January 31st, 2004, 01:50 AM
Pop-ups cannot be eliminated
Help! What is the problem and how do I get rid of it?
Near the end of my wits after 15 hours trying to clean a Windows XP PC. I have uninstalled a huge chunk of software, deleted cookies, history & temp internet files, run updated Spybot, Norton & McAfee, combed the registry, emptied Windows Temp directory. All this, and my user still suffers from spontaneous combustion (7 Internet Explorer ad pop-ups open when the user does nothing and gets nowhere near any kind of Internet application or Explorer of any kind).
I am next going to have the user verify that Windows Messenger was not somehow re-activated.
I will also try installing Ad-Aware - once that is installed and updated (along with McAfee and SpyBot), I will restart and disconnect from the network. I will log in holding down the <Ctrl> key, and go through the whole deleting files business again. Once all the protection software has done checks and dealt with any problems I hope the PC will be clean.
Have I missed anything? If Ad-Aware does not finally get this thing, I am afraid it will be down to formatting the hard drive.
Here are the things commonly detected: eZula, WebSearch, ClientMan, Avenue A, Zesty-Find (they put a shortcut on user's desktop without permission or warning), gonna-search (all over the registry anywhere a URL is supposed to appear), AdGoblin, ILookup and more.
In three separate SpyBot sweeps in three consecutive days, an average of 40 items is detected, but the problem remains the same.
The most common things are an Internet Explorer session showing a Next Aisle ad for some kind of Shield (anti-virus) software, a session titled "about:blank", and one for "184.108.40.206 yyy.s.html". The IP address will tracert to a U.S. company called "Inter-Nic Technologies" (web1.nictechnetworks.com [220.127.116.11])... here is what Network Solutions says in their whois on this domain name:
"Registrant: Domains by Proxy, Inc.
Registered through: GoDaddy.com
Domain Name: NICTECHNETWORKS.COM
Domain servers in listed order:
For complete domain details go to: