being on the net, if you have visited any sites you don't really trust, then run AdAware BEFORE you shut down or re-start the computer. This will delete any Spyware easier, before the computer can configure it, set it up, spread it throughout the Registry, and make it more difficult to remove after re-booting. If the above doesn't solve the issue, please post back for steps on how to edit the Registry; and find the URL that is causing this. Have you cleared out all cookies, History, etc, from Internet Explorer temp files? Best of luck, fredg |
||||
|
||||
|
Thank you for your help, but...
Thank you for all of your suggestions. I had each program installed
Except CW Shredder. I have installed it since your post. I followed your instructions and ran each item 3 (sometimes 4) times. I'm getting mixed messages. I have also installed VX2 add-on to Ad-Aware SE. When I click it, it tells me system is clean, no VX2 files found. When I run Ad-Aware scan I keep getting 3 VX2 files. I have quarantined them, since they will not delete. One of them keeps coming back even though it has been put in quarantine. It is in my memory. The log reads: Warning! VX2 object fund in memory (C:\WINDOES\system32\0266lcjslfo6.dll). It ask if I want it to remove it when I reboot. I say yes, but it doesn't happen! :confused: When I run Spy Bot it tells me Congratulations... no items found. Talk about being confused. Each program tells you something else. I have installed Webroot Spy Sweeper. That has helped with many pop-ups including Clkoptimizer. I have all of them in quarantine as well. I'm still getting my browser hijacked when I run a search, but not as often. Any further suggestions about the VX2 in my momory? Sorry to have been so long replying. Yesterday I did not have the time to run all items and scans in order. I appreciate your help very much. :) Shirley |
||||
|
||||
|
Howdy:
Lavasoft’s new plug-in VX2 Cleaner detects the malware VX2 and offers you the ability to remove it from your computer. Some users have experienced a very difficult variant of VX2 which cannot be removed by Ad-Aware. For those users which have this variant, we have developed a plug-in to help you remove this VX2 variant. This VX2 variant registers itself in a way, which gives it system privileges. It also prevents the user from viewing this information by removing the user’s rights to do so. Furthermore it constantly monitors the registry and prevents any attempts to remove its associated values. This makes it very difficult for the user to manually remove it. VX2 Cleaner plug-in: - Close Ad-Aware and Ad-Watch (if running) - Download the free VX2 Cleaner here - Install the VX2 Cleaner - Start Ad-Aware - Go to “Plug-ins” - Select the VX2 Cleaner plug-in and click “Run Plugin” - If your computer isn’t infected, click “Close”. http://www.majorgeeks.com/download4283.html Murray |
||||
|
||||
|
Already had this one...
As outlined in my message previous to this reply, I have Ad-AwareSE
Add tool called VX2. It says I'm not infected, but the scan shows 4 VX2 objects. 3 I could quarantine when I couldn't remove them but One will not guarantine or remove! What now? Thanks |
||||
|
||||
|
VX2 in memory/browser being hijacked?
OS:Microsoft Windows XP Professional Service Pack 1 (Build 2600)
AdAware says the Malware is running in memory. I'll attach the last scan I just did, if that will help. My main two problems when trying to search or use I.E. is I'm being My browser is being "hijacked" I guess, to one of these two items. http://adserver.sharewareonline/adse...m/ad080504.htm Or/and as popovers and popunders http://urllogic.com I think I've got the clkoptimizer-aepesi.dll quarantined in spy sweeper. It has stopped coming up in Ad-Aware and SpyBot tells me my computer is clean. Go figure. Thanks again for the help |
||||
|
||||
|
Thank you for the scan..
Go into Registry and navigate to the following.. HKEY_CURRENT_USER: software\microsoft\internet explorer\toolbar\webbrowser: {0E5CBF21-D15F-11D0-8301-00AA005B4383} Highlight the area I put in bold and delete it.. (make sure System Restore is disabled).. Reboot and re-enable System Restore.. Murray |
||||
|
||||
|
Thanks Murray, now what?
Murray, I followed your directions and got rid of the problem I had. Thanks. ;)
I rebooted, ran Ad Aware and 5 new objects came up. Two marked as critical that could not be removed. :( VX2 >>>>>>>>>>>>>>>>>>>> obj[3]=process: C:\WINDOWS\system32\dnju0119e.dll obj[4]=process: C:\WINDOWS\system32\KHDNO.DLL I have attached my scan log again. Also, when I reboot my computer now I also get this message as the desktop opens. RUNDLL An exception occurred while trying to run ""C WINDOWS\system 32\KNDNO.DLL", UMonitor Is that related to the VX2 by the same name found in Ad Aware? I went into Google to see if I'd receive pop-ups after removing the first VX2 and sure enough some spyware package ad took over my browser. I appreciate your help so much. All of this is so above my head. Thank heavens for sites like yours. Shirley |
||||
|
||||
|
Registry
Hi,
Murray has some very, very good suggestions... I sincerely hope they work to solve your issue. You can also use the Edit Registry to search for words, etc; Here are steps to do that, it you ever need these for the future: To Edit the Registry: First, back up your Registry. The simplest way to do it is to shut down the computer, wait a few seconds, then turn it back on. It will automatically back up the Registry when booting up. BE CAREFUL when deleting things from the Registry; your computer might not re-boot. Here are steps for deleting things that startup when you boot up the computer: Go to Start/Run. Type in "regedit" without quotes, then click on OK. At the top, Click on "Edit", then "Find". In the space Find What: type in what you want to find, such as the spyware name. Then, put a check mark by "Match whole string only". This will keep the search from stopping at every word it finds. Then click "Find Next". It will search the registry for the first entry you typed in. It will "open" a folder on the left hand side of the screen, showing what is in the folder on the right hand side. If you know that an entry on the right hand side is something you no longer have, or has just been added with a name you don't know, then right click on it, then left click "delete", tell it Yes or OK to remove it. Then, press F3 on the top of the keypad to continue the search. When finished, at the top, click on File, Exit. Any StartUp programs, that start when the computer boots up will be listed in folders on the left hand side of the screen with names like: RUN, RUNSERVICES, RUNONCE, RUN-, etc. Click on the next folder down with the name RUN in it, to look at its startups on the right hand side. You can also search for other words, rather than RUN, such as Hotsearchbar; or whatever; and delete values on the right hand side associated with it. Best of luck, fredg |
||||
|
||||
|
Oinadserver pop-up persists
Yes, I have a pop-up blocker. I am unable to enter the site directly to block it because the name is so long and changes by a few characters each time. I recently loaded the Microsoft spyware, but it did not alleviate the problem. Any other ideas?
|
||||
Originally Posted by fredg
|
||||
|
Howdy brobiche:
I normally do NOT suggest to someone they visit a different Help Forum when they have a problem like a few others that I know do!! However, in your case I feel I have to make an exception.. Malware Removal has become an art unto it's own and anyone niave enough to think that Ad-Aware and Spybot will cure all that ails them, or even some of those other programs like SpywareBlaster will do the trick are simply hiding their head in the sand! Most Computer Help Sites now offer a separate Malware Forum staffed by trained experts in malware removal.. Unfortunately, this site hasn't progressed to that extreme as of yet (may be something for the Admin's to look at in the future)! Because of this "lack" of malware expertise, I strongly suggest that you go to either http://www.geekstogo.com/forum/Malwa...-Here-f37.html or http://www.cybertechhelp.com/forums/...splay.php?f=25 And post your problem in one of those.. The malware guru's there will be more than happy to take a look at your problem and will have you up and running in no time! Murray |
||||
Not your question?
Ask your question
View similar questions
| Question Tools | Search this Question |
Add your answer here.
Check out some similar questions!
Help with Removing Hedges!
[ 3 Answers ]
Hello. It's springtime and that means outdoor landscaping. Does anyone know an easy way of removing mature hedges that are about 4feet high and 20 feet long without using chains and a pickup truck? Thank you. Norm
Removing Pipes
[ 5 Answers ]
I am replacing a bathtub in my home. The water spout just keeps spinning on the pipe nipple. I was going to replace the pipe nipple but it looks like both ends have major corrosion going on. I cannot unscrew the nipple from the tee fitting. Any suggestions on loosening these parts so I can...
How do I stop getting Pop-Ups from several websites?
[ 9 Answers ]
hi, I have been getting serveral popups from different sites in the recent week. I have been reading up on this forum and had tried many futile attemps to remove this popups. I have been getting website popups from: http://dnaads.com/servlet/ajrotator/121229/0/viewHTML?zone=enternet...
Popups from an unknown source
[ 35 Answers ]
I keep getting these popup ads that start with a URL that includes "documentsandsettings/localsettings/temp" and then changes to the ad's URL. I've noticed it also creates folders labeled DlfnTmp1, DlfnTmp2, etc. in the documentsandsettings/localsettings/temp folder. I can't figure out what's...
Removing xp
[ 1 Answers ]
I want to remove xp and install me back on my system for a couple months, how do I go about it Thanks
View more questions Search
|
