January 31st, 2004, 02:50 AM
Pop-ups cannot be eliminated
Help! What is the problem and how do I get rid of it?
Near the end of my wits after 15 hours trying to clean a Windows XP PC. I have uninstalled a huge chunk of software, deleted cookies, history & temp internet files, run updated Spybot, Norton & McAfee, combed the registry, emptied Windows Temp directory. All this, and my user still suffers from spontaneous combustion (7 Internet Explorer ad pop-ups open when the user does nothing and gets nowhere near any kind of Internet application or Explorer of any kind).
I am next going to have the user verify that Windows Messenger was not somehow re-activated.
I will also try installing Ad-Aware - once that is installed and updated (along with McAfee and SpyBot), I will restart and disconnect from the network. I will log in holding down the <Ctrl> key, and go through the whole deleting files business again. Once all the protection software has done checks and dealt with any problems I hope the PC will be clean.
Have I missed anything? If Ad-Aware does not finally get this thing, I am afraid it will be down to formatting the hard drive.
Here are the things commonly detected: eZula, WebSearch, ClientMan, Avenue A, Zesty-Find (they put a shortcut on user's desktop without permission or warning), gonna-search (all over the registry anywhere a URL is supposed to appear), AdGoblin, ILookup and more.
In three separate SpyBot sweeps in three consecutive days, an average of 40 items is detected, but the problem remains the same.
The most common things are an Internet Explorer session showing a Next Aisle ad for some kind of Shield (anti-virus) software, a session titled "about:blank", and one for "22.214.171.124 yyy.s.html". The IP address will tracert to a U.S. company called "Inter-Nic Technologies" (web1.nictechnetworks.com [126.96.36.199])... here is what Network Solutions says in their whois on this domain name:
"Registrant: Domains by Proxy, Inc.
Registered through: GoDaddy.com
Domain Name: NICTECHNETWORKS.COM
Domain servers in listed order:
For complete domain details go to:
January 31st, 2004, 02:53 AM
January 31st, 2004, 03:23 AM
Here you go give these two websites a browse :
1. Spyware Guide
2. Spyware Info
Hope this helps.
January 31st, 2004, 03:30 AM
Im with Hex up there, install google bar and learn to use it. I was using pop-up killer for a long time till he refered me to google.
January 31st, 2004, 04:08 AM
From the NicTechnologies web site.
With a reach of over ten million monthly Internet users, NicTech Networks is able to offer highly-targeted online advertising solutions.
Other than the main page the site is dead. However, on my test box, after closing the page, every subsequent attempt to open IE caused my Pop-UP-blocking software to crank off. Had to Press the bypass keys to access my standard home page, and no further pop-ups have been seen.
I get the sneaking suspicion that this site is attempting to take advantage of a known OS or IE vulnerability to push out their advertising. I am kind of anal-retentive about security and would wipe the system just to be safe. Additionally I would block access to the site via firewall or IE monitoring software. I'll monitor my test system for a few hours and let you know if I see anything else suspicious.
The mentally handicaped are persecuted in this great country, and I say rightfully so! These people are NUTS!!!!
January 31st, 2004, 04:17 AM
Oh....another Idea! Download wintasks 4 and hijack this!....check out the services that are running.
Windows 9x: n.
A collection of 32 bit extensions and a graphical shell for a 16 bit patch to an 8 bit operating system originally coded for a 4 bit microprocessor. Written by a 2 bit company that can\'t stand 1 bit of competition.
January 31st, 2004, 04:19 AM
Yeah wintasks4 or hijackthis! both good programs, you might wanna try Ad-aware too, just to see if there are more that the first do don't show
January 31st, 2004, 04:24 AM
Um...he already said that...
I will also try installing Ad-Aware
January 31st, 2004, 04:38 AM
Ok ok, you got me, I didnt read the whole thread.. Im going to go sit in the corner for 10 minutes....
January 31st, 2004, 06:07 PM
Hmmm, just an idea, why don't you try adding the offending site to your hosts file?
It depends on the way the ads are being fetched, but if they are being fetched by a URL (as opposed to an IP address) then your PC first looks at the host file to see if there is an entry for it there. If there is then it won't bother looking it up on a DNS server, and will look at the address that is supplied in the host file. Therefore if that address points back to your PC it won't be able to fetch an add/cookie. All you need to do is goto c:\Windows\system32\drivers\etc and open 'hosts' Then add
It won't help with lots of them, but it should help cut it down a bit...
Also, is it possible to use another browser (e.g. Netscape), as this would hopefully cut some of the IE specific ads, and allow you to block pop ups.
\"Death is more universal than life; everyone dies but not everyone lives.\"