Approximately every ten min. this accessess the internet, right afterwards, popup ads appear, this is one of them : http://www.findromance.com/index2.php?affil=1918-popup http://69.20.62.53/yyy4.html http://www.pcpowerscan.com/index.html?2146 Some of them popup, then close themselves, its getting pretty scary, anyone know what I got myself into? Others appear with numbers at front, almost as a FTP server, but not. All this started all of a sudden. I've ran Ad aware/ Norton/ cwshredder/ hijacker/ Scan Spyware/ TuneUp utilities and RegMechanic to clean before and after scanning. None of this helped. I even tried running system restore back to before all this started. Thanks again.. _X_X_X_X_X_[small]J_Holmes[/small]
Do you use IE6.0? Try using mozilla firefox... It contains a built in pop-up stopper... Also msn tools comes with a popup blocker... Give a try... Hoped this solved your problem...
Some spyware uses a fake winlogon.exe. Where is your's located? The real one that Windows uses is in your Windows\System32 directory. Some spyware programs install a fake one to the Windows directory instead of the \System32 directory. http://securityresponse.symantec.com/avcenter/venc/data/backdoor.trodal.html That is at least trojan one that uses a fake winlogon.exe, there are others as well.
Sounds like you are seriously infected with Ad-aware and Spyware, and those programs just cant handle it. As Jay05 said, give Firefox a go, or alternative, you get download The Google Toolbar, which also includes a Pop-up blocker, aswell as a search bar to search google. Sounds like it might be time to do a little backup of your data, and give it a format. Regards CoZZa
Thanks for allthe support guys. Take care, ps. where a rubber, they're the best antivirus out there..
Spyware bots are usually not picked up by any antivirus ! Dont blame your Norton or AVG for not stopping them cold. AdAware and SpyBots are as good as they can be but they will not pick up the newest bots or malware. To remove any spyware :- Go to ==>: http://www.majorgeeks.com/download4086.html and get CWShredder ~~ also get HijackThis http://www.spychecker.com/program/hijackthis.html. 1) run CWShredder -- reboot and see if your malware has been taken care of. 2) if it is still there -- run Hijack this ,[bold]save the log and ask for intructions , someone will reply with the proper sequence to cure your PC.[/bold] - http://forums.spywareinfo.com/index.php?showtopic=227 - It could be one of the 100's of benevolent helping there. Be Patient ~~smiles ! CWShredder is free and must be re-downloaded for updating each time you use it. (Edited to show Spyware forum URL) _X_X_X_X_X_[small]Do It Right , and you will be a Happy Camper ! Take Care.[/small]
The URL to access the Spyware Forum has been re-activated -- This is where you will sign in , [bold] Read the rules [/bold]and then post for instructions. http://forums.spywareinfo.com/index.php?showtopic=227 Note: [bold]Finally, please be patient. Your post may be answered immediately or may take several hours. This is an extremely busy message board and only specially-trained volunteers can answer most of the questions.[/bold] _X_X_X_X_X_[small]Do It Right , and you will be a Happy Camper ! Take Care.[/small]
Just letting you's know, I'm pretty sure I found the problem. (slave.exe) Remote Access from TW Industries. I just bought knew version of Norton A, and it picked it up as a risk, but wouldnt or couldnt delete it. I had to go to thier website (TW'S) and download the uninstaller. Anyone know anything further on this? _X_X_X_X_X_[small]J_Holmes It's Amazing The Difference A Day Makes..[/small]
Remacc.RAServer is a component of the remote control software, Remote Anything. Remacc.RAServer can be used for malicious purposes, as it allows a hacker to control a user's computer. And therefore, Remacc.RAServer constitutes a security threat. More info http://securityresponse.symantec.com/avcenter/venc/data/remacc.raserver.html It is not really a problem, just un-install it, and that will get rid of it. Regards CoZZa
j.holmes ------- Good for you. ! This slave.exe is an old trojan it will show in your Registry 'HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ RunServices' as RA Server and in C\ Windows as slave.exe ! After you've deleted both you will be home free. It would have shown in HijackThis as a program running at startup and would have been easily recognizable.
Thanks CoZZa. But i didnt know bout the key in the reg. I tried finding it through the path you mentioned, alls thats there is :Run/ Run-/ RunOnce/ RunOnceEX/ Do you know where to find it in here, i've looked, but no luck. I also ran reg. mechanic, and tune up utilities 2004, and they didnt come up with anything similar. Thanks again..
The only reason the key will be in the registry is if the program is installed. Therefore if you have already uninstalled the software, it will not be there, as the un-install program would of removed that. Basically, if its un-installed, there should be no problem. Regards CoZZa
You probably need to disable the Messenger Service. Are you using Windows XP? The messenger service can be disabled in the: Control Panel\Administrative Tools\Services. Just double-click on Services, scroll down until you see "Messenger", double-click on it, stop it if it is already started, then for Stratup Type, choose disable. I had dialup and I kept getting these weird scary gray pop-up boxes, small, medium, and large. The pop-up would say Windows Messenger, but the pop-ups would be ads. Windows Messenger is know for getting hijacked. Just disable it, and you shouldn't have that problem anymore. I use PestPatrol to scan for adware, etc. It's nice, you should check it out. Hope this all helps.
