-
May 20th, 2004, 08:22 PM
#1
Member
Weird: Adware comming directly from PC
Hey guys:
Just wanted to ask. Everytime I boot my PC (and at random intervals while it's on) a pop-up window, as in an ad, apears on the desktop. It happens always, even if I'm not connected. One can only assume that this is comming from some Ad-ware installed in the PC.
I ran Ad-Aware, and even though I remove some things, I can never remove whatever is causing the pop-up, because it keeps happening. I suspect one of two things:
1) It's very clever Ad-Ware with an elusive name to evade Ad-Aware.
2) It might actually be "integrated" in the code for something already running.
Either way, I need to ask if any of you have had this happen to them. Is there any way I can check where the code for the window is running from? I have checked the Task Manager, everything running is normal.
It's not really that bothersome, but I would think it interesting to find a way to get rid of it, cuz it is kinda' anoying (interrupts my Battle.net games, grrrrrr).
\"I ONLY DRINK THE BLOOD OF MY ENEMIES....and maybe a strawberry yoohoo....and a...Pina Co-la-da!...
If you like pina coladas....ugh!, gettin\' caught in the rain....ugh!\"
-Sarge
-
May 20th, 2004, 08:24 PM
#2
Could we have a peek at your HijackThis log?
-
May 20th, 2004, 09:16 PM
#3
Hi MR.CD:\
Hi
Yes Seems like you definately have a Adware.. Try Spybot and PestPatrol Too or do a online Scan with Pestpetrol. You never know which one might work. Well sometimes it happnes that the other is able to detect it. ......
Hey and as said therenegade give us your hijakThis log . Download hijakThis if you don't have it. Copy it to a permenant Directory. Run a Scan And Post the Log here.....Let us see if we can find something in it......
-
May 21st, 2004, 05:06 AM
#4
MR.CD,
Could you elaborate a little more about what your OS is, and if you're on dial-up or cable/DSL.
If you're on cable, you're always connected to the internet even if your browser isn't open.
With this in mind, there are scum/spamware programs that can exploit the Messenger Service (don't confuse this with MSN Messenger) depending on if your OS has the Messenger Service.
You can go here to see how to disable Messenger Service and see if that maybe fixes your problem.
The object of war is not to die for your country but to make the other bastard die for his - George Patton
-
May 21st, 2004, 01:51 PM
#5
As therenegade said, it would be great to have a peek at your HijackThis log.
Please do this.
Download Hijack This. Unzip to a convenient permanent folder, double click HijackThis.exe, and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, Ctrl-A to Select All, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.
-
May 22nd, 2004, 11:17 PM
#6
Member
\"I ONLY DRINK THE BLOOD OF MY ENEMIES....and maybe a strawberry yoohoo....and a...Pina Co-la-da!...
If you like pina coladas....ugh!, gettin\' caught in the rain....ugh!\"
-Sarge
-
May 22nd, 2004, 11:35 PM
#7
I dont like these. Maybe investigate those further. Dont forget to update Adaware, spybot, and run them in safe mode. They are no good without the latest definitions. Even a week makes a difference in the definitions.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\SYSTEM\sb.htm
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
R3 - URLSearchHook: PerfectNavBHO Class - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\PROGRAM FILES\MYWAY\SRCHASTT\1.BIN\MYSRCHAS.DLL (file missing)
O2 - BHO: (no name) - {11F36258-4EF2-4A83-BEFD-C4627C4BD849} - C:\WINDOWS\SYSTEM\MSVLS31.DLL (file missing)
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\PROGRAM FILES\APROPOSCLIENT\APROPOSPLUGIN.DLL (file missing)
O2 - BHO: DefaultSearch.SeekSeek - {5074851C-F67A-488E-A9C9-C244573F4068} - C:\WINDOWS\IEASST.DLL (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\TWAINTEC.DLL
O2 - BHO: NavErrRedir Class - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\BXXS5.DLL
O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\BXXS5.DLL,DllRun
Not sure about those, investigate them further (google). Don't delete anything you actually use. I pretty much just copy pasted the BHO's. Those typically are screwy, but make sure you investigate them thoroughly.
-
May 23rd, 2004, 02:18 AM
#8
Please close all windows (including this one!) and fix the following with HijackThis:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\SYSTEM\sb.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchnav.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
R3 - URLSearchHook: PerfectNavBHO Class - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\PROGRAM FILES\MYWAY\SRCHASTT\1.BIN\MYSRCHAS.DLL (file missing)
O2 - BHO: (no name) - {11F36258-4EF2-4A83-BEFD-C4627C4BD849} - C:\WINDOWS\SYSTEM\MSVLS31.DLL (file missing)
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\PROGRAM FILES\APROPOSCLIENT\APROPOSPLUGIN.DLL (file missing)
O2 - BHO: DefaultSearch.SeekSeek - {5074851C-F67A-488E-A9C9-C244573F4068} - C:\WINDOWS\IEASST.DLL (file missing)
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\TWAINTEC.DLL
O2 - BHO: NavErrRedir Class - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\BXXS5.DLL
O4 - HKLM\..\Run: [IEDriver] C:\WINDOWS\SYSTEM\IEDriver\IEDriver.exe
O4 - HKLM\..\Run: [iefeatures] C:\WINDOWS\SYSTEM\IEFEATURES.exe
O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe
O4 - HKLM\..\Run: [absr] C:\WINDOWS\mwsvm.exe
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\BXXS5.DLL,DllRun
O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm
O16 - DPF: {A45F39DC-3608-4237-8F0E-139F1BC49464} - http://64.157.10.150/diallerfiles/013635.exe
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} - http://www.wildtangent.com/install/w...wdinstFull.cab
O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia.cab
Then reboot, download, UPDATE & run Spybot & Adaware to clean up the rest of the leftovers, reboot again, and post a fresh log. Try an online virus scanner too:
http://housecall.trendmicro.com/
http://www.bitdefender.com/scan/licence.php
http://www.ravantivirus.com/scan/
http://us.mcafee.com/root/mfs/default.asp?affid=294
How on earth did you even browse on this thing??
Edit: Here are some things to do/read to help keep yourself clean:
Here's some recommended reading for you: So how did I get infected in the first place?
Also, take this pc through Windows Update and make sure youhave all CRITICAL updates.
-
May 23rd, 2004, 03:51 AM
#9
Download Hijack This. Unzip to a convenient permanent folder, double click HijackThis.exe, and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, Ctrl-A to Select All, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.
It's like deja-vu
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|