Unable to stop pop-ups - MSTF.exe

[chiph42]

Hello,
First I am very impressed with Microsoft AntiSpyware Beta
1. It found things...bad things that other software
could not find. However, something is still trying to
takeover my browser and rename my home page to
about:blank, changes serach engine, and others things...

I cannot find out what is doing this... Microsoft Antispy
is stopping SOME commerical pop-ups and the home page
from changining, but now I get Microsoft Antispy notice
pop-ups... I see a file MSTF.EXE that keeps showing up
in my
processes. I kill it but it keeps coming back. Also
have received warnings about changes
from "fkkwm.dll/sp.html#1234"

Anyone know what is going on or what to do?

Thanks, Chiph

 

[Guest]

-----Original Message-----
Hello,
First I am very impressed with Microsoft AntiSpyware
Beta 1. It found things...bad things that other

software could not find. However, something is still
trying totakeover my browser and rename my home page to

about:blank, changes serach engine, and others things...

Hi

About:blank is a real challenge to beat on your own and
also for antispyware programs, these "pest" changes its
behavior and uses hidden dll´s. All antispyware programs
have problem with new variants of this.

I would advice you to perform these steps from this
excellent website.

http://aumha.org/a/quickfix.php

Then you have a forum in step 8, where you can post your
Hijackthis log or just to study other messages about how
to remove this.

 

[Andre Da Costa]

Do a full system scan in safe mode, on the scan Page choose Scan Options >
Full System, do this at least two times until MSAS finds something. For
About:Blank, go to Advanced Tools > Brower Hijack, and click the restore
browser settings at the bottom of the MSAS window.

 

[Ron Kinner]

The mstf.exe is easy to get rid of. Get HijackThis.exe
from
http://tomcoyote.org/hjt/hjt199//HijackThis.exe

Save it.

Now Right Click on your clock and select Task Manager then
Processes. Highlight the process mstf.exe then End
Process. You will get a warning message. Tell it you
want to do it anyway. If it can't stop it then boot into
Safe Mode (F8) without networking.

Open HijackThis and select Scan Only. Find the line:

O4 - HKLM\..\Run: [mstf.exe] C:\WINDOWS\system32\mstf.exe

and check it then hit fix checked.

Reboot and rescan. Is it gone?

The about:blank is a lot harder to get rid of. There are
many variations on the theme. The latest version keeps
about:buster 4.0 from running.

http://www.bleepingcomputer.com/forums/tutorial85.html

has about the best chance of getting rid of it.

If you will use HijackThis to Scan and Save Log then send
me the log I will tell you what to do next.

Ron Kinner
(e-mail address removed)