Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Support > Damn pop ups! Help needed.

Reply
Thread Tools

Damn pop ups! Help needed.

 
 
Gerry Freeman-Smith
Guest
Posts: n/a
 
      10-18-2004
I hope one of you gurus can help.
Just recently I'm plagued with pop ups as soon as I open my browser(IE6).
One will pop up, either adult, or offering me the lastest thing that's the
best thing since sliced bread.
I'm running Spybot, Adaware 6, Spyware Blaster along with Norton anti-virus
2004 and Norton Firewall 2004 (all updated daily in a hope to stop these
pesky things).....and still the buggers get through, I'm certain there must
be a resident program running, but I cannot find any in add/remove software.
Nor can I find any obvious things in program files.
I'm running XP Pro by the way.
I'm running exactly the same system at home, with the same anti programs,
and I don't get a problem.
.....something has slipped through the net, and I'm buggered if I can find
it. Help please!
Gerry


 
Reply With Quote
 
 
 
 
Gerry Freeman-Smith
Guest
Posts: n/a
 
      10-18-2004
I've found out it is Xlimeofferoptimiser.
What is the best way to be rid of it?
Regards,
Gerry

"Gerry Freeman-Smith" <(E-Mail Removed)> wrote in message
news:8dLcd.484$(E-Mail Removed)...
>I hope one of you gurus can help.
> Just recently I'm plagued with pop ups as soon as I open my browser(IE6).
> One will pop up, either adult, or offering me the lastest thing that's the
> best thing since sliced bread.
> I'm running Spybot, Adaware 6, Spyware Blaster along with Norton
> anti-virus 2004 and Norton Firewall 2004 (all updated daily in a hope to
> stop these pesky things).....and still the buggers get through, I'm
> certain there must be a resident program running, but I cannot find any in
> add/remove software. Nor can I find any obvious things in program files.
> I'm running XP Pro by the way.
> I'm running exactly the same system at home, with the same anti programs,
> and I don't get a problem.
> ....something has slipped through the net, and I'm buggered if I can find
> it. Help please!
> Gerry
>



 
Reply With Quote
 
 
 
 
philo
Guest
Posts: n/a
 
      10-18-2004

"Gerry Freeman-Smith" <(E-Mail Removed)> wrote in message
news:8dLcd.484$(E-Mail Removed)...
>I hope one of you gurus can help.
> Just recently I'm plagued with pop ups as soon as I open my browser(IE6).
> One will pop up, either adult, or offering me the lastest thing that's the
> best thing since sliced bread.
> I'm running Spybot, Adaware 6, Spyware Blaster along with Norton
> anti-virus 2004 and Norton Firewall 2004 (all updated daily in a hope to
> stop these pesky things).....and still the buggers get through, I'm
> certain there must be a resident program running, but I cannot find any in
> add/remove software. Nor can I find any obvious things in program files.
> I'm running XP Pro by the way.
> I'm running exactly the same system at home, with the same anti programs,
> and I don't get a problem.
> ....something has slipped through the net, and I'm buggered if I can find
> it. Help please!
> Gerry
>


did you apply sp2 yet?
it's good at preventing popups


 
Reply With Quote
 
Don
Guest
Posts: n/a
 
      10-18-2004

"Gerry Freeman-Smith" <(E-Mail Removed)> wrote in message
news:8dLcd.484$(E-Mail Removed)...
>I hope one of you gurus can help.
> Just recently I'm plagued with pop ups as soon as I open my browser(IE6).
> One will pop up, either adult, or offering me the lastest thing that's the
> best thing since sliced bread.
> I'm running Spybot, Adaware 6, Spyware Blaster along with Norton
> anti-virus 2004 and Norton Firewall 2004 (all updated daily in a hope to
> stop these pesky things).....and still the buggers get through, I'm
> certain there must be a resident program running, but I cannot find any in
> add/remove software. Nor can I find any obvious things in program files.
> I'm running XP Pro by the way.
> I'm running exactly the same system at home, with the same anti programs,
> and I don't get a problem.
> ....something has slipped through the net, and I'm buggered if I can find
> it. Help please!
> Gerry

I am no expert Gerry, but there is a popupstopper built into the explorer
once you have done the SP2 upgrade. Maybe that would stop them popping up.
Like I said I am no expert so don't laugh.


 
Reply With Quote
 
Dodo
Guest
Posts: n/a
 
      10-18-2004
Try This First: Disable Third-Party Browser Extensions in Advanced Internet
Options.

If you encounter problems with Internet Explorer that you cannot resolve,
you can use this option to help determine if third-party features are
causing the problems without uninstalling the feature. You must restart
Internet Explorer after turning this option on or off.





Malicious software is a program or "process" that runs on your computer.
Malicious software is removed in two steps: Terminate the processes and
prevent the processes from restarting. The following information will not
discover and correct all malicious software issues. Before beginning, close
all browser windows and do not launch your web browser until HijackThis has
successfully removed all suspicious BHOs and toolbars. Additional support
concerning any of the procedures in this document is available at
alt.privacy.spyware via an ISP news server or http://groups.google.com/ and
http://forums.net-integration.net/.



Tools

Safe Mode: Pressing F8 repeatedly during system startup should present a
menu with an option to start the computer in safe mode.

Task Manager (Windows 9x/ME): Useful for terminating processes. Press
ctrl-alt-del to view the Task Manager.
Task Manager (Windows 2000/XP): Useful for terminating processes.
Right-click the taskbar and select Task Manager from the context menu to
view the Task Manager.

Services Panel (Windows 2000/XP only): Useful for terminating processes. The
Services Panel is available in the Administrative Tools of the Windows
Control Panel.

Msconfig (Windows 9x/ME/XP only): Select Run from the Start Menu and type
msconfig and click OK to view the System Configuration Utility. The Hide All
Microsoft Services option in the Windows XP System Configuration Utility is
useful for discovering malicious services.

HijackThis: Useful for discovering and correcting the mechanisms by which
malicious processes are started or a browser is directed to unwanted or
malicious content. Available for free download from
http://209.133.47.12/~merijn/downloads.html and many other internet sources.



1) Terminating malicious processes:

Starting your computer in safe mode may prevent malicious processes from
starting, allowing you to skip to step two.

Malicious processes are easily terminated on a Windows 9x/ME machine.
Malicious processes are more difficult to terminate on a Windows 2000/XP
machine because malicious software typically utilizes multiple processes
which provide redundancy for one another.

Windows 9x/ME: Any process in the task manager is suspect, except for
explorer. Terminate suspect processes.

Windows 2000: Any process in the task manager running under a local user
account is suspect, except for explorer.exe. Do not terminate processes
running under a system account, such as System, Local Service, Network
Service or Iwam_[machine name]. Terminate suspect processes. Any process in
the Services Panel is suspect. Malicious services are more likely to not
have a decription. Terminate suspect services. Due to the redundancy
typically provided by malicious software, malicious processes may need to be
terminated several times before all malicious processes are sucessfully
terminated. It is helpful to open the Services Panel and the Task Manager
side-by-side for this purpose. It may be necessary to refresh the Services
Panel often to view the current status of a service. To terminate a service,
it may be necessary to disable the service for a hardware profile or
configure the service to log on with a non-existent account.

Windows XP: Any process in the task manager running under a local user
account is suspect, except for explorer.exe. Do not terminate processes
running under a system account, such as System, Local Service, Network
Service or Iwam_[machine name]. Terminate suspect processes. Any
non-Microsoft service as indicated by Msconfig is suspect. Use the Services
Panel to terminate suspect services. Due to the redundancy typically
provided by malicious software, malicious processes may need to be
terminated several times before all malicious processes are sucessfully
terminated. It is helpful to open the Services Panel and the Task Manager
side-by-side for this purpose. It may be necessary to refresh the Services
Panel often to view the current status of a service. To terminate a service,
it may be necessary to disable the service for a hardware profile or
configure the service to log on with a non-existent account.



2) Prevent the processes from restarting:

Processes are started in two ways: During system startup and during browser
startup. Even after malicious processes are terminated, your browser may be
directed to content which may reinfect your computer.

Run HijackThis and fix suspect items.

The different sections of hijacking possibilities have been separated into
these groups:
R - Registry, StartPage/SearchPage changes
R0 - Changed registry value
R1 - Created registry value
R2 - Created registry key
R3 - Created extra registry value where only one should be
F - IniFiles, autoloading entries
F0 - Changed inifile value
F1 - Created inifile value
F2 - Changed inifile value, mapped to Registry
F3 - Created inifile value, mapped to Registry
N - Netscape/Mozilla StartPage/SearchPage changes
N1 - Change in prefs.js of Netscape 4.x
N2 - Change in prefs.js of Netscape 6
N3 - Change in prefs.js of Netscape 7
N4 - Change in prefs.js of Mozilla
O - Other, several sections which represent:
O1 - Hijack of auto.search.msn.com with Hosts file
O2 - Enumeration of existing MSIE BHO's
O3 - Enumeration of existing MSIE toolbars
O4 - Enumeration of suspicious autoloading Registry entries
O5 - Blocking of loading Internet Options in Control Panel
O6 - Disabling of 'Internet Options' Main tab with Policies
O7 - Disabling of Regedit with Policies
O8 - Extra MSIE context menu items
O9 - Extra 'Tools' menuitems and buttons
O10 - Breaking of Internet access by New.Net or WebHancer
O11 - Extra options in MSIE 'Advanced' settings tab
O12 - MSIE plugins for file extensions or MIME types
O13 - Hijack of default URL prefixes
O14 - Changing of IERESET.INF
O15 - Trusted Zone Autoadd
O16 - Download Program Files item
O17 - Domain hijack
O18 - Enumeration of existing protocols and filters
O19 - User stylesheet hijack
O20 - AppInit_DLLs autorun Registry value
O21 - ShellServiceObjectDelayLoad (SSODL) autorun Registry key
O22 - SharedTaskScheduler autorun Registry key

Mechanisms providing process startup: O2, O3, O4 and possibly others. Most
other mechanisms are geared toward directing your browser to unwanted or
malicious content.



Install all updates available at http://windowsupdate.microsoft.com/.


 
Reply With Quote
 
Gerry Freeman-Smith
Guest
Posts: n/a
 
      10-18-2004
Thanks for all your help....I've nailed the little Bas**rd.
It was being caused by a file LOCALNRD.DLL
If anyone else is having probs with Xlime...delete this, and all is good.
Regards,
Gerry

"Dodo" <(E-Mail Removed)> wrote in message
news:8e617$417398a4$43663cd2$(E-Mail Removed) rvers.com...
> Try This First: Disable Third-Party Browser Extensions in Advanced
> Internet Options.
>
> If you encounter problems with Internet Explorer that you cannot resolve,
> you can use this option to help determine if third-party features are
> causing the problems without uninstalling the feature. You must restart
> Internet Explorer after turning this option on or off.
>
>
>
>
>
> Malicious software is a program or "process" that runs on your computer.
> Malicious software is removed in two steps: Terminate the processes and
> prevent the processes from restarting. The following information will not
> discover and correct all malicious software issues. Before beginning,
> close all browser windows and do not launch your web browser until
> HijackThis has successfully removed all suspicious BHOs and toolbars.
> Additional support concerning any of the procedures in this document is
> available at alt.privacy.spyware via an ISP news server or
> http://groups.google.com/ and http://forums.net-integration.net/.
>
>
>
> Tools
>
> Safe Mode: Pressing F8 repeatedly during system startup should present a
> menu with an option to start the computer in safe mode.
>
> Task Manager (Windows 9x/ME): Useful for terminating processes. Press
> ctrl-alt-del to view the Task Manager.
> Task Manager (Windows 2000/XP): Useful for terminating processes.
> Right-click the taskbar and select Task Manager from the context menu to
> view the Task Manager.
>
> Services Panel (Windows 2000/XP only): Useful for terminating processes.
> The Services Panel is available in the Administrative Tools of the Windows
> Control Panel.
>
> Msconfig (Windows 9x/ME/XP only): Select Run from the Start Menu and type
> msconfig and click OK to view the System Configuration Utility. The Hide
> All Microsoft Services option in the Windows XP System Configuration
> Utility is useful for discovering malicious services.
>
> HijackThis: Useful for discovering and correcting the mechanisms by which
> malicious processes are started or a browser is directed to unwanted or
> malicious content. Available for free download from
> http://209.133.47.12/~merijn/downloads.html and many other internet
> sources.
>
>
>
> 1) Terminating malicious processes:
>
> Starting your computer in safe mode may prevent malicious processes from
> starting, allowing you to skip to step two.
>
> Malicious processes are easily terminated on a Windows 9x/ME machine.
> Malicious processes are more difficult to terminate on a Windows 2000/XP
> machine because malicious software typically utilizes multiple processes
> which provide redundancy for one another.
>
> Windows 9x/ME: Any process in the task manager is suspect, except for
> explorer. Terminate suspect processes.
>
> Windows 2000: Any process in the task manager running under a local user
> account is suspect, except for explorer.exe. Do not terminate processes
> running under a system account, such as System, Local Service, Network
> Service or Iwam_[machine name]. Terminate suspect processes. Any process
> in the Services Panel is suspect. Malicious services are more likely to
> not have a decription. Terminate suspect services. Due to the redundancy
> typically provided by malicious software, malicious processes may need to
> be terminated several times before all malicious processes are sucessfully
> terminated. It is helpful to open the Services Panel and the Task Manager
> side-by-side for this purpose. It may be necessary to refresh the Services
> Panel often to view the current status of a service. To terminate a
> service, it may be necessary to disable the service for a hardware profile
> or configure the service to log on with a non-existent account.
>
> Windows XP: Any process in the task manager running under a local user
> account is suspect, except for explorer.exe. Do not terminate processes
> running under a system account, such as System, Local Service, Network
> Service or Iwam_[machine name]. Terminate suspect processes. Any
> non-Microsoft service as indicated by Msconfig is suspect. Use the
> Services Panel to terminate suspect services. Due to the redundancy
> typically provided by malicious software, malicious processes may need to
> be terminated several times before all malicious processes are sucessfully
> terminated. It is helpful to open the Services Panel and the Task Manager
> side-by-side for this purpose. It may be necessary to refresh the Services
> Panel often to view the current status of a service. To terminate a
> service, it may be necessary to disable the service for a hardware profile
> or configure the service to log on with a non-existent account.
>
>
>
> 2) Prevent the processes from restarting:
>
> Processes are started in two ways: During system startup and during
> browser startup. Even after malicious processes are terminated, your
> browser may be directed to content which may reinfect your computer.
>
> Run HijackThis and fix suspect items.
>
> The different sections of hijacking possibilities have been separated into
> these groups:
> R - Registry, StartPage/SearchPage changes
> R0 - Changed registry value
> R1 - Created registry value
> R2 - Created registry key
> R3 - Created extra registry value where only one should be
> F - IniFiles, autoloading entries
> F0 - Changed inifile value
> F1 - Created inifile value
> F2 - Changed inifile value, mapped to Registry
> F3 - Created inifile value, mapped to Registry
> N - Netscape/Mozilla StartPage/SearchPage changes
> N1 - Change in prefs.js of Netscape 4.x
> N2 - Change in prefs.js of Netscape 6
> N3 - Change in prefs.js of Netscape 7
> N4 - Change in prefs.js of Mozilla
> O - Other, several sections which represent:
> O1 - Hijack of auto.search.msn.com with Hosts file
> O2 - Enumeration of existing MSIE BHO's
> O3 - Enumeration of existing MSIE toolbars
> O4 - Enumeration of suspicious autoloading Registry entries
> O5 - Blocking of loading Internet Options in Control Panel
> O6 - Disabling of 'Internet Options' Main tab with Policies
> O7 - Disabling of Regedit with Policies
> O8 - Extra MSIE context menu items
> O9 - Extra 'Tools' menuitems and buttons
> O10 - Breaking of Internet access by New.Net or WebHancer
> O11 - Extra options in MSIE 'Advanced' settings tab
> O12 - MSIE plugins for file extensions or MIME types
> O13 - Hijack of default URL prefixes
> O14 - Changing of IERESET.INF
> O15 - Trusted Zone Autoadd
> O16 - Download Program Files item
> O17 - Domain hijack
> O18 - Enumeration of existing protocols and filters
> O19 - User stylesheet hijack
> O20 - AppInit_DLLs autorun Registry value
> O21 - ShellServiceObjectDelayLoad (SSODL) autorun Registry key
> O22 - SharedTaskScheduler autorun Registry key
>
> Mechanisms providing process startup: O2, O3, O4 and possibly others. Most
> other mechanisms are geared toward directing your browser to unwanted or
> malicious content.
>
>
>
> Install all updates available at http://windowsupdate.microsoft.com/.
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
End of trial period......DAMN!! Please Help =?Utf-8?B?SmltbXkgTGFtICJQbGVhc2UgSGVscCI=?= Windows 64bit 13 05-06-2006 01:05 AM
How to do server-side processing and then display pop-up with pop-up blocker enabled domtam@hotmail.com ASP .Net 2 02-04-2006 06:03 PM
pop up prevention problem; for wanted pop ups joe doe Firefox 2 03-03-2005 08:08 AM
help me with this damn problem!!!!!!! The Clansman ASP .Net 9 09-29-2004 01:23 PM
Pop-up to Buy Pop-up software William Young Computer Support 4 01-24-2004 12:28 AM



Advertisments