• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Skier55d

How To Remove 680180.net Popup

14 posts in this topic

680180.net/Zamingo Removal

-----------------------------------

Symptoms:

- After IE load, every 30 seconds or so a 680180.net popup will appear followed by a popup ad.

- Some normal sites will cause IE to crash to the desktop, one example, www.csnation.net

 

Removal works for Windows XP Home/Professional and Windows 2K. Windows ME and 98 not tested.

 

After encountering the adware myself and scanning through various posts concerning this bug, I think I've figured it out. In order to identify and remove the bug you will need HijackThis. Then follow these instructions...

 

1. Run HijackThis and scan.

2. Look for an object that looks like one of the following:

 

O2 - BHO: SDWin32 Class - {YYYYYYYY-YYYY-YYYY-YYYY-YYYYYYYYYYYY} - C:\WINDOWS\System32\XXXXX.dll

O2 - BHO: (no name) - {YYYYYYYY-YYYY-YYYY-YYYY-YYYYYYYYYYYY} - C:\WINDOWS\System32\XXXXX.dll

O2 - BHO: (no name) - {YYYYYYYY-YYYY-YYYY-YYYY-YYYYYYYYYYYY} - C:\WINDOWS\System32\SWin32.dll

 

 

The XXXXX will be 5 random characters. The YYYY will be random letters and numbers.

 

3. Check the object that looks similar to the one above and click fix.

4. Browse to your C:\Windows\System32\ folder.

5. Look for 7 files as listed below:

- XXXXXa.xml

- XXXXXb.xml

- XXXXXc.exe

- XXXXXd.exe

- XXXXXe.xml

- XXXXXf.exe

- XXXXX.dll

 

(Extensions may not be the same)

 

The XXXXX will be the same random 5 characters from step two.

6. Delete all these files.

7. Restart your computer.

 

That should fix it, let me know if it doesnt work.

Edited by Skier55d

Share this post


Link to post
Share on other sites

This works for Windows XP Home/Professional and Windows 2K. Not tested with Me or 98. Method is probably the same with system path changes (f.e. winnt instead of WINDOWS). Let me know if it doesn't work for those operating systems.

Edited by Skier55d

Share this post


Link to post
Share on other sites

Zamingo, also known as 680180.net, is an adware that displays popup ads every now and then when you are using Internet Explorer. The adware records urls visited and keywords typed and contacts to its controlling server ( Zamingo.com or 680180.net ) to retrieve related advertisements to display them as popup ads which is very annoying.

 

ADStartUP.exe AdUpdater.exe Swin32.dll AutoMove.exe adupdmanager.xml data.xml IEEnhancer.dll Trans.exe <-- these are the files to be named related to this crap of which IEEnhancer.dll is one common.

 

Regards

Share this post


Link to post
Share on other sites

well ive tried this on WinME and i have found and removed adstartup.exe, swin32.dll, adupdmanager.xml and trans.exe all in the C:\Windows\System folder and not C:\Windows|System32 as thats only for Win2k and XP I believe :unsure:

 

Also adupdmanager.xml was in the C:\ folder as well as C:\System

 

As far as I can tell its now 680180 free as it has been for about 1 hour 30 mins now and after 2 restarts

Edited by f3llah1n

Share this post


Link to post
Share on other sites

I just tried this after my virus checker and adaware and spybot and spyware blaster and spywareguard and pest patrol all failed to stop this pest.

 

Suddenly 680180.net is gone and IE no longer shuts down when I try to access hotmail. :D

 

Congratulations and thank you. :D

Share this post


Link to post
Share on other sites

I have just performed this procedure on a Windows ME system which was infested with 680180.net and it works exactly as documented even on ME, given that you can locate your own machine's Windows System folder.

 

My one suggestion, for those who understand the potential implications of doing this, would be to remove the Run- key in the system registry for the XXXXX.dll which HijackThis identifies. Locate that key and delete it so the system will not keep trying to run a DLL which is not present (an orphaned Registry entry - no real harm but not a great thing either). Showing you how to edit the registry in this post is beyond the scope.

 

I have not tested this next idea but it seems logical. I could not quite figure out why 680180.net was so maddenly persistent until I examined the registry and realized this thing had made an entry in the Run section (duh!). I presume that simply by locating and deleting this key, one also would stop the popups but it is much more desireable to remove not only the key but also the files.

 

THANK YOU for this procedure. I had begun to look at more radical repair options I really did not want to have to do.

Share this post


Link to post
Share on other sites

on step 7 it says: Look for 7 files as listed below:

- XXXXXa.xml

- XXXXXb.xml

- XXXXXc.exe

- XXXXXd.exe

- XXXXXe.xml

- XXXXXf.exe

- XXXXX.dll

 

i only found one that said BPMNT.dll. Should i delete that? I can't find any of the other files in WINDOWS so do i just delete this one?

Share this post


Link to post
Share on other sites

Hi Tracykwok,

 

I replied to your previous thread here: http://forums.spywareinfo.com/index.php?sh...t=0entry93422

 

I'm glad your problem has been resolved. You are missing several Critical Windows Updates. Get these as soon as possible. You can also post a new hijackthis log to make sure you got rid of everything.

 

Take care :wave:

Edited by DawsonV5

Share this post


Link to post
Share on other sites

I followed Skier55d instructions, but I must have missed something. HijackThis finds the BHO and then I can find the 7, System32, files, but I can’t get rid of ‘em – I delete them and they just re-appear. It’s as if the HijackThis ‘fix’ just backs-up the BHO file but doesn’t perform a ‘fix’. I’m new to this so maybe I committing a basic error. Any help would be welcome.

:ugh:

 

I take it all back. I got it to work (don't know what I did differently).

Thanks for this fix.

:D

 

Damn if it isn't back again! This time thefiles will not delete - they just keep re-apperaing and I can't find what's re-installing them.

:wtf:

Edited by kimota

Share this post


Link to post
Share on other sites

please help !

 

i followed the steps, found and deleted the SDWin32class file and the 7 files in the windows/system32 folder and they come back as fast as i delete them..

 

help...thanks

Share this post


Link to post
Share on other sites

hey Skier55d,

 

Thanks for the help, i can now identify what is causing this pop up. In my case, the files are called zjwhm, and I can identify all 7 in system32 (xp os). When running hijack this I can see the string relating to this aswel.

 

However, everytime I restart the PC, the string is there again, as is the files in system32. I have scanne dthe registry and deleted anything associated with zjwhm, but everytime the pc is restarted, its back again!!!

 

Can you suggest anything else that I should be looking out for?

 

Your helps much appreicated,

 

Cheers,

Mark

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0