General discussion


Resiliant Popup

By keys95 ·

I know popups are common and should be solved easily but I got one that I just cant get rid of. There are no obvious tasks, tried running adaware, spybot, pop up washer and cwshredder with no luck.

Everytime my user closes IE he gets a popup with this URL: http:\\

Anyone have any ideas?



This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by BFilmFan In reply to Resiliant Popup

Here's the source code that is running that popup:

Here is the source code of the pop-up (which is advertising "Premium Diet Patch")

<script language='JavaScript' type='text/javascript'>
if (!document.phpAds_used) document.phpAds_used = ',';
document.write ("<" + "script language='JavaScript' type='text/javascript' src='");
document.write ("");
document.write ("&what=zone:37");
document.write ("&exclude=" + document.phpAds_used);
if (document.referer)
document.write ("&referer=" + escape(document.referer));
document.write ("'><" + "/script>");
</script><noscript><a href='' target='_blank'><img src='' border='0' alt=''></a></noscript>
<!-- 0019 -->

Hijack This may assist you in finding this pesky popup.

To download it:

According to Lavasoft, they are aware of this one.

Collapse -

by RCOM In reply to Resiliant Popup

This comes from a previously patched exploit in Windows IE and or Media PLayer. Go to Microsoft and update your system. The file Adodb stream object is what is exploited so this can be done.

There are a couple of viruses that use this exploit. So make sure you hav erecent dat files. Disable system restore. Boot into sfafe mode and do a full system scan.

First perm-block this IP address at least the page can't load.

Collapse -

by keys95 In reply to

Thanks, after a reboot that Microsoft fix helped.

Collapse -

by keys95 In reply to Resiliant Popup

This question was closed by the author

Related Discussions

Related Forums