Ads... on MG Forum (pop-ups)?

Is anyone getting a browser windows open thats hidden in the screen somewhere (you only see the IE browser bar in the XP bar at the botten saying: http://offerp...... then it changes to an IP, then disappears?

Or is it just me?

 

just you

 

it could be spyware; you should check it out. it may also explain your browser not having sound too.

 

Well, in my first step at checking whether it is me or not, proves that is HIGHLY likely that it is indeed me! Don't you say so yourself?

Tuesday, August 31st, 2004 @ 3:59 AUD (GMT+09:30 - Darwin, Australia)


STEP 1 - AD-AWARE DEEP SCAN:
Ad-Aware SE Personal, Build 1.03
Definitions File 'SE1R6 30.08.2004'

Summary:
Running Processes: 34
Process Modules: 1612

Objects Recognized: 34
Objects Ignored: 0
New Critical Objects: 284

Processes Identified: 3
Modules Identified: 3
Registry Keys Identified: 55
Registry Values Identified: 59
Files Identified: 160
Folders Identified: 6

Total Objects Scanned: 102206
Total Neglible: 26

Total Removed (Final): 284

Filename: auto-quarantine- 2004-08-31 15-35-03.bckp
Size: 947 kb
Creation Date: 8-31-2004

----------------(END STATISTICS 1)----------------

Statistics of STEP 2 (Full NAV2004 DEEP SCAN) and STEP 3 (Full RegSupreme DEEP SCAN) will follow shortly....

NOTE: After restarting and coming back onto majorgeeks.com, a IE windows opens up and in the bar icon displays 'http://xads.offeropti...' then shuts off... got to get to the bottom of that ASAP!

 

After deep scanning with norton, deep scanning with regsupreme, still can fix that popup xads.offeropti.... thingy.. grrr

AdAware nor RegSupreme can rid it

 

Google Toolbar, NIS2004 and IE SP2 with ad blocking still do deactivate this blasted spyware, I'm googlin now to try and trace what it 'actually' is now.. so far I am not impressed to what it is pointing to...

 

try out the following:

clear out all internet temp files, system temp files, and your cookies (in tools/internet options)
run http://www.majorgeeks.com/download.php?det=4063
then http://www.majorgeeks.com/download4086.html
then http://www.majorgeeks.com/download.php?det=2471
then adaware
then if you find vx2, run this: http://www.downloads.subratam.org/VX2Finder.exe
oh, and make sure everything's updated first

now install http://www.majorgeeks.com/download.php?det=2859, update it, and enable everything. you should be relatively spyware free from now on, hopefully.

 

Hi Strogg,


To begin with, thanks for your help, I am going to do all what you said straight after I post this.. Just a quick query...

In MSCONFIG, on the startup tab, I have....

wwnvyy (command: C:\Windows\System32\wwnvyy.exe)
rune (command: C:\Windows\Win Types\rune32.exe)

Any idea which either are exactly?

 

Hi Strogg,

Ok, I have done them all, and it appears to have ridden me of that xads.offeroptimizer.com thing, and everything except stinger found some things and fixed/removed, and now my PC is protected, you've been a blessing with your help, thanks a million.

I know the programs on majorgeeks main site and I should be blasted for not checking their, and maybe considered a little lazy, but I find its more promising to explain my problem and getting the nessacary programs recommended (that are proven from previous and current users).... Rather than me going looking for programs and installing everything but the right ones. again, thanks a MILLION!

The only things I have left to sort out is my audio woes (Wave and Midi wont play, I just found it isnt just midi now, it is also WAV files cannot be played, its not a case of me not hearing them, my system just cannot play them!)

http://forums.majorgeeks.com/showthread.php?p=425204#post425204

And also, my other problem (Or maybe not even a problem) is why in MSCONFIG > Startup Tab... I have 2 odd looking files loading up called:

1) rune.exe
2) wwnvyy.exe

I`ve done massive searchs via google on either, and there is nothing telling me what they are, I am not prepared to disable them and see what happens, incase further problems start accuring, but I am not going to give up until I find that they are required and not stupid spyware (A new breed) and fix my audio up without having to format and loose 61.2GB of very important data...

 

This is all I can work out so far....

For MSCONFIG > STARTUP > RUNE.EXE:

Folder: C:\Windows\Win Types\*.*

Containing:

1. C:\Windows\Win Types\1.mzp
2. C:\Windows\Win Types\rune0.idx
3. C:\Windows\Win Types\rune1.dat
4. C:\Windows\Win Types\rune1.idx
5. C:\Windows\Win Types\rune.exe

1. C:\Windows\Win Types\1\ (Folder Name)
2. C:\Windows\Win Types\1\0.dll

1. C:\Windows\Win Types\rune\ (Folder Name)
2. (Empty)

That is all I can gather, I have never noticed this before and from memory I have never seen this before either, all I know is that it's booting up with windows and all the above that's in the directory, I have done a large search throughout the WWW and cannot find any data relating to rune.exe or what it is, and after doing a hour or so search on microsoft.com I found nothing there either....

 

For MSCONFIG > STARTUP > WWNVYY.EXE:

Folder: C:\Windows\System32\

1. wwnvyy.exe

I have done a deep system scan (Including all compressed files, folders, sub folders on C:\) and I cannot find anything more relating to this executable file, it's just like rune.exe, I cant find a darn thing on it, the web contains absolutely nothing (Google returns with 0 results)..

Right clicking on wwnvyy.exe and trying to find any info is null and void as their is nothing, no ID, not revision, version, etc.. all fields are left blank.

 

ExOxE Log, August 31st 2004 @ 8:54 PM (GMT+ 9:30 Darwin, Australia)

At the current stage of things I am finally at ends witt, I have a sound problems that relates to midi, and probably suspect at wavetable also, I have no problem playing movies with full audio or MP3's, but windows sounds or website midi's appear to be non existant!

I have managed to fix my machine in regards to spyware and viruses, removing a total of 284 Ad-Aware registered entries, and another 33 detected entries from programs strogg recommended, concluding his recommendation of software, the system appears clean of any spyware and the system appears protected from current and most future attacks on the machine.

I am worried that I may have to loose 61GB of data by formatting my system because of the sound problem, I require the system at a 100% capacity and without sound it is for me, only at 80%.

Also just coming to mind, I have relized that some games I have been using appear 'Soundless' in some area's, at their menu screen, I didn't relize this until now which could be a beneficial factor in me curing the problem.

Status on the sound problem as of now is:

1. No Windows sound scheme sounds, when I recieve outlook mail I recieve no attention sound, if an error accurs I recieve no error notification, I am sure only last week I heard this, I am back tracking my steps to find out if 'I' may have caused the problem, at the moment it appears not.
2. All programs I have installed over the past 14 days I have uninstalled 1 by 1, resetting after each de-install, the problem has not been rectified using this method.
3. I have fully removed the audio drivers throughout my system, reset, manually searched and destroyed any remaining drivers or associated drivers relating to audio, reset, then installed the latest Realtek AC97 audio drivers, wdm v3.62. This has come back as a no brainer, but did not rectify my problem.
4. In Control Panel > Sound & Audio Devices, 'Volume Tab'. Speaker setup is selected as 2 Desktop Stereo speakers, on the 'Sounds Tab' the scheme for windows sounds is set to default, When trying to attemp to preview any of the sounds the play button is not clickable (null highlighted).. On the 'Audio Tab', Sound Playback Device is shown as 'Realtek AC97 Audio, Sound Recording is shown as 'Realtek AC97 Audio, and on midi music playback it is blank, opening the bar for options, it displays 'Microsoft GS Wavetable SW Synth' and 'MPU-401', Selecting the MS Wavetable allows the 'Volume and About' options underneath to highlight, but selecting 'MPU-401' will not let the volume or about options to be pressed. I have selected the MS Wavetable, clicked apply, reset the whole system, gone back into Control Panel > Sound & Audio Devices > 'Audio Tab', and for MIDI, it is reverted back to a blank selection. So I tryed MPU-401, reset, gone back into it, again the feild is left blank by default (No midi device selected), so I unchecked (Use only default Devices) and selected MS Wavetable, applied, reset, checked and again it is reset back to unselected, again I tried MPU-401 with 'Use only default devices' unchecked, reset, and again a repeat of it being blank and midi unselected.
5. I am really at tathers end, I have no options left, going through the WindowsXP Pro help/troubleshooting tutorial, from beginning to end, proves no fixed or even changed result, everything appears setup, in Device Manager > Sound, Video & Game Controllers > MPU-401 Compatible MIDI Device, Double Clicking brings up a new windows, and selecting the properties it has the option for do and do not use the device, it is set as USE, so I have even selected it as DO NOT USE, reset, gone back into it and set it to USE it again, just out of curiosity, but it made no diffrence.

At the moment, nothing is coming to mind on how to tackle this problem from a diffrent angle, I am searching the web with no diffrent types of message, I think I will give it until tommorow and if I cannot find a way to solve the problem I will format, sadly this means loosing very vital and valuable data, but this problem is leaving me absolutely no option.

(END LOG!)

 

take this to the software or virus forum's, there are folks on those forums that never play in the Lounge, and you might get better info..........wobbles

 

Well, I just discovered something.... maybe a new SpyWare?

I just did a deep MANUAL registry scan, and I just found wwnvyy.exe...

It belongs to callinghome.biz.. I just finished up writing them a very upfront e-mail asking how to remove it with NO effect, I`ve tryed to remove ALL traces of it from the registry, but when I think I have and reset, BAM, it comes back, but then it boots up 2x wwnvyy.exe files at startup!

Argh...

Hopefully I get a reply acknowledging me on how to remove it, I have NOT installed any application that has contained apparently spyware, the only spyware that has been brought onto this machine is the ones that hijack my browser and end up giving me greef once they rear they're ugly heads...


Now to tackle rune.exe.. so far I cannot find any information on this executable file, but its ticking me off that's for sure.

Again, I never installed ANYTHING that wasnt purchased, the only applications I have downloaded and installed are programs from MG which the spyware removal tools, RegSupreme, and Sysmetrix, if it aint from either of those programs, it has installed without my permission. their is no add/remove, and any software I have installed from the net I have removed, and some programs I purchased iv'e remove, either way.. it wont leave me alone!