Annoying web pages

[Guest]

Please can anyone help me how to remove the following web address on my pc.
I already run four anti spyware namely, spy bot, ad-aware, xoftspy and lastly
microsoft anti spyware beta release but it keeps on coming back.
Thanks in advance for any help.
Here's a list of some of the web address:

http://www.mega-savings.com/normal/yyy34.html
http://www.starware.com/2.0.0.0/landing/weather/weather_01.php?banner=w0001&aff_id=weatherazoogle
http://www.coupon-online.com/normal/yyy34.html
http://www.discount-home.com/normal/yyy34.html
http://www.savings-card.com/normal/yyy34.html
http://www.searc-h.com/normal/yyy34.html
http://www.mega-savings.com/normal/yyy34.html
http://www.deal-mobile.com/normal/yyy34.html
http://www.your-deal.com/normal/yyy34.html

 

[Guest]

Hello Yogi Yogyo:

Have you tried these operations running in safe mºde?

Engel

 

[Guest]

Hey Yogi Yogyo:

From looking at the links I'd say you have the Look2Me infection (VX2's evil
twin Alot of Antispy scanners do not handle this very well because it
hooks to genuine system processes such as explorer & winlogon and other's do
not even detect it

SpySweeper's new version can remove this as I tried it a few days ago and
you should then use Ewido Security Suite to check for any other problems as
Look2me can act as a magnet for malware then finally use Ccleaner to remove
all temp and unused files from your system.

Download Spysweepers Here

Just click on free trial on the right for direct download.

http://www.webroot.com/downloads/

Install then run Spysweeper, Click Options and then press "Update
Definitions" when its finished close Spysweeper.

Download Ewido Security Suite

Please download, install, and update the free version of ewido security suite

http://www.ewido.net/en/download/

When installing, under "Additional Options" uncheck "Install background
guard" and "Install scan via context menu". Click on update in the left menu,
then click the Start update button. After the update finishes close Ewido

Download Ccleaner

http://download.ccleaner.com/download124bin.asp

Install and then close

Now reboot to Safe Mode - Restart your computer and immediately begin
tapping the F8 key on your keyboard. If done right a Windows Advanced Options
menu will appear. Select the Safe Mode option and press Enter.

To return to normal mode just restart your computer as you normally would.

In Safe mode Run SpySweeper and press "Sweep" let it scan the system and
remove anything found.(If it says you need to reboot to clean some items then
let it reboot and run Ewido once the system restarts)

Run Ewido again. From the main menu click on 'scanner' then click 'Complete
System Scan' When ewido finds something, it will pop up a notification.
Select "Remove" and check the boxes "Perform action with all infections" and
"Create encrypted backup" then click on ok.

When the scan finishes, click on "Save Report" and save it to your desktop
or c:/drive incase you need it again.

Finally Run Ccleaner and press "Run Cleaner"

Reboot back to normal mode

All The Best

Andy

 

[Guest]

Another suggestion is to run Trend Micro's CWShredder
(http://www.trendmicro.com/ftp/products/online-tools/cwshredder.exe), which
can detect and remove Look2Me since it is a variant of CoolWebSearch.
CWShredder gets its name from detecting and removing CoolWebSearch, hence the
CW in its name.

Alan

 

[blashyrk1]

alternate method

I used Panda Internet Security 2006 to remove the AT.144 virus, which appeared to be downloading spyware and adware continually

Browser windows kept opening in IE (even in safe mode with nothing open) and Opera. With links that usually had a variety of domain names with the html files yyy34.html and yyy54.html. I tried everything I could think of. I restarted many times, killing absolutely all non-essential processes, but some application/virus behind the scenes was not budging.

I ended up finding at least an estimated 50 spyware/adware infections over the total. New infections kept appearing. There was a virus on there, but I didn't know how to remove it I tried many products. I found one virus which only "Panda Internet Security 2006 /w updates" could detect (it also cleaned it). Non of the other antivirus/antispyware products could find this. It was called AT.144. Norton Antivirus found a few viruses, but couldn't stop the main application virus from downloading more and more adware/spyware.

I used "Panda Internet Security 2006" and did a complete scan after updating to the latest definitions. Panda works fantastic. Prior to installing Panda Internet Security, I tried "Panda Anti-Virus Titanium", but that didn't fix it (despite updating). Since "Panda Internet Security" combines anti-virus with anti-spyware, I don't have to worry about having any other resource
hungry anti-virus applications on the machine.

I found a couple of viruses on the computer with some anti-spyware applications. The applications I used to remove a lot of the viruses that were downloaded by the spyware are:

Itty Bitty Process Manager IE-SPYAD Kill2Me.exe (remover) l2mfix.exe miniremoval_coolwebsearch_smartkiller.exe Spyware Blaster Bugoff X-RayPC (block.com) HiJackThis CWShredder CleanCache Spybot Norton Antivirus

I used norton antivirus initially (I did at least four full-system scanns (on high heuristics mode), and that found a heap of viruses and spyware, but no matter how many times I scanned, the IE windows kept popping up. In the end, Panda Antivirus found and deleted the AT.144 virus.
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
I also received a number of cookies that may be related to this unknown virus, but then again, this could just be remnants of some of the spyware that was installed.

z1.adserver.com .yadro.ru .xiti.com .www.myaffiliateprogram.com .tribalfusion.com .toplist.cz .centrport.net spylog.com dist.belnk.com .casalemedia.com .urstnet.com .belnk.com .statcounter.com stat.onestat.com .ads.pointroll.com .adopt.hbmediapro.com .2o7.net z1.adserver.com and "com.com"

I found that I was infected by the AT.144 virus, which infected cmdinst.exe in my temporary folder of the current user. There were a number of infected DLLs which were disinfected, in addition to several registry entries used for "Add/Remove Programs caching" (ARPCACHE), http://www.superwin.com/arpcache.htm

Potentially unwanted program detecte... On-demand antivirus scan 10/25/05 12:48:18 Deleted Path: C:\WINDOWS\system32\Process.exe
Adware detected: Adware/Look2Me On-demand antivirus scan 10/25/05 12:46:11 Disinfected Path: C:\WINDOWS\system32\fp2q03f5e.dll
Potentially unwanted program detecte... On-demand antivirus scan 10/25/05 12:30:51 Notified Path: C:\temp\l2mfix\l2mfix\Process.exe
Suspicious file On-demand antivirus scan 10/25/05 11:38:57 Moved File: C:\Program Files\general\opera\Cache4\opr007XO.exe
Suspicious file On-demand antivirus scan 10/25/05 11:38:55 Moved File: C:\Program Files\general\opera\Cache4\opr007NI.exe
Adware detected: Adware/Sqwire On-demand antivirus scan 10/25/05 11:19:59 Disinfected Path: C:\Program Files\Common Files\mfom\mfomd\mfomc.dll
Adware detected: Adware/ISearch On-demand antivirus scan 10/25/05 11:02:30 Disinfected Path: C:\mte3ndi6odoxng.exe
Adware detected: Adware/ISearch On-demand antivirus scan 10/25/05 10:59:44 Disinfected Path: C:\Documents and Settings\oceanborn\Local Settings\Temp\cmdinst.exe
Virus detected: AT.144 On-demand antivirus scan 10/25/05 10:57:55 Moved Path: C:\Documents and Settings\oceanborn\Desktop\zip\MyNewsGroups-0.6b.zip[layersmenu.inc.php]
[Process.exe]
Adware detected: Adware/Look2Me Antivirus protection 10/25/05 10:44:30 Disinfected Path: c:\windows\system32\ho23msp.dll