Go Back   Computer Forums > General Computing > Cyber Safety and Computer Security
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 07-08-2007, 12:35 PM   #1
Baseband Member
 
Wherebob's Avatar
 
Join Date: Jan 2006
Posts: 90
Default Pop-up ad, can't find to delete?

I have a pop up ad ( eurogrand.com) and it has something stored on my PC and about every 10 minutes it pops up when I'm on the web. It has going on for over a month. It takes up the whole screen and I have to crl-alt-del to get it off. I have deleted cookies, history, temp files, done a search on my drives and can't find it to delete it.

Any ideas where it may be stored on my PC


Here is the source HTML I retreived from the window.

http: //www. eurogrand. com/ fileadmin/templates /eurogrand1/js/adobe/AC_RunActiveContent.js

Thanks for your help
__________________

__________________
* Dell OptiPlex GX279, Pentium 4 - 2.8GHZ Hyper-Threaded
150G drive, 500G external drive, 1.5GB Ram, XP Professional
* Dell Dimension 2400, Pentium 4 - 2.56GHZ
40G drive, 1.5GB RAM, Windows Server 2003 R2
Wherebob is offline   Reply With Quote
Old 07-08-2007, 02:07 PM   #2
muz
Golden Master
 
muz's Avatar
 
Join Date: Oct 2006
Posts: 6,928
Default Re: Pop-up ad, can't find to delete?

Try spybot search and destroy and adaware scan with them , should find it
__________________

__________________
Desktop-AMD Athlon 64 X2 6000+-2GB Elixer DDR2 800 250gb+500gb+500gb+120gb
Laptop-Apple Macbook Pro 13" Intel core i5(2.3ghz) 4gb Ram 320gb hard drive
muz is offline   Reply With Quote
Old 07-08-2007, 03:33 PM   #3
Golden Master
 
Raffaz's Avatar
 
Join Date: Sep 2006
Posts: 6,798
Send a message via AIM to Raffaz Send a message via MSN to Raffaz Send a message via Yahoo to Raffaz
Default Re: Pop-up ad, can't find to delete?

Try doing a scan in safe mode. Use NOD32, spybot and adaware. Give hijackthis a go aswell.
Raffaz is offline   Reply With Quote
Old 07-08-2007, 04:08 PM   #4
Baseband Member
 
Join Date: Mar 2005
Posts: 36
Default Re: Pop-up ad, can't find to delete?

Just use regedit and delete the registry entry (not the whole registry) ,it will be under eurogrand or whoever is the company that uses the ad.If you dont know how to do that then use ccleaner (free) use the cookie cleaner first then the registry cleaner part.never had something like you have that it failed to find and let me delete it.what is happening is you are deleting the add and cookie but not the regestry entry so when you go on internet it just pops up again.JMHO>Marvin
mrjetskey is offline   Reply With Quote
Old 07-08-2007, 07:59 PM   #5
Baseband Member
 
Wherebob's Avatar
 
Join Date: Jan 2006
Posts: 90
Default Re: Pop-up ad, can't find to delete?

Quote:
Originally Posted by mrjetskey View Post
Just use regedit and delete the registry entry (not the whole registry) ,it will be under eurogrand or whoever is the company that uses the ad.
Marvin
I don't see it in the registry? Under what HKEY folder would you think it would be in?

I guessed and looked in HKEY_LOCAL_MACHINE /Software
and HKEY_USERS

Also I did run Ad-Aware and McAfee with no results

Thanks
Bob
__________________
* Dell OptiPlex GX279, Pentium 4 - 2.8GHZ Hyper-Threaded
150G drive, 500G external drive, 1.5GB Ram, XP Professional
* Dell Dimension 2400, Pentium 4 - 2.56GHZ
40G drive, 1.5GB RAM, Windows Server 2003 R2
Wherebob is offline   Reply With Quote
Old 07-08-2007, 08:06 PM   #6
Golden Master
 
freestyler105's Avatar
 
Join Date: Sep 2006
Posts: 7,883
Default Re: Pop-up ad, can't find to delete?

Quote:
Originally Posted by mrjetskey View Post
Just use regedit and delete the registry entry (not the whole registry) ,it will be under eurogrand or whoever is the company that uses the ad.If you dont know how to do that then use ccleaner (free) use the cookie cleaner first then the registry cleaner part.never had something like you have that it failed to find and let me delete it.what is happening is you are deleting the add and cookie but not the regestry entry so when you go on internet it just pops up again.JMHO>Marvin
I doubt that's the problem.

Do as Raffaz said. Or just post your HijackThis log here.
__________________
C2D E6600 | 4GB DDR2-800 | 9800GTX+ | Asus P5B-E | 150GB Raptor | 320GB 7200.10 | 750W Xigmatek PSU
freestyler105 is offline   Reply With Quote
Old 07-08-2007, 10:33 PM   #7
Baseband Member
 
Wherebob's Avatar
 
Join Date: Jan 2006
Posts: 90
Default Re: Pop-up ad, can't find to delete?

Hijackthis scan:

Logfile of HijackThis v1.99.1
Scan saved at 8:44:31 PM, on 7/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\BOBSHA~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://my.netzero.net/s/sp?r=al&cf=s...000&N=PLHS&O=A
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 64.136.29.30;64.136.21.30;64.136.29.34;searchap.un td.com;127.0.0.1;localhost;*microsoft.com;*windows update.com;*wustat.windows.com;*.pogo.com;*.worldw inner.com;*test-speed.com;liveupdate.symantecliveupdate.com;*syman tec.com;*.nai.com;*.networkassociates.com;*photosi te.com;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\Toolbar.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printra y.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [gwiz] C:\WINDOWS\system32\arpl.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe


Well I don't see it in here either.
The only thing I may suspect is - O11 - Options group: [INTERNATIONAL] International*

Another thing is it is not running during this scan.
I'll run this when it comes up again and see what I find.

What do you guys think?
__________________
* Dell OptiPlex GX279, Pentium 4 - 2.8GHZ Hyper-Threaded
150G drive, 500G external drive, 1.5GB Ram, XP Professional
* Dell Dimension 2400, Pentium 4 - 2.56GHZ
40G drive, 1.5GB RAM, Windows Server 2003 R2
Wherebob is offline   Reply With Quote
Old 07-09-2007, 01:19 AM   #8
Golden Master
 
freestyler105's Avatar
 
Join Date: Sep 2006
Posts: 7,883
Default Re: Pop-up ad, can't find to delete?

For future reference, you can use this site to analyze your log:
http://hijackthis.de/

It found only one bad thing:
O4 - HKLM\..\Run: [gwiz] C:\WINDOWS\system32\arpl.exe

That may or may not be it. Fix that, and if it comes up again, take a log after it happens.
__________________
C2D E6600 | 4GB DDR2-800 | 9800GTX+ | Asus P5B-E | 150GB Raptor | 320GB 7200.10 | 750W Xigmatek PSU
freestyler105 is offline   Reply With Quote
Old 07-11-2007, 12:30 PM   #9
Baseband Member
 
Wherebob's Avatar
 
Join Date: Jan 2006
Posts: 90
Default Re: Pop-up ad, can't find to delete?

Took a log and deleted all bad files. Ran hijack again and it found nothing bad. It was good for a day and now its back. Ran hijack again while it was running and found this again (the only bad file found).
O4 - HKLM\..\Run: [gwiz] C:\WINDOWS\system32\arpl.exe

I had deleted this 2 days ago and now its back.

Help please
__________________
* Dell OptiPlex GX279, Pentium 4 - 2.8GHZ Hyper-Threaded
150G drive, 500G external drive, 1.5GB Ram, XP Professional
* Dell Dimension 2400, Pentium 4 - 2.56GHZ
40G drive, 1.5GB RAM, Windows Server 2003 R2
Wherebob is offline   Reply With Quote
Old 07-11-2007, 06:39 PM   #10
Fully Optimized
 
blackjack's Avatar
 
Join Date: Mar 2007
Posts: 2,945
Send a message via MSN to blackjack
Default Re: Pop-up ad, can't find to delete?

Try deleting your cookies as it might have a tracker in there or run this ADAWARE http://www.lavasoftusa.com/ and try http://www.ccleaner.com/download/
__________________

__________________
Compaq Presario CQ5305K-m Intel® Pentium® Dual Core E5300 (2.6 GHz), Windows® 7 Home Premium 64 bit, 2048 MB , Hard drive: 320 Gb, with 18.5 Widescreen
SPURS TILL I DIE (DIAMONDS ARE FOREVER SO ARE SPURS)
TO DARE IS TO DO
blackjack is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 04:00 PM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0