1 2 Previous Next 12 Replies Latest reply: Feb 17, 2008 6:16 PM by RSS

    tons of pop-ups;mcafee virusScan not cleaning;SuperAntiSpyware not detecting anything

      I have McAfee VirusScan. I scan regularly and some trojan viruses are removed.
      I've just this week started getting tons of pop-ups and another product I have, SuperAnti Spyware isn't even detecting anything. What else can I do? thanks for your help! you guys helped me w/ my other computer.
        • 1. what pop ups ?
          Hi

          Please let us know what kind of pop ups
          Are you getting pop ups while staying on your desktop? what does the pop up say?
          Do you get pop ups on Internet? wht browser do you use?
          Are you getting redirected to another site?
          If so wat site?
          Please ennumerate in order to help....
          • 2. RE: what pop ups ?
            I use IE 7.0
            The pop-ups occur when I'm online. they are all kinds. some are dating sites, some are malware ads saying I need to download their product to rid my computer of adware, etc.
            hope this helps-
            thx
            • 4. RE: Try This Link
              I downloaded and ran it. but I didn't fix anything....
              here is the log.
              SmitFraudFix v2.287

              Scan done at 12:53:56.92, Tue 02/12/2008
              Run from C:\Documents and Settings\Ellery Frazelle\Desktop\SmitfraudFix
              OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
              The filesystem type is NTFS
              Fix run in normal mode

              »»»»»»»»»»»»»»»»»»»»»»»» Process

              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\system32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\System32\svchost.exe
              C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
              C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
              C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
              C:\WINDOWS\system32\spoolsv.exe
              C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
              C:\WINDOWS\Explorer.EXE
              C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
              C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
              C:\WINDOWS\eHome\ehRecvr.exe
              C:\WINDOWS\eHome\ehSched.exe
              C:\WINDOWS\system32\rundll32.exe
              C:\WINDOWS\system32\ctfmon.exe
              C:\Program Files\AIM6\aim6.exe
              C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
              C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
              C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
              c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
              C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
              C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
              c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
              C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
              C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
              C:\Program Files\McAfee\MPF\MPFSrv.exe
              C:\Program Files\AIM6\aolsoftware.exe
              C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
              c:\PROGRA~1\mcafee.com\agent\mcagent.exe
              C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
              C:\Program Files\SiteAdvisor\6253\SAService.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\system32\dllhost.exe
              C:\Program Files\Internet Explorer\IEXPLORE.EXE
              C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
              C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
              C:\Program Files\Internet Explorer\iexplore.exe
              c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
              C:\WINDOWS\system32\cmd.exe

              »»»»»»»»»»»»»»»»»»»»»»»» hosts


              »»»»»»»»»»»»»»»»»»»»»»»» C:\


              »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


              »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


              »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


              »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


              »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


              »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Ellery Frazelle


              »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Ellery Frazelle\Application Data

              C:\Documents and Settings\Ellery Frazelle\Application Data\Install.dat FOUND !

              »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


              »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ELLERY~1\FAVORI~1


              »»»»»»»»»»»»»»»»»»»»»»»» Desktop


              »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


              »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


              »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

              [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
              "Source"="http://us.f336.mail.yahoo.com/ym/ShowLetter/?box=Inbox&MsgId=5197_4206 6_1248_1562_18146_0_23386_24190_4187658787&bodyPart=1&filename=&tnef=&download=1 &YY=28821&y5beta=yes&y5beta=yes&order=down&sort=date&pos=0&view=a&head=b&Idx=0"
              "SubscribedURL"="http://us.f336.mail.yahoo.com/ym/ShowLetter/?box=Inbox&MsgId=51 97_42066_1248_1562_18146_0_23386_24190_4187658787&bodyPart=1&filename=&tnef=&dow nload=1&YY=28821&y5beta=yes&y5beta=yes&order=down&sort=date&pos=0&view=a&head=b& Idx=0"
              "FriendlyName"=""

              [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
              "Source"="http://us.f336.mail.yahoo.com/ym/ShowLetter/?box=Inbox&MsgId=3837_1062 62_2108_1559_14740_0_23431_19921_40312528&bodyPart=1&filename=&tnef=&download=1& YY=62377&y5beta=yes&y5beta=yes&order=down&sort=date&pos=0&view=a&head=b&Idx=0"
              "SubscribedURL"="http://us.f336.mail.yahoo.com/ym/ShowLetter/?box=Inbox&MsgId=38 37_106262_2108_1559_14740_0_23431_19921_40312528&bodyPart=1&filename=&tnef=&down load=1&YY=62377&y5beta=yes&y5beta=yes&order=down&sort=date&pos=0&view=a&head=b&I dx=0"
              "FriendlyName"=""
              [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\2]
              "Source"="About:Home"
              "SubscribedURL"="About:Home"
              "FriendlyName"="My Current Home Page"

              »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
              !!!Attention, following keys are not inevitably infected!!!

              IEDFix
              Credits: Malware Analysis & Diagnostic
              Code: S!Ri


              »»»»»»»»»»»»»»»»»»»»»»»» VACFix
              !!!Attention, following keys are not inevitably infected!!!

              VACFix
              Credits: Malware Analysis & Diagnostic
              Code: S!Ri


              »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
              !!!Attention, following keys are not inevitably infected!!!

              SrchSTS.exe by S!Ri
              Search SharedTaskScheduler's .dll


              »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
              !!!Attention, following keys are not inevitably infected!!!

              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
              "AppInit_DLLs"=" c:\\windows\\system32\\ldcore.dll"


              »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
              !!!Attention, following keys are not inevitably infected!!!

              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
              "System"=""


              »»»»»»»»»»»»»»»»»»»»»»»» Rustock



              »»»»»»»»»»»»»»»»»»»»»»»» DNS

              Description: Intel(R) PRO/Wireless 2200BG Network Connection - Packet Scheduler Miniport
              DNS Server Search Order: 192.168.0.1

              HKLM\SYSTEM\CCS\Services\Tcpip\..\{FB9712D3-196D-4EA8-BA70-80CD7A96F2EF}: DhcpNameServer=192.168.0.1
              HKLM\SYSTEM\CS1\Services\Tcpip\..\{FB9712D3-196D-4EA8-BA70-80CD7A96F2EF}: DhcpNameServer=192.168.0.1
              HKLM\SYSTEM\CS3\Services\Tcpip\..\{FB9712D3-196D-4EA8-BA70-80CD7A96F2EF}: DhcpNameServer=192.168.0.1
              HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
              HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
              HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1


              »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


              »»»»»»»»»»»»»»»»»»»»»»»» End
              • 5. ldcore
                hi

                you seem to have ldcore
                it is very dangerous

                Please download Avenger from the following link:
                http://swandog46.geekstogo.com/avenger.zip

                extract the file
                run the exe file

                it will give you a message
                click on yes

                click on the option "input script manually"
                now click on the magnifying glass.

                A script file will open

                Please type the following in it exactly :

                Files to replace with dummy:
                c:\windows\system32\ldcore.dll
                Files to delete:
                c:\windows\system32\ldcore.dll

                click on done

                now click on the traffic lights button

                click on yes

                it will prompt you to reboot your computer
                Please reboot

                on starting back up you will get a notepad file

                check if it was replace with dummy successfully and
                check if it was deleted successfully

                check if you are having the same problems
                revert back in case of difficulties
                • 6. RE: ldcore
                  I'm still getting pop-up ads. Some are for dating sites, some financial, one is a site reditty.com, etc...


                  here is log from Avenger:


                  Logfile of The Avenger version 1, by Swandog46
                  Running from registry key:
                  \Registry\Machine\System\CurrentControlSet\Services\vwjyflmd

                  *******************

                  Script file located at: \??\C:\WINDOWS\system32\ftfvrtne.txt
                  Script file opened successfully.

                  Script file read successfully

                  Backups directory opened successfully at C:\Avenger

                  *******************

                  Beginning to process script file:



                  File c:\windows\system32\ldcore.dll not found!
                  Replacement with dummy of file c:\windows\system32\ldcore.dll failed!

                  Could not process line:
                  c:\windows\system32\ldcore.dll
                  Status: 0xc0000034



                  File c:\windows\system32\ldcore.dll not found!
                  Deletion of file c:\windows\system32\ldcore.dll failed!

                  Could not process line:
                  c:\windows\system32\ldcore.dll
                  Status: 0xc0000034


                  Completed script processing.

                  *******************

                  Finished! Terminate.
                  • 7. Please try again
                    Hi

                    Please try again
                    This time only use the command to replace it with a dummy
                    do not use the delete command

                    Revert back with the log file
                    • 8. RE: tons of pop-ups;mcafee virusScan not cleaning;SuperAntiSpyware not detecting anything
                      Here is new log. Thanks for the help. I'm still getting pop-ups-


                      Logfile of The Avenger version 1, by Swandog46
                      Running from registry key:
                      \Registry\Machine\System\CurrentControlSet\Services\ahewqjcd

                      *******************

                      Script file located at: \??\C:\ewuqpjut.txt
                      Script file opened successfully.

                      Script file read successfully

                      Backups directory opened successfully at C:\Avenger

                      *******************

                      Beginning to process script file:



                      File c:\windows\system32\ldcore.dll not found!
                      Replacement with dummy of file c:\windows\system32\ldcore.dll failed!

                      Could not process line:
                      c:\windows\system32\ldcore.dll
                      Status: 0xc0000034


                      Completed script processing.

                      *******************

                      Finished! Terminate.
                      • 9. RE: tons of pop-ups;mcafee virusScan not cleaning;SuperAntiSpyware not detecting anything
                        Follow instructions below and they`ll be able to assist you.

                        Register at this Forum then follow these Steps post the required log in that forum,not here.
                        1 2 Previous Next