After everything I done to get this computer working alright so I thought I wrote in too soon to say it was fixed and that damn ad was gone but it came back after I downloaded the exact same programs I get my INTERNET going I get the same driver for my graphics then I download IE 6 SP1 first because if I don't I can't get the windows update page to work do all the updates then I download Ad-Aware SE then my anti virus Avast when thats all done I go to a website or anywhere the same ad came up SAME MESSAGE. File Name-blank.js
File type: JScript Script File
From: banners.pennyweb.com
I have to keep clicking on open to open the site or my mail. Why would this same ad pop up after I FDISK and Formatted my computer twice used Spy bot - Ad-aware- and my anti virus I am near nuts trying to figure this ad out as I use a vo ip service for my phone which I started having trouble with and the ISP service thinks my computer is the culprit can anybody figure this out or will I save my money to take it to a shop, any help appreciated, thank you suzieQ

susieQ

I believe in previous threads it was explained that you need a firewall in place BEFORE going on the internet. AdawareSE doesn't stop spyware from infecting your computer. It helps remove it after the fact. Spybot Search & Destroy has a feature called immunize. When using this feature you restrict certain sites from connecting to your computer. banners.pennyweb.com appears to be an adware site. As such it is probably on the list of sites that are removed when you run the aforementioned utilities. You need to keep adaware and spybot up to date. That means checking for updates and applying them at least weekly. If you downloaded AdawareSE and ran it without updating it is just about useless. Run Spybot and READ how to immunize. If you don't understand come back here and ask.
One more thing. Adware/ spyware is a fact of life. Get used to it. All you can hope for is to keep it under control. Get behind a router.

Post the link that you use to download AdawareSE and Avast.

Hi suzieQ, OtheHill, hi everyone

suzieQ's earlier thread on this subject:
Why can't I get rid of this Ad
(http://www.computing.net/windows95/wwwboard/forum/169591.html)

For the most part I have to agree with OtheHill's above response #1, but I do want to point out that a (hardware) router doesn't keep Adware/Spyware and such out side.

One gets infected with those pests, unknowingly, surfing the internet, visiting particular or genuine looking sites, while downloading again unknowingly (deliberately) infected files, opening unknown emails, attachments. Those pests can also just as well be included in backup files, emails etc., you restore after reinstallation. At least that is my current understanding on the matter.

Perhaps in this instance you are better of in the Security and Virus section or maybe suzi and friends at Spyware Warrior Forums are able to help you out, ASAP* member.
(http://www.computing.net/security/wwwboard/wwwboard.html)
(http://www.spywarewarrior.com/index.php)

* Alliance of Security Analysis Professionals

Best Regards and Wishes,
The Count, Co-webmaster of mesich.com

Count

I agree with all you say. The old thread was quite long I believe and much advice was dispensed. I asked about the download site because some host sites for freeware are to be avoided.

It must be downloading from what should be a safe site.

Download hijackthis and run it. I think I gave a link in your previous thread. Then post back the log.

One fix seems to be to associate it with the loopback IP address 127.0.0.1 in your Hosts.sam file. But let's see what hijackthis looks like.

Count;
I haven't seen you in a while. Good to hear from you again. Good advice and good site link.

SuzieQ is there any chance you are reinstalling the original source files or programs that cause this?

RandyL

Hi Count good to hear from you again and otheHill and DAVEINCAPS thank you for your help I believe you were right DAVE when I tried to download Winzip to open the hijack program I got a message a required MSVBVM69.DLL was not found so I installed the visual basic 6.0 runtime I got winzip to work and ran the hijack scan. I sufed to a few sites opened some mail to see if the Ad would come back it hasn't, I can't post the log here but it looked ok to me I really think it might be the missing files again thank you all for your help and if it comes back I'll go to security area to post,suzieQ

OK, if you post in the security forum you might want to let me know as I usually don't hang out there. But hopefully you've gotten it fixed.

Hi DAVE I guess I will have to go to security the damn AD is back I just don't get it, the same one pops up and I have to open it to continue to browse. Computing net said I couldn't post the hijack log here for some reason Computing net said not to post Hijacks. So after work I will post in security or throw the damn thing out the window, thanks again for your help.suzieQ

Run MSCONFIG to see if anything suspicious is loading at startup & disable it. Download & run CCleaner...run the cleaner & also scan for issues...fix all you find. Run your anti-v & spyware scans from safe mode.

Get your software from here:

http://www.filehippo.com/

FLATURIN - Hand-to-mouth goodness. It's good!

As far as I know you can still post a log. But (call it an) 'advisory notice' comes up everytime the word 'hijackthis' is part of a message. It's just there to make sure you have a good reason for posting it. Some people would post a log, make some changes, post another log, etc.

Or you could email me the log. Do you have my address from the file I sent last time? I'm curious why this is getting on your system when the sites should be safe.

Hi DAVE here is my advisory and Jam I did what you said ran theccleaner everything seemed to be fine there also so here it is DAVE again thanks for all your help I must of lost your email not thinking this computer glitch is driving me crazy lol suzieQ
Hi DAVE here is my Advisory . I must of lost your address I thought I kept it but this computer is driving me nuts haha anyway here goes I also did the msconfig stuff and ran ccleaner I didn't see a problem again DAVE thanks for your help.suzieQ
Logfile of Advisory v1.99.1

Scan saved at 12:23:52 AM, on 6/23/07

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE

C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE

C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\IGFXTRAY.EXE

C:\WINDOWS\SYSTEM\HKCMD.EXE

C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE

C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\WINDOWS\SYSTEM\RPCSS.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\SKILLRIDE\GAME.EXE

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE

C:\PROGRAM FILES\Advisory\Advisory.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [SystemTray] SysTray.Exe

O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\SYSTEM\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\SYSTEM\hkcmd.exe

O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE

O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE

O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE

O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe

O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html

O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html

O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html

O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html

O16 - DPF: TruePass EPF 7,0,100,730 - https://blrscr3.egs-seg.gc.ca/applets/entrusttruepassapplet-epf.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewo...

O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v1...

O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v1...

O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v1...

O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v1...

O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagame...

This entry looks odd:

C:\PROGRAM FILES\Advisory\Advisory.EXE

The hijackthis analyzer didn't know what it was. I googled advisory.exe and got no hits related to a file by that name. That rarely happens for a legitimate file. But if you know what it's for then it may be OK.

If you want, send me a copy of that file and I'll see if running it causes that popup. Just click on my name.

The rest of the entries looked like they were OK.

Hi suzieQ, OtheHill, DAVEINCAPS, RandyL, jam, hi everyone

suzieQ, RandyL it's good to hear from you all as well. It has been too long... but the bright sight is that I always return home. :-)

suzieQ, DAVEINCAPS there is this song in my head again. ;-)

A side from the odd entry DAVEINCAPS noticed, I don't see anything fishy either... thus cannot be much of help at this point. :-(

Best Regards and Wishes,
The Count, Co-webmaster of mesich.com

Sorry DAVEINCAPS I put those words in I thought I was suppose to take out the word hijack and use Advisory so that is why they are there before that the word was Hijack this; both time sorry for the confusion but you have to remember its me suzieQ not the sharpest knife in the drawer but I did get to hear from a few old friends which is always nice I guess I 'll just keeping opening the Ad up until I figure something else out as always you guys/gals are the greatest when I come here for help It is never an easy problem I have but you still help me so much and it is greatly appreciated and I don't suppose another format is any good. The difference in the last format was I didn't have MSVBVM60.DLL files were missing I had to run a visual basic runtime never had to do that before I think IE 6 SP1 might be the culprit I'll fish around to see what I can dig up thank you friends,suzieQ

Hi suzieQ, OtheHill, DAVEINCAPS, RandyL, jam, hi everyone

suzieQ, I have been looking for "banners.pennyweb.com" at Spyware Warrior Forums, ASAP* member, their were 11 matches. I have skimmed through most of them and I do believe the folks, suzi and her friends, there do know how to eliminate banners.pennyweb.com and stop your nightmare.
(http://www.spywarewarrior.com/index.php)

* Alliance of Security Analysis Professionals

Best Regards and Wishes,
The Count, Co-webmaster of mesich.com