I've tried Adaware/SpyBot/SpywareBlaster/Trojan Hunter and I've been to HouseCall as well .. all to no avail ... all they ever find are cookies (I've just installed CookieWall too! I'm so desperate!)... but I'm being plagued on one particular forum by pop-ups that are from Bluestreak/TribalFusion and this >>> http://www.xzoomy.com/media/smsnewad/index.php?id=222 I have ActiveX controls and Java disabled (the forum I'm getting the trouble from is the only place I allow ActiveX ... and a number of people on there have complained about Trojan activity lately ... ?) I use ZoneAlarm and the pop-up tool on Crazy Browser ... but nothing stops these pop-ups and I have a feeling that I've really got something bad on my 'puter so I've done a HijackThis log file to see if you kind guys can suss out the problem for me so that I can kill it! :-) In your wise estimation ... if that forum is the only one I use ActiveX controls on ... is THAT the place that has dumped the crap onto my 'puter? ...'cos if it is, it's curtains for it! Thanks in advance guys; I dunno what I'd do without Computing.net! ... let me know if you want the Hijackthis log.

Here's what I found, the removal is toward the bottom: http://www.pchell.com/support/xzoomy.shtml If you have anymore problems post back.

Thanks ranchhand, but I've been told that these "makers" removal tools only get rid of the "little stuff" and that they leave their other spyware on your 'puter ... so, I'd really like to get rid of it another way ... after all, if they put it there (without my permission) in the first place, I'm not gonna trust them to get rid of it am I? So yes, I still need help please.

MTK, here is how I removed popups in Windows 98 and if you adopt the steps for ME, maybe the directions will remove your popups. I ran the most current sysclean from MicroTrend and Adaware 6.0.181 on my Windows 98, and they didn't remove all the popups. I found many suspecious looking .exe files in my Windows system folder, c:\windows\system for Windows 98. These .exe files all have a different icon from the usual .exe icon and are of the same date. Some of these .exe files have crazy program file names and some with very legitimate sounding program names. For your reference, here is how I got rid of my popups and malware manually. The steps are fast and easy to do than they appear written. You'll need to adopt the procedures for your OS. PREP WORK: 1. If you are not familiar with what programs should be running in your Task Manager and at Startup, you will need a third-party program to help you identify the processes running in memory found in Task Manager. The Task Manager (CTRL-ALT-DEL) running on Windows 95/98/ME may not show certain processes. If you are not sure about your task programs, you could use a third party process viewer to identify suspecious or unknown files. I use Process Explorer, a freeware from Sysinternals.com, http://www.sysinternals.com/ntw2k/freeware/procexp.shtml to help me identify program company names on unknown files or processes. 2. Search and delete all *.tmp and *.gid files using Find by right-click on the Start button. 3. Empty Recycle Bin 4. Update and run all your virus- and ad- removal programs. Make sure you update and run the most current free scan from Adaware and Sysclean scans from MicroTrend. 5. Backup your registry if you want (you'll have a choice to modify registry later). 6. Shut-down and restart Windows 98 in Safe Mode, press the CTRL key before Windows begins to load, (I did it in Normal Mode, however). IDENTIFY AND TERMINATE THE MALWARE FROM WINDOWS SYSTEM FOLDER AND PROGRAM FILES 1. Identify and delete malware from Windows system folder Go to your Windows system folder. It's c:\windows\system for Windows 98. Up from the View menu, select "Arrange Icon by Type". Locate the group(s) of .exe files that have a differnt icon than the usual .exe icon and with the same date. Right-click on one of the program files to check the maker, select Properties, click on Version Tab to identify maker and company. If they are from the same unknwon maker, search the Internet for either company name or .exe files from these companies to identify whether or not they are malware. Once you identify them as malware, delete them and then empty Recycle Bin. I removed 60+ of these .exe files from a company called Totempole and 2 program files from Thunderdome (disabled from msconfig first). Removing these program files from these two makers speed up my computer. If you couldn't delete an .exe file in the system folder because it's in use, write down the .exe file names for now. You'll have to double check that the malware program file(s) is in msconfig to disable it in Startup and then go back to delete it in Explorer (see terminating malware from startup below). Having Process Explorer helps in this case to confirm and identify suspected malware. 2. Identify and delete malware from Program Files: Delete pup.exe and over.exe from Program Files if any from Program Files folder. For example, c:\Program Files\pup.exe or c:\Program Files\over.exe for Windows 98. 3. Empty Recycle Bin IDENTIFY AND TERMINATE THE MALWARE FROM MEMORY AND STARTUP 1. Stop malware from running in Task Manager. Open Task Manager, CTRL-ALT-DEL in Windows 98 (I'm not sure what it is for ME). Select the previously identified malware process and click End Task to stop it from running. I use Process Explorer mentioned in Prep Work above to help me identify program company names on unknown files or processes to avoid from operating blind but it's your choice to use it or not. 2. Remove malware from running at startup. Open msconfig from Start -> Run -> in the Open: box, type, msconfig -> click "OK" -> click on the Startup tab. With or without the help of Process Explorer, identify any malware in msconfig startup and disable it but don't restart the pc. Delete all previously identified malware program file(s) from the Windows system folder. If you can't delete any malware .exe files in the system folder because it's in use, repeat the above process and disable the program file in msconfig startup and then delete the malware program file from the system folder. Note: The program files produced by Thunderdome swap the .exe files in Windows Startup, and you would have to remove these .exe files this way also via msconfig. When all malware program files have been disabled from msconfig startup and removed from the system and program file folders, exit msconfig but DO NOT restart the pc before considering the next step of editing the registry. Technically, you could restart your PC here and the popups problem solved, but to save time from troubleshooting and dealing with unknown issues later, I like to do things right the first time, so I deleted a few keys from the registry (fast fix but be careful when editing registry) to be sure all malware is cleaned out. It's your choice to do it or not. It's time to edit the registry. REMOVE AUTOSTART ENTRIES FROM THE REGISTRY To prevent the malware from executing during startup: 1. Open Registry Editor. Click Start>Run, type Regedit then hit Enter. 2. In the left panel, double click the following: HKEY_LOCAL_MACHINE>Software>Microsoft> Windows>CurrentVersion>Run 3. In the right panel, locate and delete the entry or entries whose data value is the malware path and file name of the file/s detected earlier. For example, I have two Run keys in the registry. I found and deleted my two thunderdome malware programs, mgcvddn.exe and mgshli.exe, in the following registry key, HKEY_LOCAL_MACHINE>Software>Microsoft> Windows>CurrentVersion>Run- REMOVE OTHER ENTRY FROM THE REGISTRY To remove added registry key which it uses for configuring its programs. 1. Still in the Registry Editor, in the left panel, double-click the following: HKEY_LOCAL_MACHINE>Software>Microsoft> Windows>CurrentVersion>Explorer>pup 2. Still in the left panel, locate and delete the subkey: pup 3. Close Registry Editor. 4. Empty Recycle Bin 5. Shut Down and Restart PC in Normal Mode, and this should complete the removal of the popups. Double check your msconfig Starup Up and system folder for any remaining malware programs. All malware programs should be removed, but repeat the above steps if necessry. Once I check all programs are working properly, I deleted all temp and gid files, empty recycle bin, ran updated anti-virus and adware programs, scandisk, and defrag, and created a full backup. My computer runs faster and has been popup-free for five days now. Top Speed

Top Speed ... you're FANTASTIC! I can't thank you enough for taking the time and trouble to post that reply in such detail, just to help me out! If I could hug ya, I would! ;-) Bless you; I'm going to follow every step, and clean this darn machine up ... in tribute to you! Take care, and mucho gracias ;-)

I tried to be clear and post fixes that are proven to work to save everyone time, and I am glad I could help. One correction about the free antivirus software I am using. The free Sysclean sofware was downloaded from TrendMicro.com and not from microtrend.com as I stated. Hope I didn't mess anyone up too bad. Top Speed

Top Speed, Could you tell me the name of this virus/worm/adware in terms of trend micro's naming convention please? i have a friend with this problem and i like reading trends newletters and alerts but i couldnt find it on their pages. thanks for your time. grislyterror *There are 10 kinds of people in this world, those who know binary and those who don't*