Mike Giambrone, Thank you for your insight. It works!!! Got the culprit: "iefeatures.exe". No more POPVAVs!!

0

Hi, Mike .. I also found the "iefeatures.exe" in my C:windows/system32 directory . Also in "Prefetch". My question is: Do I delete completely these items, or "rename" both files as you suggested ??? "Renaming" is better than "deleting" ??? Thanks for replying a.s.a.p.

0

is the "iefeatures" under my computer, c drive, windows, system?? and is the icon 3 cubes w/ a "m", "f", and "c"???? i am trying to get rid of popnav also

0

Troubled... I just ran a system search with the term "iefeatures.exe" typed in search box. You'll see it there. Make sure you also search in all files, including "hidden files", when you do. That should do it.

0

i will be trying the above but i have turned popnav.com into the FTC at www.ftc.gov/ftc/complaint.htm along with whenu.com and ihatepopups.com and ask that others do as well as the feds what to know and add to their hunt ... whenu.com has a number of lawsuits happening and with luck so will popnav.com and others thanks

0

thanks for helping me. i had the same problem with popnav and all the extra popup ads. does anyone know what the source is or how this program made its way on to my computer?

0

there is also a internetfeatures.exe file that is part of this popnav file. its a small 24Kb file that once i deleted the rest of the popups went away. i restarted my computer and everything is fine.

0

i am having this same problem. i have located the iefeatures file in windows\system along with the other file mentioned a few posts up that is 24kb. i was able to delete that file but keep getting the message of access denied when i try to either rename or delete the iefeatures file. is there any way i can get around this? this popnav crap is killing me!

0

(making sure you are looking in hidden files too) easiest thing i found was to do a search on ALL applications created on or after january 31 2004. look for anything that has to deal with iefeatures and delete them. once you have done this restart your computer. i also did another search on all applications on the whole computer and deleted any other program that has that 3 cube icon that the iefeatures.exe file had. i beleve there were 2 more of them in addition to the files directly asociated with iefeatures. This step may not be neccesary for everyone but it did get rid of the remaining pop-ups that didnt go away the first time.

0

This POPNAV is driving me nuts. I've tried deleting IEFEATURES.exe and INTERNETFEATURES.exe. I've also tried to run AD-AWARE 6.0, but it hangs when it goes to quarantine files. I'd sure appreciate any help. Here's the output of Hijackthis. Logfile of HijackThis v1.97.7 Scan saved at 7:26:47 AM, on 2/12/04 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.exe C:\WINDOWS\SYSTEM\SPOOL32.exe C:\WINDOWS\SYSTEM\MPREXE.exe C:\WINDOWS\SYSTEM\MSTASK.exe C:\WINDOWS\SYSTEM\SSDPSRV.exe C:\WINDOWS\SYSTEM\DEVLDR16.exe C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\EXPLORER.exe C:\WINDOWS\TASKMON.exe C:\WINDOWS\SYSTEM\SYSTRAY.exe C:\WINDOWS\SYSTEM\PELMICED.exe C:\CFGSAFE\AUTOCHK.exe C:\IBMTOOLS\APTEZBTN\APTEZBP.exe C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.exe C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.exe C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.exe C:\WINDOWS\SYSTEM\STIMON.exe C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.exe C:\WINDOWS\SYSTEM\HPZTSB05.exe C:\PROGRAM FILES\CLEARSEARCH\LOADER.exe C:\WINDOWS\SYSTEM\MSBB\MSBB.exe C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.exe C:\PROGRAM FILES\NETSCAPE\NETSCAPE\NETSCP.exe C:\WINDOWS\TWAIN\A4s2\Watchdog.exe C:\PROGRAM FILES\WEBSHOTS\WEBSHOTSTRAY.exe C:\PROGRAM FILES\MICROSOFT BROADBAND NETWORKING\MSBNTRAY.exe C:\WINDOWS\SYSTEM\WMIEXE.exe C:\WINDOWS\RUNDLL32.exe C:\PROGRAM FILES\MICROSOFT BROADBAND NETWORKING\IPHLPSVR.exe C:\HJT\HIJACKTHIS.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://alltelnet.custhelp.com/cgi-bin/alltelnet.cfg/php/enduser/home.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.netscape.com/home/winsearch.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://popnav.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by ALLTEL Internet R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.alltel.net/ O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL (file missing) O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F-C581AC420D41} - C:\WINDOWS\SYSTEM\BTIEIN.DLL O2 - BHO: (no name) - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - C:\PROGRAM FILES\LYCOS\SIDESEARCH\SIDESEARCH1311.DLL O2 - BHO: Clear Search - {00000000-0000-0000-0000-000000000240} - C:\PROGRAM FILES\CLEARSEARCH\IE_CLRSCH.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.exe O4 - HKLM\..\Run: [AAACLEAN] c:\windows\rundll.exe setupx.dll,InstallHinfSection DefaultInstall 128 C:\WINDOWS\INF\AAACLEAN.INF O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\AUTOCHK.exe O4 - HKLM\..\Run: [AEZBProc] c:\ibmtools\aptezbtn\aptezbp.exe O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.exe O4 - HKLM\..\Run: [ZIBMACC] c:\windows\rundll.exe setupx.dll,InstallHinfSection DefaultInstall 128 C:\WINDOWS\INF\ZIBMACC.INF O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.exe /LOADQUIET O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.exe O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.exe O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb05.exe O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\SYSTEM\stcloader.exe O4 - HKLM\..\Run: [ClrSchLoader] \Program Files\ClearSearch\Loader.exe O4 - HKLM\..\Run: [MSVersion] C:\WINDOWS\SYSTEM\INTERNETFEATURES.exe O4 - HKLM\..\Run: [iefeatures] C:\WINDOWS\SYSTEM\IEFEATURES.exe O4 - HKLM\..\Run: [msbb] C:\WINDOWS\SYSTEM\MSBB\MSBB.exe O4 - HKLM\..\Run: [IYBPFW] C:\WINDOWS\IYBPFW.exe O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.exe -r O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo O4 - HKCU\..\RunServices: [AIM] C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\RunServices: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo O4 - Startup: PowerReg Scheduler V3.exe O4 - Startup: Watchdog.lnk = C:\WINDOWS\TWAIN\A4s2\Watchdog.exe O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe O4 - Startup: Microsoft Broadband Networking.lnk = C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe O4 - Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: Real.com (HKLM) O9 - Extra button: AOL Instant Messenger (SM) (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM) O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O9 - Extra button: Sidesearch (HKLM) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37995.646412037 O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

0

Hey, Jeffrey .. Here's what I did, and so far ... so good. I ran a search of ALL files & folders in "C" drive (don't forget to add "hidden" files to the list) - in the box marked "all or part of the file name", type in "iefeatures.exe" ... then in the box "a word or phrase in the file", type in "popnav". Delete each of these found by right-clicking, one by one. Then make sure you empty your recycle bin. Then, go look in C:windows/system32 directory ... also in "Prefetch" for file named "iefeatures.exe". Rename this file to whatever. Run a complete deep scan with Ad-aware after this. No more Popnav hell for me. Life is so very good now. :) Let me know if that works for you. ~ Carla

0

Well Carla Did all Searched all files including hidden deleted what I could renamed all others searched for word popnav Ran REGEDIT looking for all or part Deleted regestry keys emptied all recycle bins including norton protected Ran Adaware twice within 5 minutes after reboot IT'S BACK ----- It keeps coming back!!! HELP

0

Carla, Thanks for the help, but I realize I posted to the wrong forum. I'm running Windows 98 SE. I'll see what I can find in the right forum. Jeffrey

0

Harris .. I also have downloaded Spybot Search & Destroy. This may help immunize your system after you clean it. Check your "favorites" listings to see if Popnav added search features there, along with Ebay, etc. Delete all that you didn't place there yourself. (That happened in my system.) Also - did you do a COMPLETE DEEP SCAN of all your files in "C" drive per directions with Ad-aware ? You must customize your scan first. I'll list link to steps here: How To: Perform a "Full Scan" With Ad-aware 6 Build 181 http://www.lavahelp.com/howto/fullscan/index.html Follow these steps exactly. Let me know if you're still having trouble. ~ Carla

0

I have also been plagued by popnav hijacking my computer, installing itself, adding itself and "internet tools", "ebay", "stop popups", etc., to my favorites AND putting icons on my desktop! Every time it happens, I feel like I've been MUGGED. I will try the previous advice. I use WinPatrol, Browser Hijack Blaster, Ad Aware, popup blockers, banned web sites, filters and SpyBot and it gets past them ALL!! What good will it do to search and delete if it continues to COME BACK? I don't understand how they are doing this despite all the blocks, scans and such available.

0

Soteria .. I actually didn't delete the file marked "iefeatures.exe" - I renamed it. That way, it can't recognize that file in my task manager. After deleting all the extraneous files I talked about earlier in Favorites, and in your searches, rename that file. Worked for me ! ~ Carla

0

I've been reading the posts, and I've located the iefeatures.exe file, but I am denied access when I try to delete it OR rename it. What do I do?? please help, thank you!

0

Mel ... I renamed this file from the list in my task manager file : C:windows/system32 directory I did NOT rename it while still in the search listings. I went DIRECTLY to the Windows directory, right-clicked on this file "iefeatures.exe", then clicked on "rename". Let me know how it goes. ~ Carla

0

Carla- Thank you so much for your reply. Please excuse my computer illiteracy, but I'm not sure if I'm going about this in the right way. I've found iefeatures through my computer at C:windows/system (it is not system32 on mine), and I try to rename it, but access is denied! I am told, again, that the program may be protected or it is running. Please send any feedback! Thank you so much, again! -Mel

0

Have you deleted everything in a complete search with the name on file of "iefeatures.exe" ??? Then delete everything (you must do one by one in search by right-clicking) with name "popnav" in 2nd box as "word or phrase in the file". Then after that, go find that file again in "C". Rename, if you can. Also - did you download Ad-Aware and Spybot Search & Destroy for your system ??? Remember to do deep scan as I outlined above. ~ Carla

0

Carla- I ran a search under popnav and deleted all of those, but I still cannot delete or rename iefeatures.exe from either location. I've run adaware, spybot, and spyhunter multiple times to no avail! Any other suggestions?? thanks again! -Mel

0

Try opening up your "C" drive, and locate that file in the hidden files in Windows. These generally are hidden until you deliberately open the entire content for viewing. You'll see a 3-cube icon next to it. Perhaps from there directly (be careful not to mess up any other function) - then try to rename file by right-clicking on it. Hey - how come I am the only one helping here ???? No one else seems to be contributing ... I actually have another career I am tending to, but hope all this has helped. :) ~ Carla

0

Mel - I had the same problem with iefeatures.exe. It would not allow me to access it, and it was obviously spawning all the files that Ad-Aware (latest release) was removing after every reboot. Here's how I fixed the problem (mind you I am running 98, but I suspect XP will be similar enough for this to be useful to you.) Registry editor (Run - Regedit from the start menu) HKEYS_LOCAL MACHINE Software Microsoft Windows Current Version Run In the run key was a value telling my computer to run iefeatures.exe on startup. It should be pretty obvious. I simply deleted the value, and rebooted. Now that the computer wasn't running the program I could rename it, just to be on the safe side. As a matter of infantile vengeance after a wasted evening away from my home and family, I also opened iefeatures.exe (with Wordpad) and vandalized its evil code with random typing and profanities. Not perhaps as efficient as a shredder program, but more cathartic. Hope this helps. Arkady

0

I had the same problem as the previous user when attempting to rename the "iefeatures.exe" file in my system folder. I am running Windows 98. I kept getting an error message stating that the file i was trying to rename was write-protected. I solved this problem by restarting in MS-DOS mode. I used MS-DOS commands to rename the rename the "iefeatures.exe" file. All of that popnav garbage is gone. Thanks to Carla Baron's suggestions above.

0

Actually you do not want to just rename it. I'll write this in the most basic of terms so that all who see this site may follow along. 1) You'll want to go to Run-> Type in "Regedit" and hit enter. When this dialog box pops up click on "Enter" and then "Find". Search for "iefeatures.exe" when it finds it - Delete it. 2) Now press Ctl+Alt+Delete at the same time and under Processes you'll see "iefeatures.exe" End Process. 3) Now go back to "Start" and click on "Search" do a SEARCH on "iefeatures.exe". There will be two referneces to this. One in Windows/System32 directory and one in the Windows/Prefetch directory. Delete these. If you cannot, this means they are running in the background. This is the cleanest and most effective way to get rid of this. If you just rename it you'll stil have it referneced in your Registry.

0

It's weird, but I went back to look for the file "iefeatures.exe" after I renamed it something else, & it is no longer there ! I searched all over that file where I had originally found it in C:windows/system32 directory. I am assuming that when I had done my deep scan with Adaware as outlined above, that took care of deleting that obnoxious nuisance altogether. I still to this very day have no more Popnav invading my life ! And it feels so good !!! (Just wanted to share that update.)

0

I have been using Ad-aware, but like some of you, the Popups keep coming back. I wasn't able to delete iefeatures.exe due to it supposedly being a read only file, but I was able to delete it from my registry and I haven't had a popup in almost a week. Go to Start, pick run, type in regedit and enter. Go to HKEY_LOCAL_MACHINE/SOFTWARE/MICROSOFT/WINDOWS/CURRENTVERSION/RUN. Pick iefeatures.exe and delete it. Exit regedit. It worked for me. Good luck. Bert Bert M

0