Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Non-stop pop-ups


  • Please log in to reply

#16
Herb119

Herb119

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Unfortunately, I have received five pop-ups in the last five minutes. They have come at a pretty regular pace -- about once a minute.

Thank you for all of your help with this!
  • 0

Advertisements


#17
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,676 posts
Still Iwantsearch?

Download the RKFiles.zip from here:
http://skads.org/special/rkfiles.zip
1. Reboot into safe mode
2. Open the C:\Antispyware\RKFiles folder
* Locate and double-click the RKFILES.BAT to run this tool.
* Sit back and wait untill its finished.
* When it is finally finished a text file will open.
* Save the contents of that text file.
Note: It should save by default to C:\Log.txt
3. Reboot back to Normal Mode.
4. Post the log

Regards,
  • 0

#18
Herb119

Herb119

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
I will do that. But first, I want to tell you that I do get the same IE Script Error message at every pop-up, so I do not know if that means anything.

It says

Line: 10
Char: 1
Error: Access is denied
Code: 0
URL: http://www.getfound....icrosoft office

The popid changes with each error message.

Does this mean anything?

Thank you.

Scott
  • 0

#19
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,676 posts
The good news is that the bad scripts are not working either.

Let's get rid of them first and then fix the scripting errors.

One thing you can do before you make the rkfiles log:

Reboot into safe mode and use the Disk Cleanup Utility to empty all your Temp folders.

Regards,
  • 0

#20
Herb119

Herb119

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Hello.

Sorry for the delay. I have been away for a while.

Here is the log from the RKFiles. I have also run the Disk Cleanup Utility, which I did before I did the RKFiles.

I also have another problem. Sometimes while I am online my screen will go black, then everything will reappear when I move the mouse. It does not seem to change anything or do anything to what I was working on, it just blacks out momentarily. It will do this usually once, but sometimes two or three times within the same minute.

Thank you for all of your help and input.

Here is the log:

C:\Documents and Settings\The Moe Family\My Documents\My Downloads\rkfiles

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Files Found in system Folder............
------------------------
C:\WINDOWS\system32\dfrg.msc: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213
C:\WINDOWS\silent_install.exe: PEC2

Files Found in all users startup Folder............
------------------------
Files Found in all users windows Folder............
------------------------
C:\WINDOWS\Unwash5.exe: UPX!
Finished
bye
  • 0

#21
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,676 posts
Please delete:

The installer for Elitebar: C:\WINDOWS\silent_install.exe

If you still get popups can you let me know the source please?

Regards,
  • 0

#22
Herb119

Herb119

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
I did what you said, then rebooted my computer. I got one pop-up thus far, but sometimes I get 3 or 4 right away, so hopefully that is a good sign. How do I find out the source of pop-ups?

Thank you for your help.
  • 0

#23
Herb119

Herb119

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Unfortunately, the pop-ups are still coming at a pretty good rate.

Should I do another HijackThis?

Thank you.
  • 0

#24
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,676 posts
Your log is clean, so that's not much use.

Rightclick the popups and choose properties.
Let me know what they have in common.

Regards,
  • 0

#25
Herb119

Herb119

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Hello.

Here are 7 pop-ups. They are all hyeper text transfer protocol.

Here are their URLs:

http://moogoo.redirectu.com/category/index_kancat.php
http://moogoo.redirectu.com/category/index...&keyword=sport%[/url]
http://www.automaticbuilder.com/company1120/newglobe5_form5.jpg
http://66.220.17.155/ads/amp/DGSWMorgageTag1x1.html
http://c5.zedo.com/OzoDB/7/h/93597/V1/PB_720x300_2.gif
http://66.220.17.155/ads/amp/DGSWShoppingTag1x1.html
http://66.220.17.155/ads/amp/ZonedatingTag1x1.html

I hope this help.

Thank you for your assistance.

Edited by Metallica, 29 June 2005 - 12:35 PM.

  • 0

Advertisements


#26
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,676 posts
C2 Media ??

Download and unzip to one folder:
http://metallica.gee...com/findlop.zip

Inside the folder find findlop.bat

Doubleclick it and it will create the file C:\findlop.txt
Find that file and copy the content into your next post

I will disable the links you posted so people don't click them by accident

Regards,
  • 0

#27
Herb119

Herb119

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Hello,

I did as you instructed, and here is the notepad file that was created.

Thank you again.

Scott

[TRACE] Enumerating jobs and queues
[TRACE] Activating job '3A4A1BB8F2C1A4BC.job'
[TRACE] Printing all job properties

ApplicationName: 'c:\docume~1\themoe~1\applic~1\grimdo~1\Eachblahplan.exe'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'The Moe Family'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 06/29/2005 23:00:00
NextRun: 06/30/2005 0:00:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 1
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 10/13/1995
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'McAfee.com Scan for Viruses - My Computer (ANDREWSTOY-T
he Moe Family).job'
[TRACE] Printing all job properties

ApplicationName: 'c:\program files\mcafee.com\vso\mcmnhdlr.exe'
Parameters: '/runtask:0'
WorkingDirectory: 'c:\program files\mcafee.com\vso'
Comment: 'McAfee.com Scan for Viruses - My Computer'
Creator: 'The Moe Family'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 07/01/2005 20:00:00
StartError: SCHED_S_TASK_HAS_NOT_RUN
ExitCode: 0
Status: SCHED_S_TASK_HAS_NOT_RUN
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Weekly
WeeksInterval: 1
DaysOfTheWeek: .....F.
StartDate: 09/16/2004
EndDate: 00/00/0000
StartTime: 20:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'McAfee.com Update Check (ANDREWSTOY-The Moe Family).job
'
[TRACE] Printing all job properties

ApplicationName: 'C:\PROGRA~1\mcafee.com\agent\mcupdate.exe'
Parameters: '/Schedule'
WorkingDirectory: 'C:\PROGRA~1\mcafee.com\agent'
Comment: 'McAfee SecurityCenter periodically checks for updates for your McAfee Services.'
Creator: 'The Moe Family'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 06/30/2005 0:27:00
StartError: SCHED_S_TASK_HAS_NOT_RUN
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 06/30/2005
EndDate: 00/00/0000
StartTime: 00:27
MinutesDuration: 1440
MinutesInterval: 5
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0
  • 0

#28
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,676 posts
Good job.

Copy the part in bold below into notepad and save it as remlop.bat
Set filetype to "All files" and save it in the same fol;der as findlop.bat

@echo off
jt /sd 3A4A1BB8F2C1A4BC.job
if exist c:\tasks.txt del c:\tasks.txt
jt /se >>c:\tasks.txt


Doubleclick that file to run it and reboot into safe mode and delete this folder:

c:\documents and settings\themoe~1\application data\grimdo~1 <= abbreviated, I completed the foldernames for as far as I knew them. If need be you can do a Find files for Eachblahplan.exe and delete the entire folder it's in.

Regards,
  • 0

#29
Herb119

Herb119

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
OK.

I did as you instructed. Do I now just wait to see if the pop-ups are still coming?

Thank you.
  • 0

#30
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,676 posts
I hope they will stay away. Let me know if they don't.

If you have a folder called C2Media in C:\Program Files you can delete that C2Media folder.

Regards,
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP