NetPal.PrizePopper won't permanantly delete

PestPatrol finds a spyware bug on my computer called NetPal.PrizePopper. PestPatrol is supposed to delete it after a reboot. But it doesn't. I am running Windows XP Pro on a dual MP2200 processor scsi motherboard. I run four scsi drives, and when I scan each drive individually with PestPatrol the same file shows up on all four drives. I also run Spybot S&D with tea timer, Zonealarm, Adaware personal se, Norton antivirus, CWShredder, Bazooka, and Spyware Blaster all with fresh updates. Only PestPatrol detects the NetPal.PrizePopper bug. I have system restore turned off on all four drives. I've done the PestPatrol scan several times and each time after I delete the file, I do a reboot and it's always back again on the next scan. Any ideas?

 

O.K., I took a few hours to complete but I followed all the way down that list and did everything right to the letter. The only thing I couldn't do was the two online scans in safemode. I was able to do them in normal mode. Not one single bug was found by any scan I did. I even ran all of the suggested alternative scans. Now that I have followed the instructions, does anyone have any advice to offer on my original question, that being PestPatrol finding the NetPal.PrizePopper bug, but not being able to permanently delete it?

 

Hi ComputerGate,

I am just popping in with a quick suggestion.
Look for the following filenames:
KER7120.DLL
Kernell32.dll

Those are the NetPal/PrizePopper files that should be removed. The following is the related BHO:
{C7ADE150-743D-11D4-8141-00E029626F6A}

If you still have problems, send us a HijackThis Log. Be sure to follow the instructions below:

Note that your HijackThis should be up-to-date (v1.99) and MUST be extracted to its own safe folder – C:\Program Files\HijackThis!

If you need a Fresh Download of HJT, get it HERE: HijackThis 1.99

Also note that, before you scan, you MUST close all running programs including your web browser, e-mail and items in the system tray.

Please save your HJT Log as a .txt File and attach it via the "Manage Attachments" tool in the Additional Options section when you post.

I am tied up these days, but somebody will take a look when they get a chance.

Best luck
PP

 

I've already been to PestPatrol over this. I have been back and forth with a tech who doesn't seem to be able to read english. I asked for a better explanation of how to manually delete all the items they mention, and I never got any answer that was directed to my question. I even emailed doxdesk the same question as he has the identical procedure posted. Unfortunately, again, I don't know how to follow the procedure. I looked up the kernell32.dll and I had 16 listings of it. I managed to permanently delete all but one of them in safe mode. The one keeps coming back. But here is my hijack this log.

 

Oh yes, specifically, I don't know how to unregister the dll's with regsvr32. I have no idea what that means.

 

Hi CG,

I'm really rushed and have to check back after dinner, but please locate HJT in its own folder as per my previous post.

This is malware:
O4 - HKCU\..\Run: [®Windows Update] svchosts.exe

I don't see the others right away.

PP

 

certain components has the be registered with DNS servers, kind of like getting activated. To unregister a certain component (xxx=component's name):
START > RUN > type regsvr32 /u xxx > OK

To see all available options: START > RUN > type regsvr32 /? > OK

 

I actually did put the program in its own folder. I use Mozilla firefox for 99% of my internet surfing. In fact, the only reason I used IE for this is that IE allows me to save the page into a desktop shortcut. I am going to download the hijack this again from internet explorer and do the initial install directly into a folder. I'll follow back up as soon as i'm done with all this to update you. Thanks.

 

I wish I could say that something had gone well but it didn't. I followed the example for the run menu and I typed it in with the exact spaces as shown and I get an error. I will attach a snapshot of the error along with the hijack this log. By the way, I used IE to do the download and I was able to direct the download to it's own folder. But I don't see how that was different then just dragging the executable into a folder before opening it. Anyway, here is the two files.

 

A follow up. Even though I wasn't able to deregister the dll's per PestPatrol instructions, I decided to try to delete the rest of the files you mentioned in safe mode. Bingo! I rebooted and ran the PestPatrol scan and the bug is gone. Incidentally, the reason I don't have the windows updates running is that I ran into a major problem with one of them giving me bluescreens via my video card. I don't have the money for a new video card so I decided to not run any updates, use as much security as possible and use firefox. The bug I got came from a screensaver download that I should have known better than to get. Other than that, without updates over a 5 month period of time, this was the very first bug that showed up in any scan. And I was getting bluescreens several times a day. Now I don't get one a week. The video card is the FX5200 256mb chaintech. Those cards have a slew of websites devoted to bluescreens. So thanks very much for the help. I had ran the hijack this a while back and saw the svchost.exe files, but I found eroneous info online that led me believe they were windows files. Thanks again.

 

"We did not just say put HJT in its own folder, we specifically said where NOT to put it. You keep putting here:
C:\Documents and Settings\Main Account\Desktop\hi\HijackThis.exe

Read my message again!!"

Well, I'm sure you've done that a hundred times so it's second nature to you. But once in a while a walkthrough helps strike the point home. I have done quite a bit of downloading, and in fact I have downloaded hijack this probably 10 or 15 separate times and I don't ever recall seeing an option for hijack this to create it's own folder. So I gather I need to create the folder in advance which is what I did. If i'm missing something then I simply need a better explanation. Reading the message again is not helping. I think a lot of the folks who help here forget how time consuming all the steps you have us go through are. I spent close to 6 hours straight on this today. I in no way shape or form was trying to sidestep any details. If you consider the effort that it takes for all those scans that you guys insist on, you would realize that we are giving it a best effort. And I might mention, that in two problems I have brought here, those scans have not turned up a single problem. That's an aweful lot of wasted time to deal with. In my case it was some malware, and I had to do quite a bit of unnecessary virus scans. If you take a look at the software I use, you will realize that it is very carefully thought out. Norton antivirus, Spybot S&D, ZoneAlarm, PestPatrol. All four of those have real time monitoring. It was a safe bet that the problem wasn't going to lie with additional scans from other software makers, no matter how much a favorite they may be of everybody. The post that I followed by Chaslang that helped me delete the problem could just as easily have been given to me without all the scans. I realize that on a given day, some of those scans could catch some of the issues that people bring here. But as I said, I have a well thought out software collection that in addition to the above four programs also includes adaware se, bazooka, cwshredder, hsremove and spyware blaster, and I run the updates and scans quite frequently (more than once a week). When you tell me to read your comments again, perhaps it would help if you read mine.
I had a problem a year ago or so, on a screen name I lost before this one. It was also one of those where I had to scan a bunch of stuff first. And I also wound up being able to fix it in safe mode. So the lesson learned here for me is to try to look for the safe mode fixes before anything else. All's well that ends well, and this ended well. I do appreciate the help, quite a bit. My only gripe is how much unnecessary time it takes for all those scans.

 

Understood, but this is the 3rd time that I have visited this website and went through all the scans for nothing. The last time I was here, I had a "water drop" sound happening in certain websites. My common sense told me that if this was not caught with all the software I use, then nothing would. I ran all the scans anyway. Got yelled at for doing some things wrong. At some point in time I thought I had it fixed. Later that evening it was back. You know what that wound up being? It is the sound of PestPatrol killing a cookie. It is enabled/disabled in the tooltray PestPatrol icon. Following that whole list takes HOURS. I think if you took a poll of the people coming out of it without any luck you would find a high percentage of disatisfaction. Yes it is free. That's certainly admirable. But I think all of us computer people help the people we know for free. I know that I certainly don't make my friends jump through hoops for hours before I will even take a look at the problem. All I'm saying is that you have, in my opinion, a unnecessarily rigid system setup. My opinion. Oh and when I downloaded hijack this, I created the folder in advance and then sent the program to the folder. I still don't get how that is different from your scendario. I mean, you still haven't said there actually is a difference. The scans I understand. There's the what if factor. But the folder thing I just don't get. When I open up that zip file with my stuffit expander, the exe file goes right in that folder, as does the backup. How can that possibly be any different from what you described?