Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help! Persistent popups!


  • Please log in to reply

#76
vrtclsmile

vrtclsmile

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
Yes, I don't have that folder - can I ask one more question?

Of all the tools I installed, can I get rid of any? Also, what is the best protection available for what I just went thru?

Thanks!
  • 0

Advertisements


#77
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
Follow the lead in my signature for tips on protection.

All the tools you got to make logs can be discarded.

You can also uninstall HijackThis and Killbox if you don't expect to get in trouble soon. :tazz:
They are both powerful tools and not something you would want an inexperienced user to play around with.

Regards,

Pieter
  • 0

#78
vrtclsmile

vrtclsmile

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
The bottom line is - I'M CURED!

I can't thank CoachWife and Metallica enough for their hard work and perserverance!

My lesson to everyone is: STAY WITH IT - it CAN be cured and the experience gained helps EVERYONE ELSE!

You guys are great and can be very proud of your (uncompensated) work!

Best regards,

Jerry
  • 0

#79
vrtclsmile

vrtclsmile

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
Whoops! One more thing!

This may not be a problem, but when I open the "Add/Remove Programs" dialog from Control Panel, AVG virus detecetor pops up and says the Clicker 7 virus was found in a file named win2update.dll.

Is this a problem, or I do I just need to tell it to "delete" every time?

Thanks!
  • 0

#80
vrtclsmile

vrtclsmile

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
Ouch - Spyware Guard won't successfully run on my system - I get a message that the ActiveX component could not be installed, then the fatal error screen - this may be due to the changes made previously ini the Win security settings.

Any thoughts?
  • 0

#81
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
I have trouble getting it to work at times also.

What's the exact name of the virus? Or is it a trojan clicker?

(You couldn't stay away, could you?) :tazz:
  • 0

#82
vrtclsmile

vrtclsmile

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
It's a trojan clicker - if you still need the exact name, I'll have to get it this afternoon. I tell AVG to delete it, heal it, etc., it still comes back every time I open the "Add/Remove Programs" dialog.

(No, I've grown accustomed to your logo) :tazz:
  • 0

#83
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
OK. Let me look around. Will be later today. :tazz:
  • 0

#84
vrtclsmile

vrtclsmile

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
The file is C:\WINDOWS\SYSTEM\WINUP2DATE.DLL and the "virus" is Clicker.7.AV

Thanks!
  • 0

#85
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Find that dll, scan the dll with avg and clean it or quarantine it, etc.

You can also try scanning with panda. I think you have that on your system already. See if it finds it.
  • 0

Advertisements


#86
vrtclsmile

vrtclsmile

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
Unfortunately, I still have a problem with WINUP2DATE - KillBox and AVG can't make it stay gone, just like the other files. Something restores it when I open the Control Panel window (i used to think it was the Add/Remove programs, but it just takes aminute for AVG to pop up). Avg pops up and I tell it to delete it, which it seems to do until I reopen Control Panel, then it's back.

We seem to have a secret installer somewhere (again) - what to do next? :tazz:
  • 0

#87
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
Hang on I have an idea.
Everyone, be quiet. Gone before you know it.

Purol.A was a internet worm that used the Control panel to start from
Maybe they are using a similar technique.

Please do this:
Click Start > Run > type or copy&paste regedit /e c:\cplstart.txt "HKEY_USERS\.DEFAULT\Control Panel\Desktop" > OK

This will create the file c:\cplstart.txt
Find it and post what's inside please.

Regards,

Pieter
  • 0

#88
vrtclsmile

vrtclsmile

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
OK, here's the log:

REGEDIT4

[HKEY_USERS\.DEFAULT\Control Panel\Desktop]
"DragFullWindows"="0"
"FontSmoothing"="0"
"Wallpaper"=""
"TileWallpaper"="0"
"ScreenSaveTimeOut"="600"
"UserPreferencemask"=hex:be,00,00,00
"WallpaperStyle"="0"
"MenuShowDelay"="0000"
"MenuDropAlignment"="0000"
"ScreenSaveActive"="0"
"ScreenSaveUsePassword"=dword:00000000
"ForegroundLockTimeout"=hex:98,3a,00,00
"ScreenSaveLowPowerActive"="0"
"ScreenSavePowerOffActive"="0"


Thanks!

[HKEY_USERS\.DEFAULT\Control Panel\Desktop\WindowMetrics]
"Shell Icon BPP"="16"
"IconSpacingFactor"="100"
"BorderWidth"="-15"
"ScrollWidth"="-195"
"ScrollHeight"="-195"
"CaptionWidth"="-270"
"CaptionHeight"="-270"
"SmCaptionWidth"="-225"
"SmCaptionHeight"="-225"
"MenuWidth"="-270"
"MenuHeight"="-270"
"CaptionFont"=hex:08,00,00,00,00,00,00,00,bc,02,00,00,00,00,00,00,00,00,4d,53,\
20,53,61,6e,73,20,53,65,72,69,66,00,d0,46,00,00,48,7e,00,00,30,7e,ef,c0,00,\
00,00,00,01,00
"SmCaptionFont"=hex:07,00,00,00,00,00,00,00,90,01,00,00,00,00,00,00,00,00,4d,\
53,20,53,61,6e,73,20,53,65,72,69,66,00,d0,46,00,00,48,7e,00,00,30,7e,ef,c0,\
00,00,00,00,01,00
"MenuFont"=hex:08,00,00,00,00,00,00,00,90,01,00,00,00,00,00,00,00,00,4d,53,20,\
53,61,6e,73,20,53,65,72,69,66,00,d0,46,00,00,48,7e,00,00,30,7e,ef,c0,00,00,\
00,00,01,00
"StatusFont"=hex:08,00,00,00,00,00,00,00,bc,02,00,00,00,00,00,00,00,00,4d,53,\
20,53,61,6e,73,20,53,65,72,69,66,00,d0,46,00,00,48,7e,00,00,30,7e,ef,c0,00,\
00,00,00,01,00
"MessageFont"=hex:08,00,00,00,00,00,00,00,90,01,00,00,00,00,00,00,00,00,4d,53,\
20,53,61,6e,73,20,53,65,72,69,66,00,d0,46,00,00,48,7e,00,00,30,7e,ef,c0,00,\
00,00,00,01,00
"IconFont"=hex:06,00,00,00,00,00,00,00,90,01,00,00,00,00,00,00,00,00,4d,53,20,\
53,61,6e,73,20,53,65,72,69,66,00,07,1f,89,00,08,00,00,00,00,00,00,00,90,01,\
00,00,00,00
"IconSpacing"="-1125"
"IconVerticalSpacing"="-1125"
"Shell Icon Size"="32"

[HKEY_USERS\.DEFAULT\Control Panel\Desktop\ResourceLocale]
@="00000409"
  • 0

#89
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
~Mmmmm. It was just an idea. ~

That looks OK at first sight.
Let me chew on that a bit more.

Regards,

Pieter
  • 0

#90
vrtclsmile

vrtclsmile

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
Thanks for the mastication!

The only time the winup2date file actually exists is as the moment I open Control Panel - within a few seconds AVG pops up and I use AVG to delete it. It seems to stay gone until I open Control Panel again.

Thanks again.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP