#162601 - 23/05/2003 12:48
Re: How do I get rid of this?
[Re: CrackersMcCheese]
|
enthusiast
Registered: 21/08/2000
Posts: 346
Loc: Rochester, NY USA
|
"Tools" Menu,
"Internet Options"
Update the "home" URL
Attachments
160655-Clipboard01.jpg (99 downloads)
_________________________
Cheers,
-Doug Morrison
Mk2-32G Back light buttons, Neon red screen
|
Top
|
|
|
|
#162602 - 23/05/2003 12:49
Re: How do I get rid of this?
[Re: morrisdl]
|
pooh-bah
Registered: 14/01/2002
Posts: 2489
|
Yes, but it keeps defaulting to the other address. Its like theres a program running in the background. Trouble is I have a huge list of processes and don't know what they are due to cryptic naming!
|
Top
|
|
|
|
#162603 - 23/05/2003 12:56
Re: How do I get rid of this?
[Re: CrackersMcCheese]
|
carpal tunnel
Registered: 27/06/1999
Posts: 7058
Loc: Pittsburgh, PA
|
Damn, seems to be an epidemic.
Don't know the permanent fix, but as a temporary measure, open up your HOSTS file (c:\winnt\system32\drivers\etc\hosts in NT/2k/XP or c:\windows\hosts in Win9x) and add this line:
127.0.0.1 c5429.wabu.com
That should at least keep that site from loading up. Then look for an ad cleaner of some time, many are mentioned in the thread linked above.
|
Top
|
|
|
|
#162604 - 23/05/2003 13:07
Re: How do I get rid of this?
[Re: tonyc]
|
pooh-bah
Registered: 14/01/2002
Posts: 2489
|
Worrying thing is I've not installed anything lately, my firewall and router are on, so I don't understand where this has come from.
|
Top
|
|
|
|
#162607 - 23/05/2003 14:03
Re: How do I get rid of this?
[Re: wfaulk]
|
pooh-bah
Registered: 14/01/2002
Posts: 2489
|
I ain't paying $14 to remove it!
|
Top
|
|
|
|
#162608 - 23/05/2003 14:06
Re: How do I get rid of this?
[Re: CrackersMcCheese]
|
carpal tunnel
Registered: 23/08/2000
Posts: 3826
Loc: SLC, UT, USA
|
Man. what sites are you guys going to that are installing all this junk. I gotta stay the hell away from them.
|
Top
|
|
|
|
#162609 - 23/05/2003 14:18
Re: How do I get rid of this?
[Re: CrackersMcCheese]
|
carpal tunnel
Registered: 25/12/2000
Posts: 16706
Loc: Raleigh, NC US
|
I didn't notice that. Just get AdAware.
_________________________
Bitt Faulk
|
Top
|
|
|
|
#162610 - 23/05/2003 14:31
Re: How do I get rid of this?
[Re: loren]
|
pooh-bah
Registered: 14/01/2002
Posts: 2489
|
I don't know... I mean, I only went to bigandbouncy.com a few times.
Seriously though I have no idea! And I made that site up!
|
Top
|
|
|
|
#162611 - 23/05/2003 15:51
Re: How do I get rid of this?
[Re: wfaulk]
|
pooh-bah
Registered: 14/01/2002
Posts: 2489
|
Its not working. I've tried 3 times. An exe file loads up each time I start my machine - its like a random name each time.
kpf1.exe
hgf1.exe
dfr1.exe
and so on.
My firewall kicks in each time and I deny access. I've also tried to remove the file manually from its location (documents and settings\local settings\temp) but it won't delete as it says its in use.
Now if I end the process, the icon disappears from the folder. As it changes its name each time I can't search for it.
I've attached a screen shot of the file in the folder - maybe someone will recognise the icon.
Cheers
Attachments
160670-Image2.jpg (95 downloads)
Edited by PhilipOHare (23/05/2003 15:55)
|
Top
|
|
|
|
#162612 - 23/05/2003 16:13
Re: How do I get rid of this?
[Re: CrackersMcCheese]
|
pooh-bah
Registered: 12/02/2002
Posts: 2298
Loc: Berkeley, California
|
This sounds like a job for safe mode. If the file is always three chars and the numeral 1 in the temp directory it should be hard to find. Safe mode will prevent it from starting so you'll be able to delete it. It'd be interesting to know if this is a program that adaware and the like havn't heard of, as I'm sure they'd be interested.
Matthew
|
Top
|
|
|
|
#162613 - 23/05/2003 16:31
Re: How do I get rid of this?
[Re: matthew_k]
|
carpal tunnel
Registered: 23/08/2000
Posts: 3826
Loc: SLC, UT, USA
|
it's sad that some people use programming talent like that for the dark side.
|
Top
|
|
|
|
#162614 - 23/05/2003 23:23
Re: How do I get rid of this?
[Re: wfaulk]
|
enthusiast
Registered: 20/11/2000
Posts: 279
Loc: Pacific Northwest
|
I like Spyware Blaster as an extra layer of protection too and the price is righ!
- Tim
|
Top
|
|
|
|
#162615 - 24/05/2003 03:43
Re: How do I get rid of this?
[Re: matthew_k]
|
pooh-bah
Registered: 14/01/2002
Posts: 2489
|
Ok, I tried safe mode and I managed to delete the file. I then ran ad-aware in safe mode and rebooted.
The annoying menu is now gone, but another ***1.exe file has been created and tries to access lop.com. WHERE is this coming from?
Edit: Aaaagg... the bar is back. There must be another program creating these exe files. Someone help me please!
Edited by PhilipOHare (24/05/2003 03:45)
|
Top
|
|
|
|
#162616 - 24/05/2003 04:13
Re: How do I get rid of this?
[Re: CrackersMcCheese]
|
carpal tunnel
Registered: 18/01/2000
Posts: 5683
Loc: London, UK
|
Something that occurs is that you could grab a copy of FileMon from http://www.sysinternals.com/ and see if you can get that to tell you which process is creating the EXE file.
Alternatively, reinstall Windows: "I say we take off and nuke the site from orbit. It's the only way to be sure."
_________________________
-- roger
|
Top
|
|
|
|
#162617 - 24/05/2003 04:15
Re: How do I get rid of this?
[Re: Roger]
|
pooh-bah
Registered: 14/01/2002
Posts: 2489
|
Your just a grunt, you can't make that kind of decision. No offence.
Edited by PhilipOHare (24/05/2003 04:16)
|
Top
|
|
|
|
#162618 - 24/05/2003 05:51
Re: How do I get rid of this?
[Re: CrackersMcCheese]
|
carpal tunnel
Registered: 18/01/2000
Posts: 5683
Loc: London, UK
|
None taken.
_________________________
-- roger
|
Top
|
|
|
|
#162619 - 24/05/2003 10:01
Re: How do I get rid of this?
[Re: CrackersMcCheese]
|
carpal tunnel
Registered: 18/06/2001
Posts: 2504
Loc: Roma, Italy
|
I don't promise anything, but maybe a list of the task running could help to detect what is running on your pc and should not. If we get what it is, you could search the registry to avoid that it gets loaded at boot. Just make a grab of windows taskmanager, or, if you have a resource kit installed, type this at the command prompt:
PULIST
and post the output here.
Also, I am attaching a simple .cpl that will tell you what starts at your pc boot. Just install it and go to the control panel. You will have a new icon called "startup". Start it and delete the items you don't want to be loaded on boot.
Attachments
160732-StartupCPL.zip (55 downloads)
_________________________
= Taym = MK2a #040103216 * 100Gb *All/Colors* Radio * 3.0a11 * Hijack = taympeg
|
Top
|
|
|
|
#162620 - 24/05/2003 10:05
Re: How do I get rid of this?
[Re: Taym]
|
pooh-bah
Registered: 14/01/2002
Posts: 2489
|
Thanks... I'll give this a go. It didn't appear on safe mode, so i will try to narrow down the program from this.
|
Top
|
|
|
|
#162621 - 26/05/2003 06:17
Re: How do I get rid of this?
[Re: CrackersMcCheese]
|
addict
Registered: 08/08/2001
Posts: 452
Loc: NZ
|
manual removal instructions
http://www.doxdesk.com/parasite/lop.html
pity antivirus software doesnt do it, this is a biatch to remove..... i think it's high time antivirus software included scanning/removal of all things ADware related too..
Edited by JaBZ (26/05/2003 06:20)
|
Top
|
|
|
|
#162622 - 27/05/2003 08:30
Re: How do I get rid of this?
[Re: JaBZ]
|
carpal tunnel
Registered: 08/06/1999
Posts: 7868
|
pity antivirus software doesnt do it, this is a biatch to remove..... i think it's high time antivirus software included scanning/removal of all things ADware related too.. The user agrees to have such adware installed when they agree to the license presented to them. Thus, it is not a virus, and not something that virus scanners need to search for.
That was their excuse last time I heard anyhow.
|
Top
|
|
|
|
#162623 - 27/05/2003 10:00
Re: How do I get rid of this?
[Re: JaBZ]
|
old hand
Registered: 20/03/2002
Posts: 729
Loc: Palo Alto, CA
|
lop is nasty. Last year I accidentally ran across a lop mirror by mistyping a url. It took me months to get rid of all of the adware stuff that was installed. They definitely do have some talented programmers working for them.
- trs
_________________________
- trs
|
Top
|
|
|
|
#162624 - 27/05/2003 10:02
Re: How do I get rid of this?
[Re: trs24]
|
carpal tunnel
Registered: 27/06/1999
Posts: 7058
Loc: Pittsburgh, PA
|
They definitely do have some talented programmers working for them. As far as I'm concerned, when you use your programming skill for something like this, the word "talented" should not apply.
|
Top
|
|
|
|
#162625 - 27/05/2003 11:37
Re: How do I get rid of this?
[Re: JaBZ]
|
carpal tunnel
Registered: 20/12/1999
Posts: 31600
Loc: Seattle, WA
|
i think it's high time antivirus software included scanning/removal of all things ADware related too.. Agreed completely. We need a convergence of tools that do similar things. I'd like to see ad removal and virus prevention in the same package. There are some other things that would dovetail nicely into a realtime-disk-access-monitoring driver that would be useful to have all under one UI...
|
Top
|
|
|
|
#162626 - 29/05/2003 11:30
Re: How do I get rid of this?
[Re: CrackersMcCheese]
|
stranger
Registered: 28/05/2003
Posts: 25
Loc: The Ohio Valley (USA)
|
I have had great luck with Spybot Search & Destroy (not in any way related to the currently circulating Spybot virus). You can download it for free here:
http://security.kolla.de/
Best of luck!
_________________________
[red] Nick Tomlin [/red]
02 Cadillac Escalade
60gb MkIIa - Blue
|
Top
|
|
|
|
|
|