1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Desktop popup ads

Discussion in 'Windows XP' started by vangeezer, Sep 29, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. vangeezer

    vangeezer Thread Starter

    Joined:
    Mar 2, 2003
    Messages:
    17
    Hi, I've starting getting desktop popup ads at the rate of about one an hour,that have been useing the Windows system file CSRSS.EXE.The worst thing is when they popup during an online game.Does anyone know how to stop them?
    Win xp sp1
    Cheers Steve
     
  2. BillC

    BillC

    Joined:
    May 28, 2003
    Messages:
    2,366
    If the pop-ups are coming from Window's messenger service, you can get rid of it by running Shoot the Messenger. If there are coming from adware, then try running Ad-Aware.
     
  3. JohnWill

    JohnWill Retired Moderator

    Joined:
    Oct 19, 2002
    Messages:
    106,418
    Uhh, forget turning off messenger, this is treating the symptom, not the disease! If you get Messenger pop-ups, that tells you loud and clear that your firewall protection is substandard or missing! Fix that, and you don't have to tinker with Messenger. If you don't fix that and turn off Messenger, all you've done is turn off the warning that you aren't protected.
     
  4. KeithKman

    KeithKman

    Joined:
    Dec 28, 2002
    Messages:
    1,983
    Windows XP (Home edition)

    Click Start > Settings > Control Panel.
    Click Performance and Maintenance.
    Click Administrative Tools.
    Double click Services. Scroll down and highlight "Messenger".
    Right click the highlighted line and choose Properties.
    Click the Stop button.
    Select Disable or Manual in the Startup Type scroll bar. Click OK.
    *Note: using the Internet Connection Firewall that comes with XP also prevents these messages from appearing. In fact, Microsoft recommends you do this instead of completely turning off the messaging service.

    Windows XP (Professional edition)

    Click Start > Settings > Control Panel.
    Click Administrative Tools.
    Click Services.
    Double click Services. Scroll down and highlight "Messenger".
    Right click the highlighted line and choose Properties.
    Click the Stop button.
    Select Disable or Manual in the Startup Type scroll bar. Click OK.
    *Note: using the Internet Connection Firewall that comes with XP also prevents these messages from appearing. In fact, Microsoft recommends you do this instead of completely turning off the messaging service.

    Windows 2000

    Click Start > Settings > Control Panel > Administrative Tools > Services.
    Scroll down and highlight "Messenger".
    Right click the highlighted line and choose Properties.
    Click the Stop button.
    Select Disable or Manual in the Startup Type scroll bar. Click OK.

    Windows NT

    Click Start > Control Panel.
    Double Click Administrative Tools.
    Select Services.
    Double-click on Messenger.
    In the Messenger Properties window, select Stop, then choose Disable as the Startup Type. Click OK.

    http://www.ualberta.ca/HELP/how-tos/messenger.html
     
  5. JohnWill

    JohnWill Retired Moderator

    Joined:
    Oct 19, 2002
    Messages:
    106,418
    And can you explain why you'd ignore the obvious warning that you have no firewall protection?
     
  6. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    It could be that this particular CSRSS.EXE file is not the Windows system file, but a file by the same name located elsewhere. In that case the Messenger Service doesn't even come into it.

    If it's the one I'm thinking of, it's a known Search page hijacker, redirecting to www.search-aide.com.

    But it's hard to say from here. Let's have a closer look:
    Go to http://tomcoyote.org/hjt/ , and download 'Hijack This!'.
    Unzip, doubleclick HijackThis.exe, and hit "Scan".

    When the scan is finished, the "Scan" button will change into a "Save Log" button.
    Press that, save the log somewhere, and please show us its contents.

    Most of what it lists will be harmless or even required, so do NOT fix anything yet.
    Someone here will be happy to help you analyze the results.
     
  7. vangeezer

    vangeezer Thread Starter

    Joined:
    Mar 2, 2003
    Messages:
    17
    Thanks for the help

    Logfile of HijackThis v1.97.2
    Scan saved at 07:06:42, on 02/10/2003
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sygate\SPF\Smc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\WINDOWS\Mixer.exe
    C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Logitech\ImageStudio\LowLight.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Raxco\PerfectDisk\PDSched.exe
    C:\Program Files\eMule\emule.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\steve\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\Program Files\Copernic Agent\Web\SearchBar.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sharereactor.com/
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Pro\CCHelper.dll
    O2 - BHO: (no name) - {BF55256A-3B3B-11D2-B05B-000001145917} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Pro\popuppro.dll
    O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /startup
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\Smc.exe -startgui
    O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Startup: MemoKit.lnk = C:\Program Files\MemoKit\mk.exe
    O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = ?
    O8 - Extra context menu item: Search Using Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htm
    O9 - Extra 'Tools' menuitem: Launch Copernic Agent (HKLM)
    O9 - Extra button: Copernic Agent (HKLM)
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 (HKLM)
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 (HKLM)
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37880.1917361111
    O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://F:\SuperCD\IntraLaunch.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/168292

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice