S
Somu
Hi,
From past onemonth i am facing this problem,
Often when I am using Internet explorer I get these annoying popups called
loadingsite.com
It is embarassing at work when such popup will take you to some adult finder
site that tooo infront of your boss.
I tried all the anti spywares but the problem is still persisting.
I installed Microsoft anti spy ware but still I have these popups coming up
every now and then,
some of the url's of these popup's are
http://www.loadingwebsite.com/normal/yyy34.html
http://ads1.revenue.net/l?O_RANK=-1&O_CREATIVE_ID=207568&O_SITE_ID=12324
I had run the Microsoft Antispamware scan and the report is as follows,
Spyware Scan Details
Start Date: 4/11/2005 11:33:13 AM
End Date: 4/11/2005 11:36:34 AM
Total Time: 3 mins 21 secs
Detected Threats
AproposMedia Browser Modifier more information...
Details: AproposMedia is a component of PeopleOnPage, sometimes found on
computers without the commonly visible portion of the application .
AproposMedia displays pop-up advertisements, and changes browser settings.
Status: Removed
Severe threat - Severe-risk items have an extreme potential for harm, such
as a security exploit, and should be removed.
Infected registry keys/values detected
HKEY_CLASSES_ROOT\clsid\{5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993}
HKEY_CLASSES_ROOT\clsid\{5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993}\InprocServer3
2 C:\WINNT\isrvs\sysupd.dll
HKEY_CLASSES_ROOT\clsid\{5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993}\InprocServer3
2 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} IE Update
Class
VX2.Buddy Spyware more information...
Status: Removed
Severe threat - Severe-risk items have an extreme potential for harm, such
as a security exploit, and should be removed.
Infected files detected
C:\WINNT\Buddy.exe
Transponder.ABetterInternet.Ceres Spyware more information...
Details: VX2.ABetterInternet.Transponder.2 is a new transponder variant of
aBetterInternet.
Status: Removed
High threat - High-risk items have a large potential for harm, such as loss
of computer control, and should be removed unless knowingly installed.
Infected files detected
C:\WINNT\ceres.dll
C:\Documents and Settings\Administrator\Local
Settings\Temp\THI5B1.tmp\ceres.dll
Infected registry keys/values detected
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000049-8F91-4D9C-9573-F016E7626
484}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000049-8F91-4D9C-9573-F016E7626
484}
HKEY_CLASSES_ROOT\clsid\{00000049-8F91-4D9C-9573-F016E7626484}
HKEY_CLASSES_ROOT\clsid\{00000049-8F91-4D9C-9573-F016E7626484}\InprocServer3
2 C:\WINNT\ceres.dll
HKEY_CLASSES_ROOT\clsid\{00000049-8F91-4D9C-9573-F016E7626484}\InprocServer3
2 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{00000049-8F91-4D9C-9573-F016E7626484}\ProgID
Ceres.CeresObj.1
HKEY_CLASSES_ROOT\clsid\{00000049-8F91-4D9C-9573-F016E7626484}\TypeLib
{92daf5c1-2135-4e0c-b7a0-259abfcd3904}
HKEY_CLASSES_ROOT\clsid\{00000049-8F91-4D9C-9573-F016E7626484}\VersionIndepe
ndentProgID Ceres.CeresObj
HKEY_CLASSES_ROOT\clsid\{00000049-8F91-4D9C-9573-F016E7626484} CeresObj
Class
iSearch.DesktopSearch Spyware more information...
Details: Removes the users access to use Windows Search and replaces it with
C:\WINDOWS\isrvs\desktop.exe.
Status: Removed
High threat - High-risk items have a large potential for harm, such as loss
of computer control, and should be removed unless knowingly installed.
Infected registry keys/values detected
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\delprot
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\delprot ImagePath
\SystemRoot\system32\drivers\delprot.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\delprot DisplayName
delprot
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\delprot\Security
Security
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\delprot\Enum 0
Root\LEGACY_DELPROT\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\delprot\Enum Count 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\delprot\Enum
NextInstance 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\delprot\Enum
INITSTARTFAILED 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\delprot Type 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\delprot Start 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\delprot ErrorControl 1
Detected Spyware Cookies
No spyware cookies were found during this scan.
Please Help me get rid of this problem
Somu
From past onemonth i am facing this problem,
Often when I am using Internet explorer I get these annoying popups called
loadingsite.com
It is embarassing at work when such popup will take you to some adult finder
site that tooo infront of your boss.
I tried all the anti spywares but the problem is still persisting.
I installed Microsoft anti spy ware but still I have these popups coming up
every now and then,
some of the url's of these popup's are
http://www.loadingwebsite.com/normal/yyy34.html
http://ads1.revenue.net/l?O_RANK=-1&O_CREATIVE_ID=207568&O_SITE_ID=12324
I had run the Microsoft Antispamware scan and the report is as follows,
Spyware Scan Details
Start Date: 4/11/2005 11:33:13 AM
End Date: 4/11/2005 11:36:34 AM
Total Time: 3 mins 21 secs
Detected Threats
AproposMedia Browser Modifier more information...
Details: AproposMedia is a component of PeopleOnPage, sometimes found on
computers without the commonly visible portion of the application .
AproposMedia displays pop-up advertisements, and changes browser settings.
Status: Removed
Severe threat - Severe-risk items have an extreme potential for harm, such
as a security exploit, and should be removed.
Infected registry keys/values detected
HKEY_CLASSES_ROOT\clsid\{5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993}
HKEY_CLASSES_ROOT\clsid\{5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993}\InprocServer3
2 C:\WINNT\isrvs\sysupd.dll
HKEY_CLASSES_ROOT\clsid\{5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993}\InprocServer3
2 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{5B4AB8E2-6DC5-477A-B637-BF3C1A2E5993} IE Update
Class
VX2.Buddy Spyware more information...
Status: Removed
Severe threat - Severe-risk items have an extreme potential for harm, such
as a security exploit, and should be removed.
Infected files detected
C:\WINNT\Buddy.exe
Transponder.ABetterInternet.Ceres Spyware more information...
Details: VX2.ABetterInternet.Transponder.2 is a new transponder variant of
aBetterInternet.
Status: Removed
High threat - High-risk items have a large potential for harm, such as loss
of computer control, and should be removed unless knowingly installed.
Infected files detected
C:\WINNT\ceres.dll
C:\Documents and Settings\Administrator\Local
Settings\Temp\THI5B1.tmp\ceres.dll
Infected registry keys/values detected
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000049-8F91-4D9C-9573-F016E7626
484}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000049-8F91-4D9C-9573-F016E7626
484}
HKEY_CLASSES_ROOT\clsid\{00000049-8F91-4D9C-9573-F016E7626484}
HKEY_CLASSES_ROOT\clsid\{00000049-8F91-4D9C-9573-F016E7626484}\InprocServer3
2 C:\WINNT\ceres.dll
HKEY_CLASSES_ROOT\clsid\{00000049-8F91-4D9C-9573-F016E7626484}\InprocServer3
2 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{00000049-8F91-4D9C-9573-F016E7626484}\ProgID
Ceres.CeresObj.1
HKEY_CLASSES_ROOT\clsid\{00000049-8F91-4D9C-9573-F016E7626484}\TypeLib
{92daf5c1-2135-4e0c-b7a0-259abfcd3904}
HKEY_CLASSES_ROOT\clsid\{00000049-8F91-4D9C-9573-F016E7626484}\VersionIndepe
ndentProgID Ceres.CeresObj
HKEY_CLASSES_ROOT\clsid\{00000049-8F91-4D9C-9573-F016E7626484} CeresObj
Class
iSearch.DesktopSearch Spyware more information...
Details: Removes the users access to use Windows Search and replaces it with
C:\WINDOWS\isrvs\desktop.exe.
Status: Removed
High threat - High-risk items have a large potential for harm, such as loss
of computer control, and should be removed unless knowingly installed.
Infected registry keys/values detected
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\delprot
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\delprot ImagePath
\SystemRoot\system32\drivers\delprot.sys
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\delprot DisplayName
delprot
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\delprot\Security
Security
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\delprot\Enum 0
Root\LEGACY_DELPROT\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\delprot\Enum Count 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\delprot\Enum
NextInstance 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\delprot\Enum
INITSTARTFAILED 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\delprot Type 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\delprot Start 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\delprot ErrorControl 1
Detected Spyware Cookies
No spyware cookies were found during this scan.
Please Help me get rid of this problem
Somu