ActiveX?

[Guest]

I have used Spybot, Lavasoft's Ad-aware, Microsoft Antispyware, and even a
virus scanner. And it's no use, what happens is that everytime I open/close a
webpage, a 'pop-under' would come up, it is extreme irritating.

I saw the url as clicksor.com before it loaded the webpages

I think it is because I installed an adware accidentally.

Anyone know anything about this?

 

[Guest]

Sorry about that reply, but most people around here don;t even take the time
to read posts and replies they are told to read. I didn't mean to be
steroetypical, but at time I come off that way.

When you stated that it doesn't matter if IE is even open the light bulb
went off. The way you initially stated it, it sounded like it was a
HTML-coded pop-up, now I know what's going on, and it's not something that
any antispyware app will find since it is a Windows Service that's to blame
for this and not an infection.

Right-click on the My Computer icon, and select Manage. Now double-click
Services and Applications, and double-click Services. Scroll down until you
see Messenger and double-click on Messenger. Press Stop under "Service
status:," click on the list box under "Startup type:" and select Disabled,
and press Enter.

Because this service was still turned on, I can be almost certain that you
are running XP SP1. If so, I'd suggest updating to SP2 since the Messenger
Service, not to be confussed with Windows Messenger, is disabled by default.
You really don't want this service running since people can send things to
your system to advertise stuff in the same manner that they have been before
disabling this service.

Alan

 

[Guest]

I use SP2 and messenger was already disabled.

Is there any other way?

 

[Guest]

Use Firefox and list the sites that the pop-ups are coming from.

This will help better see what's going on.

Alan

 

[Guest]

It's possible that some site might have hijacked IE.

Go to Tools > Advanced Tools > Browser Hijack Settings Restore in MSAS and
change the URLs that you want to change back to their original values. You
might even want to simply restore the entire lot of them to their default
values when the system was shipped to you. You can use either MSAS or IE
(Tools > Internet Options... > Programs tab, click on "Reset Web
Settings...", allow it to also reset your Home/Start Page, and then use MSAS
to set the correct values) to do this. My suggestion is to use IE first and
then use MSAS to fine-tune the settings.

Also download and run CWShredder
(http://www.trendmicro.com/ftp/products/online-tools/cwshredder.exe).

Also download HijackThis (http://www.merijn.org/files/hijackthis.zip). Run
the app, post the log and what's happening to
http://forums.spywareinfo.com/index.php?showforum=18 or
http://castlecops.com/f67-Hijackthis_Spyware_Viruses_Worms_Trojans_Oh_My.html,
which is the one I'd suggest using. The people in these forums should be
able to get rid of what's causing this problem.

Alan

 

[Guest]

http://www.searc-h.com/normal/yyy53.html
http://www.deal-nation.com/normal/yyy34.html
http://e.rn11.com/adbuys/a405-admed-ron
http://www.ez-savings.com/normal/yyy34.html
http://www.shop-savings.com/normal/yyy34.html
http://www.free-savings.com/normal/yyy34.html
http://www.your-deal.com/normal/yyy34.html

These are just a few

 

[Guest]

After looking over a few sites, I fairly certain have the latest version of
VX2 (the Look2Me variant of CoolWebSearch, if I'm not mistaken).

Try CWShredder
(http://www.trendmicro.com/ftp/products/online-tools/cwshredder.exe) to
remove it. This will remove even the Look2Me version of CoolWebSearch, which
is what's infecting your system.

If that fails, try doing what's listed on the following links,
http://pcpitstop.invisionzone.com/index.php?showtopic=102743 and
http://www.bullguard.com/forum/12/Searc-h-and-look2me-help_21616.html.

Go to c:\windows\prefetch (XP only) and delete the entire contents of the
folder, but not the folder itself. Not doing so can cause the infection to
reappear when you launch IE and other apps that the infection has become
linked to through the prefetch folder.

Hopefully this will solve the problem.

NOTE: Make certain to always have MSAS' Real-time Protection active as it's
the best real-time protection available out there for antispyware apps. DO
NOT run any other antispyware app's real-time protection (i.e., Spybot's
Immunization and ResidentIE, ewido's background guards, etc.) as well, as
they will conflict. This can cause infections to slip past the protection
net and onto your system. As always, it's never a good idea to run two or
more AV apps, nor two or more firewalls at the same time. The same is true
with real-time protection when it comes to antispyware apps.

My system was infected with an earlier variant of CoolWebSearch. After
removing it, I made certain that Real-time Protection was turned on in MSAS,
and I haven't gotten infected since. I removed the infection with the trial
version of Giant AntiSpyware just days before MS bought out Giant Company.

Alan