Tom's Guide | Tom's Hardware | Tom's Games

Computing.Net > Forums > Security and Virus > pop ups

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

pop ups

Reply to Message Icon

Name: mike2159
Date: March 6, 2004 at 10:53:13 Pacific
OS: xp
CPU/Ram: 3/256
Comment:

I am constantly recieving pop ups. I have aol as internet provider. Pop ups coming in internet explorer window. Used spybot & ad-aware after updating them. Still having problem. Here is log file of hijack this:

Logfile of HijackThis v1.97.7
Scan saved at 1:38:20 PM, on 3/6/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\VetMsgNT.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Documents and Settings\Valued Sony Customer\Application Data\bmuu.exe
C:\WINDOWS\System32\wnscpcc.exe
C:\Program Files\TurboNote\tbnote.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\America Online 9.0\aolwbspd.exe
C:\Documents and Settings\Valued Sony Customer\Desktop\spyware removal\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Program Files\Common Files\justDo\Jd2002.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Pilot Group LLC\Save Flash 2.4\SaveFlash.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe /startup
O4 - HKCU\..\Run: [Tcsm] C:\Documents and Settings\Valued Sony Customer\Application Data\bmuu.exe
O4 - HKCU\..\Run: [WNSI] C:\WINDOWS\System32\wnscpcc.exe
O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe
O4 - Global Startup: TurboNote.lnk = C:\Program Files\TurboNote\tbnote.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Common Files\justDo\IECatcher.DLL/FlashCatcher.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Flash Catcher (HKLM)
O9 - Extra 'Tools' menuitem: Flash Catcher (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O12 - Plugin for .asx: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O12 - Plugin for .wmv: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37933.5064467593
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8997ACC8-0EEE-4A6E-ABA4-0C95327DB93C}: NameServer = 205.188.146.146




Sponsored Link
Ads by Google

Response Number 1
Name: mike2159
Date: March 6, 2004 at 11:01:09 Pacific
Reply:

I also ran my virus scan.

Finished scanning: 10:33:48 AM, 3/6/2004
Number of files scanned: 47794.
Number of files that could not be scanned: 44
Number of archives containing infected files: 1
Number of infections: 5
Number of infected files deleted: 2
Number of infected files not cleaned/deleted/renamed: 3
C:\Documents and Settings\Valued Sony Customer\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loader.jar-7ea0a603-43a4fd1b.zip>Counter.class (Java.ByteVerify.exploit trojan)
C:\Documents and Settings\Valued Sony Customer\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loader.jar-7ea0a603-43a4fd1b.zip>Dummy.class (Java.ByteVerify.exploit trojan)
C:\Documents and Settings\Valued Sony Customer\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loader.jar-7ea0a603-43a4fd1b.zip>Parser.class (Java.ByteVerify.exploit trojan)


0

Response Number 2
Name: mike2159
Date: March 6, 2004 at 11:03:01 Pacific
Reply:

Still getting pop ups after doing scans


0

Response Number 3
Name: Wombat
Date: March 6, 2004 at 12:55:46 Pacific
Reply:

Go and post your hjt log here...

www.netrn.net/phpBB2/

Iligitimi non carborundum est


0

Response Number 4
Name: Stinkweed
Date: March 8, 2004 at 00:06:14 Pacific
Reply:

I just downloaded a few screensavers.. installed 2 of them... and after getting the same problem as you did.. I hunted it down... you may have what I just got.. open your Task Manager and organize the list by CPU Useage. then sit there with your mouse at the ready on the 2nd item. (first will be System Idol Process) you will see a routine of things that windows runs. (explorer, rtvscan ect...) but then one will pop up for a sec when your pop-ups appear. click that and highlight it. write it down and then end that process. for me it was

wnscpcc.exe

(your process list says you have the same)

I then hunted it down on my computer
\\winnt\system32
is where I found it. then I blasted it and went into regedit and searched for all keys linked to it and blasted them too.. job done.

Hope I helped


0

Sponsored Link
Ads by Google
Reply to Message Icon

Related Posts

See More



Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.


Go to Security and Virus Forum Home


Sponsored links
Ads by Google


Results for: pop ups
Pop Up Problem www.computing.net/answers/security/pop-up-problem/18958.html

Annoying pop ups! Can't Fix www.computing.net/answers/security/annoying-pop-ups-cant-fix/18150.html

pop ups problem www.computing.net/answers/security/pop-ups-problem/932.html