Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Web & Email Web & Email
Search Search
Search for:
Tech Support Guy > > >

Pop-up Ads at random times


(!)

Woofut's Avatar
Woofut Woofut is offline
Junior Member with 15 posts.
THREAD STARTER
 
Join Date: Nov 2003
16-Nov-2003, 09:32 PM #1
Pop-up Ads at random times
OK this is my second to last resort referring to you super smart guys on this forum, last resort would be reformat if i cant fix it here. Usually ad-aware can get rid of the back door programs that tend to spawn pop-ups and cuase problems all together. But ad-aware comes up with no problems but yet I get random pop-ups when im not even surfing the net, it is really annoying. Hijack this seems to be what starts the removal process so i went ahead and ran it.

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Winamp3\winampa.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Winamp3\winamp3.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Brian\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = +w
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [Win Services] svhost.exe
O4 - HKLM\..\Run: [Debug32] debug32.exe
O4 - HKLM\..\RunServices: [Win Services] svhost.exe
O4 - HKLM\..\RunServices: [Debug32] debug32.exe
O4 - HKCU\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: DriveSelect.lnk = C:\Program Files\321Studios\Xpress\DriveSelect.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {23B7A816-3647-49D2-9756-6F41CE8F9201} (ddm_download.ddm_control) - http://bins.dynamicdesktopmedia.com/cab/ddm_control.CAB
O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - http://dst.trafficsyndicate.com/Dnl/T_50038/QDow.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/pa.../GSManager.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {72D59B9C-1E59-4958-803A-ABDEE2D4CFA6} (DivX Player) - http://download.divx.com/player/DivXPlayerInstaller.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab

Thanks for any help....
Alex Ethridge's Avatar
Member with 8,539 posts.
 
Join Date: Apr 2000
Location: Birmingham, Alabama USA
Experience: 15 years of just doing it
17-Nov-2003, 03:53 AM #2
Windows Messenger has been rendered useless by Messenger spammers. The same will happen to e-mail if something isn't done about it. If this is a Windows Messenger problem, this is how you fix it:

How to Turn Off Windows Messenger Service

Windows 2000
Click Start-> Settings-> Control Panel-> Administrative Tools->Services
Scroll down and highlight "Messenger"
Right-click the highlighted line and choose Properties.
Click the STOP button.
Select Disable or Manual in the Startup Type scroll bar Click OK

Windows XP Home
Click Start->Settings ->Control Panel
Click Performance and Maintenance
Click Administrative Tools
Double-click Services
Scroll down and highlight "Messenger"
Right-click the highlighted line and choose Properties.
Click the STOP button.
Select Disable or Manual in the Startup Type scroll bar
Click OK

Windows XP Professional
Click Start->Settings ->Control Panel
Click Administrative Tools
Double-click Services
Scroll down and highlight "Messenger"
Right-click the highlighted line and choose Properties.
Click the STOP button.
Select Disable or Manual in the Startup Type scroll bar
Click OK

Windows NT
Click Start ->Control Panel
Double-click Administrative Tools
Select Services-> Double-click on Messenger
In the Messenger Properties window, select Stop,
Then choose Disable as the Startup Type
Click OK

Windows 98 and Windows 98 Second Edition
Click Start, point to Settings, click Control Panel, and then double-click Add/Remove Programs.
Click the Install/Uninstall tab, click Windows Messaging or Exchange, click the Add/Remove button, and then follow the instructions on the screen to remove the program. More detailed method follows;

Windows 95
Right-click Recycle Bin on the desktop, click Empty Recycle Bin, and then click Yes.
Click Start, point to Settings, click Control Panel, and then double-click Add/Remove Programs.
Click to clear the Microsoft Fax check box, click to clear the Windows Messaging or Exchange check box, click OK, and then restart your computer.
Woofut's Avatar
Woofut Woofut is offline
Junior Member with 15 posts.
THREAD STARTER
 
Join Date: Nov 2003
17-Nov-2003, 04:06 AM #3
ok i did that and lets hope they stop
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,703 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
17-Nov-2003, 04:44 AM #4
run hijackthis, tick all below, doublecheck to make sure you haven't missed any, close all browser windows & press fix checked

O4 - HKLM\..\Run: [Win Services] svhost.exe
O4 - HKLM\..\Run: [Debug32] debug32.exe
O4 - HKLM\..\RunServices: [Win Services] svhost.exe
O4 - HKLM\..\RunServices: [Debug32] debug32.exe


reboot & do a search for and delete these files (be careful about then names, they are probably in the system32 folder, they are not genuine windows files but either a virus/trojan or ad ware spawning parasites

svhost.exe
debug32.exe


before you delete the files can you send copies to me at: suspectfiles@oneknight.co.uk so we can get them analysed properly and find a fix for them
__________________
Derek Microsoft MVP/Windows - Security | Thespykiller | How to protect yourself and other Security Advice
Find out all about the European Wild Hedgehog, what you can do to save it from extinction Hedgehog Rescue
Woofut's Avatar
Woofut Woofut is offline
Junior Member with 15 posts.
THREAD STARTER
 
Join Date: Nov 2003
18-Nov-2003, 02:19 AM #5
Awesome i think that did it havent had any since i did that. And i sent those files to you. Thanks for the Help
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,703 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
18-Nov-2003, 09:00 AM #6
Thanks

I am having the files looked at and will keep you posted as to what they turn out to be
Metallica's Avatar
Metallica Metallica is offline Metallica is authorized to help remove malware.
Malware Removal Specialist with 692 posts.
 
Join Date: Jan 2003
19-Nov-2003, 04:43 PM #7
Quote:
Originally posted by dvk01:
Thanks

I am having the files looked at and will keep you posted as to what they turn out to be
Check your mailbox.
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,703 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
20-Nov-2003, 06:45 AM #8
according to kapersky those files are

debug32.exe Infected: Backdoor.Poobot.a
svhost.exe Infected: Backdoor.Poobot.b


so expect other av's to have a fix for them soon
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑