| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 44142 | 2004-04-08 15:44:00 | IE regular POPUPS | nav2u (3825) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 228163 | 2004-04-08 15:44:00 | hi all, my laptop has recently started to open up IE windows automatically at regular intervals(may be 5 mins) if connected to the internet(does not happen when disconnected) this is not a popup and does not open from an existing IE window but just automatically as if it was controlled by a software, everytime it opens such a page i takes me to the followinf IP address http://81.211.105.49/ which talks abt computer internet saftey and privacy and stuff........ now i have tried running Lavasoft adware spybot-search and destroy and also done a full system scan of the system using norton with latest defination and no virus either. now if u keep following the links on the webpage that opens automatically it actually says pls click here if u r forced 2 visit our web site and if u keep following the link it actually tells u how to get rid of the problem, tried it and does not work either............ now opening of web pages is not the only thing that is happeing it i sadding shorcuts to my desktop and my favorites and chaning my home page address, also if i right click in IE there some new links................. i am using win xp home and IE version 6.0.2800.1106....... thanks nav |
nav2u (3825) | ||
| 228164 | 2004-04-08 20:16:00 | A search in Google turned up this (www.computercops.biz)this page Steve |
Steve Askew (119) | ||
| 228165 | 2004-04-08 23:58:00 | You state that you have used Spybot Seach & Destory as well as Ad-aware, but did you install and run CoolWebShredder (CWShredder.exe) as suggested by the manual removal instructions from that website? | Jen C (20) | ||
| 228166 | 2004-04-09 13:05:00 | cooollll problem solved, the site that had the download link to download another program called Hijackthis and this allpwed me to spot registry entries related to the web sites the IE was taking me to!!! thanks so much guys also below i have posted my log file from the same program are u able to have quick look at this and tell me if there is anything else i need to get rid of........... Is there a kind of list or something that tells you that this process is a general process and runs for everyone and someother particular one is not. thanks a lot again nav Logfile of HijackThis v1.97.7 Scan saved at 11:59:23 PM, on 4/9/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Launch Manager\LaunchAp.exe C:\Program Files\Launch Manager\PowerKey.exe C:\Program Files\Launch Manager\HotkeyApp.exe C:\Program Files\Launch Manager\CtrlVol.exe C:\Program Files\Launch Manager\Wbutton.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Ccy Wallpaper Changer v2.0.2\wallpape.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Nav\Desktop\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = red.clientapps.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = www.mathworks.com O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [LaunchApp] LaunApp O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe" O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE O4 - HKCU\..\Run: [Ccy Wallpaper Changer v2.0.2] C:\Program Files\Ccy Wallpaper Changer v2.0.2\wallpape.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {11111111-1111-1111-1111-111111111157} - file://C:\Program Files\Internet Explorer\e1189.exe O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - fpdownload.macromedia.com O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - download.yahoo.com O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - www.cult3d.com O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - a1540.g.akamai.net O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload.macromedia.com O17 - HKLM\System\CCS\Services\Tcpip\..\{5C6385BE-871A-4A50-9288-C8769FACA760}: NameServer = 202.89.128.16 202.89.128.17 |
nav2u (3825) | ||
| 228167 | 2004-04-09 13:09:00 | > Is there a kind of list or something that tells you > that this process is a general process and runs for > everyone and someother particular one is not. Chucking it into google is usually the easiest way. |
whiskeytangofoxtrot (438) | ||
| 228168 | 2004-04-09 14:14:00 | Bit tired at mo, but only sus ones are :- O16 - DPF: {11111111-1111-1111-1111-111111111157} - file://C:\Program Files\Internet Explorer\e1189.exe O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - a1540.g.akamai.net le.com/mickey/us/win/QuickTimeInstaller.exe Just make sure Hijack is set to backup. |
Pheonix (280) | ||
| 1 | |||||