Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Pop Ups Going Crazy [RESOLVED]

Started by webangel , Mar 28 2006 05:44 AM

  • This topic is locked This topic is locked

#16
webangel
Posted 31 March 2006 - 01:53 PM

webangel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
:whistling: Well the pop ups have stopped. Now there still seems to be a problem. When I type up an e-mail or leave something on a message board, some things highlight themselves. Here is the kaspersky log.

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Friday, March 31, 2006 2:53:41 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 31/03/2006
Kaspersky Anti-Virus database records: 185336
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
G:\
H:\
I:\
J:\
L:\

Scan Statistics:
Total number of scanned objects: 150931
Number of viruses found: 28
Number of infected objects: 53
Number of suspicious objects: 0
Duration of the scan process: 01:11:24

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\OMG.class-37d0245a-1de30ec2.class Infected: Trojan-Downloader.Java.OpenStream.y skipped
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive1213.jar-72c10359-74be162b.zip/BlackBox.class Infected: Trojan.Java.ClassLoader.ak skipped
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive1213.jar-72c10359-74be162b.zip/VB.class Infected: Trojan.Java.ClassLoader.ak skipped
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive1213.jar-72c10359-74be162b.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.ah skipped
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive1213.jar-72c10359-74be162b.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-7d9368ec-68570960.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-7d9368ec-68570960.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-7d9368ec-68570960.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-7d9368ec-68570960.zip ZIP: infected - 3 skipped
C:\Program Files\PgcEdit\bin\pskill.exe Infected: not-a-virus:RiskTool.Win32.PsKill.k skipped
C:\Program Files\PgcEdit\PgcEdit.exe/Tcl/work/PGCEDIT/bin/pskill.exe Infected: not-a-virus:RiskTool.Win32.PsKill.k skipped
C:\Program Files\PgcEdit\PgcEdit.exe ZIP: infected - 1 skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP336\A0072472.exe Infected: not-a-virus:AdWare.Win32.DownloadWare.a skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP336\A0072558.exe Infected: Trojan-Downloader.Win32.Small.cdy skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP352\A0073228.exe Infected: not-a-virus:AdWare.Win32.WinAD.bo skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP392\A0075210.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP410\A0077174.exe Infected: not-a-virus:AdWare.Win32.RedSwoosh.b skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP410\A0077177.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP410\A0077179.dll Infected: Trojan-Downloader.Win32.Agent.agw skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP410\A0077180.exe Infected: Trojan-Downloader.Win32.Qoologic.ax skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP410\A0077181.dll Infected: Trojan-Downloader.Win32.Qoologic.ax skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP410\A0077182.exe Infected: Trojan-Downloader.Win32.Qoologic.ax skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP410\A0077183.exe Infected: Trojan-Downloader.Win32.Qoologic.ax skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP410\A0077184.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP410\A0077185.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP410\A0077186.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP410\A0077187.dll Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP410\A0077189.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP410\A0077231.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP410\A0077232.exe Infected: not-a-virus:AdWare.Win32.AdBlaster.d skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP410\A0077234.dll Infected: not-a-virus:AdWare.Win32.AdBlaster.c skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP410\A0077235.dll Infected: not-a-virus:AdWare.Win32.AdBlaster.b skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP410\A0077236.dll Infected: not-a-virus:AdWare.Win32.AdBlaster.b skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP411\A0077281.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP411\A0077306.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP411\A0077307.dll Infected: not-a-virus:AdWare.Win32.WinAD.bg skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP411\A0077308.dll Infected: not-a-virus:AdWare.Win32.Comet.c skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP411\A0077309.exe Infected: not-a-virus:AdWare.Win32.Mirar.d skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP411\A0077310.exe Infected: Trojan-Downloader.Win32.Small.afi skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP411\A0077311.exe Infected: Trojan.Win32.LowZones.am skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP411\A0077312.dll Infected: not-a-virus:AdWare.Win32.AdBlaster.b skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP411\A0077313.exe Infected: Trojan-Dropper.Win32.Small.qn skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP411\A0077314.dll Infected: not-a-virus:AdWare.Win32.AdBlaster.c skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP411\A0077315.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP411\A0077316.exe Infected: Trojan.Win32.Runner.h skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP411\A0077317.dll Infected: Trojan-Downloader.Win32.Qoologic.ax skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP411\A0077318.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP411\A0077319.dll Infected: not-a-virus:AdWare.Win32.Mirar.e skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP411\A0077321.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP411\A0077322.dll Infected: not-a-virus:AdWare.Win32.AdBlaster.b skipped
C:\WINDOWS\sngpw40.exe Infected: not-a-virus:AdWare.Win32.AdBlaster.d skipped
C:\WINDOWS\system32\ngpw40.exe Infected: not-a-virus:AdWare.Win32.AdBlaster.d skipped
C:\WINDOWS\system32\sms_msn40.exe Infected: not-a-virus:AdWare.Win32.AdBlaster.d skipped

Scan process completed.
  • 0

Advertisements

#17
Armodeluxe
Posted 01 April 2006 - 06:46 AM

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
See if the problem persists after deleting these files.

1. Click Start > Control Panel.

2. Double-click the Java icon (coffee cup) in the control panel. It will say "Java Plug-in" under the icon -

3. Under Temporary Internet Files, click the Delete Files button.

There are three options on this window to clear the cache - leave ALL 3 checked.
1. Downloaded Applets
2. Downloaded Applications
3. Other Files

4. Click OK on Delete Temporary Files window.
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

5. Click OK to leave the Java Control Panel.

Please download the Killbox.
Unzip it to the desktop.

1) Please run Killbox.

2) Select "Delete on Reboot". Click on "All Files".

3) Copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\WINDOWS\sngpw40.exe
C:\WINDOWS\system32\ngpw40.exe
C:\WINDOWS\system32\sms_msn40.exe

4) Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

5) Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "Yes" at the Do You Want to Reboot Now prompt.

After that, please post a new HijackThis log.
  • 0

#18
webangel
Posted 02 April 2006 - 02:22 PM

webangel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Thank you for your help. Something happened over the weekend and I had to reinstall my OS. So I won't be needing your assistance anymore. I really appreciate all the help you gave me. I am going to now have to find out what is going on with my video controller. I think that is the video card that I let the Geek Squad install for me. I don't know. I can't find the software that came with it so I have to ask them when I go to work on Tuesday what I can do. I have been doing searches all day trying to find out how to fix that problem. Anyway, :whistling: sorry I was rambling.. Just wanted to say thank you again for all of your help. I really am grateful for all your help. :blink: Thank you.
webangel
  • 0

#19
Armodeluxe
Posted 03 April 2006 - 04:49 AM

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Please take the following into consideration to maintain a clean computer.

You need an antivirus program asap. Pick one of these, they are free.
Antivir
AVG
Avast

Now you should go get a firewall. Don't rely on the Windows firewall as it monitors only incoming traffic. Pick one of these, they are all free.
Kerio
Zonealarm
Outpost
Sygate

I'll also recommend you to install a monitoring software which will monitor certain areas on your computer and will place alerts when those are being modified. One such software I'll recommend is Prevx, but it's for advanced users as the messages it displays can be hard to decipher. One other similar but more user friendly software is Winpatrol. Both are free programs.
Winpatrol
Prevx

Visit Windows Update regularly to get the latest security updates.You can also enable automatic updates.Your antivirus software and antispyware programs should also be updated regularly. Make a habit of running scans on a timely basis. Be careful about what you download, scan every file before clicking on it.

Additional programs to consider:

Spywareblaster Prevents the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.Blocks spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.Restricts the actions of potentially unwanted sites in Internet Explorer.
Spywareguard An anti-virus program scans files before you open them and prevents execution if a virus is detected - SpywareGuard does the same thing, but for spyware!
IE/Spyad
Adds a list of malicious sites to your Restricted Sites Zone.
Firefox An alternate browser safer than IE

A good article to read:
So how did I get infected in the first place?

Regards,

Armodeluxe
  • 0

#20
webangel
Posted 03 April 2006 - 05:53 AM

webangel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
I went and added everything that you suggested. Thank you so much again for all your help. :whistling:
webangel
  • 0

#21
Armodeluxe
Posted 03 April 2006 - 06:29 AM

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :whistling:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP