Jump to content


Photo

myexexex problem


  • Please log in to reply
13 replies to this topic

#1 1620

1620

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 03 June 2004 - 10:23 AM

hi there

i appear to be yet another one with this problem.

thanks in advance



Logfile of HijackThis v1.97.7
Scan saved at 15:56:37, on 03/06/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Cacheman\Cacheman.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\ACT\SideACT.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Allan\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.myexexex.com/searchbar.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.myexexex....aid=spage&qq=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/spad/start.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.myexexex.....php?said=spage
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.myexexex.....php?said=spage
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/spad/start.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.myexexex.com/searchbar.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.myexexex....aid=spage&qq=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://c:/spad/start.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.myexexex....aid=spage&qq=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.myexexex.....php?said=spage
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.myexexex.....php?said=spage
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.4:808
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://riviera.cc (obfuscated)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {98DBBF16-CA43-4c33-BE80-99E6694468A4} - C:\WINDOWS\System32\msole.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [etun] C:\WINDOWS\etun.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Cacheman] C:\PROGRA~1\Cacheman\Cacheman.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKLM\..\RunOnce: [GrpConv] grpconv.exe -o
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AOL 7.0 Tray Icon.lnk = C:\Program Files\AOL 7.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV03.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: SideACT!.lnk = C:\Program Files\ACT\SideACT.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Microsoft® JavaScript® Console (HKLM)
O9 - Extra 'Tools' menuitem: JavaScript Console (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O9 - Extra button: Microsoft® JavaScript® Console (HKCU)
O9 - Extra 'Tools' menuitem: JavaScript Console (HKCU)
O13 - DefaultPrefix: http://www.myexexex....p?said=pfxp&qq=
O13 - WWW Prefix: http://www.myexexex....p?said=pfxp&qq=
O13 - Home Prefix: http://www.myexexex....p?said=pfxp&qq=
O13 - Mosaic Prefix: http://www.myexexex....p?said=pfxp&qq=
O13 - FTP Prefix: http://www.myexexex....p?said=pfxp&qq=
O13 - Gopher Prefix: http://www.myexexex....p?said=pfxp&qq=
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab

#2 PGPhantom

PGPhantom

    Superman of SWI

  • Emeritus
  • PipPipPipPipPip
  • 3,494 posts

Posted 03 June 2004 - 10:27 AM

:) Being your first post - I get the honour and privilege of welcoming you to our corner of the world where spyware has met it's match - Welcome.

Just so that you know you are not being ignored - I will handle this case for you but I need to ask for your patience while I review the log

Please keep an eye on this message for a resolution shortly.

#3 1620

1620

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 03 June 2004 - 10:32 AM

cheers, much appreciated!! :)

#4 PGPhantom

PGPhantom

    Superman of SWI

  • Emeritus
  • PipPipPipPipPip
  • 3,494 posts

Posted 03 June 2004 - 10:34 AM

Please create a new directory C:\HJT and move the HijackThis.exe file into that directory and only run it from there. That way we can ensure that we have the backup files aavilable in the event that they are needed.

How to Remove CoolWebSearch with CoolWeb Shredder <= Please click on this link for instructions on how to download and use CoolWebSearch Shredder which will help remove a CWS infection on your computer. Make sure you close all programs and windows before running it and be sure to click on the "Fix" button.

Copy the contents of the quote box to notepad.

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{869EE607-5376-486d-8DAC-EDC8E239AD5F}]
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\{869EE607-5376-486d-8DAC-EDC8E239AD5F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{869EE607-5376-486d-8DAC-EDC8E239AD5F}]
[-HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\{869EE607-5376-486d-8DAC-EDC8E239AD5F}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\{BE2F2769-8A63-4bc7-8A99-06C2C4AD7B9B}]
[-HKEY_CLASSES_ROOT\CLSID\{BE2F2769-8A63-4bc7-8A99-06C2C4AD7B9B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{BE2F2769-8A63-4bc7-8A99-06C2C4AD7B9B}]
[-HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{869EE607-5376-486d-8DAC-EDC8E239AD5F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{237AA178-C3BC-4f67-A8BB-D8BC14BA0B89}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{237AA178-C3BC-4f67-A8BB-D8BC14BA0B89}]
[-HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\{237AA178-C3BC-4f67-A8BB-D8BC14BA0B89}]

Select "File" => "Save As" and give it the name clear.reg. Under the filename change save as type to all files and save it to the desktop. Close notepad. Double click the clear.reg file and when asked to merge say yes. Reboot.
Delete the following:
  • C:\documents and settings\(username)\LOCAL Settings\Temp <= Delete all the contents but not the folder itself.
  • C:\WINDOWS\System32\c_10230.dll
  • c:\spad <= Delete this folder
Then load up hijackthis and fix these entries:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.myexexex.com/searchbar.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.myexexex....aid=spage&qq=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/spad/start.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.myexexex.....php?said=spage
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.myexexex.....php?said=spage
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/spad/start.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.myexexex.com/searchbar.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.myexexex....aid=spage&qq=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://c:/spad/start.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.myexexex....aid=spage&qq=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.myexexex.....php?said=spage
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.myexexex.....php?said=spage
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://riviera.cc (obfuscated)
O2 - BHO: (no name) - {98DBBF16-CA43-4c33-BE80-99E6694468A4} - C:\WINDOWS\System32\msole.dll
O4 - HKLM\..\Run: [etun] C:\WINDOWS\etun.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O13 - DefaultPrefix: http://www.myexexex....p?said=pfxp&qq=
O13 - WWW Prefix: http://www.myexexex....p?said=pfxp&qq=
O13 - Home Prefix: http://www.myexexex....p?said=pfxp&qq=
O13 - Mosaic Prefix: http://www.myexexex....p?said=pfxp&qq=
O13 - FTP Prefix: http://www.myexexex....p?said=pfxp&qq=
O13 - Gopher Prefix: http://www.myexexex....p?said=pfxp&qq=
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe

Please reboot into safe mode - How do I boot into "Safe" mode?

Please cleanup temporary files etc. Browse to and select all contents in the following folders (Windows may be WINNT or WIN98 etc.), and delete (Make sure to delete the sub-folders, but not the Temp folders themselves!):
  • C:\Windows\Temp (all contents)
  • C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files (all contents) <=This will delete all your cached internet content including cookies. This is recommended and strongly suggested.
  • C:\Documents and Settings\<Your Profile>\Local Settings\Temp (all contents)
  • C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files(all contents)
  • C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp (all contents)
  • Empty your "Recycle Bin".
  • C:\WINDOWS\System32\msole.dll
  • C:\WINDOWS\etun.exe
Reboot again and log in normally, repost a new HijackThis log into this message for further review.

#5 1620

1620

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 03 June 2004 - 11:43 AM

i've got a small problem in that i can't open notepad. i get an error message.

"drive or network connection that the shortcut "notepad.ink" refers to is unavailable. make sure that the disk is properly inserted or the network resource is available."

#6 1620

1620

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 03 June 2004 - 01:00 PM

been a bit stupid, i got notepad working through explorer

#7 PGPhantom

PGPhantom

    Superman of SWI

  • Emeritus
  • PipPipPipPipPip
  • 3,494 posts

Posted 03 June 2004 - 02:54 PM

I have been seeing more of the notepad problem lately? One thing is to make sure that the notepad.exe in your windows directory is the same as the one in the windows\system32 direcotry.

#8 1620

1620

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 04 June 2004 - 05:22 AM

here's my hijack this log after the fixes

thanks

Logfile of HijackThis v1.97.7
Scan saved at 11:20:11, on 04/06/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Cacheman\Cacheman.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\ACT\SideACT.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell...gen/default.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.4:808
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Cacheman] C:\PROGRA~1\Cacheman\Cacheman.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AOL 7.0 Tray Icon.lnk = C:\Program Files\AOL 7.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV03.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: SideACT!.lnk = C:\Program Files\ACT\SideACT.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Microsoft® JavaScript® Console (HKLM)
O9 - Extra 'Tools' menuitem: JavaScript Console (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O9 - Extra button: Microsoft® JavaScript® Console (HKCU)
O9 - Extra 'Tools' menuitem: JavaScript Console (HKCU)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab

#9 1620

1620

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 04 June 2004 - 05:26 AM

after posting the new log, the casino palazzo pop up has just appeared!!

there's also a yellow cross icon appeared on the desktop, named default

aaaggghhh

Edited by 1620, 04 June 2004 - 06:48 AM.


#10 1620

1620

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 04 June 2004 - 10:11 AM

bump

#11 PGPhantom

PGPhantom

    Superman of SWI

  • Emeritus
  • PipPipPipPipPip
  • 3,494 posts

Posted 04 June 2004 - 11:47 AM

The icon - Remove it. As for pop-ups - They will always appear unless you have a pop-up stopper in place. My final recommendation (Below) contains info about the google toolbar - This has a free pop-up blocker. As for the rest of your log - It does look clean.

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
To protect yourself further:
  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
I also suggest that you delete any files from "temp", "tmp" folders. In Internet Explorer, click on "Tools" => "Internet Options" => "Delete Files" and select the box that says "Delete All Offline Content" and click on "OK" twice. Also, empty the recycle bin by right clicking on it and selecting "Empty Recycle Bin". These steps should be done on a regular basis.

#12 1620

1620

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 04 June 2004 - 12:06 PM

thanks for all your help!!

#13 shadowwar

shadowwar

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 1,361 posts

Posted 04 June 2004 - 01:51 PM

These are causing the casino paluzzo popups. They are fake entries:

O9 - Extra button: Microsoft® JavaScript® Console (HKLM)
O9 - Extra 'Tools' menuitem: JavaScript Console (HKLM)
O9 - Extra button: Microsoft® JavaScript® Console (HKCU)
O9 - Extra 'Tools' menuitem: JavaScript Console (HKCU

Check and fix them.



#14 PGPhantom

PGPhantom

    Superman of SWI

  • Emeritus
  • PipPipPipPipPip
  • 3,494 posts

Posted 05 June 2004 - 12:22 AM

Thank you shadowwar - Did not know about those.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button