-
May 18th, 2004, 07:26 PM
#1
Junior Member
-
May 18th, 2004, 07:40 PM
#2
Try getting the latest version of SpyBot Search & Destroy open it in advanced mode and go into tools............check out what is in the various sections there......BHOs etc.
Also get WinSonar and run it, it should catch the program running in the background when it kicks off.
Cheers
-
May 18th, 2004, 07:48 PM
#3
Junior Member
Already tried this option through SpyBot, but haven't used WinSonar. I'll give that a go!
Thanks nihil!
-
May 18th, 2004, 07:48 PM
#4
MsMittens is suspecting it's either "Microsoft Security Services blah blah" or "McAfee Security Services blah blah" relating to the firewall.
-
May 18th, 2004, 08:07 PM
#5
Junior Member
Originally posted here by MsMittens
MsMittens is suspecting it's either "Microsoft Security Services blah blah" or "McAfee Security Services blah blah" relating to the firewall.
I wondered that at first and figured if I deleted anything "important" it would just ask to be re-installed. But when I deleted it... the popup program did stop for a while. Are you thinking that this is some type of exploit maybe?
-
May 18th, 2004, 08:27 PM
#6
Although the "Big Guns" are already trying to help, I was wondering if you poked through your registry looking for anything related to likesurfing.com?
Then the next question (although it may seem dumb) is does the pop-up occur when you are surfing? I had one that would pop every few hours whether I was on the net or not...it took blocking everything at the firewall and reviewing the logs to finally track it down.
You didn't say what type of browser you had (at least I didn't see it listed). Does it happen if you use another browser?
My suspicion is that it is a messenger service pop-up...unless you already have that disabled of course.
-
May 18th, 2004, 08:33 PM
#7
personally, I think it's malware.. if you search google on it you will find a number of hijackthis logs and not many answers.. the logs look mostly like one of the coolwebsearch's latest variations (and this one doesn't get fixed by cwshredder)
sample of what I mean about CWS will have something like this..
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\cjo.dll/sp.html (obfuscated)
with the cjo.dll being a semi-random dll name followed by the sp.dll
the only thread I found that looked like it had answers (but not in english) and had this file was here.
you could go looking through threads for answers in this google search and you'll see that this hijack is most commonly seen as the "about:blank" (another thing to search upon)
I think we should start off by having you post your hijackthis log.
-
May 18th, 2004, 08:47 PM
#8
Junior Member
I have looked through the registry for likesurfing references. Popup occurs when surfing, when not surfing either way. Even if system is idle it has happened. I've tried hijackthis, I've gotten rid of ms virtual machine in favor of Suns java app, messenger services and activeX controls I will have to check on.
I will post hijackthis log tomorrow morning (I'm GMT -5)
thanks already for all your great advice!
-
May 18th, 2004, 08:50 PM
#9
Hrmm.. the popups might be because of the Messenger Service. Have you disabled that?
-
May 18th, 2004, 09:50 PM
#10
Too bad you have removed it. You could have used process explorer to perhaps see a little more info on exactly what it was up to. Personally, I haven't heard of this process but I can tell you that it isn't a standard windows process.
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|