Thread: Popups(RESOLVED)
View Single Post
Old 15-07-2006, 08:39 PM   #7 (permalink)
Neal
 
Neal's Avatar
 
Status: Senior Member
Join Date: Sep 2005
Posts: 5,132
 Neal is beginning to become part of the furnitureNeal is beginning to become part of the furnitureNeal is beginning to become part of the furnitureNeal is beginning to become part of the furnitureNeal is beginning to become part of the furnitureNeal is beginning to become part of the furnitureNeal is beginning to become part of the furnitureNeal is beginning to become part of the furnitureNeal is beginning to become part of the furnitureNeal is beginning to become part of the furnitureNeal is beginning to become part of the furniture



Neal is offline  
Re: Popups
Yep, you got a LOP infection and we will see if we can get rid of it in a minute.


I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:
  1. Run Spybot-S&D
  2. Go to the Mode menu, and make sure "Advanced Mode" is selected
  3. On the left hand side, choose Tools -> Resident
  4. Uncheck "Resident TeaTimer" and OK any prompts
You can reenable TeaTimer once your system is clean.


Quote:
Also...



Open Hijackthis.

Click the "Open the Misc Tools" section Button.

Click the "Open Uninstall Manager" Button.

Click the "Save list..." Button.

Save it to your desktop. Copy and paste the contents into your reply.


Quote:
Download: Microsoft Task Scheduler Command Line Utility

http://mvps.org/winhelp2002/jt.zip

Unzip and copy jt.exe to your Windows folder.

Open Notepad, copy and paste the below and "Save As" KillJobs.bat
In the "Save as type" select: All Files

Quote:
@echo off
jt /sd A9C0D44C91BB4E24.job


Copy KillJobs.bat to your Windows folder.
Double-click on "KillJobs.bat"
(when prompted, allow the file to run)



If you want to remove tracking cookies you must quarantine them after the scan is done.



Remove from add/remove program if present:

viewpoint/viewpoint manager/viewpoint media player
weatherbug---if the free version
LimeShop


Reboot


Run hiajckthis and click on scan buttton and put checks next to these:


O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKCU\..\Run: [web ace] C:\DOCUME~1\Clayton\APPLIC~1\LIESAX~1\Gpl grid bleh.exe---if still there after the above

O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)


Now reboot into safe mode by tapping your F8 key upon restart and safe mode screen appears, select safe mode and press enter.


Navigate to these files or folders using Windows Explorer (OR Start -> Search) and delete (if present):



DELETE FOLDERS

C:\Program Files\Viewpoint
C:\DOCUMENTS and SETTINGS\Clayton\APPLICATION DATA\LIESAX~1---folder begins with LIESAX
C:\Program Files\LimeShop


Reboot normal mode and post a hijackthis log and tell if popups are still coming and what do they say if so.
__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.



Reply With Quote