»
 

Go Back   ResellerRatings Store Ratings > ResellerRatings Forums > Tech Support
Pop-up ads making me insane Pop-up ads making me insane
Register FAQ Social Groups Calendar Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Display Modes
Old 12-24-2003, 06:23 PM   #1 (permalink)
Registered User
 
hav0c's Avatar
 
Join Date: Oct 2001
Location: TN, USA
Posts: 233
hav0c is on a distinguished road
Pop-up ads making me insane
Well I was checking out my nephews computer and as I was browsing the web I got some pop-up ads.. Weird.. I have google toolbar installed. So I run adaware and Spybot search and destroy, made sure they were both updated. They found nothing. The weird thing is I even got a pop-up here at Techimo. It was the only IE window open.. I think there is something running that is causing these pop-ups but I can't find it. He is using Windows XP with all patches installed. I also went to the task manager and found something weird. There was some process call "Ymp4m71i.exe" running. I ended the process and it spawned another proccess called "BrwxMFLv.exe" I ended that process and it spawned another process with some randomly generated name. Anyone have any idea what this is?

Last edited by hav0c; 12-24-2003 at 06:27 PM.
hav0c is offline   Reply With Quote
Old 12-24-2003, 06:36 PM   #2 (permalink)
Guest
Guest
 
Posts: n/a
Long time no see!

He likely has a piece of hijackware installed. Have you checked the registry startup list. I bet you will find a strange application that is not supposed to be there.

If it is what I think this is, you will likely find "pc32.exe" in both a registry startup entry and on the HDD under the Windows directory. Remove the file and registry entry, then promptly tell you nephew to never install Clean Space or possibly Evidence Eliminator again.

Quote:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run

Invalid data: MSNSysRestore
C:\WINDOWS\System32\pc32.exe bg
If not, then check the the "Downloaded Program Files" directory under the Windows directory for any strange entries.

BTW, have you ran Trend Micro's free online virus scan yet?

http://housecall.trendmicro.com

Another possibility is a quick scan with Hijack This....

http://mjc1.com/mirror/hjt/

Robert Richmond
  Reply With Quote
Old 12-24-2003, 06:48 PM   #3 (permalink)
Registered User
 
Shifter2101's Avatar
 
Join Date: Nov 2003
Location: SoCal
Posts: 170
Shifter2101 is on a distinguished road
try looking here.
you'll want to look on this page first. then, if nothing, try the link in the first sentance on that page.

just a thought.
have you disabled Windows Messenger? if not, go here. look for "shoot the messenger". there is other stuff on that site you might want to employ on your nephews machine as well.

hope this helps.

merry merry happy happy
Shifter2101 is offline   Reply With Quote
Old 12-24-2003, 09:12 PM   #4 (permalink)
Registered User
 
hav0c's Avatar
 
Join Date: Oct 2001
Location: TN, USA
Posts: 233
hav0c is on a distinguished road
Hey Rob! Hows it going?

Anyways I downloaded AVG and ran a scan, found a virus called Backdoor.VB.9.M , Its all good now.

Thanks
hav0c is offline   Reply With Quote
Reply

« Hard Drives Constantly Becoming "Unformatted" | Can anyone top this? »


« Hard Drives Constantly Becoming "Unformatted" | Can anyone top this? »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Most Active Discussions

Recent Discussions

All times are GMT -6. The time now is 11:39 PM.

Contact Us - ResellerRatings - Archive - Privacy Statement - Top