The pop-up that just won't die

Discussion in 'Malware Help (A Specialist Will Reply)' started by ADIDA_SRW, Jan 21, 2008.

  1. ADIDA_SRW

    ADIDA_SRW Private E-2

    Hello. I have a situation with this pop-up that constantly comes up in IE with an address: url.adtrgt.com (usually followed by a long string that seems to track whatever webpage I'm on or searching for). I've run multiple virus scans (Trend Micro Housecall, Avira Antivirus, Kaspersky, etc.) and spyware removal programs (Adaware, Spybot, etc.), but all to no avail. I'm pretty much out of ideas, so any help to resolve this problem would be greatly appreciated! Thank you.
     
    ADIDA_SRW, Jan 21, 2008
    #1
  2. ADIDA_SRW

    ADIDA_SRW Private E-2

    Sorry to post again, but a quick update to my post. Updated Spybot and found the bugger: smitfraud-c.coreservice
    Upon removal it just comes back, so I assume that's the root of my problems. I've seen other threads with the same problem, but it seems that the solution varies in each case, so unless the malware poses a huge security threat (ie exposing your computer), I patiently await any help and thanks for your time.
     

    Attached Files:

    ADIDA_SRW, Jan 21, 2008
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Welcome to Major Geeks!

    Please uninstall HJT as it will be properly installed when you do the following:

    Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

    READ & RUN ME FIRST. Malware Removal Guide
     
    TimW, Jan 22, 2008
    #3
  4. ADIDA_SRW

    ADIDA_SRW Private E-2

    Thanks for the reply. I did all the steps mentioned in that guide, however, no matter the setting for AVG Antivirus, it wouldn't save the log for whatever reason why. I do have the other files though. Hope they are of some help. So far nothing has popped up, but I hope my comp is truly clean.
     

    Attached Files:

    ADIDA_SRW, Jan 23, 2008
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I'm not seeing any malware ....however, please use add/remove programs to uninstall:
    J2SE Runtime Environment 5.0 Update 10"
    J2SE Runtime Environment 5.0 Update 11"
    J2SE Runtime Environment 5.0 Update 6"
    J2SE Runtime Environment 5.0 Update 8"
    J2SE Runtime Environment 5.0 Update 9"
    Java(TM) 6 Update 2"
    Java(TM) SE Runtime Environment 6 Update 1

    Let me know if you are having any other problems.
     
    TimW, Jan 23, 2008
    #5
  6. ADIDA_SRW

    ADIDA_SRW Private E-2

    Aha...didn't know all those Java installs were unnecessary, just updated whenever it asks. Going to disable system restore now as well. Thanks for your help. Take care and GL.
     
    ADIDA_SRW, Jan 23, 2008
    #6
  7. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    It is always best to remove old JAva versions ...they are a main source of infections as the updates attempt to guard against the latest malware intrusion attempts. And beware of the popups saying a new version is needed ...check here for new versions, don't assume that the popup is legit.

    If you are not having any other malware problems, it is time to do our final steps:

    1. If we used Pocket Killbox during your cleanup, do the below
    * Run Pocket Killbox and select File, Cleanup, Delete All Backups
    2. If we used ComboFix, you can delete the ComboFix.exe file, C:\ComboFix folder, C:\QooBox folder, C:\WINDOWS\nircmd.exe, C:\combofix.txt and C:\ComboFix-quarantined-files.txt logs that was created.
    3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
    4. If we used SmitFraudFix, you can delete all files and folders related to it now including the c:\rapport.txt log.
    5. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
    6. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
    7. If we had you run Avenger, you can delete all files related to Avenger now.
    8. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    9. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    10. If you are running Windows XP or Windows ME, do the below:
    * Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
    * Then reboot and Enable System Restore to create a new clean Restore Point.
    11. After doing the above, you should work thru the below link:
    * How to Protect yourself from malware!
     
    TimW, Jan 24, 2008
    #7
  8. ADIDA_SRW

    ADIDA_SRW Private E-2

    Final checks and cleanup all done. You guys really do a great service for the interwebz community. I really appreciate it. I do have one more question though...is it actually safe for us to attach all these logs with our system info on to our posts?
     
    ADIDA_SRW, Jan 24, 2008
    #8
  9. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    It is not a security problem as there is nothing in the logs that identify the poster ...the main thing we watch for is someone posting with their e-mail address in the message ..that we will remove.

    And you are welcome ...safe surfing! :)
     
    TimW, Jan 25, 2008
    #9

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds