General discussion

Locked

Resiliant Popup

By keys95 ·
Hello,

I know popups are common and should be solved easily but I got one that I just cant get rid of. There are no obvious tasks, tried running adaware, spybot, pop up washer and cwshredder with no luck.

Everytime my user closes IE he gets a popup with this URL: http:\\www.pshnw6510990nmo-34nue7700.net/go.php?l=0019

Anyone have any ideas?

Thanks,

N

This conversation is currently closed to new comments.

4 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by BFilmFan In reply to Resiliant Popup

Here's the source code that is running that popup:

Here is the source code of the pop-up (which is advertising "Premium Diet Patch")

<script language='JavaScript' type='text/javascript'>
<!--
if (!document.phpAds_used) document.phpAds_used = ',';
document.write ("<" + "script language='JavaScript' type='text/javascript' src='");
document.write ("http://ugl.adtrak.net/adjs.php?n=a84a01aa");
document.write ("&what=zone:37");
document.write ("&exclude=" + document.phpAds_used);
if (document.referer)
document.write ("&referer=" + escape(document.referer));
document.write ("'><" + "/script>");
//-->
</script><noscript><a href='http://ugl.adtrak.net/adclick.php?n=a84a01aa' target='_blank'><img src='http://ugl.adtrak.net/adview.php?what=zone:37&n=a84a01aa' border='0' alt=''></a></noscript>
<html>
<head>
<title>Ad</title>
</head>
<body>
</body>
</html>
<!-- 0019 -->

Hijack This may assist you in finding this pesky popup.

To download it:
http://www.snapfiles.com/dlnow/dlnow.dll?Inc=No&ID=106738

According to Lavasoft, they are aware of this one.

Collapse -

by RCOM In reply to Resiliant Popup

This comes from a previously patched exploit in Windows IE and or Media PLayer. Go to Microsoft and update your system. The file Adodb stream object is what is exploited so this can be done.

http://support.microsoft.com/default.aspx?kbid=870669

There are a couple of viruses that use this exploit. So make sure you hav erecent dat files. Disable system restore. Boot into sfafe mode and do a full system scan.

First perm-block this IP address 64.68.92.149 at least the page can't load.

Collapse -

by keys95 In reply to

Thanks, after a reboot that Microsoft fix helped.

Collapse -

by keys95 In reply to Resiliant Popup

This question was closed by the author

Back to Windows Forum
4 total posts (Page 1 of 1)  

Related Discussions

Related Forums