Pop-ups Coming From Registry

J

Jimmy Powell

I keep getting porn pop-ups and have found where they are
coming from in my registry but everytime I remove the key
and its subkey, 'something'puts it back and the pop-ups
keep coming usually 2-3 times an hour.

You can see the registry key in question at the following
URL; http://www.jimmypowell.com/regshot/

I can completely remove that key (Media Codecs) and its
subkey but it keeps coming back. I have Ad-aware, Spybot
S&D, CW Shredder, HiJack This, and Spyware Blaster and
none of them seem to be finding whatever is causing this.

Has anyone ever seen this (see registry shot at above url)
or have any idea how to get rid of this one and for all?
 
M

Mark

Hmm, I never seen this one before, and its a bit weird
that none of those popular adaware progs noitced it.

The first thing to do is notify these companies after
this spyware so that they can include it in future
versions.

Next:

1. make sure all your spyware definitons are up to date
2. if you have nortons antivirus 2004, it also includes
some adaware detection, so run a scan, and see if it can
remove it
3. go to yopur msconfig (start > run > msconfig
"startup" tab) and find any unusual prog loading up
Click to expand...
once you boot your comp. These progs usually keep
pestering that info to come back to your registry. If
there is anything unusual uncheck it and reboot. Rememebr
if you're unsure if a prog is necessary or not, ask a pro
for advice so that you dont spoil your comp
 
L

LuckyStrike

You've posted your log to the SpywareInfo Forums and they were unable to
pinpoint who/what the culprit was? It seems you have a goodly array of ATS
programs (same as mine more or less) and that *should* do the trick. But if
they aren't, they aren't.

What I'm about to say will surely cause some controversy, but here goes: I
also run another program (for close to 2 years now); PestPatrol, which
you've no doubt heard of. Here's the thing: many say it false flags; it can
and sometimes does do that. It also is not freeware (to add insult to
injury). The updates have been a little less often lately than in the not
too distant past. BUT, there have been times (quite a few actually) where it
has detected true bona-fide pests and trojans than *none* of my other ATS
programs have been able to detect. It is not a program to rely upon all by
itself without doing some research, and it is more useful as an Admin tool
in a way, since it is very capable at detecting keyloggers, and Cracks,
hacks, and that kind of thing. Nevertheless, I have Ad-Aware, Spybot S&D,
SpywareBlaster, CWShredder, SpywareGuard, HJT, Coolwebsearch smartkiller, ZA
FW, an AV program, and a number of other programs to deal with anti-social
pests. I wouldn't consider getting rid of PestPatrol.

Of course, in the final analysis, I stand by my belief that one of the best
things one can do to minimize getting crap installed by drive-by is to
disable ActiveX and Active Scripting. There are occasions where I forget or
must enable scripting, and that is where and when one gets this nonsense
into one's PC.

OK so you can try these two on-line scanners and see if they dtect
something.
GFI Trojanscan
http://www.windowsecurity.com/trojanscan/
PestPatrol scanner (on-line)
http://www.pestscan.com/

Also, some AV on-line scanners can also determine the presence of some
trojans, so here are a few:
http://housecall.trendmicro.com/housecall/start_corp.asp
http://www.ravantivirus.com/scan/
http://www.kaspersky.com/remoteviruschk.html (1 MB max file size at a time)
http://www.commandondemand.com/eval/index.cfm
http://www.bitdefender.com/scan/licence.php
http://www.globalhauri.com/html/products/livecall.html

HTH -
--

LuckyStrike
(e-mail address removed)

How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm
http://home.satx.rr.com/badour/html/post.html
 
P

Ping

I started having the same problem a few days ago. Same
entries in the registry that you showed on the link. I
noticed that I could also delete/change them but that
they would reappear the next day and that the subfile in
the registry under Media Codecs had the current day's
date ("06072004" "07072004" for example). Looking at
the Startup list per the instructions below I found a
file that was running at C:\windows\system32\mcc.exe
Just guessing I would say that mcc is media codec
creator. The dates under properties were all recent.
Anyway, I unchecked it and will see if that solves the
problem. If not I guess I will attempt a system restore
going back a few weeks.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

pop ups again! 3
pop ups 3
excessive pop ups!!! 2
pop ups 2
where are these pop-ups coming from? 1
Pop ups! 2
Pop-ups! Even with blocker set to high 2
2 pop ups Work Offline & Connect 1

Top