[Metallica]

Can you delete
C:\WINDOWS\system32\ams491.dat

If it goes without a struggle then it isn't doing anything.

Let me know and tell me if you still had the problems since you deleted ntfsnlpa.exe

Regards,

[Advertisements]

I deleted the ams491.dat file without any problem. I haven't had any problems since deleting ntfsnlpa.exe. I have't been redirected and my favorites don't contain those URLs anymore. I'm wondering if this is gonna last for a long time...

[phantomas]

I deleted the ams491.dat file without any problem. I haven't had any problems since deleting ntfsnlpa.exe. I have't been redirected and my favorites don't contain those URLs anymore. I'm wondering if this is gonna last for a long time...

[Metallica]

Me too. I'll keep this thread open.
Let me know if you notice any changes.

All I could get ntfsnlpa.exe to do was to create that balloon.wav file (which you can delete as well, by the way)

Regards,

[phantomas]

I've just been redirected to an online pharmacy to buy viagra!

[Metallica]

Redirected? From where to where?

Please be as specific as possible, since that may narrow down the search considerably.

Regards,

[phantomas]

I get redirected from any site to online pharmacy or to online poker rooms. Last time i was redirected from geekstogo.com to a pills shop. This happens after surfing 5-6 web pages.

[Metallica]

Can you give me the exact URL where you are taken to?

Also let me know if that is the 5th or 6th window you open or if you visit them in the same window.

Regards,

[phantomas]

I started IE and after visiting 2 web sites i was redirected to http://onlinepokerroomweb.com/search.php?q=absolute%20poker

[Metallica]

That looks like a typical CWS affiliate

Can you surf to:
http://virusscan.jotti.org/

And have this file scanned:
C:\WINDOWS\system32\wininet.dll

Let me know the results.

Regards,

[phantomas]

The online malware scan didn't find anything. A short while ago ewido cleaned 3 spyware that have been reinstalling on my computer since this redirecting problem appeared. They are x.exe, rdsndin.exe and cisvvc.exe. The balloon.wav file was created again!

[Metallica]

Aha.

Can you download this customized version of HijackThis:
http://www.geekstogo...=download&id=50

and follow the instructions here to post a both.log
http://home.planet.n...on.html#BOTHLOG

Regards,

[Metallica]

Sorry

Wrong thread.

Edited by Metallica, 23 June 2005 - 08:13 AM.

[phantomas]

Do I have to download the things listed above or not?

[Metallica]

Ah yes.

The instructions for the both.log were meant for you. I just posted another one after that, that wasn't meant for you.

Regards,

[phantomas]

Here's a new url i've been redirected too a short time ago: http://greenviagra.c...y cialis online
So, what exactly do i have to do?