Pop-ups cannot be eliminated
Page 1 of 3 123 LastLast
Results 1 to 10 of 21

Thread: Pop-ups cannot be eliminated

  1. #1
    Junior Member
    Join Date
    Jan 2004
    Posts
    18

    Pop-ups cannot be eliminated

    Help! What is the problem and how do I get rid of it?
    Near the end of my wits after 15 hours trying to clean a Windows XP PC. I have uninstalled a huge chunk of software, deleted cookies, history & temp internet files, run updated Spybot, Norton & McAfee, combed the registry, emptied Windows Temp directory. All this, and my user still suffers from spontaneous combustion (7 Internet Explorer ad pop-ups open when the user does nothing and gets nowhere near any kind of Internet application or Explorer of any kind).
    I am next going to have the user verify that Windows Messenger was not somehow re-activated.
    I will also try installing Ad-Aware - once that is installed and updated (along with McAfee and SpyBot), I will restart and disconnect from the network. I will log in holding down the <Ctrl> key, and go through the whole deleting files business again. Once all the protection software has done checks and dealt with any problems I hope the PC will be clean.
    Have I missed anything? If Ad-Aware does not finally get this thing, I am afraid it will be down to formatting the hard drive.

    Here are the things commonly detected: eZula, WebSearch, ClientMan, Avenue A, Zesty-Find (they put a shortcut on user's desktop without permission or warning), gonna-search (all over the registry anywhere a URL is supposed to appear), AdGoblin, ILookup and more.
    In three separate SpyBot sweeps in three consecutive days, an average of 40 items is detected, but the problem remains the same.
    The most common things are an Internet Explorer session showing a Next Aisle ad for some kind of Shield (anti-virus) software, a session titled "about:blank", and one for "69.20.62.53 yyy.s.html". The IP address will tracert to a U.S. company called "Inter-Nic Technologies" (web1.nictechnetworks.com [69.20.62.53])... here is what Network Solutions says in their whois on this domain name:
    "Registrant: Domains by Proxy, Inc.

    Registered through: GoDaddy.com
    Domain Name: NICTECHNETWORKS.COM

    Domain servers in listed order:
    NS1.PRIMARYDNS.COM
    NS2.PRIMARYDNS.COM

    For complete domain details go to:
    http://whois.godaddy.com"

  2. #2
    Yes, that's my CC number! 576869746568617's Avatar
    Join Date
    Dec 2003
    Location
    Earth
    Posts
    397
    Install the Google Toolbar

  3. #3
    Senior Member
    Join Date
    Oct 2003
    Posts
    707
    Here you go give these two websites a browse :

    1. Spyware Guide
    2. Spyware Info

    Hope this helps.
    Operation Cyberslam
    \"I\'ve noticed that everybody that is for abortion has already been born.\" Author Unknown
    Microsoft Shared Computer Toolkit
    Proyecto Ututo EarthCam

  4. #4
    Senior Member Boogymantroy's Avatar
    Join Date
    Jan 2004
    Location
    Memphis Tn
    Posts
    100
    Im with Hex up there, install google bar and learn to use it. I was using pop-up killer for a long time till he refered me to google.

    Boogymantroy

  5. #5
    Senior Member OverdueSpy's Avatar
    Join Date
    Nov 2002
    Posts
    556
    From the NicTechnologies web site.
    ____________________
    Advertising
    With a reach of over ten million monthly Internet users, NicTech Networks is able to offer highly-targeted online advertising solutions.
    ____________________

    Other than the main page the site is dead. However, on my test box, after closing the page, every subsequent attempt to open IE caused my Pop-UP-blocking software to crank off. Had to Press the bypass keys to access my standard home page, and no further pop-ups have been seen.

    I get the sneaking suspicion that this site is attempting to take advantage of a known OS or IE vulnerability to push out their advertising. I am kind of anal-retentive about security and would wipe the system just to be safe. Additionally I would block access to the site via firewall or IE monitoring software. I'll monitor my test system for a few hours and let you know if I see anything else suspicious.

    Good hunting.
    The mentally handicaped are persecuted in this great country, and I say rightfully so! These people are NUTS!!!!

  6. #6
    Yes, that's my CC number! 576869746568617's Avatar
    Join Date
    Dec 2003
    Location
    Earth
    Posts
    397
    Oh....another Idea! Download wintasks 4 and hijack this!....check out the services that are running.
    Windows 9x: n. A collection of 32 bit extensions and a graphical shell for a 16 bit patch to an 8 bit operating system originally coded for a 4 bit microprocessor. Written by a 2 bit company that can\'t stand 1 bit of competition.


  7. #7
    Senior Member Boogymantroy's Avatar
    Join Date
    Jan 2004
    Location
    Memphis Tn
    Posts
    100
    Yeah wintasks4 or hijackthis! both good programs, you might wanna try Ad-aware too, just to see if there are more that the first do don't show

    Boogymantroy

  8. #8
    Yes, that's my CC number! 576869746568617's Avatar
    Join Date
    Dec 2003
    Location
    Earth
    Posts
    397
    Um...he already said that...

    I will also try installing Ad-Aware

  9. #9
    Senior Member Boogymantroy's Avatar
    Join Date
    Jan 2004
    Location
    Memphis Tn
    Posts
    100
    Ok ok, you got me, I didnt read the whole thread.. Im going to go sit in the corner for 10 minutes....

  10. #10
    Member
    Join Date
    Sep 2002
    Posts
    77
    Hmmm, just an idea, why don't you try adding the offending site to your hosts file?

    It depends on the way the ads are being fetched, but if they are being fetched by a URL (as opposed to an IP address) then your PC first looks at the host file to see if there is an entry for it there. If there is then it won't bother looking it up on a DNS server, and will look at the address that is supplied in the host file. Therefore if that address points back to your PC it won't be able to fetch an add/cookie. All you need to do is goto c:\Windows\system32\drivers\etc and open 'hosts' Then add

    127.0.0.1 www.ad-website.com

    It won't help with lots of them, but it should help cut it down a bit...

    Also, is it possible to use another browser (e.g. Netscape), as this would hopefully cut some of the IE specific ads, and allow you to block pop ups.
    \"Death is more universal than life; everyone dies but not everyone lives.\"
    A. Sachs

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •