Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 21

Thread: Pop-ups cannot be eliminated

  1. #11
    Yes, that's my CC number! 576869746568617's Avatar
    Join Date
    Dec 2003
    Location
    Earth
    Posts
    397
    Why didn't I think of that!

    That's a good idea, da'dodo!

  2. #12
    Senior Member
    Join Date
    Sep 2001
    Posts
    144
    well, for one it doesn't fix the problem. Being that there is some software somewhere on the pc that is loading the ads. This software shouldn't be there and needs to be removed.


    I recommend along with ad-aware, spybot search & destroy (just google it), update the definitions, go to the advanced mode, and under the settings, select all the filesets. Make sure you immunize the pc, and then scan for problems.. You'd be suprised what you'll find.


    Anyway, hope this actually HELPED.

  3. #13
    Yes, that's my CC number! 576869746568617's Avatar
    Join Date
    Dec 2003
    Location
    Earth
    Posts
    397
    I'm confused, g00n...which one of my posts was useless? If you read the posts, you'd see that I came to the same conclusion that you did (covering up rather than fixing the problem) and added information related to FIXING the problem.

    Also, do you even understand what the hosts file is? Apparently not!

    And for that, you give negative antipoints? From what I just read in your post, all you did was echo what I and just about everyone else said earlier.

    Now who's post was worthless?

  4. #14
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,744
    As commented earlier..hijackthis.. run it .. get the list of running services/processes.. this will help find the little bugger that is hidding from everything else.. then..rescanning with spybot, adaware etc will only clean out what the replacement crap.. and perhaps the user will need to do it daily IF THEY PERSIST IN VISITING THE SAME INFECTED SITES.. (not I bundle parasite/Spy/adware with worms , trojans and virii)

    Follow nihils advice... (ok he hasn't posted here yet) go to www.diamondcs.com.au and d/l registryprot this will even help you defend against worms and virii..

    and BTW.. all advice has been valid..

    Cheers

    BTW: if you don't want the Avenue.a Cookie.. don't visit any Jupmedia site.. like AO.. or just set your browser to not accept cookies..

    Agent_Steal: I checked out the Spywareguide link.. I am not sure about it's online scan.. I will report back after a registry search in safemode....

    OK always caution on new products.. This one gave me a False positive in it's online scann..
    Detected Comload:
    CLISDs (1) :
    {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD}
    panic? not yet

    OK here is an excerpt from the manual removal of the parasite from their website..

    HKEY_CLASSES_ROOT\Comload.loader
    HKEY_CLASSES_ROOT\Comload.loader.1
    HKEY_CLASSES_ROOT\Comload.loader2
    HKEY_CLASSES_ROOT\Comload.loader2.1
    HKEY_CLASSES_ROOT\dctl
    HKEY_CLASSES_ROOT\CLSID\{9E1089BC-1AE8-4685-8D77-6721E5C318A8}
    HKEY_CLASSES_ROOT\CLSID\{AD7FAFB0-16D6-40C3-AF27-585D6E6453FD}
    HKEY_CLASSES_ROOT\Interface\{19E91D82-7AD7-419F-866A-58C122DB1459}
    HKEY_CLASSES_ROOT\Interface\{F5F779A9-24E5-4BCD-9AE5-6313D4B5AC24}
    HKEY_CLASSES_ROOT\TypeLib\{266F948A-3DEE-4270-8F55-E79ACCD569FA}
    Then open the System folder (inside the Windows folder, named 'System32' under Windows XP/2000/NT or just 'System' under Windows Me/98/95), and delete the file 'comload.dll'.
    ok.. now I pacic.. none of these appear in a scann of the registry in normal mode.. well not when searching where they say the keys are..
    Same story in safemode.. ok lets just search for the key AD7FAxxxxxxxxxxxx and not the path..

    Bingo.. but not comload..

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{AD7FAFB0-16D6-40C3-AF27-585D6E6453FD}]
    "SystemComponent"=dword:00000000
    "Installer"="MSICD"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{AD7FAFB0-16D6-40C3-AF27-585D6E6453FD}\Contains]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{AD7FAFB0-16D6-40C3-AF27-585D6E6453FD}\DownloadInformation]
    "CODEBASE"="http://dload.ipbill.com/del/loader.cab"
    "INF"="C:\\WINDOWS\\Downloaded Program Files\\installer.inf"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{AD7FAFB0-16D6-40C3-AF27-585D6E6453FD}\InstalledVersion]
    @="1,0,0,7"
    "LastModified"="Tue, 02 Sep 2003 13:01:26 GMT"
    I am still searching to find out what this key is.. as it isn't what is associated with comload.. FALSE POSITIVE.. (I will retract that if i am wrong)

    Hmm seem that I am..
    did a google on "http://dload.ipbill.com"
    IP/Bill
    Internet Payments - payment solutions for a wired world
    Integrated Payments - one source for all of your website billing
    Intelligent Payments - sophisticated billing with straightforward setup
    For information on our hosting services, click here.
    For information on our ISP services, click here,


    --------------------------------------------------------------------------------

    Actively under construction. Server: freebsd17.coulomb.co.uk
    I retract my earlier statement.. This was a good hit.. Thanks for that Link Agent-Steal something Spybot has missed.. (I won't be removing it just yet)

    Sorry for hijacking the thread.. my way of apologising to agent steal

    cheers
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  5. #15
    Yes, that's my CC number! 576869746568617's Avatar
    Join Date
    Dec 2003
    Location
    Earth
    Posts
    397
    Thanks for giving out the rundown, Und3ertak3r. I appreciate you picking up the slack for me.

    Maybe next time, I'll elaborate a little more when I give advice. I just AssUMed that everyone would know what I was getting at.

  6. #16
    Junior Member
    Join Date
    Nov 2003
    Posts
    1
    Google Toolbar will solve all problems

  7. #17
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,744
    I better not jump on Dreamcast ( for repeating 576869746568617's first comment..) Seeing as it was the first post..

    Welcom to AO.. Some of us are ugly, other not too bad, but beware looks are decieving.. some bite.. the rest just..

    Cheers

    BTW: 576869746568617 can we shorten your Nick?.. to like "57" or "CC" (short for Credit Card)
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  8. #18
    Yes, that's my CC number! 576869746568617's Avatar
    Join Date
    Dec 2003
    Location
    Earth
    Posts
    397
    Actually, I've been thinking about changeing it because I don't use autocomplete or cookies, and typing that in all the time is beginning to be a b17c4!

    Hello Dreamcast, and welcome to AO! Next time, read the ENITRE thread before you post. You'll avoid a lot of problems that way....trust me!

  9. #19
    Junior Member
    Join Date
    Jan 2004
    Posts
    18
    Thank you all very much... it seems there are one or two more things to try that won't require a sleeping bag and multiple pizza deliveries to get through. I am going to try several of these one at a time (I want to know what solved the problem - if that happens) and will report back on success or lack thereof.
    I will try...
    1 ...try adding the offending site to your hosts file
    2 ...block access to the site via firewall or IE monitoring software... (thank you for your interest and suggestions OverdueSpy, although I would guess you have an interest in what is going on with that domain/IP address just for its own sake - who says self-interest is incompatible with the greater good?)
    3 Ad-Aware
    4 wintasks 4 and hijack this
    5 1. Spyware Guide, 2. Spyware Info
    6 http://toolbar.google.com/
    7 FORMAT THE HARD DRIVE AND RUN FOR THE HILLS!!!! (the hills are alive, and it's kind of scary)

    ...and that's ok Boogymantroy - it can be hard to follow everything when people write REALLY LONG entries (iankestor?)

  10. #20
    Junior Member
    Join Date
    Jan 2004
    Posts
    18

    Thumbs up Late follow-up on resolution

    Looks like much of the help was exactly that (unlike what is - in theory - provided by the BIG BUSINESS uber-corp establishment).

    I did not install any toolbars - I am trying to discourage my network users from adding stuff to the software they use. A separate program that is visible to the user is not much better (since user might then reason that he/she is ALSO allowed to install stuff). Still... what worked? read on

    - SpyBot and McAfee did a nice job of catching and ejecting most of the bad stuff AFTER the computer was already infected. These were already on the PC and were no help before I came to Anti-Online.
    - The HOSTS file tweak was able to stop more than 50% of the new stuff from invading, since the immoral NicTechnologies IP was redirected to the user's PC.
    - Ad-Aware cleaned up 95% of what was left on the machine.

    Thank you everyone - my user is happy to have his PC back (mostly) in his control!!
    - Credit goes to anyone who recommended the HOSTS file & Ad-Aware solutions.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •