Thanks, Michael...but like Erin, it didn't work. I only found the pup.exe file and nothing else. I emptied the recycling and rebooted but the popup came back as well as n-Case that I thought I got rid of. Where else can this pain in the butt be hiding? Erin, may I borrow your sledgehammer when you're done? Thanks for all your help. K

0

To solve the "actulice" problem: 1) Go to "start" 2) Click "run" 3) Type in "msconfig" 4) Click "OK" 5) Click on "Startup" tab 6) Find "pg4ds32m" in the list 7) Uncheck its box 8) Restart your computer 9) Smile ______________________ It didn't change names in my particular case, like it apparently did for others. I posted this earlier over at: http://www.computing.net/windows95/wwwboard/forum/158218.html Hope it solves your problem.

0

I forgot to mention that, after the above, you need to erase "pg4ds32m" completely off of your computer. To do so, follow these instructions: 1) Go to "start" 2) Go to "Find" 3) Select "Files or Folders" 4) Type in "pg4ds32m" 5) When it's found, highlight it and hit the delete key. 6) Also delete it from your trash bin. You can really smile now.

0

Thanks Yadirf, I looked in msconfig/startup but the file you mentioned wasn't there. I have been seeing something called TV Media lately. I tried deleting it before but it keeps coming back. Could they be the same thing? I also searched for the file "pg4ds32m" but again, nothing. Thanks again. K

0

Yadirf, I had the same problem as K. I couldn't find "pg4ds32m". A friend suggested I download spykiller, I don't think it's working though. I seriously don't know what else to do....it's so annoying!!

0

Dears K and Erin, I'm sorry that this thing is causing y'all so much trouble. There's a lot of people who would like to get their hands on the person who did this to OUR possession. The person may just as well have thrown a rock through a window of our houses, or thrown paint on our cars or something as equally disgusting. I can suggest two other things you might try, one of which I had to do myself in order to cure this for me. It's been so confusing that I actually forgot having done it, and consequently forgot to tell you all what I did. But, before I get to that I'll try to help you deal with the reason that you didn't find the "pg4ds32m" listed. It's apparently listed a different way for each computer. In that case, what you'll have to do is uncheck all of them ONE BOX AT A TIME until you've identified the culprit. Just start with the first one in your list, uncheck it's box, then restart your computer. If the problem is still there, go to the next one on the list, and so on. You'll eventually find the guilty culprit. Once you do, then go back and recheck all the other's boxes. Now, here's what I had forgotten to tell you to do, and I sincerely appologize for having done so (Yadirf hitting himself on the head): 1) Go to "start" 2) Go to "Programs" 3) Go to "Windows Explorer" 4) Scroll down to "Program Files" & click it. 5) In the listing on the right look for the items "over.exe" and/or "pup.exe". Delete these. After having done the above, I hope that you are finally able to "smile".

0

OH MY GOD!! IT WORKED!!!!!! This is what I did...thanks to YADIRF!!! 1) Go to "start" 2) Click "run" 3) Type in "msconfig" 4) Click "OK" 5) Click on "Startup" tab Then I made sure all the boxes were checked and started to go down the list like Yadirf said. The first one I checked was Taskbar Display Controls and that did it!! Hopefully this will work for you K!! Good luck!!! Erin

0

You can also download and run Security Task Manager. It will locate and delete Actulice files for you. For me, it told me the name of the file on my machine (ODEMM.exe), so after I deleted it with the task manager tool, I searched and found it in my Windows\system directory and deleted it through Explorer. I was then able to go into msconfig\startup and uncheck it (now that I knew the name it assigned itself. I also deleted two other recent files (streama.exe and staskm.exe) as well. P.S. I did the above after finding and deleting pup.exe, but this didn't do the trick. So you should probably find and delete pup.exe as well. Good luck, Ted

0

- I have treid all of the above plus some - Actulice pop-up attempts to open www.palsol.com (an ad to purchase pop-up eliminator software) - Run Ad-aware 6 in safe mode - Also have deleted HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\pup key... after reboot key comes back Any suggestions would be appreciated RogKel

0

RogKel, I'm sorry to hear that you still have the "actulice" problem. I wish I had something more to suggest, but I don't. There's something that you said that makes me suspect that the one responsible for having created this in the first place is connected with www.palsol.com. You said that this is an ad that sells pop-up eliminator software. Now why do you suppose that the "actulice" thingy would cause you to see an ad like that? My guess is so that the author of "actulice" can make money off of you buying HIS product. Yes, the creator of "actulice" may very well be the owner of www.palsol.com. If this is the case, this person is deliberately causing an agravating problem for others so that he can benefit financially from it. Someone really ought to get the proper authorities after this guy, whoever he is, and www.palsol.com should perhaps be the first place they should look for him.

0

My fix should do it for you. See http://www.computing.net/security/wwwboard/forum/11722.html

0

look for: CUTQ - COMPANY: thunderdome, INTERNAL NAME: actulice, ORIGINAL FILE NAME: actulice.exe, PRODUCT NAME: actulice I found mine is the SYSTEM folder (Im using Windows ME)

0

Thank you all for your help! I think I'm finally rid of it! I printed off TopSpeeds solution and it worked for me. Since I'm not exactly sure what i'm doing, I hope I didn't screw something else up. But all I know is that there isn't any little popup on my screen. Does anyone know if actulice is associated with n-Case? That is something else that pops up on my screen every now and then. Again, thanks for all the help everyone. I agree with you Yadirf...that guy should be sentenced to months of tedious work...say like digging a hole with a toothpick? K p.s. I'm smiling :)

0

Been at it all day before I found this page. Thanks for the help. and to those who are responsible :p

0

Yadirf, I had the same problem with actulice, and I followed your advice and it worked. On my computer the problem was "mgutili". I noticed that everytime I unchecked a box that wasn't the actulice one, a new file was there and a previous one wasn't. "mgutili" the restart before was "ilemgt". I believe this is true, if so when you restart your comp, the one in msconfig that changes is the problem. Thanks for the advice Yadirf.

0

I don't know exactly how I did it, but I got rid of the actulice pop up. I booted up the computer. When the actulice pop up came up, I did not click ok. I left it opened. Then I went to the task manager. I clicked on the applications tab. I saw actulice in the list. I right clicked on it, and choose go to process. Then it went to ryptextc.exe, so I clicked it, and then I clicked on end process. Then I went to the start menu, and I went to find, files and folders, and I typed in ryptextc.exe, and when it showed up, I deleted it from the list, and then I deleted it out of the recycle bin. Then when I rebooted the computer, the actulice pop up was gone. I hope this works for someone else, because I was ready to throw my laptop through the window. No I really can smile. I hope my problem is fixed for good. Nko

0

where exactly can you download this "Security Task Manager" that everyone keeps mentioning?!

0

Jasen, You can download Security Task Manager at the link below. It is Shareware ($29.00)but does offer a Free Trial. Security Task Manager Tufenuf

0

I had This piece of sh*T on my computer too. What I did is what someone else sugested go to your start up and uncheck one box at a time and reboot. The actulice popup wascalled vpasm.exe on my computer . I erased it and its gone. I hope this helps.

0

We fixe it (It seems that it is renaming itself.) We uncheck masfw with msconfig and reboot on safe mode F5 and delete or rename masfw.exe The procedure : 1) Go to "start" 2) Click "run" 3) Type in "msconfig" 4) Click "OK" 5) Click on "Startup" tab 6) Find "masfw" in the list 7) Uncheck its box 8) Restart your computer F5 for safe mode delete masfw.exe and pup.exe reboot thanks Yadirf M A Gagnon Aylmer

0

I found the method of checking the startup boxes one by one working fine. It took an hour, and the actulice pop up was terminated. My computer uses Win XP, and had 2 times pup.exe, one over.exe and svpr.exe located in win/system32. Thanks to you all for solvig this problem. Anton

0

I've searched this site for all the info i can about this actulice pop-up and how to get rid of it. The only file i could find and remove was pup.exe I also tried doing the msconfig and going to startup, and the only thing i could find there that someone suggested removing was SERU. But i tried to find the file in my c:\windows\system pathway but i couldn't find a seru.exe file there. I'm not that computer literate so if anyone out there could tell me what i can do to get rid this, (even though there appears to be a number of methods), i would greatly appreciate it! Janet

0

Running Win98 SE: Deleted the pup files, but to no avail. Couldn't find any of the other ones mentioned. Then tried the Security Task Manager free trial. It showed actulice running, and details said it was called in from Windows/System as SOCKW.exe. Had S.T.M. end it, then I deleted it and emptied recycle bin to be sure. Rebooted and it was gone.

0

I got a dose of this too. On my machine (W98/2), it showed as a 1" square window with "modF" & "ok" in. Even tho I ignored it, when I came to shut the PC down it wouldn't - just popped another window up saying "Can't Close". Had to End Everything thro Task Manager to kill the machine, plus it was still there on reboot even after deleting PUP.exe. Yes it does seem to change on different machines: on mine it was C:\Windows\system\idimapm.exe What solved it for me was security Task Manager, which put it at the top of the list of running processes, and simply gave me a "Remove" option. NOTE THIS JUST REMOVES IT FROM MEMORY - YOU STILL HAVE TO DELETE THE FILE ITSELF (easiest thro Explorer). Two thoughts in retrospect: 1. The pondlife responsible for clogging up the Internet with C**P like this should be flogged to within an inch of their lives with rusty barbed wire. 2. The way you guys rallied round really does give me a warm feeling - there IS life after SCUMWARE! Thank you all very much.

0

I've had this one too. Deleted the following: mdmpsw.exe (in dos mode) bpmone.exe hdoclcs.exe pup*.* over*.*

0

I had this problem on a workstation running W98 at work and found there was a second run entry under HKLM\software\microsoft\windows in the registry. It was "Run." with and extra "." It had the entry ininetw.exe in it. Once I deleted it and restarted I had no more problems.

0

Hey guys, much thanks, I found out that, to fool proof find the file, just run msconfig, and check each box like yadarf suggested, however you can check each file like I did by just running each file name under google, that oughta tell you whether or not the file is legit.

0

Thanx to everyone who posted info here about this nasty little piece of C**p, I too had it, checked out the info here and finally after several attempts at all the sugestions got rid of it. The solution that worked for me was the msconfig route & my file was called TR9DIAAA.exe

0

hi, I recently receive the Actulice pop-up and tried everything on this forum and it still pops-up. I am running Windows XP and was wondering is there a solution to this annoying pop-up? I am also running Spybot. Ok, please let me know. Thank in advance! ;)

0

One correction about the comprehensive fix for remvoing actulice popups and other malware program files manually for Windows 98 posted on http://computing.net/security/wwwboard/forum/11720.html http://computing.net/security/wwwboard/forum/11722.html http://computing.net/windows95/wwwboard/forum/158218.html http://computing.net/security/wwwboard/forum/11772.html The free Sysclean engine and the matching virus definition sofware were downloaded from TrendMicro.com and not from microtrend.com as I stated. I can't believe there is also a microtrend website. In case anyone needs a free antivirus program, I got the free virus scan from Trendmicro through www.housecall.antivirus.com to do the online scan first. I download and update the sysclean engine and the matching virus definition files as they become available. Top Speed

0

Start, Run, type 'MSCONFIG' and click startup tab. Uncheck "Gae". Now open task manager and if "GAE.EXE" is running, 'End Process'. Now search for "gae.exe" (include hidden files and folders). It should find it in Windows/system32 if you have the same problem as mine did. Delete the 'gae.exe' file and reboot. THis worked for me but it seems apparent that there are a fair few different 'strains' of this actulice problem. cheers.

0

Thanks Yadirf, took your advise and went down the msconfig way, found the blighter under the name of SACMM.exe. I am now smiling. Thanks again, Mary

0

I have just caught onto this, but this thing is driving me mad. I have tried checking boxes on 'startup', but the actulice thing will not allow me to restart my computer again. Any advice. Many Thanx Judith

0

what if I am on Win2K and do not have msconfig...then what do I do?

0

I resolved my "Actulice" popup. I follow link Top Speed mentioned in the message. Goto trendmicro.com to scan for Trojan. I had 13 files infected. Then I went into Msconfig to unchecked "load.exe" and server other unfamiliarized startup files. Then restart the popup is gone. This works for Windows XP! Thanks all!

0

Thanks to Yardif & TopSpeed for their assitance! Below is my fix: **Running Win 2000 Pro SP4** - Identified and crossed referenced what processes were running from Task Manager and MSCONFIG - located any suspecious programs - Found 2kn.exe (C:\WINNT\System32) "Thunderdome" - Identified 2kn.exe in MSCONFIG & unchecked in Startup Tab - Using Regedit deleted HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\PUP - Deleted all Internet Temp Files, Cookies & *.tmp files - Emptied the Recycle Bin - Restarted PC - Updated & ran Ad-aware 6.0 RogKel

0

Thank´s Yadirf! (Response numbet 12) Than worked for me. Best regards, Nucleus from Denmark.

0

Oh Yadirf, by the way, I´m SMILING now :)

0

Look for EXE files that have been created in the past week or so. It looks like this thing generates EXE files with a variety of names, but it can't change the dates that it was created. I found three different names for it they were "luginp.exe", "egsvr32r.exe", and "sndmon.exe" Jimc

0

Thanks for the help in getting rid of this thing. I actually had 2 of them running on my machine. I did a search and got rid of the offending files, but they are still showing up (unchecked) in the Startup menu of the System Config Utility. Is this normal? How can I get rid of them?

0

No trace of the thunderdom files should remain on your computer. Locate the previously identified .exe malware from thunderdome by doing either a Find or Search. Delete the malware .exe files from Windows Explorer - usually found in the system folder. Search pup.exe and over.exe and then delete them from your Program Files folder. Remove the previously identified .exe files from thunderdome in Windows registry Run key and delete the entire Pup key as directed in links, See Top Speed Responses at, http://www.computing.net/security/wwwboard/forum/11722.html http://computing.net/security/wwwboard/forum/11772.html

0

okok 1st of all i really have to thank you guys for all ur help, took me abt 1 and a half hours to fiddle here and there but i finally got it removed, herez how i done it 1)I followed Yadirf's method in response No. 12 and found out mine was a bugger named SSTDFMTM, so i deleted the file in my sys32 2)Then i made a search in windows explorer for the various over.exe, actulice.exe blah blah and found i had actulice.exe, so i deleted that too 3)Ok the pop ups have stopped *phew* but as with lightspeed in response 46, the thingy still exists in my Startup menu 4)I tried Micheal J's method in response 5 and found pup and the SSTDFMTM somewhere along the lines, so i deleted them and woo!!!! okok my com iz now back to normal (I hope)

0

Don't forget the to delete the data value (of the malware file path) in the Run key in the registry.

0

Thank-you Yadrif! The process of elimination worked!! I unchecked half the processes in msconfig startup tab. Didn't get the pop-up on reboot so I knew it was one of those. I rechecked half of them trying to select ones I suspected to be valid... still no pop-up. Repeat until I got down to the last 4 then just guessed until it came up again. Upon reboot the task in that slot was renamed to AVAPERMJ.exe int windows/system. Sorry guys, I forgot what it was named before - but it was NOT that. ANyway, disabled it, deleted it, and I have been pop-up free for 20 minutes.. yeah! Thank-you all for your ideas and help!

0

Okay guys and gals, I think I just successfully deleted that actulice.exe pop-up b---tard. After reading many of the suggestions, to no avail, I found a solution that worked for me. I'm running Windows ME on an HP Pavilion if that helps any, and I did the following. -Click "Start" - -Click "Run" - - Type "msconfig" - - Click the "startup" tab I wrote down all of the names I saw on the screen because several people have said that this thing changes name. It did just that for me. I found it under C:/Windows/System/csiDlls.exe I also had the "actulice.exe" program which I found thru the normal file search. I looked for all the other names that I came across, such as: xtrac32e.exe, pup.exe, xapid.exe, aveej.exe, bdalk.exe, malware.exe, sndmon.exe, egsur32r.exe, luganp.exe, 2kn.exe, gae.exe, tr9diaaa.exe, mdmpsw.exe, sockw.exe, masfw.exe, seru.exe, odemm.exe, Intsesst.exe, Udcedite.exe, actulice.exe, pup.exe, bookmarks.exe, ompmgnite.exe, sheartsm.exe, ddbse320.exe - and all others. I also looked for the pg4ds32m registry, but it wasn't there. Once I found out that this thing had renamed itself to "csiDlls.exe I used this method. - Click "Start" - - Click "Run" - - Type REGEDIT - - Find HKEY_LOCAL_MACHINE and double click - - Find SOFTWARE and double click - - Find "Microsoft" and double click - - Find "Windows" and double click - - Find "Current Version" and double click - - You should see two folders, one called "Run" and one called "Run-". Delete the "Run-" folder because that it where it will be and that's where it was when I found it. I deleted it, and also wrote down it's location when I used the "msconfig" method. I found it in C:/Windows/System/csidlls.exe Once you have found and deleted it make sure you empty your recycle bin and look for any other names such as the ones I have suggested and suggested by others on this forum. When you are searching make sure you have all hidden files, hidden system files, and hidden operating files unhidden. I had two of the names, so you may have one, three, or six, who knows. I hope this helps. Thank you to iceman27c, bowler2301, murve, Michael J, Yardif, Ted, Top Speed, friesx100, and gagnon for their help.

0

Dudes, I followed the instructions stated here, specifically Top Speed's to remove this malware. I got myself a good news-bad news situation. Good news - the files, registry keys and the task manager entries have been cleared of this file Bad News - I noticed that my media files (mp3, wma, various movie files) changed icons, specifically the icon where there is no associated program installed to open these file types, and what's more, the windows media player icon changed form it's standard appeareance to that of a setup/install - type file, and when I try to open media player, boom! the horrid things are back... done the stated removal procedures twice and I'm getting the same results... It seems that this program binded with my media player... what should i do about it?

0

Hi ashcrimson0083, It's Top Speed. I have Windows 98. What operating system are you having this problem? Sounds like you may have another virus or trojan malware not related to actulice and here is why: I also had a problem with my Windows Media Player; however, in my case, I don't believe actulice affected my media player because it wasn't working already. The Media Player failure was before the actulice problem, and I believe it was due to qhosts and Windows security updates. After I fixed the actulice problem, I uninstalled my Windows Media Play, cleaned out both Windwos Media and RealPlayer remaining files, reinstalled Windows Media Player from Microsoft website. I have since updated Windows security patches and Office2000 also, and it has been over a week now since I removed all affected thunderdome .exe files relating to actulice on my first try, kept up with new antivirus and ad removal software (all free software), and I don't have a repeat acutlice popup. Since I don't have a repeat actulice problem even after I installed many software programs after the actulice resolution, you probably have another virus or trojan infection on top of the actulice problem assuming you followed all the steps in my fix. Have you kept up with updating your antivirus and ad removal programs? You may have another virus or trojan infection in addition to the acutlice problem. You need to run antivirus everyday and update the virus pattern files frequently. I just opened my Windows Media Player after reading your post just to see what will happen. My Windows Media Player is working and no actulice popup yet. I try to be as thorough and methodical as I can with my fixes to save everyon time, did you follow all the steps including the prep work? Perhaps you didn't remove all the thunderdome exe files or missed a step while removing the the changing .exe files from thunderom? I also noted that I removed many non-thunderdome related malware files in my system folder. Although probably not related to the actulice popup problem (these .exe files are from Totempole), did you try to clean up your system folder? Make sure you clear out all your Internet temporary files, cookies, Internet history records if you don't need them, search and delete all temp files, and empty recycle bin when doing the prep work. Also, for XP/ME systems, System Restore has to be disabled so antivirus can scan your any infected system files. What's your OS? I am afraid you have to uninstall your media player, repeate the actulice removal process, and then reinstall your media player. I suggest you uninstall your media player via Add/Remove and then delete all related program files. Search and delete shared files, tmp files,empty recycle bin, and scan and defrag your hard drive so no trace of media player or related files remain on your OS. Don't reinstall your media player until you resolved the actulice problem by removing all changing exe files from thunderdome. Update and run your ad removal and antivirus programs. Your antivirus will identify the malware file(s) you need to remove. Write them down. These are the files your have to identify and terminate from msconfig, Task Manager, Program Files and system folder, and registry keys described in my detailed fix. All actulice changing .exe files can be removed by this method I described regardless of the exe filename, and the actulice popup problem resolved. After you UNINSTALLED your media player and resolved your latest acutlice popup problem by repeating the actulice fix, and if you still can't remove this previously detected malware files from the registry keys I mentioned in the fix, then the malware file is not an actulice-related malware, and you should post a new malware problem under a different subject heading if you need help. At least you'll have removed the actulice popup. Suggestion: Don't install your media player until after you removed this other NON-actulice-related malware though. Top Speed

0

Just a little peace of mind to all those having been affected by the Actulice insurgence..........Federal Cybercrimes Investigators have added the actulice/pup invasive programs to their "urgent matters" list. I have reliable sources who are on the research and development team for Norton and Adaware antivirus moguls who also say that this bug is NOT related to the n-Case problems that many folks are experiencing. (Sidenote: Spybot has updated to include newer infiltration search and countermeasures to handle n-Case adware, spyware, and keylogger sabatuers.) The most reliable information and peace of mind I can offer is that federal agents are hard at work on this and many other internet crimes and criminals. Earliest leads are ties to the owner of www.palsol.com an Adware/Popware development corporation, but only in the earliest stages of fruition. Secondly, I (yes even I) recently had a bout with ACTULICE. Yardif seems to have the best remedy. Best of luck and happy hunting. the joker

0

Also, Just as you delete Internet temporary files, cookies, and search and delete all temporary files, and empty Recycle Bin before you update and run ad-removal and antivirus to identify malware, you should repeat them again after the malware files are removed. After you resolved the actulice problem, repeat above steps to clean up your files, empty recycle bin, and then update and run anitivirus again. Then, scan and defrag hard drive to ensure files are removed. Create a full backup of your PC once you confirm everything is working. Install your media player. Do security updates from Microsoft.

0

ashcrimson0083, Make sure you have identified ALL malware exe files from thunderdome in msconfig Startup and do not restart pc when prompted by msconfig until you have identified and removed all thunderdome program files from your system folder. Because these thunderdome exe files change filenames, you have to repeat the identification and disabling process several times in msconfig Startup to identify and terminate all malware exe files in msconfig Startup before you could delete them from system folder. If you restart you PC before you delete the detected thunderdome file (and the remaining unidentified thunderdome program files) from the system folder you risk them being either enabled or uploaded in startup again. If this is all too confusing to comprehend, just don't restart your pc until you are at the last step, the search-and-clean step. Make sure you confirm that all malware have been identified and removed from the system folder by doing a search of all previous identified and detected thunderdome executable files and by "arrange-icons-by type" to check that no missed or remaining exe files are from Thunderdome. Also, make sure pup.exe and over.exe are removed from Program Files folder.

0

All, Thanks for your suggestions, I actually got the Actulice AND the msbb at the same time ... when just surfing ! I have a router doing NAT, Symantec Anti Virus real time, a Personal Firewall and I STILL got infected !! Thanks to the firewill I immediately was aware of the thing, but how can you avoid this ? Specific security settings in IE ? ....

0

RE: FIVE POSSIBLE REASONS FOR ACTULICE POPUP REINFECTION 1. Used the System Resore feature on your pc and restored previously infected system files. XP/ME systems, should disable System Restore so antivirus can scan and remove infected system files; however, in the case of actulice, if you didn't disable your System Restore when removing thunderdome exe files, this doesn't matter. Thunderdome exe files can be removed manually. 2. Antivirus programs cannot remove virus when it's running, so inactivate the virus by restarting the pc in Safe Mode when running antivirus program. 3. Some of the parts of virus were not removed. Sometimes, additional steps are required for complete remoal. Consult the virus encyclopida of your antivirus software vendor. 4. Not running the latest virus pattern file 5. Failed to install Windows security updates from Microsoft. http://service1.symantec.com/SUPPORT/sharedtech.nsf/7e7f15291a25d938882567e50048a048/34e1dda598ab705b88256e660063b50f?OpenDocument&src=bar_sch_nam

0

Can someone help? I have actulice and Windows 2000 Millenium Edition and I have found the files in C:\Windows\System. There were about six .exe files all with random names made on the same date, 22 May, and modified on 12 May. It was made by a company named "Thunderdome". I selected them all and deleted, permanently, but three of them were "being used by windows". I can't delete the last three!!! I've tried all that "msconfig" $h!t but it doesn't stop!!! I get three about seven pop-ups when I turn on the computer now!!!! HELP!!!!!!!!!!!!! Thanks, Joe --------------------- Viruses on my PC and % to removal: "Actulice": |||||__ -- 50%

0

@@@ SUPPRIMER ACTULICE MODF @@@@ actulice change de nom à chaque démarrage. Actulice (advertisers and web publishers)http://www.achtungachtung.com Actulice version 5.0.0.1 Thurderdome original name actualice.exe (68 ko) Dans C:\WINDOWS\SYSTEM32 --> omaddinc.exe (68ko) --> igverifs.exe (68ko) --> ou ((other)).exe Dans: Demarrer / executer / msconfig / demarrage Supprimer :igverifs.exe ou omaddinc.exe ou other.exe Supprimer la clef HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\igverifs (or other) Good Luck ...bonne chance ;o)))

0

joe_042293, Excellent, you are half way through. Keep an eye on these identified thunderdome exe files. For Windwows 2000, you shouldn't have msconfig, a system configuration utility. If you do, then notate the filenames and disable the 3 thunderdome files one at a time in msconfig without restarting the pc; they will reappear one at at time with the next filename in msconfig after you disabled one. Don't restart your pc until you have gone all the way through finishing the last confirmation and cleaning step, and if did restart the pc, then repeat from the beginning by terminiating all detected thunderdome files from memory and startup. 1. For Windows 2000 system, you need to terminate your last thee thunderdome exe files from Task Manager from memory one at a time by closing and reopening Task Manager until each detected file has been stopped; remember, each time you terminate one, another thunderdome executable with a different filename shows up. Repeat the end-process in Task Manager on all detected malware files in the running list of running processes. And if you still can't terminate the malware process from memory, restart the pc and repeat the steps in Task Manager to end malware programs from running one at a time until no thunderdome files are in Task Manager. Close Task Manager and open it again to confirm all malware programs have been terminated. 2. Remove autosart entries from the registry as described in my fix 3. Remove other entry from the registry as dexcribed in my fix 4. Confirm, clean, and delete step (as described in my fix but briefly) Delete the three thunderdome files from your system folder (For Windows 2000, it's \winnt\system32) Delete pup.exe and over.exe from program files folder Do a Find to locate any remaining previously identified thunderdome files and delete them (and any temp files). Confirm all thunderdome files have been removed from system folder and from the computer. Empty Internet temporary file,cookies, history, and Windwos temp folder Empty Recycle Bin

0

Once everything is working, update and run antivirus again. Scandisk and defrag your hard drive, and then create a full backup. vax65 and ashcrimson0083, To address your concerns related to media player and IE security, while this not a specific resolution to the removal of actulice popup, Trojan exposure seems to have something to do with Active X components and plug-ins. I haven't read up on it yet. If you want to do some research about Active X issues, my old network book suggests www.download.com/browsers and www.cnet.com for information, and one guy from Lavasoftusa support forums posted this link to stop his trojan from acting up (haven't removed it), http://www.computerbytesman.com/acctroj/ for disabling Java permissions and ActiveX scripting. I did a quick read but haven't read up on it to vouch for it if you are interested. I kept up with the usual pc cleaning rourtine, antivirus updates, and with the security updates from Microsft and doing that seem to help if not enough. From what I learned so far about antivirus, antiad, and trojan removal programs, I don't download any software, antivirus or not, until I read up on them, except in emergency cases. So far, after running my free antivirus and adaware scans, any malware not removed automatically, I remove them manually to stay out of trouble.

0

joe_042293, Sorry if I caused any confusion. I missed read your operating system, but the steps are the same. In your case for Windows ME, you would have msconfig and could disable thunderdome malware files from msconfig startup as described. And then, you must terminate these previously identified thunderdome exe files from running in memory in Task Manager. Because Windows 95/98/ME systems may not display all processes running in Task Manager, it' best for you to first identify all the thunderdome exe files in msconfig Startup, and then terminate them from running in Task Manager, so you could delete the malware exe files in you system folder manually. As long as you terminate ALL thunderdome changing exe files from running in Task Manager and follow through with removing the upload program files, editing the registry, and the confirmation and cleaning step, you should be able to remove actulice popup on the first try. Note: System is the Windows system folder, which is usually C:\Windows\System on Windows 95, 98 and ME, C:\WINNT\System32 on Windows NT and 2000, and C:\Windows\System32 on Windows XP. Detailed steps for Windows 98 are available for your reference at, Top Speed's responses http://www.computing.net/security/wwwboard/forum/11722.html http://computing.net/security/wwwboard/forum/11772.html http://computing.net/security/wwwboard/forum/11779.html NOTE: IF you use the msconfig method to identify the thunderdome files, when you click on the OK button on actulice popup, you can see a new thunderdome filename enabled in your msconfig Startup window after you just disabled one. Therefore, you have to repeat the disabling process in msconfig startup until all thunderdome exe files have been identified and disabled.

0

I was able to FINNALY get rid of this annoying thing. I looked at the post where the guy said find something like pgxsdm32m.exe when i checked i didn't have it but i did have something called dms32m.exe and i thought the 32m was interesting so i unchecked it and guess what. NO MORE STUPID ACTULICE!!! Turns out thunderdome was the company that produced dms32m.exe so someone needs to shut them down.

0

done all that have been written here but don't know how to take it out of the start-up menu in msconfig. can someone please tell me how to delete the unchecked programs btw.... actulice free now for a few hours

0

Read all of this - very helpful but can one of you genii give me a full idiot's guide as to how to remove the actulice pop up from Windows XP. Got rid of my worm virus I think, but this pop up persists. Thank you

0

YESSS ok, so... I downloaded security task manager and searched for any serious problems. Since i had 2 actulice windows pop up everytime it found 2 files under actulice named "tvdmdn" and "tlanui2n". So, i pressed "Ctrl+ALT+DLT" and stoped both tasks and went to startup and clicked both the file names and it worked!!! FINALLY!!!! YESS! Thank you everybody for your help on the forum this is like the most technical thing i have ever done :)

0

I had trojan on my computer...I used my antivirus to delete some files but my antivirus always found actulice.exe even if I had deleted it before. Now it seems to be OK, my antivirus does not detect any virus...but windows media player does not want to work! I've got the message C:\windows\actulice.exe, windows can not access the file (it seems normal since i deleted it)...but what can i do to make Windows media player work. Thanx a lot

0

YES! thanks Musicwriter, you're idea worked like a charm! THANK YOU! THANK YOU! THANK YOU! You have no idea how greatful i am!! Carli

0

i didn't download the task manager but managed to debug the virus. I did what was suggested here (the startup thingy) and found the virus under P_855C. when i restarted the comp it changed its name to ATACLEND. i just deleted all the application files under these names and actulice disappeared. hope this works for someone.

0

For XP user:- - when the piece of s*** appeared on the screen - press CTRL-ALT-DEL - click to the Applications - select actulice.exe(right mouse) - select Go To Process It will show the file to be deleted !!! Try this !!! It works for me !!!!

0

i used the online scanner( the one that top speed recommended) and i found a trojan called TROJ REVOP.C the scanner said it was non- cleanable how do i search for it and delete it now?? I managed to remove tjhe pop-up upon boot, but i want to make sure my comp is REALLY clean of it. Thanks in advance.... lazy

0

Hi Lazy, TrendMicro offers the manual removal instructions for Troj_revop. Look up the removal instructions for the trojan horse in its Virus Encyclopedia. This trojan horse is not related to the Actulice popup problem, and as most viruses/worms can expire to run for a period of time, you still need to follow through with the written instructions to manually identifiy and remove the executable files and reference files for Actulice. The last step is to do a Search or Find of all identified executable files from Thunderdome on your hard drive to confirm they have been removed from the computer.

0

Hey guys! I've been reading all these posts for about the past hour in order to cure my Actulice transimitted diseases...well, I believe I have fixed the problem. When I hit CTRL+ALT+DELETE, my actulice program was called 'PIDERS.EXE' Others related to this (by checking the company) were: CECLIS.exe, INKINFOL.exe, wcn.exe, ENSS.exe, ISPEXD.exe, IASHEXTW.exe, _861C.exe and PIDERS.exe The only companies I saw were: thunderdome, totempole I also found an easy way to find these programs!!!! First, right click on Start, the explore. Then, head to C:\WINDOWS\SYSTEM32 and look at a program called 'ATTRIB.EXE' or 'TASKMAN.EXE' (DONT DELETE) and look at the icon. Notice how the top has a large blue block with 3 buttons in the top right and how the icon i completely flat. Now, look through, manually, the entire SYSTEM32 database and look for programs that do not have the same icons. My actulice programs had a tealish color at the top and were slanted to create a shadow in front of them. Hope it helps, just looking for different looking icons worked for me!!!1 --hoplite

0

hOplite Post 74 Your solution has worked for me so far. I just restarted the computer 6 times and so far no Actulice. I only found one file and dragged it out of Win/Sys32 to a new folder I made. The icon was as you described. Deleting the .exe file does not work. The file in question on my computer was an Application. Mike

0

After fighting this for so long, and painstakingly reading through the previous 75 responses, I feel compelled to add my two cents to this. Based on the earlier posts, I gather that this little bug changes names quite frequently. None of the programs or files mentioned in the first few posts came up on my computer because they become obsolete so fast. Instead of searching for files that others have found, I suggest the following to find the culprit on your own machine: (I am on XP home ed.) When the pop-up appears, ctrl+alt+del to take you to the task manager, then right click to take you to the process. note this process (end it if you want to). When another pop-up shows up, note this one as well - at least two different processes came up for me. Go into Windows/System32 and look for these. As described in response 74, the icons will be slightly different color than the others. I found two more applications with the same company tag [ thunderdome >:( ], and deleted all of these. Thanks to all posts - and kudos to hoplite for the detective work. It cured me (for now)!! -mf

0

Thanks to everyone for their advice & suggestions. I've been trying to get rid of Actulice for weeks!! I tried the "Start, Run, msconfig, startup" procedure and after 2 hours unchecking each box I got fed up and unchecked ALL the boxes. This has worked, I've rebooted twice without getting the pop up. BUT am I likely to have done any permanent damage or caused myself more problems by unchecking all the boxes? Thanks again. Roz

0

thx all for the advice, especially yadirf and musictwirler . i found a combination of their advice works more efficiently. rather than unchecking one box at a time, i did what musictwirler said to do (http://www.computing.net/security/wwwboard/forum/11720 response 22), then did a file search and deleted it. the little f---er was called "AINM.exe"

0

Bare with me, this is a bit long. I think you'll find this very interesting. First my brothers Windows XP was infected with both Actulice and Pup it drove him crazy and intern dorve me crazy because he wouldn't leave me alone until I fix it. I spent about 4 hours looking for it and all the files/reg entries etc... Finally got it. These are the files I found and noticed that if I moved the last letter in the name to the first spot I got this. The names on the left are the bad ones. Most of the names on the right are accual files and are legit, it appears that there bing mimic'd in a way. any of these can be, *.exe, *.dll, *.ocx, *.inf, etc... PUP/TOTEMPOLE bookmarks.exe \Windows pup.exe \Windows _1255c.exe \Windows\System32 atRoot2c.exe \Windows\System32 > catroot2 bdcak.exe \Windows\System32 > (kb)dca bjmoncn.exe \Windows\System32 > ? dpclipr.exe \Windows\System32 > rdp(clip) dqi.exe \Windows\System32 > ? ecupds.exe \Windows\System32 > sec(upd) emm.exe \Windows\System32 > mem erffiltp.exe \Windows\System32 > (perf)filt ervicess.exe \Windows\System32 > services FAUTO8P.exe \Windows\System32 > fpauto8 hctrlh.exe \Windows\System32 > hhctrl in32splw.exe \Windows\System32 > win32spl inscardw.exe \Windows\System32 > winscard mevtmsgn.exe \Windows\System32 > (nme)vt(msg) nbjmonc.exe \Windows\System32 > cnbjmon ountryc.exe \Windows\System32 > country sapip.exe \Windows\System32 > ps(api) sconfm.exe \Windows\System32 > msconf sctrlsa.exe \Windows\System32 > as(ctrls) spmspm.exe \Windows\System32 > ms(pms)p :-) srdbg32i.exe \Windows\System32 > isrdbg32 tdos404n.exe \Windows\System32 > nt(dos)404 ACTULICE/THUNDERDOME actulice.exe \Windows shizzyp.exe \Windows 2embedt.exe \Windows\System32 > t2embed (found as reg entry) 3dpmeshd.exe \Windows\System32 > (d3d)p(mesh) abviewc.exe \Windows\System32 > cabview akecabm.exe \Windows\System32 > makecab bdkazk.exe \Windows\System32 > (kb)dkaz ? bdru1k.exe \Windows\System32 > (kb)dru1 ? cmsetupt.exe \Windows\System32 > tcm(setup) dbji32o.exe \Windows\System32 > odbji32 et500j.exe \Windows\System32 > jet500 etmann.exe \Windows\System32 > metman evenumd.exe \Windows\System32 > dev(enum) FC42ENUM.exe \Windows\System32 > mfc42en fc42m.exe \Windows\System32 > mfc42 FTGA70NL.exe \Windows\System32 > ios1b.exe \Windows\System32 > bios1 lbiops.exe \Windows\System32 > slbiop ? leclio.exe \Windows\System32 > (ole)cli lugincpl140p.exe \Windows\System32 > (plugin)cpl140 mdlgsd.exe \Windows\System32 > mp0B293t.exe \Windows\System32 > (tmp)0b293 ommdlgc.exe \Windows\System32 > commdlg ppwiza.exe \Windows\System32 > appwiz rogmanp.exe \Windows\System32 > progman scriptc.exe \Windows\System32 > cscript sjet40m.exe \Windows\System32 > msjet40 skquouid.exe \Windows\System32 > (dsk)quo(ui) slookupn \Windows\System32 > ns(lookup) vrsnln.exe \Windows\System32 > ? REGISTRY ENTRIES [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "akecabm"="C:\\windows\\system32\\akecabm.exe" "skquouid"="C:\\windows\\system32\\skquouid.exe" "FTGA70NL"="C:\\windows\\system32\\FTGA70NL.exe" "srdbg32i"="C:\\windows\\system32\\srdbg32i.exe" "FC42ENUM"="C:\\windows\\system32\\FC42ENUM.exe" "lugincpl140p"="C:\\windows\\system32\\lugincpl140p.exe" FILES POSTED FORM FORUMS Windows\System\ BAD GOOD seru.exe > user.exe pg4ds32m.exe > mpg4ds32 ? ompmgmtc.exe > compmgmt > Component Management ? sheartsm.exe > mshearts odemm.exe > modem sockw.EXE > wsock > Win Sock ? idimapm.exe > Midimap > Midi Map over.exe > rove ? gae.EXE > ega sacmm.exe > msacm > MS Acm ? luginp.exe > plugin egsvr32r.exe > regsrv32 SSTDFMTM > msstdfmt > MS Standard Format ? AVAPERMJ.exe > javaperm > Java Perm... ? xtrac32e.exe > extract32 PIDERS.exe > spider AINM.exe > main bdalk.exe > kbdal > something to do with the Keyboard mdmpsw.exe > wmdmps igverifs.exe > sigverif > Signature Verify ? hdoclcs.exe > shdoclc As far as removing the bad ones on the left, you need to do a few things first, Bring up task manager (Ctrl+Alt+Del) end task on any of them running, goto Start\Run type in msconfig look for the start up tab, uncheck any name in the list you see, now open regedit from the Start\Run regedit you'll need to find all the entries and delete them, be careful some of them are mixed in with good entries, just delete the single key. But before you delete anything export the keys first incase you make a mistake. Look for my post on how to completely remove nCase.

0

Okay, I had removed Actulice successfully 3 weeks ago. I put a cd on my drive that I might have burned during the problem, and the sucker is back in my computer. Is it possible that either it infected the cd or is my D: drive infected as well?? Now I have to go through the whole thing again... I hate this!!

0

Well, I did run checks on the D and E drives, and also the cds I put in, and it doesn't show... what could be wrong when I insert a cd?? Thanks in advance for suggestions.

0

I had a problem with the actulice pop up screens for some time but now I think i have solved the problem. I'm writing this in the hope that the method I have used may prove useful to some of you out there who have also been irritated by actulice. However I don't gaurantee this method will work for everyone as there seems to be differant types of the virus. Firstly, The problem: Everytime I started up my computer a small screen would pop up that said "actulice" and inside it "modF". I would click "ok" and it would go away but after some time the problem got worse until i had as many as 10-12 of these windows popping up at startup, and when I clicked "ok" the first window would go away but more would appear. What's Behind it? I ran a virus check on the entire "c" drive of my computer and it found that there was a Trojan Horse virus on it. This virus appeared as an application called "do.exe". I think the way it works is that the virus clones itself many times (over an unknown period of time) creating identical applications which it names very similarly to real applications it finds in the windows system folder. These applications are designed to do nothing but bring up actulice pop up screens, and are configured to run when you start up windows. Hence why you get those annoying things when you start up your computer. How to get rid of them: 1)Get a virus checking program such as Norton AntiVirus (or similar) and use it to scan your "c" drive. When the virus is located you should immediatly delete it and empty your recycling bin just to make sure it is gone. IMPORTANT: If you do not rid your computer of the virus then it will continue to clone itself!! 2)Right click your start menu and open up your "find" or "search" program. Tell it to search for all folders containing the text "actulice". You should notice that they are all exactly the same size and were modified on the same date, in other words, they are virus clones. 3)You should now open your start menu and click "run". Type in "Msconfig". This brings you to a menu that allows you to control all programs that run when you start your computer. Click the "startup" tab and you will see a list of these programs. 4)Basically you want to match up all the programs off your actulice search to programs that run when the computer starts. If you find an exact match then simply uncheck the tick next to its name. 5)Now you need to restart your computer. 6)After this you should re-run the actulice text search and delete all the files that it comes up with. Then empty your recycling bin again. 1NOTE: If you cannot delete any of the actulice programs because "windows is using them" than repeat from step 3. 2NOTE: As far as I can tell the virus creates NEW cloned applications and names them after some windows ones. Therefore no two people will have the same infected files and it shouldn't harm your computer to delete them. I hope this solves your problems as the method should not only stop the programs from running when you start up but also delete the virus that causes them.

0