1. Home
  2. Land Rover 4WD vehicles
  3. Rule Of Tim:- WTF is this, that has appeard in my IE

Rule Of Tim:- WTF is this, that has appeard in my IE

res://mshp.dll/index.html#37049

What ever you do don't click it, but every 5 opens of IE it dumps it's self in to the open home page, bit of the settings, yeah I know IE is crap.

Address now blocked in Firewall, but virus scanner not picked anything up.

I reckon it is one of those add pop up thingis, question is how do I get rid of it??

Dan Allen Events Sec:- Home Counties Land Rover Club Webmaster:- Enfield Scout Sailing Association Webmaster:- Hoddesdon Radio Club Ham Call sign:- M1ETN Email:- snipped-for-privacy@nospam.valvesunlimited.demon.co.uk Packet Radio Address:- M1ETN@GB7NSY.#32.GBR.EU Web Site:-

formatting link
Radio Club:-
formatting link
Counties Landrover Club:-
formatting link
Enfield Scout Sailing Association:-
formatting link

  • Nothing is illegal until you get caught*
Reply to
Dan Allen
Loading thread data ...

Yes, real feckers aren't they.

Try using Spybot Search & Destroy for starters (google for it). If that doesn't work, suggest you work out which site is behind it (by following the links for example) and then google for the site name plus "spyware". I've had to do it a couple of times on my neice's PC, and it really gets my goat. If I ever meet one of the cretins who puts this stuff out, I will take great pleasure in breaking their lousy nose.

David

Reply to
David French

I've found 'Ad-aware' to be an effective way of killing pop-ups. It's free - try google for a download.

Reply to
Stuart Nuttall

Spybot seems to get the stuff that ad-aware misses and vice versa. You can't go wrong running both of them!

Reply to
Tom Woods

If you are being re-directed to sites you never wanted to go to, download and run "hijackthis" (google for it) then save a log file and post it on this NG. I'll tell you what to "fix".

Importantly, download and run "spywareblaster" version 3.0 (google again) update it and check all protection is enabled. Keep it up to date and you'll never be invaded by spybots and trojans again!

For more info, feel free to mail me.

CJ

Reply to
CJ

On Tue, 6 Apr 2004 23:40:15 +0100, "CJ" spilled forth with the follow words of wisdom:

Thanks All,

I was running spybot, that found some things, I deleated, but it could not deleat two registry entries, so I went and play in the registry, and they are not there, however a reboot, and every thing is back to sending me to this poxy site, got the popup blocker running in google bar, evertime I go to a new page it blocks pop ups.

Here is the hijack log pasted below....I think r0 to r1 definalty need to be delated.

Sorry for the wraped txt file, just how agent posted it

Cheers Dan

Logfile of HijackThis v1.97.7 Scan saved at 08:45:07, on 07/04/2004 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes: J:\WINNT\System32\smss.exe J:\WINNT\system32\winlogon.exe J:\WINNT\system32\services.exe J:\WINNT\system32\lsass.exe J:\WINNT\system32\svchost.exe J:\WINNT\system32\spoolsv.exe J:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe J:\WINNT\System32\CTsvcCDA.exe J:\WINNT\System32\svchost.exe J:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe J:\WINNT\system32\nvsvc32.exe J:\WINNT\system32\regsvc.exe J:\WINNT\system32\MSTask.exe J:\Program Files\McAfee\McAfee VirusScan\VsStat.exe J:\WINNT\system32\tlntsvr.exe J:\WINNT\System32\WBEM\WinMgmt.exe J:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe J:\WINNT\System32\MsPMSPSv.exe J:\WINNT\system32\svchost.exe J:\WINNT\system32\inetsrv\inetinfo.exe J:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe J:\Program Files\McAfee\McAfee VirusScan\Webscanx.exe J:\Program Files\McAfee\McAfee Firewall\CPD.EXE J:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe J:\WINNT\Explorer.EXE J:\Program Files\McAfee\McAfee Firewall\CPDCLNT.EXE J:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe J:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE J:\WINNT\system32\CTHELPER.EXE J:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe J:\Program Files\McAfee\McAfee VirusScan\alogserv.exe J:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe J:\Program Files\QuickTime\qttask.exe J:\Program Files\Winamp\winampa.exe J:\Program Files\Common Files\Real\Update_OB\realsched.exe J:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe J:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe J:\Program Files\MSN Messenger\MsnMsgr.Exe J:\WINNT\system32\RUNDLL32.EXE J:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe J:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE J:\Program Files\AnalogX\Atomic TimeSync\ats.exe J:\Program Files\FinePixViewer\QuickDCF.exe J:\Program Files\U.S. Robotics\ControlCenter\Reminder.exe J:\Program Files\MailWasher\MailWasher.exe J:\Program Files\Agent\agent.exe J:\Program Files\Internet Explorer\IEXPLORE.EXE J:\WINNT\system32\ctfmon.exe E:\download\Apps\spybot remover\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://mshp.dll/sp.html#37049 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://mshp.dll/index.html#37049 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://mshp.dll/index.html#37049 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://mshp.dll/sp.html#37049 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://mshp.dll/index.html#37049 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://mshp.dll/sp.html#37049 O1 - Hosts file is located at: J:\WINNT\System32\drivers\etc\hosts O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - J:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - J:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: . - {587DBF2D-9145-4c9e-92C2-1F953DA73773} - J:\WINNT\sysse\sysse32.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - j:\winnt\googletoolbar1.dll O2 - BHO: ShowSearch module - {E2DDF680-9905-4dee-8C64-0A5DE7FE133C} - J:\WINNT\ievt\mssearch.dll O2 - BHO: (no name) - {FD9BC004-8331-4457-B830-4759FF704C22} - J:\WINNT\sysse\msiesh.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - J:\WINNT\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - j:\winnt\googletoolbar1.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE J:\WINNT\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [CTSysVol] J:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe O4 - HKLM\..\Run: [CTDVDDet] J:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [UpdReg] J:\WINNT\UpdReg.EXE O4 - HKLM\..\Run: [CTStartup] "J:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /run O4 - HKLM\..\Run: [HPDJ Taskbar Utility] J:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [Alogserv] J:\Program Files\McAfee\McAfee VirusScan\alogserv.exe O4 - HKLM\..\Run: [McAfee Guardian] "J:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU O4 - HKLM\..\Run: [REGSHAVE] J:\Progra~1\REGSHAVE\REGSHAVE.EXE /autorun O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [NeroCheck] J:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "J:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WinampAgent] J:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [TkBellExe] "J:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Image] rundll32 J:\WINNT\image.dll,Install O4 - HKCU\..\Run: [RemoteCenter] J:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "J:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor O4 - HKCU\..\Run: [MsnMsgr] "J:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE J:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [Creative MediaSource Go] J:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe /SCB O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe O4 - HKCU\..\Run: [MtdAcq] J:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE /s O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe O4 - HKCU\..\RunServices: [Image] rundll32 J:\WINNT\image.dll,Install O4 - Global Startup: Adobe Gamma Loader.exe.lnk = J:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Atomic TimeSync (2).lnk = J:\Program Files\AnalogX\Atomic TimeSync\ats.exe O4 - Global Startup: Exif Launcher.lnk = J:\Program Files\FinePixViewer\QuickDCF.exe O4 - Global Startup: Instant Update Reminder.lnk = J:\Program Files\U.S. Robotics\ControlCenter\Reminder.exe O4 - Global Startup: Microsoft Office.lnk = J:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google Search - res://j:\winnt\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://j:\winnt\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://j:\winnt\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://J:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Si&milar Pages - res://j:\winnt\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://j:\winnt\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O9 - Extra button: Real.com (HKLM) O12 - Plugin for .spop: J:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -

formatting link
- DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative SoftwareAutoUpdate) -
formatting link
- DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office UpdateInstallation Engine) -
formatting link
- DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} -
formatting link
- DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
formatting link
- DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSIRegistry Information Class) -
formatting link
- DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) -
formatting link
- DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave FlashObject) -
formatting link
- DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative SoftwareAutoUpdate Support Package) -
formatting link

Reply to
Dan Allen

The scumbags write the software so it monitors for itself being deleted and reinstalls itself. How commercial organisations can get away with writing these trojan horses legitimately is beyond me. Bring back the ducking stool.

At least the normal virus writers are up-front about it.

David

Reply to
David French

An effective and cheap way to prevent 'popups' is to use the Google Toolbar. I'm always slightly wary of any such software, but Google has a fair reputation and I use their toolbar on my Windoze IE install (even though that Windoze session is simply another running process in VMware so I'm not really too arsed if it breaks).

Reply to
Mother

MotorsForum website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.