Something has infected my IE 6 SP1

[Joe]

I accidentally opened a file and now every time I use IE to browse the
internet I see connections being made to a php script as follows:

http://pop.rfwnad.com/scripts/popup.php?title...

I have since downloaded all the latest security patches for IE 6 and I have
run a few spyware/adware products that removed other crap from my machine.
No matter what I do I can't get rid of this problem.

Has anyone else come across the same problem. Any ideas on who to get rid
of the offending code.

 

[Smile Extender]

Ask help from http://www.spywareinfo.com (support forums). Get hijackthis
utility (www.tomcoyote.org/hjt) and produce log file and post it to that web
site.

 

[Khoa BUI]

I accidentally opened a file and now every time I use IE to browse the
internet I see connections being made to a php script as follows:

http://pop.rfwnad.com/scripts/popup.php?title...

I have since downloaded all the latest security patches for IE 6 and I have
run a few spyware/adware products that removed other crap from my machine.
No matter what I do I can't get rid of this problem.

Has anyone else come across the same problem. Any ideas on who to get rid
of the offending code.

I had the same problem today. I found out that a dll named ddmp.dll
was responsible for these problems.
To get rid of it, you must find where the dll is (I found mine on C:\)
and unregister it. The command line to unregister the dll is "regsvr32
[full path]\ddmp.dll /u". The effect is immediate; you do not have to
reboot.

 

[tech]

I had the same problem today. I finally figured out how to get rid rid
of this spyware.

Go to C:\Program Files and look for a dir named ddm.

This directory has the following files:
ddmp.dll
dir.ddm
gm.exe
optimize.exe
winpup.exe

delete all of them reboot. This will solve the problem.

 

[Brian]

Here's the solution. I had to email the technical contact of the
domain rfwnad.com. Here's what he sent back. It worked for me.

Brian



Solution:

---------------------------------------

For uninstallation support, please try the following link:
http://www.dynamicdesktopmedia.com/index.php?run_level=uninstall

Kind Regards,

Support Team
Dynamic Desktop Media

---------------------------------------

 

[Ancient Medicine]

WARNING!!! Do not trust the solution from Brian. Gawd, people!!! If
you look carefully at the link for the solution that "Brian" gives, it
points straight to the offending website. If you do your research,
you'll see that "Brian" has conveniently posted this "helpful" info in
other groups to further confuse his victims.

Thankfully, adaware recognizes this bullsh*t. Just get the latest
version and defs and you'll be rid of this and other nasties.
http://www.lavasoftusa.com/

To the originator of this spyware: You deserve prison time. And,
hopefully with a big mean cell mate that will violate your rectum like
the way you've violated us. How does it feel to be a criminal? You
scumbag.

~Ancient

 

[Ancient Medicine]

Btw, AdAware 6 does fix the problem, but the ddm dir and files still
remain. Just delete.

I'll keep you updated if anything else crops up.

~Ancient