1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Pop-up Ads at random times

Discussion in 'Web & Email' started by Woofut, Nov 16, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. Woofut

    Woofut Thread Starter

    Joined:
    Nov 16, 2003
    Messages:
    15
    OK this is my second to last resort referring to you super smart guys on this forum, last resort would be reformat if i cant fix it here. Usually ad-aware can get rid of the back door programs that tend to spawn pop-ups and cuase problems all together. But ad-aware comes up with no problems but yet I get random pop-ups when im not even surfing the net, it is really annoying. Hijack this seems to be what starts the removal process so i went ahead and ran it.

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Winamp3\winampa.exe
    C:\Program Files\ASUS\Probe\AsusProb.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Winamp3\winamp3.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Brian\Desktop\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = +w
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
    O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run
    O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
    O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
    O4 - HKLM\..\Run: [Win Services] svhost.exe
    O4 - HKLM\..\Run: [Debug32] debug32.exe
    O4 - HKLM\..\RunServices: [Win Services] svhost.exe
    O4 - HKLM\..\RunServices: [Debug32] debug32.exe
    O4 - HKCU\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - Global Startup: DriveSelect.lnk = C:\Program Files\321Studios\Xpress\DriveSelect.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O16 - DPF: {23B7A816-3647-49D2-9756-6F41CE8F9201} (ddm_download.ddm_control) - http://bins.dynamicdesktopmedia.com/cab/ddm_control.CAB
    O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} - http://dst.trafficsyndicate.com/Dnl/T_50038/QDow.cab
    O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...ple.com/drakken/us/win/QuickTimeInstaller.exe
    O16 - DPF: {72D59B9C-1E59-4958-803A-ABDEE2D4CFA6} (DivX Player) - http://download.divx.com/player/DivXPlayerInstaller.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    Thanks for any help....
     
  2. Alex Ethridge

    Alex Ethridge

    Joined:
    Apr 10, 2000
    Messages:
    8,678
    Windows Messenger has been rendered useless by Messenger spammers. The same will happen to e-mail if something isn't done about it. If this is a Windows Messenger problem, this is how you fix it:

    How to Turn Off Windows Messenger Service

    Windows 2000
    Click Start-> Settings-> Control Panel-> Administrative Tools->Services
    Scroll down and highlight "Messenger"
    Right-click the highlighted line and choose Properties.
    Click the STOP button.
    Select Disable or Manual in the Startup Type scroll bar Click OK

    Windows XP Home
    Click Start->Settings ->Control Panel
    Click Performance and Maintenance
    Click Administrative Tools
    Double-click Services
    Scroll down and highlight "Messenger"
    Right-click the highlighted line and choose Properties.
    Click the STOP button.
    Select Disable or Manual in the Startup Type scroll bar
    Click OK

    Windows XP Professional
    Click Start->Settings ->Control Panel
    Click Administrative Tools
    Double-click Services
    Scroll down and highlight "Messenger"
    Right-click the highlighted line and choose Properties.
    Click the STOP button.
    Select Disable or Manual in the Startup Type scroll bar
    Click OK

    Windows NT
    Click Start ->Control Panel
    Double-click Administrative Tools
    Select Services-> Double-click on Messenger
    In the Messenger Properties window, select Stop,
    Then choose Disable as the Startup Type
    Click OK

    Windows 98 and Windows 98 Second Edition
    Click Start, point to Settings, click Control Panel, and then double-click Add/Remove Programs.
    Click the Install/Uninstall tab, click Windows Messaging or Exchange, click the Add/Remove button, and then follow the instructions on the screen to remove the program. More detailed method follows;

    Windows 95
    Right-click Recycle Bin on the desktop, click Empty Recycle Bin, and then click Yes.
    Click Start, point to Settings, click Control Panel, and then double-click Add/Remove Programs.
    Click to clear the Microsoft Fax check box, click to clear the Windows Messaging or Exchange check box, click OK, and then restart your computer.
     
  3. Woofut

    Woofut Thread Starter

    Joined:
    Nov 16, 2003
    Messages:
    15
    ok i did that and lets hope they stop
     
  4. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,806
    run hijackthis, tick all below, doublecheck to make sure you haven't missed any, close all browser windows & press fix checked

    O4 - HKLM\..\Run: [Win Services] svhost.exe
    O4 - HKLM\..\Run: [Debug32] debug32.exe
    O4 - HKLM\..\RunServices: [Win Services] svhost.exe
    O4 - HKLM\..\RunServices: [Debug32] debug32.exe


    reboot & do a search for and delete these files (be careful about then names, they are probably in the system32 folder, they are not genuine windows files but either a virus/trojan or ad ware spawning parasites

    svhost.exe
    debug32.exe


    before you delete the files can you send copies to me at: [email protected] so we can get them analysed properly and find a fix for them
     
  5. Woofut

    Woofut Thread Starter

    Joined:
    Nov 16, 2003
    Messages:
    15
    Awesome i think that did it havent had any since i did that. And i sent those files to you. Thanks for the Help
     
  6. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,806
    Thanks

    I am having the files looked at and will keep you posted as to what they turn out to be
     
  7. Metallica

    Metallica Malware Specialist

    Joined:
    Jan 28, 2003
    Messages:
    692
    Check your mailbox. ;)
     
  8. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,806
    according to kapersky those files are

    debug32.exe Infected: Backdoor.Poobot.a
    svhost.exe Infected: Backdoor.Poobot.b


    so expect other av's to have a fix for them soon
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads
  1. ravensplay
    Replies:
    8
    Views:
    654
  2. mctonto
    Replies:
    1
    Views:
    538
  3. Ekozlovich
    Replies:
    5
    Views:
    833
  4. MRBEE
    Replies:
    11
    Views:
    599
  5. Justyn Tym
    Replies:
    1
    Views:
    342
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/180159