RE: Pop Up Ads on StartUp

Malke, a big thank you to you. It looks like that may have worked. I ran
Norton in safe mode and it picked up the elite toolbar, 3 files in all. After
re-booting in normal mode none of the ads have so far popped up and it has
been over an hour now.

I also tried what you suggested about Windows Messenger but even with all
that you suggested it is still trying to start up and even sign me in. When
I try to close it I get a message saying it can't close it because it needs
to run for another program?? Not sure what this means?? Anyway, this is a
minor problem, at least it looks like the other has gone.

Thanks again,
Joanne


"Malke" wrote:

> jostubbs wrote:
>
> > I am not sure which of these to try. These ads come up even when I am
> > not running Internet Explorer but don't seem to come up when I don't
> > have Windows
> > Messenger running. Is there any way I can stop Messenger from loading
> > on
> > startup? I have tried to take it out of the startup sequence when
> > running
> > msconfig but it seems to keep puttin itself back in there. There is
> > also another suspicious startup file
> > (c:\windows\system32\elitejgk32.exe) even
> > though there is no file of this name within that directory. I also
> > cannot get rid of this from the startup as it keeps coming back.
> >
> > The ads themselves look like a small internet window and it is always
> > the same cycle of ads showing up.
> >
> > I already have Ad-Aware SE and Spybot and this has not fixed it
> > although Spybot did find some things that Ad-Aware did not.
> >
> > I hope you can help. I am starting to get the feeling that I am going
> > to have to reload everything from scratch....
> >
> > Jo
> >
> > "jostubbs" wrote:
> >
> >> I am getting Pop Up ads when I boot my computer and these ads run
> >> through
> >> Internet Explorer. As soon as I close one down another pops up and I
> >> have
> >> had up to 4 or 5 before I don't get any more. I have read some posts
> >> about this being from Messenger but I am not logged in to Messenger
> >> when I get them
> >> (although it is running in the background). I have updated Norton
> >> and
> >> Adaware SE but neither of these pck up my problem. I also have
> >> ZoneLabs Zone Alarm installed.
> >>
> >> Can anyone help me?
> >> Joanne
>
> Hi, Joanne. It looks like you have the Elite Toolbar malware on your
> system, and probably other cr*p, too. Windows Messenger is not the same
> as the Messenger Service. To prevent Windows Messenger (the instant
> messaging application) from starting, from within the program click on
> Preferences and uncheck the option to have it start with Windows. Then
> exit the program. You should disable the Messenger Service by doing:
>
> Start>Run services.msc [enter]
>
> Then scroll down to the Messenger Service, stop it, and set it to
> "Disabled".
>
> You will need to clean up your computer as Kelly suggested, although the
> Elite Toolbar can be quite tricky to remove. You will definitely need
> to use HijackThis. This requires expert skill. Here are my general
> malware removal steps. You must do everything with updated tools in
> Safe Mode. When you get to the HijackThis part, post your log at one of
> the suggested forums (not here, please). I highly recommend the AumHa
> forum - the regulars are helpful, friendly, and extremely expert.
>
> First delete all Temporary and Temporary Internet Files. Then:
>
> 1) Scan in Safe Mode with current version (not earlier than 2004)
> antivirus using updated definitions.
>
> Before you remove malware, get LSPFix or WinSockFix for XP - see links
> below.
>
> 2) Remove spyware with Spybot Search & Destroy and Ad-aware. These
> programs are free, so use them both since they complement each other.
> There is a new version of CWShredder from Intermute. I would not
> install the other Intermute programs, however. Alternately, there are
> CoolWebSearch malware removal steps at SilentRunners.
>
> Be sure to update these programs before running, and it is a good idea
> to do virus/spyware scans in Safe Mode. Make sure you are able to see
> all hidden files and extensions (View tab in Folder Options).
>
> If the malware remains even after you used Ad-aware and Spybot, you can
> scan with HijackThis. HijackThis is an excellent tool to discover and
> disable hijackers, but it requires expert skill. See below for
> HijackThis links, including sites where you can post your HJT logs. A
> combination of HijackThis and About:Buster works well in removing the
> About:Blank homepage hijacker. Again, this is an expert tool and
> novices should get help with it.
>
> 3) If you are running Windows ME or XP, you should disable/enable System
> Restore after the system is clean because malware will be in the
> Restore Points. With ME, you must disable System Restore completely.
> With XP, you can delete all but the most recent (presumably clean)
> System Restore point from the More Options section of Disk Cleanup
> (Run>cleanmgr).
>
> 4) Make sure you've visited Windows Update and applied all security
> patches. Do not install driver updates from Windows Update.
>
> 5) Run a firewall.
>
> Links to help with malware:
>
> Software/Methods:
> http://www.safer-networking.org - Spybot Search & Destroy
> http://www.lavasoftusa.com - Ad-aware
> http://www.intermute.com/products/cwshredder.html
> http://www.tomcoyote.com/hjt/ - HijackThis
> http://www.intermute.com/spysubtract/cwshredder_download.html
> http://www.silentrunners.org/sr_cwsremoval.html. - SilentRunners
> http://www.cexx.org/lspfix.htm - Repair Winsock 2 settings after
> removing spyware
> http://www.spychecker.com/program/winsockxpfix.html - WinsockXPFix.exe
>
> HijackThis:
> http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Jim
> Eshelman
> http://aumha.net - forums
> http://spywarewarrior.com/viewforum.php?f=5 - Spyware Warrior HijackThis
> forum
> http://www.wilderssecurity.com/
> http://forums.tomcoyote.org/
>
> General:
> http://aumha.net - look under "Security" for various forums
> http://rgharper.mvps.org/cleanit.htm
> http://mvps.org/winhelp2002/unwanted.htm
> http://www.aumha.org/a/parasite.htm - The Parasite Fight
> http://www.spywarewarrior.com/rogue_anti-spyware.htm
>
> If this all seems overwhelming, take the machine to a good local
> professional (not a BestBuy or CompUSA type of store). There is no
> shame in doing this; I don't hesitate to take my car to the mechanic.
>
> Good luck,
>
> Malke
> --
> MS MVP - Windows Shell/User
> www.elephantboycomputers.com
> In Memoriam - MVP Alex Nichol
> The world is diminished without him.
>
.