Bidclix ads

Sailor Rick · 01-25-2006, 11:17 PM

This problem doesn't seem to be serious but is a pain!
Every web page that I open in IE6 sp2 that has a banner is taken over by a bidclix ad including the banner in this web page.
I'm running XP and this only happens with IE, doesn't affect any of my other browsers.
Here is the address of the banner on this page that I get from its properties; http://www.bidclix.net/ads/356.html
I have already tried to block that web address in my privacy settings, but didn't work. I also tried to put it into my restricted site list, still didn't work. I also put it into my spyware blaster list.
I went through your 5 steps most of which I have been doing routinely before anyway.

Any assistance will be greatly appreciated, thanks, Rick...

tetonbob · 01-26-2006, 08:33 PM

Install a strong hosts file. Assuming you have XP, place it in the following location.

Download Host.zip
Extract the file & overwrite the existing copy located at C:\WINDOWS\SYSTEM32\DRIVERS\ETC\host

If you need more complete instructions, read this:

Download the file to your desktop. Double click on it. In the left pane, there will be an option to Extract All Files. Click on that. A wizard window will pop up - Click Next.

A new Extraction Wizard window will open, with an address already in place to extract to. Click Next.

A new window will open, telling you that extraction is complete, with a check in a box to Show Extracted Files. Click Next, and the folder in which you've now extracted all files to will open. In this folder is a file called MVPS.bat Double click on this file. A DOS-type box will open and close quickly, this is normal.

Done. Hosts file installed.

Sailor Rick · 01-27-2006, 02:03 AM

Thanks a lot tetonbob, but I don't seem to be able to get one of my web pages now. Is there a way I can edit the restrictions?

Thanks again, Rick...

tetonbob · 01-27-2006, 07:21 AM

One of your web pages must be naughty....

You can edit the hosts file at will. You'll need to make sure the attributes are set to allow writing to (right-click>properties>uncheck Read Only), open the hosts file in notepad, search for the entry you want to allow access to, (use ctrl +F, then paste in the URL to make the search easier) and remove it. Be sure to save the file before closing it.

Sailor Rick · 01-28-2006, 03:27 PM

Thanks again tetonbob, worked great.

One of my banners on my web page still only shows for a sec or two when I open the page then it goes to page cannot be displayed. The properties then change to the following; res://C:\WINDOWS\system32\shdoclc.dll/dnserror.htm#http://www.bidclix.net/ads
I'm assuming there is something on my computer that is trying to take over banners on any web page I open.
How can I find this and delete it?

Thanks again, Rick...

tetonbob · 01-28-2006, 05:37 PM

Sounds like it's time for The Speech, Rick. Let's have a look. Post a log in HJT.

Please follow MicroBell's 5 Step process outlined here

After running through all the steps, please download HijackThis - this program will help us determine if there are any spyware/malware on your computer. Double-click on the file you just downloaded.
Click on the "Unzip" button to install. It will by default install to the directory - C:\PROGRAM FILES\HIJACKTHIS\

Double click on HijackThis.exe to run the program.

1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
2. If you don't get the intro screen, just hit Scan and then click on Save log.
3. Post the hijackthis.log file in the HijackThis Log Help forum. Do not fix anything in HijackThis since they may be harmless.

Sailor Rick · 01-29-2006, 10:41 PM

Ok, took some time to do all the scans especially micro trend scan.
Did find a few things and deleted them.
Still getting what I call the banner take over.
OK, going to post HiJack log in other section.
Thanks again, Rick...

01-25-2006, 11:17 PM	#1 (permalink)
Sailor Rick Registered User Join Date: Jan 2006 Location: Halifax, Nova Scotia, Canada Posts: 4 OS: XP	Bidclix ads This problem doesn't seem to be serious but is a pain! Every web page that I open in IE6 sp2 that has a banner is taken over by a bidclix ad including the banner in this web page. I'm running XP and this only happens with IE, doesn't affect any of my other browsers. Here is the address of the banner on this page that I get from its properties; http://www.bidclix.net/ads/356.html I have already tried to block that web address in my privacy settings, but didn't work. I also tried to put it into my restricted site list, still didn't work. I also put it into my spyware blaster list. I went through your 5 steps most of which I have been doing routinely before anyway. Any assistance will be greatly appreciated, thanks, Rick... __________________ Rick T Hicks Halifax NS Canada May fair winds always be at your back

01-26-2006, 08:33 PM	#2 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 26,664 OS: 2000 Pro; XP Pro; XP Home	Install a strong hosts file. Assuming you have XP, place it in the following location. Download Host.zip Extract the file & overwrite the existing copy located at C:\WINDOWS\SYSTEM32\DRIVERS\ETC\host If you need more complete instructions, read this: Download the file to your desktop. Double click on it. In the left pane, there will be an option to Extract All Files. Click on that. A wizard window will pop up - Click Next. A new Extraction Wizard window will open, with an address already in place to extract to. Click Next. A new window will open, telling you that extraction is complete, with a check in a box to Show Extracted Files. Click Next, and the folder in which you've now extracted all files to will open. In this folder is a file called MVPS.bat Double click on this file. A DOS-type box will open and close quickly, this is normal. Done. Hosts file installed. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Please do not ask for help via Private Message.

01-27-2006, 02:03 AM	#3 (permalink)
Sailor Rick Registered User Join Date: Jan 2006 Location: Halifax, Nova Scotia, Canada Posts: 4 OS: XP	Thanks a lot tetonbob, but I don't seem to be able to get one of my web pages now. Is there a way I can edit the restrictions? Thanks again, Rick... Last edited by Sailor Rick : 01-27-2006 at 02:21 AM.

01-27-2006, 07:21 AM	#4 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 26,664 OS: 2000 Pro; XP Pro; XP Home	One of your web pages must be naughty.... You can edit the hosts file at will. You'll need to make sure the attributes are set to allow writing to (right-click>properties>uncheck Read Only), open the hosts file in notepad, search for the entry you want to allow access to, (use ctrl +F, then paste in the URL to make the search easier) and remove it. Be sure to save the file before closing it. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Please do not ask for help via Private Message.

01-28-2006, 05:37 PM	#6 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 26,664 OS: 2000 Pro; XP Pro; XP Home	Sounds like it's time for The Speech, Rick. Let's have a look. Post a log in HJT. Please follow MicroBell's 5 Step process outlined here After running through all the steps, please download HijackThis - this program will help us determine if there are any spyware/malware on your computer. Double-click on the file you just downloaded. Click on the "Unzip" button to install. It will by default install to the directory - C:\PROGRAM FILES\HIJACKTHIS\ Double click on HijackThis.exe to run the program. 1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'. 2. If you don't get the intro screen, just hit Scan and then click on Save log. 3. Post the hijackthis.log file in the HijackThis Log Help forum. Do not fix anything in HijackThis since they may be harmless. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Please do not ask for help via Private Message.

01-28-2006, 03:27 PM	#5 (permalink)
Sailor Rick Registered User Join Date: Jan 2006 Location: Halifax, Nova Scotia, Canada Posts: 4 OS: XP	Thanks again tetonbob, worked great. One of my banners on my web page still only shows for a sec or two when I open the page then it goes to page cannot be displayed. The properties then change to the following; res://C:\WINDOWS\system32\shdoclc.dll/dnserror.htm#http://www.bidclix.net/ads I'm assuming there is something on my computer that is trying to take over banners on any web page I open. How can I find this and delete it? Thanks again, Rick...

01-29-2006, 10:41 PM	#7 (permalink)
Sailor Rick Registered User Join Date: Jan 2006 Location: Halifax, Nova Scotia, Canada Posts: 4 OS: XP	Ok, took some time to do all the scans especially micro trend scan. Did find a few things and deleted them. Still getting what I call the banner take over. OK, going to post HiJack log in other section. Thanks again, Rick...