Jump to content


Photo

Massive Pop-ups


  • Please log in to reply
3 replies to this topic

#1 Sylvan_Sorrow

Sylvan_Sorrow

    Member

  • New Member
  • Pip
  • 2 posts

Posted 25 June 2004 - 08:58 AM

Before we begin a little backbackstory on this computer.. I work for a small tech support and service commpany in massachussetts and never had a computer ever with this many spyware/malware problems. My goal though is to clean it without haven't to resort to a reinstallation of windows. Ive ran ad-ware (removed about 5,000 obhects total with it), spybot (another 2,000), and the full version of pest patrol (about 1,800). Also ran CWShredder, and Hijack this. Here is my Hijack this log and keep in mind, I have deleted in the past EVERYTHING save the startup programs, so that all has returned at one point or another.


Logfile of HijackThis v1.97.7
Scan saved at 9:50:56 AM, on 6/25/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\PestPatrol\ppcontrol.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Owner\Desktop\HijackThis-1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://allaboutsearc...B_PVER}&ar=home
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O3 - Toolbar: Tray32 - {32FB7BAD-9D1C-EF88-F621-0E6C924DC6CA} - C:\PROGRA~1\LINKRO~1\Site Bias.dll
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [VGA WAY] C:\PROGRA~1\LIVEAU~1\Movedoes.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: AIM (HKLM)







Please help, Im near ready to give up on this one. Doing this in safe mode with netwokring support cuz at least thats cutting the number of popups Im getting in half.

#2 WinHelp2002

WinHelp2002

    Taking back the Internet

  • Global Moderator
  • PipPipPipPipPip
  • 5,365 posts

Posted 25 June 2004 - 09:53 AM

Hi,

Doing this in safe mode with netwokring support

Start with the below, but you really need to post a HijackThis log from normal mode so I can see any other items loading from Startup that do not show up in Safe Mode. Also if you have any disabled via Msconfig, go back and check those items as HijackThis can not "see" disabled items.

First thing to do is ...

Reconfigure Windows Explorer to show Hidden Files:
Open the Windows Explorer Folder Options - View [tab]:

Scroll down to the "Files and Folders" section.
Select: "Display the contents of system folders".

Scroll down to the "Hidden Files and Folders" section.
Select: "Show hidden files and folders", Ok the prompt
Uncheck: "Hide file extensions for known file types"
Uncheck: "Hide protected operating system files" Ok the Prompt, click Apply

Click the "Apply to all Folders" button. Close Windows Explorer.

Next:

Close all open windows, except for HijackThis place a check in each of the following:
Then click "Fix checked".

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://allaboutsearc...B_PVER}&ar=home
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O3 - Toolbar: Tray32 - {32FB7BAD-9D1C-EF88-F621-0E6C924DC6CA} - C:\PROGRA~1\LINKRO~1\Site Bias.dll


Then reboot, on restart, restart in Safe Mode (see "How To" below)

Start | Run (type) "%temp%" (no quotes)
Completely delete the entire contents of that "temp" folder.

Open Windows Explorer locate and delete the following:

C:\PROGRAM FILE\LINKRO~1 <--this folder
Note: locate the folder via Start Search > "Site Bias.dll"

After the above, reboot, rescan with HijackThis and post a fresh log ...

Edited by WinHelp2002, 25 June 2004 - 10:02 AM.

Mike
Former Microsoft MVP Posted Image 1999-2012
"There's no place like 127.0.0.1"
Posted Image
Blocking Malware, Parasites, Hijackers, Trojans, http://www.mvps.org/...p2002/hosts.htm with a HOSTS file

#3 Sylvan_Sorrow

Sylvan_Sorrow

    Member

  • New Member
  • Pip
  • 2 posts

Posted 25 June 2004 - 10:09 AM

Thanks, but I more or less already tried all that. Didn't work. But I am now all set, after researching through these forums while waiting for a reply I found information on something called vx2.betterinternet and instructions on removing that. Tried that and I no longer have any problems. Thankyou though.

#4 WinHelp2002

WinHelp2002

    Taking back the Internet

  • Global Moderator
  • PipPipPipPipPip
  • 5,365 posts

Posted 25 June 2004 - 10:17 AM

Hi,
"allaboutsearching.com" (C2Media\LOP) and "vx2.betterinternet" are not related, you still need to remove the above.
Mike
Former Microsoft MVP Posted Image 1999-2012
"There's no place like 127.0.0.1"
Posted Image
Blocking Malware, Parasites, Hijackers, Trojans, http://www.mvps.org/...p2002/hosts.htm with a HOSTS file




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button