| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 63735 | 2005-11-21 07:16:00 | Pornographic Adware/Joke Programs | RancidKraut (9270) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 406042 | 2005-11-21 07:16:00 | Hello everyone, I've recently been having some problems with popups...but they don't "pop up." You see, I have Firefox set up so that any link I click will open in a new tab. A porn site has been opening in a new tab, and it's the same site every time. When I leave my computer and come back later, I have several of the pages open in several tabs. It's something like [edit: URL removed] or something...that's not the exact URL, but it's somewhere around that. I ran Spybot - Search & Destroy and Ad-Aware SE Personal, deleted several threats, but it hasn't seemed to work. Please help! I don't want my parents to be in the room and a porn site to pop up when it really wasn't me who went to it in the first place! [Edit: I have removed your URL as it loaded an X-rated website which is not appropriate viewing for this forum - Jen (Moderator)] |
RancidKraut (9270) | ||
| 406043 | 2005-11-21 07:21:00 | Try hijack this www.spywareinfo.com hth |
johnboy (217) | ||
| 406044 | 2005-11-21 07:24:00 | Put the log file here and it will tell you what to remove http://www.hijackthis.de/ |
johnboy (217) | ||
| 406045 | 2005-11-21 07:47:00 | Thanks, Jen...I was typing through that fast and I didn't realize...sorry. :\ And thanks, johnboy. Here's the link to the log file analysis if you guys wanna see: www.hijackthis.de I know what I should get rid of, but I'm curious about the unknown ones...if you guys know anything about them, or if I should just google them...Thanks! :) |
RancidKraut (9270) | ||
| 406046 | 2005-11-21 07:58:00 | Googled up wfwall1.exe and got this (help2go.com) | bob_doe_nz (92) | ||
| 406047 | 2005-11-21 08:03:00 | Tick these, and close browsers. Tick fix checked. Turn system restore off for now, and boot into safe mode. C:\WINDOWS\system32\clusapi1.exe - Dont know what this is. Once this is ticked find this file and delete it in safe mode. C:\WINDOWS\System32\wfwall1.exe. As above C:\WINDOWS\System32\wfwall1.exe As above R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O4 - HKLM\..\Run: [fc1934c3ed0e] C:\WINDOWS\system32\clusapi1.exe Once this is ticked and fix checked is selected, delete this file in safe mode. O4 - HKLM\..\Run: [wfwall1.exe] C:\WINDOWS\System32\wfwall1.exe As above. O4 - HKLM\..\Run: [SkyAffiliate.exe] C:\WINDOWS\System32\SkyAffiliate.exe As above. This entry I think, is whats giving u the porn. O4 - HKLM\..\Run: [exp] C:\WINDOWS\System32\wfwall1.exe O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm If you didnt lock this entry, tick this O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM) O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - download.weatherbug.com See if weather something appears in add/remove programs. If there's something here, uninstall it. |
Speedy Gonzales (78) | ||
| 406048 | 2005-11-21 08:20:00 | Forgot to add this bit. That wfwall1.exe and skyaffliliates.exe file may be hard to remove. Post another log after you've done the above. Post another log here, not a link to another site. |
Speedy Gonzales (78) | ||
| 406049 | 2005-11-21 09:01:00 | Post another log after you've done the above. Post another log here, not a link to another site. why |
bartsdadhomer (80) | ||
| 406050 | 2005-11-21 09:06:00 | Well if he's gonna post it there, why post it here? And tell us about it? | Speedy Gonzales (78) | ||
| 406051 | 2005-11-21 21:08:00 | But Speedy, the site linked was the hijack analysis site, its a very useful way to post the link. It offers reasonable diagnoses suggestions as well which is a bonus in many cases. I think its a good way of saving server storage space (its auto deleted after a few days from that site). |
godfather (25) | ||
| 1 | |||||