1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Porn pop-up

Discussion in 'Virus & Other Malware Removal' started by Shelby CSX-T, Sep 15, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. Shelby CSX-T

    Shelby CSX-T Thread Starter

    Joined:
    Aug 14, 2003
    Messages:
    50
    Just resently I have been getting these pop-up adds for removing pop-up adds, and also if i go to lets say yahoo.com after it loads it will then be redirected to a porn site. I have the adware 6 from lavasoft ,and also s&d botware. Heres my Hijackthis...

    Please Help

    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\System32\shellexp.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN\MSNCoreFiles\msn6.exe
    C:\Program Files\Yahoo!\Messenger\YPager.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Documents and Settings\Emachine User\Desktop\Virus\HijackThis.exe
    C:\Program Files\Messenger\msmsgs.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\ICQNet.exe
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
    O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct0_x.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37874.5096296296
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{901DD0AF-4E1E-4AD9-8816-35195F85834B}: NameServer = 198.6.1.140 198.6.100.140
     
  2. Metallica

    Metallica Malware Specialist

    Joined:
    Jan 28, 2003
    Messages:
    692
    Hi Shelby CSX-T,

    I can't tell what version of HijackThis you are using, but you should have 1.97.2
    Please download a new one if it isn't.

    Bring up TaskManager, kill this process and delete the file:
    C:\WINDOWS\System32\shellexp.exe

    Also you need to pay Windows update a visit. ;)

    Regards,

    Pieter
     
  3. Shelby CSX-T

    Shelby CSX-T Thread Starter

    Joined:
    Aug 14, 2003
    Messages:
    50
    Metallica Thanks

    lol i'll visit that today when i get home from work thanks and oh ya i have Logfile of HijackThis v1.96.0 so ill get that aslo.

    thanks agian.
     
  4. Metallica

    Metallica Malware Specialist

    Joined:
    Jan 28, 2003
    Messages:
    692
    Get rid of this file as well:
    C:\WINDOWS\comctl_32.exe <= not necessarily present, but if it is delete it

    Regards,

    Pieter
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/164958

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice