Damn pop ups! Help needed.

Discussion in 'Computer Support' started by Gerry Freeman-Smith, Oct 18, 2004.

  1. I hope one of you gurus can help.
    Just recently I'm plagued with pop ups as soon as I open my browser(IE6).
    One will pop up, either adult, or offering me the lastest thing that's the
    best thing since sliced bread.
    I'm running Spybot, Adaware 6, Spyware Blaster along with Norton anti-virus
    2004 and Norton Firewall 2004 (all updated daily in a hope to stop these
    pesky things).....and still the buggers get through, I'm certain there must
    be a resident program running, but I cannot find any in add/remove software.
    Nor can I find any obvious things in program files.
    I'm running XP Pro by the way.
    I'm running exactly the same system at home, with the same anti programs,
    and I don't get a problem.
    .....something has slipped through the net, and I'm buggered if I can find
    it. Help please!
    Gerry
    Gerry Freeman-Smith, Oct 18, 2004
    #1
    1. Advertising

  2. I've found out it is Xlimeofferoptimiser.
    What is the best way to be rid of it?
    Regards,
    Gerry

    "Gerry Freeman-Smith" <> wrote in message
    news:8dLcd.484$...
    >I hope one of you gurus can help.
    > Just recently I'm plagued with pop ups as soon as I open my browser(IE6).
    > One will pop up, either adult, or offering me the lastest thing that's the
    > best thing since sliced bread.
    > I'm running Spybot, Adaware 6, Spyware Blaster along with Norton
    > anti-virus 2004 and Norton Firewall 2004 (all updated daily in a hope to
    > stop these pesky things).....and still the buggers get through, I'm
    > certain there must be a resident program running, but I cannot find any in
    > add/remove software. Nor can I find any obvious things in program files.
    > I'm running XP Pro by the way.
    > I'm running exactly the same system at home, with the same anti programs,
    > and I don't get a problem.
    > ....something has slipped through the net, and I'm buggered if I can find
    > it. Help please!
    > Gerry
    >
    Gerry Freeman-Smith, Oct 18, 2004
    #2
    1. Advertising

  3. Gerry Freeman-Smith

    philo Guest

    "Gerry Freeman-Smith" <> wrote in message
    news:8dLcd.484$...
    >I hope one of you gurus can help.
    > Just recently I'm plagued with pop ups as soon as I open my browser(IE6).
    > One will pop up, either adult, or offering me the lastest thing that's the
    > best thing since sliced bread.
    > I'm running Spybot, Adaware 6, Spyware Blaster along with Norton
    > anti-virus 2004 and Norton Firewall 2004 (all updated daily in a hope to
    > stop these pesky things).....and still the buggers get through, I'm
    > certain there must be a resident program running, but I cannot find any in
    > add/remove software. Nor can I find any obvious things in program files.
    > I'm running XP Pro by the way.
    > I'm running exactly the same system at home, with the same anti programs,
    > and I don't get a problem.
    > ....something has slipped through the net, and I'm buggered if I can find
    > it. Help please!
    > Gerry
    >


    did you apply sp2 yet?
    it's good at preventing popups
    philo, Oct 18, 2004
    #3
  4. Gerry Freeman-Smith

    Don Guest

    "Gerry Freeman-Smith" <> wrote in message
    news:8dLcd.484$...
    >I hope one of you gurus can help.
    > Just recently I'm plagued with pop ups as soon as I open my browser(IE6).
    > One will pop up, either adult, or offering me the lastest thing that's the
    > best thing since sliced bread.
    > I'm running Spybot, Adaware 6, Spyware Blaster along with Norton
    > anti-virus 2004 and Norton Firewall 2004 (all updated daily in a hope to
    > stop these pesky things).....and still the buggers get through, I'm
    > certain there must be a resident program running, but I cannot find any in
    > add/remove software. Nor can I find any obvious things in program files.
    > I'm running XP Pro by the way.
    > I'm running exactly the same system at home, with the same anti programs,
    > and I don't get a problem.
    > ....something has slipped through the net, and I'm buggered if I can find
    > it. Help please!
    > Gerry

    I am no expert Gerry, but there is a popupstopper built into the explorer
    once you have done the SP2 upgrade. Maybe that would stop them popping up.
    Like I said I am no expert so don't laugh.
    Don, Oct 18, 2004
    #4
  5. Gerry Freeman-Smith

    Dodo Guest

    Try This First: Disable Third-Party Browser Extensions in Advanced Internet
    Options.

    If you encounter problems with Internet Explorer that you cannot resolve,
    you can use this option to help determine if third-party features are
    causing the problems without uninstalling the feature. You must restart
    Internet Explorer after turning this option on or off.





    Malicious software is a program or "process" that runs on your computer.
    Malicious software is removed in two steps: Terminate the processes and
    prevent the processes from restarting. The following information will not
    discover and correct all malicious software issues. Before beginning, close
    all browser windows and do not launch your web browser until HijackThis has
    successfully removed all suspicious BHOs and toolbars. Additional support
    concerning any of the procedures in this document is available at
    alt.privacy.spyware via an ISP news server or http://groups.google.com/ and
    http://forums.net-integration.net/.



    Tools

    Safe Mode: Pressing F8 repeatedly during system startup should present a
    menu with an option to start the computer in safe mode.

    Task Manager (Windows 9x/ME): Useful for terminating processes. Press
    ctrl-alt-del to view the Task Manager.
    Task Manager (Windows 2000/XP): Useful for terminating processes.
    Right-click the taskbar and select Task Manager from the context menu to
    view the Task Manager.

    Services Panel (Windows 2000/XP only): Useful for terminating processes. The
    Services Panel is available in the Administrative Tools of the Windows
    Control Panel.

    Msconfig (Windows 9x/ME/XP only): Select Run from the Start Menu and type
    msconfig and click OK to view the System Configuration Utility. The Hide All
    Microsoft Services option in the Windows XP System Configuration Utility is
    useful for discovering malicious services.

    HijackThis: Useful for discovering and correcting the mechanisms by which
    malicious processes are started or a browser is directed to unwanted or
    malicious content. Available for free download from
    http://209.133.47.12/~merijn/downloads.html and many other internet sources.



    1) Terminating malicious processes:

    Starting your computer in safe mode may prevent malicious processes from
    starting, allowing you to skip to step two.

    Malicious processes are easily terminated on a Windows 9x/ME machine.
    Malicious processes are more difficult to terminate on a Windows 2000/XP
    machine because malicious software typically utilizes multiple processes
    which provide redundancy for one another.

    Windows 9x/ME: Any process in the task manager is suspect, except for
    explorer. Terminate suspect processes.

    Windows 2000: Any process in the task manager running under a local user
    account is suspect, except for explorer.exe. Do not terminate processes
    running under a system account, such as System, Local Service, Network
    Service or Iwam_[machine name]. Terminate suspect processes. Any process in
    the Services Panel is suspect. Malicious services are more likely to not
    have a decription. Terminate suspect services. Due to the redundancy
    typically provided by malicious software, malicious processes may need to be
    terminated several times before all malicious processes are sucessfully
    terminated. It is helpful to open the Services Panel and the Task Manager
    side-by-side for this purpose. It may be necessary to refresh the Services
    Panel often to view the current status of a service. To terminate a service,
    it may be necessary to disable the service for a hardware profile or
    configure the service to log on with a non-existent account.

    Windows XP: Any process in the task manager running under a local user
    account is suspect, except for explorer.exe. Do not terminate processes
    running under a system account, such as System, Local Service, Network
    Service or Iwam_[machine name]. Terminate suspect processes. Any
    non-Microsoft service as indicated by Msconfig is suspect. Use the Services
    Panel to terminate suspect services. Due to the redundancy typically
    provided by malicious software, malicious processes may need to be
    terminated several times before all malicious processes are sucessfully
    terminated. It is helpful to open the Services Panel and the Task Manager
    side-by-side for this purpose. It may be necessary to refresh the Services
    Panel often to view the current status of a service. To terminate a service,
    it may be necessary to disable the service for a hardware profile or
    configure the service to log on with a non-existent account.



    2) Prevent the processes from restarting:

    Processes are started in two ways: During system startup and during browser
    startup. Even after malicious processes are terminated, your browser may be
    directed to content which may reinfect your computer.

    Run HijackThis and fix suspect items.

    The different sections of hijacking possibilities have been separated into
    these groups:
    R - Registry, StartPage/SearchPage changes
    R0 - Changed registry value
    R1 - Created registry value
    R2 - Created registry key
    R3 - Created extra registry value where only one should be
    F - IniFiles, autoloading entries
    F0 - Changed inifile value
    F1 - Created inifile value
    F2 - Changed inifile value, mapped to Registry
    F3 - Created inifile value, mapped to Registry
    N - Netscape/Mozilla StartPage/SearchPage changes
    N1 - Change in prefs.js of Netscape 4.x
    N2 - Change in prefs.js of Netscape 6
    N3 - Change in prefs.js of Netscape 7
    N4 - Change in prefs.js of Mozilla
    O - Other, several sections which represent:
    O1 - Hijack of auto.search.msn.com with Hosts file
    O2 - Enumeration of existing MSIE BHO's
    O3 - Enumeration of existing MSIE toolbars
    O4 - Enumeration of suspicious autoloading Registry entries
    O5 - Blocking of loading Internet Options in Control Panel
    O6 - Disabling of 'Internet Options' Main tab with Policies
    O7 - Disabling of Regedit with Policies
    O8 - Extra MSIE context menu items
    O9 - Extra 'Tools' menuitems and buttons
    O10 - Breaking of Internet access by New.Net or WebHancer
    O11 - Extra options in MSIE 'Advanced' settings tab
    O12 - MSIE plugins for file extensions or MIME types
    O13 - Hijack of default URL prefixes
    O14 - Changing of IERESET.INF
    O15 - Trusted Zone Autoadd
    O16 - Download Program Files item
    O17 - Domain hijack
    O18 - Enumeration of existing protocols and filters
    O19 - User stylesheet hijack
    O20 - AppInit_DLLs autorun Registry value
    O21 - ShellServiceObjectDelayLoad (SSODL) autorun Registry key
    O22 - SharedTaskScheduler autorun Registry key

    Mechanisms providing process startup: O2, O3, O4 and possibly others. Most
    other mechanisms are geared toward directing your browser to unwanted or
    malicious content.



    Install all updates available at http://windowsupdate.microsoft.com/.
    Dodo, Oct 18, 2004
    #5
  6. Thanks for all your help....I've nailed the little Bas**rd.
    It was being caused by a file LOCALNRD.DLL
    If anyone else is having probs with Xlime...delete this, and all is good.
    Regards,
    Gerry

    "Dodo" <> wrote in message
    news:8e617$417398a4$43663cd2$...
    > Try This First: Disable Third-Party Browser Extensions in Advanced
    > Internet Options.
    >
    > If you encounter problems with Internet Explorer that you cannot resolve,
    > you can use this option to help determine if third-party features are
    > causing the problems without uninstalling the feature. You must restart
    > Internet Explorer after turning this option on or off.
    >
    >
    >
    >
    >
    > Malicious software is a program or "process" that runs on your computer.
    > Malicious software is removed in two steps: Terminate the processes and
    > prevent the processes from restarting. The following information will not
    > discover and correct all malicious software issues. Before beginning,
    > close all browser windows and do not launch your web browser until
    > HijackThis has successfully removed all suspicious BHOs and toolbars.
    > Additional support concerning any of the procedures in this document is
    > available at alt.privacy.spyware via an ISP news server or
    > http://groups.google.com/ and http://forums.net-integration.net/.
    >
    >
    >
    > Tools
    >
    > Safe Mode: Pressing F8 repeatedly during system startup should present a
    > menu with an option to start the computer in safe mode.
    >
    > Task Manager (Windows 9x/ME): Useful for terminating processes. Press
    > ctrl-alt-del to view the Task Manager.
    > Task Manager (Windows 2000/XP): Useful for terminating processes.
    > Right-click the taskbar and select Task Manager from the context menu to
    > view the Task Manager.
    >
    > Services Panel (Windows 2000/XP only): Useful for terminating processes.
    > The Services Panel is available in the Administrative Tools of the Windows
    > Control Panel.
    >
    > Msconfig (Windows 9x/ME/XP only): Select Run from the Start Menu and type
    > msconfig and click OK to view the System Configuration Utility. The Hide
    > All Microsoft Services option in the Windows XP System Configuration
    > Utility is useful for discovering malicious services.
    >
    > HijackThis: Useful for discovering and correcting the mechanisms by which
    > malicious processes are started or a browser is directed to unwanted or
    > malicious content. Available for free download from
    > http://209.133.47.12/~merijn/downloads.html and many other internet
    > sources.
    >
    >
    >
    > 1) Terminating malicious processes:
    >
    > Starting your computer in safe mode may prevent malicious processes from
    > starting, allowing you to skip to step two.
    >
    > Malicious processes are easily terminated on a Windows 9x/ME machine.
    > Malicious processes are more difficult to terminate on a Windows 2000/XP
    > machine because malicious software typically utilizes multiple processes
    > which provide redundancy for one another.
    >
    > Windows 9x/ME: Any process in the task manager is suspect, except for
    > explorer. Terminate suspect processes.
    >
    > Windows 2000: Any process in the task manager running under a local user
    > account is suspect, except for explorer.exe. Do not terminate processes
    > running under a system account, such as System, Local Service, Network
    > Service or Iwam_[machine name]. Terminate suspect processes. Any process
    > in the Services Panel is suspect. Malicious services are more likely to
    > not have a decription. Terminate suspect services. Due to the redundancy
    > typically provided by malicious software, malicious processes may need to
    > be terminated several times before all malicious processes are sucessfully
    > terminated. It is helpful to open the Services Panel and the Task Manager
    > side-by-side for this purpose. It may be necessary to refresh the Services
    > Panel often to view the current status of a service. To terminate a
    > service, it may be necessary to disable the service for a hardware profile
    > or configure the service to log on with a non-existent account.
    >
    > Windows XP: Any process in the task manager running under a local user
    > account is suspect, except for explorer.exe. Do not terminate processes
    > running under a system account, such as System, Local Service, Network
    > Service or Iwam_[machine name]. Terminate suspect processes. Any
    > non-Microsoft service as indicated by Msconfig is suspect. Use the
    > Services Panel to terminate suspect services. Due to the redundancy
    > typically provided by malicious software, malicious processes may need to
    > be terminated several times before all malicious processes are sucessfully
    > terminated. It is helpful to open the Services Panel and the Task Manager
    > side-by-side for this purpose. It may be necessary to refresh the Services
    > Panel often to view the current status of a service. To terminate a
    > service, it may be necessary to disable the service for a hardware profile
    > or configure the service to log on with a non-existent account.
    >
    >
    >
    > 2) Prevent the processes from restarting:
    >
    > Processes are started in two ways: During system startup and during
    > browser startup. Even after malicious processes are terminated, your
    > browser may be directed to content which may reinfect your computer.
    >
    > Run HijackThis and fix suspect items.
    >
    > The different sections of hijacking possibilities have been separated into
    > these groups:
    > R - Registry, StartPage/SearchPage changes
    > R0 - Changed registry value
    > R1 - Created registry value
    > R2 - Created registry key
    > R3 - Created extra registry value where only one should be
    > F - IniFiles, autoloading entries
    > F0 - Changed inifile value
    > F1 - Created inifile value
    > F2 - Changed inifile value, mapped to Registry
    > F3 - Created inifile value, mapped to Registry
    > N - Netscape/Mozilla StartPage/SearchPage changes
    > N1 - Change in prefs.js of Netscape 4.x
    > N2 - Change in prefs.js of Netscape 6
    > N3 - Change in prefs.js of Netscape 7
    > N4 - Change in prefs.js of Mozilla
    > O - Other, several sections which represent:
    > O1 - Hijack of auto.search.msn.com with Hosts file
    > O2 - Enumeration of existing MSIE BHO's
    > O3 - Enumeration of existing MSIE toolbars
    > O4 - Enumeration of suspicious autoloading Registry entries
    > O5 - Blocking of loading Internet Options in Control Panel
    > O6 - Disabling of 'Internet Options' Main tab with Policies
    > O7 - Disabling of Regedit with Policies
    > O8 - Extra MSIE context menu items
    > O9 - Extra 'Tools' menuitems and buttons
    > O10 - Breaking of Internet access by New.Net or WebHancer
    > O11 - Extra options in MSIE 'Advanced' settings tab
    > O12 - MSIE plugins for file extensions or MIME types
    > O13 - Hijack of default URL prefixes
    > O14 - Changing of IERESET.INF
    > O15 - Trusted Zone Autoadd
    > O16 - Download Program Files item
    > O17 - Domain hijack
    > O18 - Enumeration of existing protocols and filters
    > O19 - User stylesheet hijack
    > O20 - AppInit_DLLs autorun Registry value
    > O21 - ShellServiceObjectDelayLoad (SSODL) autorun Registry key
    > O22 - SharedTaskScheduler autorun Registry key
    >
    > Mechanisms providing process startup: O2, O3, O4 and possibly others. Most
    > other mechanisms are geared toward directing your browser to unwanted or
    > malicious content.
    >
    >
    >
    > Install all updates available at http://windowsupdate.microsoft.com/.
    >
    Gerry Freeman-Smith, Oct 18, 2004
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. joe doe
    Replies:
    2
    Views:
    921
    ..brian..
    Mar 3, 2005
  2. ziggy

    Help to stop these 'Upgrade me now' pop-ups?

    ziggy, Jan 14, 2004, in forum: Computer Support
    Replies:
    12
    Views:
    675
    ziggy
    Jan 15, 2004
  3. T R

    Need Help With Pop Ups Spyware!!!

    T R, Jul 9, 2005, in forum: Computer Security
    Replies:
    7
    Views:
    403
  4. Replies:
    6
    Views:
    302
  5. Sam Caldwell

    Help/Pop-ups

    Sam Caldwell, Sep 28, 2005, in forum: NZ Computing
    Replies:
    12
    Views:
    684
    Nathan Mercer
    Oct 4, 2005
Loading...

Share This Page