Desktop popup ads

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

vangeezer

Thread Starter
Joined
Mar 2, 2003
Messages
17
Hi, I've starting getting desktop popup ads at the rate of about one an hour,that have been useing the Windows system file CSRSS.EXE.The worst thing is when they popup during an online game.Does anyone know how to stop them?
Win xp sp1
Cheers Steve
 
Joined
May 28, 2003
Messages
2,366
If the pop-ups are coming from Window's messenger service, you can get rid of it by running Shoot the Messenger. If there are coming from adware, then try running Ad-Aware.
 

JohnWill

Retired Moderator
Joined
Oct 19, 2002
Messages
106,425
Uhh, forget turning off messenger, this is treating the symptom, not the disease! If you get Messenger pop-ups, that tells you loud and clear that your firewall protection is substandard or missing! Fix that, and you don't have to tinker with Messenger. If you don't fix that and turn off Messenger, all you've done is turn off the warning that you aren't protected.
 
Joined
Dec 28, 2002
Messages
1,983
Windows XP (Home edition)

Click Start > Settings > Control Panel.
Click Performance and Maintenance.
Click Administrative Tools.
Double click Services. Scroll down and highlight "Messenger".
Right click the highlighted line and choose Properties.
Click the Stop button.
Select Disable or Manual in the Startup Type scroll bar. Click OK.
*Note: using the Internet Connection Firewall that comes with XP also prevents these messages from appearing. In fact, Microsoft recommends you do this instead of completely turning off the messaging service.

Windows XP (Professional edition)

Click Start > Settings > Control Panel.
Click Administrative Tools.
Click Services.
Double click Services. Scroll down and highlight "Messenger".
Right click the highlighted line and choose Properties.
Click the Stop button.
Select Disable or Manual in the Startup Type scroll bar. Click OK.
*Note: using the Internet Connection Firewall that comes with XP also prevents these messages from appearing. In fact, Microsoft recommends you do this instead of completely turning off the messaging service.

Windows 2000

Click Start > Settings > Control Panel > Administrative Tools > Services.
Scroll down and highlight "Messenger".
Right click the highlighted line and choose Properties.
Click the Stop button.
Select Disable or Manual in the Startup Type scroll bar. Click OK.

Windows NT

Click Start > Control Panel.
Double Click Administrative Tools.
Select Services.
Double-click on Messenger.
In the Messenger Properties window, select Stop, then choose Disable as the Startup Type. Click OK.

http://www.ualberta.ca/HELP/how-tos/messenger.html
 

JohnWill

Retired Moderator
Joined
Oct 19, 2002
Messages
106,425
And can you explain why you'd ignore the obvious warning that you have no firewall protection?
 

TonyKlein

Malware Specialist
Joined
Aug 26, 2001
Messages
10,392
It could be that this particular CSRSS.EXE file is not the Windows system file, but a file by the same name located elsewhere. In that case the Messenger Service doesn't even come into it.

If it's the one I'm thinking of, it's a known Search page hijacker, redirecting to www.search-aide.com.

But it's hard to say from here. Let's have a closer look:
Go to http://tomcoyote.org/hjt/ , and download 'Hijack This!'.
Unzip, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log somewhere, and please show us its contents.

Most of what it lists will be harmless or even required, so do NOT fix anything yet.
Someone here will be happy to help you analyze the results.
 

vangeezer

Thread Starter
Joined
Mar 2, 2003
Messages
17
Thanks for the help

Logfile of HijackThis v1.97.2
Scan saved at 07:06:42, on 02/10/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\Smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\steve\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\Program Files\Copernic Agent\Web\SearchBar.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sharereactor.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Pro\CCHelper.dll
O2 - BHO: (no name) - {BF55256A-3B3B-11D2-B05B-000001145917} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Pro\popuppro.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\Smc.exe -startgui
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: MemoKit.lnk = C:\Program Files\MemoKit\mk.exe
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = ?
O8 - Extra context menu item: Search Using Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htm
O9 - Extra 'Tools' menuitem: Launch Copernic Agent (HKLM)
O9 - Extra button: Copernic Agent (HKLM)
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 (HKLM)
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 (HKLM)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37880.1917361111
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://F:\SuperCD\IntraLaunch.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top