I also want to choke programmers of malicious popups

I have a problem with Internet Explorer starting at random times and opening an advertising website (www.9ringtone.com as an example, there are others). This happens at random times each 5 to 15 minutes I get a barrage of popups. This occurs whether or not IE is running in the background. If not running, it will launch itself.

I have run Registry Mechanic, RegSeeker, Ad Aware, Spyware X-terminator, NoAdware, etc, but without success

Please note the following info:

OS: Win98 SE
IE 6

There does not appear to be anything malicious when displaying the task manager or startup files using MSConfig.

Can anybody help???

Thanks

Northern Eagle

 

Hi Chaslang

Thanks for your quick response.

Sorry for the slow reply as I had another, unrelated problem with the computer and had to resolve it first. The registry had grown too large, (greater than the 11M, Win98 maximum) causing me boot problems. I removed some installed programs and ran "RegSeeker / Clean the Registry" to clean up unrequired registry entries.

I downloaded and ran all software listed in your "DO NOT POST UNTIL...." and was unable to find anything.

In addition I ran "Registry Mechanic" and "RegSeeker" again, as a maintenance function to further clean the registry.

I ran Trend Micro's Virus Scan however was unable to link to the Symantec Security Center link supplied.

I started the computer with all startup items disabled, (Msconfig>General>Selective startup>Load startup group items) option unchecked.

With startup items disabled, I ran Hijack This and it produced a very small file with approximately 9 running processes and 6 HJT codes.

After taking these steps, I still experienced the same problem:

Internet Explorer being launched unattended, automatically.

I was able to capture the sites that initially started with IE as follows:

www.paypopup.com
www1.paypopup.com
www2.paypopup.com
www3.paypopup.com
www4.paypopup.com
www5.paypopup.com
www6.paypopup.com
www7.paypopup.com
www8.paypopup.com
www9.paypopup.com
www10.paypopup.com
www.loadingwebsite.com

I configured IE to consider these sites as 'Restricted' and Cookies to 'Block All'. This did not prevent these sites from launching IE, however it prevented them from redirecting and loading their Ads.

This IE automatic startup occurs each 5 to 15 minutes with several attempts to start IE with each burst.

Please advise if you have any suggestions. Is there any software available to capture the program or URL that is triggering IE to start. If this tool is available, it may be useful in finding the source of the problem.

Thanks again in advance.

Northern Eagle

 

Hi Chaslang

In the process of removing programs to clean up my bloated registry, I removed a couple of additional programs, one of them, Kodak Easyshare.

The popups have since stopped and I have monitoring the machine closely for unintended launches of IE.

Until now, no IE launches and no popups.

I suspect the problem is still present on my machine, just gone in hibernation and will show its hideous face at a later date.

In the process of monitoring the computer in order to send information to you, I ran the scanner from Spy Sweeper (Spy Audit) and it reported finding the following:

System Monitors:
> @WinSpy

Adware:
> Bonzi Buddy
> Ehttp Hijacker
> Starware Toolbar

Adware Cookies:
> Servlet Cookie

Please note, I ran their scanner only and did not install the software as I consider this information to be as inversely reliable as the aggressive level of their advertising. I have to leave this to the reviewers (maybe you can advise if Spy Sweeper is a recommended spyware cleaner). Looks like Spy Sweeper did have some level of success, however I am not sure how successful it will be 'cleaning' all traces of Spyware.

I can confirm that the Starware Toolbar was installed on the computer at some previous time without my knowledge as I found the name "Starware" scattered throughout the registry.

Also, I installed @Winspy from http://www.acesoft.net/winspy in order to help determine the source of the problem during the early days, (prior to contacting you).

Attached is the HiJack This Log from this morning.

Please advise if anything else required.

Thanks again

Northern Eagle

 

Hi Chaslang

Another observation:

I forgot to note in my last post that there are several files with Hex filenames being written to my Windows folder, such as:

fffec6a3_{D215F6C0-CE84-11D9-B0B8-0008C7E96142}.tmp 0KB
fffec6a3_{D215F6C1-CE84-11D9-B0B8-0008C7E96142}.tmp 0KB

Note: they are always written in pairs and 0KB size. When opening with Notepad, they are empty. Is it possible the filename only can be used by hijackers for malicious purposes.

I am not sure this has any relevance, however these files are being written to the Windows folder by some program without my knowledge.

Over time this can result in a large quantity of files, maybe several hundred. I usually delete these .tmp as Windows appears to be happy without them.

Thanx,

Northern Eagle

 

Hi Chaslang

Thanks for the help. I ran all spyware programs recommended and modified the registry as you suggested in the last post. I have since monitored the computer for several days. Till now, no popups or re-directs.

Looks like this one has been cracked, but will continue to monitor just in case and keep you posted should the annoyances re-occur.

Thanks again

Northern Eagle