Tech Support Forum - View Single Post - Receiving constant pop-ups

sUBs · 03-02-2006, 06:57 AM

Please try locating the VundoFix log from this location - C:\vundofix.txt
Without it, I cannot determine how much of the infection is left lingering.
If you cannot locate it, run the tool again.

For the meanwhile, please do a HijackThis scan & place a check next to these items and select "Fix checked":

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?prd=...9&clcid=0x409& ar=PersonalV2&challenge=AAEAAWBINXH9hKbqGdz1JlblXO u6W!tTT!4PWL0841FmN86muHVPi0LQflvhiN0fayt*54t1nRnZ 32nzE!IUMMFyW!P4*hE*5dUoUV3UqLvpidSI3GDDj8*ftT5QdF GfWKnx0mrOQi1TlHGr6aR*WnkH!etRfYPGi4QucXkY8TCpXGSl lsl4GToqPjm9Y97sbLEfirF8P5I1mgGZt!wnkcb0Ag!BeU1mxW Tdo8G8gmXW6cD!KCGpR3C4yyfCCduen2Z7L*rfkh21&DRMVer= 1.4&filename=file://C:%5cDocuments%20and%20Settings%5cAll%20Users.WIND OWS%5cDocuments%5cMy%20Music%5cKryptonite%20-%203%20Doors%20Down.wma&embedded=false
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -

* * * * * * * *

Download and install CleanUp!

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):

Empty Recycle Bins
Delete Cookies
Delete Prefetch files
Cleanup! All Users

Click OK
Press the CleanUp! button to start the program.

It may ask you to reboot at the end, click NO.

* * * * * * * *

Then, perform an online scan with Internet Explorer with Panda ActiveScan

Click Scan your PC & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
Click Scan Now
Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls

Begin the scan by selecting My Computer

Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Click on see report. Then click Save report

Copy the results of the ActiveScan and paste them here along with a new HiJackThis log and the vundofix.txt file from the vundofix folder into this topic.

03-02-2006, 06:57 AM	#4 (permalink)
sUBs Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy Join Date: May 2005 Posts: 24,348 OS: N/A	Please try locating the VundoFix log from this location - C:\vundofix.txt Without it, I cannot determine how much of the infection is left lingering. If you cannot locate it, run the tool again. For the meanwhile, please do a HijackThis scan & place a check next to these items and select "Fix checked": R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?prd=...9&clcid=0x409& ar=PersonalV2&challenge=AAEAAWBINXH9hKbqGdz1JlblXO u6W!tTT!4PWL0841FmN86muHVPi0LQflvhiN0fayt54t1nRnZ 32nzE!IUMMFyW!P4hE5dUoUV3UqLvpidSI3GDDj8ftT5QdF GfWKnx0mrOQi1TlHGr6aRWnkH!etRfYPGi4QucXkY8TCpXGSl lsl4GToqPjm9Y97sbLEfirF8P5I1mgGZt!wnkcb0Ag!BeU1mxW Tdo8G8gmXW6cD!KCGpR3C4yyfCCduen2Z7Lrfkh21&DRMVer= 1.4&filename=file://C:%5cDocuments%20and%20Settings%5cAll%20Users.WIND OWS%5cDocuments%5cMy%20Music%5cKryptonite%20-%203%20Doors%20Down.wma&embedded=false O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - * * * * * * * * Download and install CleanUp! Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows: Click "Options..." Move the arrow down to "Custom CleanUp!" Put a check next to the following (Make sure nothing else is checked!): Empty Recycle Bins Delete Cookies Delete Prefetch files Cleanup! All Users Click OK Press the CleanUp! button to start the program. It may ask you to reboot at the end, click NO. * * * * * * * * Then, perform an online scan with Internet Explorer with Panda ActiveScan Click Scan your PC & a 'pop up' window shall appear. ensure that your pop up blocker doesn't block it Click Scan Now* Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls Begin the scan by selecting My Computer Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. Click on see report. Then click Save report Copy the results of the ActiveScan and paste them here along with a new HiJackThis log and the vundofix.txt file from the vundofix folder into this topic. __________________ Question - what have you done for the community today? Last edited by sUBs; 03-02-2006 at 07:03 AM.