IE Popup madness

A

Andy

I keep getting a pop-up that will not close, despite using
2 current and updated utilities (AdAware and SpyBot Search
& Destroy). Once the pop-up opens is does not allow me to
close any browser windows and keeps spawning new ones.
Each utility DOES detect the offending item but cannot
remove it. I've tried everything and cannot get the pop-
ups to stop.

I'm running the latest version of IE as of June 15th, 2004
on Win XP Pro.

Ideas? I DO NOT want to go to Netscape (ICK! ;) ).

Thanks in advance.

Andy K.
 
J

~JOSh-X

Do not go to NETSCAPE or we will all find you ;-) haha

Do you know anything about the popup window?

What do AdAware and SpyBot S&D /SPECIFICALLY/ say about
it?

~JOSh-X
 
A

Andy K.

I'll post the code that comes up later. It's listed as
a "potential browser hijack", but the name is just a
string of characters.

I'll be in touch later on when I'm back at that machine.
Thanks for your help (and for saving me from Netscape) :)

Andy K.
 
A

Andrea

My computer is doing the same thing. Once the blank
windows come up nothing closes. I have to eventually
shut my computer down and restart it in order to get
everything to close. I also have SpyBot and AVG
antivirus. AVG found the trojan backdoor a and
supposedly removed it. Could this still be causing me
problems?? If you get help please pass the info along.
Would greatly appreciate it.
 
L

Les L

I've got a similar problem. The new windows spawned are
from sandboxer.com and jmnad1.com. Neither AdAware nor
SpyBot detect any problems, and Popup Stopper does NOT
prevent these from appearing. Any ideas?
 
D

Don Varnau

Les,
Sandboxer indicates the peper trojan. See the post by cnm at
http://forums.spywareinfo.com/index.php?showtopic=5790

I can't find anything on jmnad1. If running the peper uninstaller doesn't
cure this, go to http://www.aumha.org/a/quickfix.htm Work through
steps 1-6 then step 7- post a HijackThis log to the forum at
http://forum.aumha.org/viewforum.php?f=30
See "Instructions for posting HJT logs" at
http://forum.aumha.org/viewtopic.php?t=4075

Also see security tips at:
http://mvps.org/winhelp2002/unwanted.htm
http://www.aumha.org/a/parasite.htm

Don
 
A

Andy K.

Here are the files identified by AdAware that look to be
part of the pop-up issue. There were 3 more like #2 & 3
as well that are not removed by AdAware or Spybot.

Thanks again!

Andy

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
1) Started deep registry scan

Possible browser hijack attempt :
Software\Microsoft\Internet Explorer\MainStart
Pageabout:blank

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "about:blank"
Category : Data Miner
Comment : Possible browser hijack attempt
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet
Explorer\Main
Value : Start Page
Data : "about:blank"

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
2) Deep scanning and examining files (C:)

AdBlaster Object recognized!
Type : File
Data : iexplorr11.dll
Category : Malware
Comment :
Object : C:\WINDOWS\
FileSize : 56 KB
FileVersion : 3.00
ProductVersion : 3.00
Copyright : Copyright 2002 ESD Technologies,
Inc.
CompanyName : ESD Technologies, Inc.
InternalName : iexplorr11
OriginalFilename : iexplorr11.dll
ProductName : ESDADS1
Created on : 6/24/2004 1:35:12 AM
Last accessed : 6/23/2004 7:00:00 AM
Last modified : 6/24/2004 1:35:14 AM

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
3) AdBlaster Object recognized!
Type : File
Data : iexplorr11.dll
Category : Malware
Comment :
Object : C:\Program Files\AdblInst\
FileSize : 56 KB
FileVersion : 3.00
ProductVersion : 3.00
Copyright : Copyright 2002 ESD Technologies,
Inc.
CompanyName : ESD Technologies, Inc.
InternalName : iexplorr11
OriginalFilename : iexplorr11.dll
ProductName : ESDADS1
Created on : 6/24/2004 1:35:12 AM
Last accessed : 6/23/2004 7:00:00 AM
Last modified : 6/24/2004 1:35:14 AM
 
H

H Leboeuf

This file iexplorr11.dll = InetSpeak parasite.
http://www.doxdesk.com/parasite/InetSpeak.html
--
About:Blank could be CoolwebSearch variant.

Get AdAware and SpyBot and run them both. Keep them up to date.
Dealing with Unwanted Spyware, Parasites, Toolbars and Search Engines
http://mvps.org/winhelp2002/unwanted.htm

Additional link:
http://aumha.org/a/quickfix.htm

You will need this removal tool.
More: Complete list by variant with up-to-date information.
http://www.spywareinfo.com/~merijn/cwschronicles.html
More: Removal tool: http://www.spywareinfo.com/~merijn/files/CWShredder.exe


Important: "So how did I get infected in the first place?"
http://forums.net-integration.net/index.php?showtopic=3051



Henri Leboeuf
Web page: http://www.colba.net/~hlebo49/index.htm
===
Hi again: Any suggestions?

This appears to be something specific.

Thanks again!
 
A

Andy K.

Thanks. I've been using Spyot and Adaware and keep both
very up to date.

The only way I can think on how the infection happened was
downloading a browser called MyIE that PC World
recommended. Last time I make a stupid move like that.

Spybot also seems to be finding something called "AdRoar"
plug-in. Any ideas what that thing is?

UGH!

Thanks!

Andy
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Pop-up still popping up 1
IE Home page keeps defaulting to some search engine.... 2
Pop-up killer killing desired pop-ups 5
IE Popoups 2
IE not responding 1
Unable to close IE window 1
Can't stop popups, have i tried everything? 5
IE and pop ups driving me crazy 1

Top