Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

solve this problem


  • Please log in to reply

#1
window

window

    New Member

  • Member
  • Pip
  • 3 posts
[problem]
a single popup from Adult Friend Finder.com


[programs used]
Ad-Aware SE
Hijack This
Spybot Search and Destroy
Spyware Blaster
DSO Stop 2
Bazooka


[hijack this log]
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\first\Desktop\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programs\Spybot\SDHelper.dll
O4 - HKLM\..\Run: [SysMon] C:\windows\system32\mswkrwr32.exe


[spybot s&d log]
DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3


--- Spybot - Search && Destroy version: 1.3 ---
2004-05-12 Includes\LSP.sbi
2004-11-29 Includes\Cookies.sbi
2004-12-01 Includes\Dialer.sbi
2004-12-02 Includes\Hijackers.sbi
2004-12-01 Includes\Keyloggers.sbi
2004-12-01 Includes\Malware.sbi
2004-11-29 Includes\Revision.sbi
2004-11-29 Includes\Security.sbi
2004-12-01 Includes\Spybots.sbi
2004-12-01 Includes\Trojans.sbi
2004-11-29 Includes\Tracks.uti


[progress]
adawareSE--scans clean

hijackthis--you tell me

spywareblaster--scans clean

bazooka--scans clean

spybot s&d--using this program i have (4) re-occuring DSO (data sorce object) files that get listed as possible exploit, removal function is used but files remain after reboot/re-scan popup persists

i follow procedure found on http://security.grey...om/adv/gm001-ie about setting registery zone value to (3) this solved nothing popup remains



this is seriously pissing me off What the... must i do short of reinstall to kill 1 freaking popup
  • 0

Advertisements


#2
ELP44

ELP44

    New Member

  • Member
  • Pip
  • 5 posts
What is your operating System? Win98 - WinME - WinXP Home or Pro
WinXP SP2
  • 0

#3
window

window

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
WIN XP pro sp2
  • 0

#4
window

window

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
just installed McAfee Security Suite Pro

found a few virus/adware programs running that none of my others had found ..popups still wont stop
  • 0

#5
ELP44

ELP44

    New Member

  • Member
  • Pip
  • 5 posts
I Find Pop-Up Stopper Free virsion from Panicware to be of Great help.
You might wish to try it.
  • 0

#6
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.
O4 - HKLM\..\Run: [SysMon] C:\windows\system32\mswkrwr32.exe

Please reboot into safe mode (continually tap the F8 key while your system is starting, select Safe Mode from the menu).
Be sure you're able to view hidden files, and remove the following files in bold (if found):
C:\windows\system32\mswkrwr32.exe

Reboot your PC.

If you would please, rescan with HijackThis and post a fresh log in this same topic, and let us know how your system's working. smile.gif
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP