Annoying Pop-up

[Guest]


W2k Pro -
I signed up temporarily with PeoplePC, using a Dial-up connection, but have
hardly used it
because of other PC problems that I am trying to deal with. My Internet
connection is set to never
dial up.(I use another Computer to get to the Internet.)
Anyway, soon after startup and while doing things, a dialog box keeps on
popping up telling me
that the Page I requested cannot be accessed, along with the options of
Connecting or Working
Offline. It is a search page of sorts and I have no idea of how it is being
initiated. I have to keep on closing it every time it comes up, which is
every few seconds. It eventually seems to stop popping up, until the next
startup.
Any ideas?

 

[Dave Patrick]

They may have added something at startup. Natively you can;
Start\Settings\Control Panel\Administrative Tools\Computer
Management(Local)\System Information\Software Environment\Startup
Programs|View|Advanced, then in the "Location" column, you'll find the path
to the "Startup" location either in the "Startup" directories or from the
registry's "Run" keys. (note that this window is read-only so you must
manually navigate to the location below to edit or otherwise delete)

%ALLUSERSPROFILE%\Start Menu\Programs\Startup
%USERPROFILE%\Start Menu\Programs\Startup

You can delete the shortcuts that you no longer want to run.


HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

You can delete the string value for the program you no longer want to run.

or copy msconfig from Windows XP to the "windows" directory
or AutoRuns from sysinternals
http://www.sysinternals.com/Utilities/Autoruns.html


--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
|
| W2k Pro -
| I signed up temporarily with PeoplePC, using a Dial-up connection, but
have
| hardly used it
| because of other PC problems that I am trying to deal with. My Internet
| connection is set to never
| dial up.(I use another Computer to get to the Internet.)
| Anyway, soon after startup and while doing things, a dialog box keeps on
| popping up telling me
| that the Page I requested cannot be accessed, along with the options of
| Connecting or Working
| Offline. It is a search page of sorts and I have no idea of how it is
being
| initiated. I have to keep on closing it every time it comes up, which is
| every few seconds. It eventually seems to stop popping up, until the next
| startup.
| Any ideas?
|
|

 

[Guest]

Thanks, Dave! I will get back to this in a day or so.
******

 

[Dave Patrick]

OK

--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
| Thanks, Dave! I will get back to this in a day or so.
| ******

 

[Guest]

Dave, msconfig showed about 3 checked items...windesktop, se and mobsync
(mobsync.exe/logon).
Autoruns was overwhelming with all that stuff that it showed. Not knowing
what all that meant, I sort of ignored it. However, mobsync.exe/logon was
also there.
In the registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
showed mobsync.exe/logon, as well.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
showed one line that appeared to have nothing to do with the file in question.

Just for a trial, I disable that file from msconfig, but it was re-enabled
after rebooting.
Do you think that mobsynk.exe/logon may be the culprit?
I could uninstall peoplePc and see what happens.

Thanks, Dave!
*******

 

[Dave Patrick]

That isn't it.

http://www.microsoft.com/resources/.../xp/all/proddocs/en-us/synchmgr_overview.mspx

--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
| Dave, msconfig showed about 3 checked items...windesktop, se and mobsync
| (mobsync.exe/logon).
| Autoruns was overwhelming with all that stuff that it showed. Not knowing
| what all that meant, I sort of ignored it. However, mobsync.exe/logon was
| also there.
| In the registry:
| HKLM\Software\Microsoft\Windows\CurrentVersion\Run
| showed mobsync.exe/logon, as well.
|
| HKCU\Software\Microsoft\Windows\CurrentVersion\Run
| showed one line that appeared to have nothing to do with the file in
question.
|
| Just for a trial, I disable that file from msconfig, but it was re-enabled
| after rebooting.
| Do you think that mobsynk.exe/logon may be the culprit?
| I could uninstall peoplePc and see what happens.
|
| Thanks, Dave!
| *******

 

[Guest]

Dave, I went to
http://www.microsoft.com/resources/.../xp/all/proddocs/en-us/synchmgr_overview.mspx
and tried to get some feel for all the Info. My first impression was that it
seemed to deal with the problem, but I take your word that it has nothing to
do with the 'annoying pop-up. '

To add on to the my last Post:
I did not attempt to go to these Folders:

%ALLUSERSPROFILE%\Start Menu\Programs\Startup
%USERPROFILE%\Start Menu\Programs\Startup

to see what they might show. Those % signs throw me off.
A while back, someone tried to explain what they are about, but I have
trouble dealing with these two Folders or Folders using that scheme.
Do you think that they might show what I am searching for? If so, how to I
ignore the % signs and get to them?

Thanks!
*******

 

[Dave Patrick]

Start|Run|msinfo32.exe then navigate to Software Environment|Startup
Programs, then Edit|Select All, Edit|Copy then paste in the body of a reply
message and we'll have a look.

--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
|
| Dave, I went to
|
http://www.microsoft.com/resources/.../xp/all/proddocs/en-us/synchmgr_overview.mspx
| and tried to get some feel for all the Info. My first impression was that
it
| seemed to deal with the problem, but I take your word that it has nothing
to
| do with the 'annoying pop-up. '
|
| To add on to the my last Post:
| I did not attempt to go to these Folders:
|
| ?%ALLUSERSPROFILE%\Start Menu\Programs\Startup
| %USERPROFILE%\Start Menu\Programs\Startup
|
| to see what they might show. Those % signs throw me off.
| A while back, someone tried to explain what they are about, but I have
| trouble dealing with these two Folders or Folders using that scheme.
| Do you think that they might show what I am searching for? If so, how to I
| ignore the % signs and get to them?
|
| Thanks!
| *******

 

[Guest]

Dave, this is what I got:
[Startup Programs]

Program Command User Name
windesktop c:\winnt\system32\windesktop.exe .DEFAULT
Location HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

windesktop c:\winnt\system32\windesktop.exe All Users
Location HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

sp rundll32 c:\docume~1\bernar~1\locals~1\temp\se.dll,dllinstall All
Users
Location HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Synchronization Manager mobsync.exe /logon All Users
Location HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Incidentally, the options for Edit|Select All and Edit|Copy were not present
on the screen Display. The only option available was to Save the Contents in
a File. No problem.

Was having hard time lining up the info in a proper sequence. Hoever, I am
confident that you can see what you need to see.
Thanks!
********

 

[Dave Patrick]

Your machine is infected.

http://www.sophos.com/virusinfo/analyses/w32sdbotxh.html

http://www.symantec.com/avcenter/venc/data/trojan.startpage.html

--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
| ?Dave, this is what I got:
| [Startup Programs]
|
| Program Command User Name
| windesktop c:\winnt\system32\windesktop.exe .DEFAULT
| Location HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
| windesktop c:\winnt\system32\windesktop.exe All Users
| Location HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
| sp rundll32 c:\docume~1\bernar~1\locals~1\temp\se.dll,dllinstall All
| Users
| Location HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
| Synchronization Manager mobsync.exe /logon All Users
| Location HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
| Incidentally, the options for Edit|Select All and Edit|Copy were not
present
| on the screen Display. The only option available was to Save the Contents
in
| a File. No problem.
|
| Was having hard time lining up the info in a proper sequence. Hoever, I am
| confident that you can see what you need to see.
| Thanks!
| ********

 

[Guest]

I find it very difficult to believe that the machine is infected. The usage
of it has been very limited.
Just one time I was on the Internet trying to compare the speed of PeoplePc
vs AOL's while logging on the site of a local Bank and bringing up various
pages!
Incidentally, unlike the machine that I am currently on, which shows an
empty page, when I click on Internet Explorer (same 6.0), the infected
machine, displays a page full of names of sites that I can click on, in spite
of the fact that the address window also shows 'About blank'. Of course,
clicking on any site will bring a page saying that it's not available offline.
At any rate, I will need time to sort this out and try to understand the
solutions offered by the sites you
suggested.
Thank you!

 

[Dave Patrick]

Do you have any anti-virus software installed? Do you have a firewall? That
description sounds very much like the trojan_startpage

--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
|I find it very difficult to believe that the machine is infected. The usage
| of it has been very limited.
| Just one time I was on the Internet trying to compare the speed of
PeoplePc
| vs AOL's while logging on the site of a local Bank and bringing up various
| pages!
| Incidentally, unlike the machine that I am currently on, which shows an
| empty page, when I click on Internet Explorer (same 6.0), the infected
| machine, displays a page full of names of sites that I can click on, in
spite
| of the fact that the address window also shows 'About blank'. Of course,
| clicking on any site will bring a page saying that it's not available
offline.
| At any rate, I will need time to sort this out and try to understand the
| solutions offered by the sites you
| suggested.
| Thank you!

 

[Gary Smith]

"about:blank" in the address bar with a page full of links to pages you've
never been to and have no interest in visiting is characteristic of a
class of browser hijackers. You're almost certainly infected or are
seeing the remains of an infection.

?I find it very difficult to believe that the machine is infected. The usage
of it has been very limited.
Just one time I was on the Internet trying to compare the speed of PeoplePc
vs AOL's while logging on the site of a local Bank and bringing up various
pages!
Incidentally, unlike the machine that I am currently on, which shows an
empty page, when I click on Internet Explorer (same 6.0), the infected
machine, displays a page full of names of sites that I can click on, in spite
of the fact that the address window also shows 'About blank'. Of course,
clicking on any site will bring a page saying that it's not available offline.
At any rate, I will need time to sort this out and try to understand the
solutions offered by the sites you
suggested.
Thank you!

Your machine is infected.

http://www.sophos.com/virusinfo/analyses/w32sdbotxh.html

http://www.symantec.com/avcenter/venc/data/trojan.startpage.html

--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
| ?Dave, this is what I got:
| [Startup Programs]
|
| Program Command User Name
| windesktop c:\winnt\system32\windesktop.exe .DEFAULT
| Location HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
| windesktop c:\winnt\system32\windesktop.exe All Users
| Location HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
| sp rundll32 c:\docume~1\bernar~1\locals~1\temp\se.dll,dllinstall All
| Users
| Location HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
| Synchronization Manager mobsync.exe /logon All Users
| Location HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
| Incidentally, the options for Edit|Select All and Edit|Copy were not
present
| on the screen Display. The only option available was to Save the Contents
in
| a File. No problem.
|
| Was having hard time lining up the info in a proper sequence. Hoever, I am
| confident that you can see what you need to see.
| Thanks!
| ********

 

[Guest]

No, I have no anti-virus or firewall on the 'infected' machine. I do have
Kerio Personal Firewall on the good machine. Also on the latter, there is
AVG, Ad-aware, Spybot, NoAdware and some other Utilities, but none of them is
active, except for occasional Computer scanning.
Is there any that you would recommend?
Thanks!

 

[Guest]

Thanks for your inputs, Gary!
Both you and Dave agree on this and I believe that the machine is infected,
after all.
Any advise?

"about:blank" in the address bar with a page full of links to pages you've
never been to and have no interest in visiting is characteristic of a
class of browser hijackers. You're almost certainly infected or are
seeing the remains of an infection.

?I find it very difficult to believe that the machine is infected. The usage
of it has been very limited.
Just one time I was on the Internet trying to compare the speed of PeoplePc
vs AOL's while logging on the site of a local Bank and bringing up various
pages!
Incidentally, unlike the machine that I am currently on, which shows an
empty page, when I click on Internet Explorer (same 6.0), the infected
machine, displays a page full of names of sites that I can click on, in spite
of the fact that the address window also shows 'About blank'. Of course,
clicking on any site will bring a page saying that it's not available offline.
At any rate, I will need time to sort this out and try to understand the
solutions offered by the sites you
suggested.
Thank you!

Your machine is infected.

http://www.sophos.com/virusinfo/analyses/w32sdbotxh.html

http://www.symantec.com/avcenter/venc/data/trojan.startpage.html

--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
| ?Dave, this is what I got:
| [Startup Programs]
|
| Program Command User Name
| windesktop c:\winnt\system32\windesktop.exe .DEFAULT
| Location HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
| windesktop c:\winnt\system32\windesktop.exe All Users
| Location HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
| sp rundll32 c:\docume~1\bernar~1\locals~1\temp\se.dll,dllinstall All
| Users
| Location HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
| Synchronization Manager mobsync.exe /logon All Users
| Location HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
| Incidentally, the options for Edit|Select All and Edit|Copy were not
present
| on the screen Display. The only option available was to Save the Contents
in
| a File. No problem.
|
| Was having hard time lining up the info in a proper sequence. Hoever, I am
| confident that you can see what you need to see.
| Thanks!
| ********

 

[Dave Patrick]

You can try these free tools but I already identified two of them . So you
can use the removal instructions on those pages. Though I'd recommend a
clean install. But get a firewall and some AV before hand.

http://housecall.trendmicro.com/
http://www.symantec.com/techsupp/home_homeoffice/index_virus.html

--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
| No, I have no anti-virus or firewall on the 'infected' machine. I do have
| Kerio Personal Firewall on the good machine. Also on the latter, there is
| AVG, Ad-aware, Spybot, NoAdware and some other Utilities, but none of them
is
| active, except for occasional Computer scanning.
| Is there any that you would recommend?
| Thanks!

 

[Guest]

Will try something!
Thank you for your help!

 

[Dave Patrick]

You're welcome.

--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
| Will try something!
| Thank you for your help!

 

[Gary Smith]

I thought surely someone would have poppeed in by now with the standard
post on dealing with malware. Unfortunately I've lost track of my copy.
I'm cross-posting this to
microsoft.public.windows.inetexplorer.ie6.browser, where someone is sure
to jump in.

Thanks for your inputs, Gary!
Both you and Dave agree on this and I believe that the machine is infected,
after all.
Any advise?

"about:blank" in the address bar with a page full of links to pages you've
never been to and have no interest in visiting is characteristic of a
class of browser hijackers. You're almost certainly infected or are
seeing the remains of an infection.

?I find it very difficult to believe that the machine is infected. The usage
of it has been very limited.
Just one time I was on the Internet trying to compare the speed of PeoplePc
vs AOL's while logging on the site of a local Bank and bringing up various
pages!
Incidentally, unlike the machine that I am currently on, which shows an
empty page, when I click on Internet Explorer (same 6.0), the infected
machine, displays a page full of names of sites that I can click on, in spite
of the fact that the address window also shows 'About blank'. Of course,
clicking on any site will bring a page saying that it's not available offline.
At any rate, I will need time to sort this out and try to understand the
solutions offered by the sites you
suggested.
Thank you!



"Dave Patrick" wrote:

Your machine is infected.

http://www.sophos.com/virusinfo/analyses/w32sdbotxh.html

http://www.symantec.com/avcenter/venc/data/trojan.startpage.html

--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
| ?Dave, this is what I got:
| [Startup Programs]
|
| Program Command User Name
| windesktop c:\winnt\system32\windesktop.exe .DEFAULT
| Location HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
| windesktop c:\winnt\system32\windesktop.exe All Users
| Location HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
| sp rundll32 c:\docume~1\bernar~1\locals~1\temp\se.dll,dllinstall All
| Users
| Location HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
| Synchronization Manager mobsync.exe /logon All Users
| Location HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
| Incidentally, the options for Edit|Select All and Edit|Copy were not
present
| on the screen Display. The only option available was to Save the Contents
in
| a File. No problem.
|
| Was having hard time lining up the info in a proper sequence. Hoever, I am
| confident that you can see what you need to see.
| Thanks!
| ********

 

[Guest]

It would certainly be nice to know more about this problem.
Thanks!

I thought surely someone would have poppeed in by now with the standard
post on dealing with malware. Unfortunately I've lost track of my copy.
I'm cross-posting this to
microsoft.public.windows.inetexplorer.ie6.browser, where someone is sure
to jump in.

Thanks for your inputs, Gary!
Both you and Dave agree on this and I believe that the machine is infected,
after all.
Any advise?

"about:blank" in the address bar with a page full of links to pages you've
never been to and have no interest in visiting is characteristic of a
class of browser hijackers. You're almost certainly infected or are
seeing the remains of an infection.


?I find it very difficult to believe that the machine is infected. The usage
of it has been very limited.
Just one time I was on the Internet trying to compare the speed of PeoplePc
vs AOL's while logging on the site of a local Bank and bringing up various
pages!
Incidentally, unlike the machine that I am currently on, which shows an
empty page, when I click on Internet Explorer (same 6.0), the infected
machine, displays a page full of names of sites that I can click on, in spite
of the fact that the address window also shows 'About blank'. Of course,
clicking on any site will bring a page saying that it's not available offline.
At any rate, I will need time to sort this out and try to understand the
solutions offered by the sites you
suggested.
Thank you!




:

Your machine is infected.

http://www.sophos.com/virusinfo/analyses/w32sdbotxh.html

http://www.symantec.com/avcenter/venc/data/trojan.startpage.html

--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
| ?Dave, this is what I got:
| [Startup Programs]
|
| Program Command User Name
| windesktop c:\winnt\system32\windesktop.exe .DEFAULT
| Location HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
| windesktop c:\winnt\system32\windesktop.exe All Users
| Location HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
| sp rundll32 c:\docume~1\bernar~1\locals~1\temp\se.dll,dllinstall All
| Users
| Location HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
| Synchronization Manager mobsync.exe /logon All Users
| Location HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
| Incidentally, the options for Edit|Select All and Edit|Copy were not
present
| on the screen Display. The only option available was to Save the Contents
in
| a File. No problem.
|
| Was having hard time lining up the info in a proper sequence. Hoever, I am
| confident that you can see what you need to see.
| Thanks!
| ********