|
|
|
|
|
Posted by David H. Lipman on December 29, 2005, 11:47 am
If you were Registered and logged in, you could reply and use other advanced thread options
| I got this problem too. Every once a while when I open a folder on
| desktop or using IE, one related web page would pop up. Sometimes it's
| a porn site (eg. adult friend finder, sex budies, etc), sometimes
| poker, or smiley, but most of times it's winfixer 2005.
|
| It seems that MS antispyware and most other spyware detection programs
| can't catch this anonying adware.
|
| I accidentally found that one Browser Helper Object: ATLDistrib Object
| (jkhfc.dll) might be the source of probelm. Once I disabled it (using
| "Manage Add-ons" from Tools menu of IE), I've not seen the popup since
| then. I've tried to delete "jkhfc.dll" (under System32 folder of the
| system folder) thinking the problem can be permanently solved but found
| the file is dynamically generated after the system starts up. If you
| boot in safe mode, the file is not deletable. The system prompts that
| it is used by another program. It is suspicious that the properties of
| file is HIDDEN. If you boot from DOS, the file is no where to be found.
| So there must be something else that create this file to do popups. For
| now, I have it disabled although I can't not completely clean it up.
|
| I've also disabled 2 other browser extenions: Popup Blocker (I'm not
| sure where it's from and don't want to be fooled by its name, maybe
| it's from google or yahoo popup blocker), another one is called
| Resarch. I'm not sure if they're related.
|
| Currently it's under control, but I would appreciate if someone figure
| out a way to permanently eliminate this pesty adware from my PC.
|
| Thanks,
|
| cpliu
Two phase answer...
Perform Part 1 then perform part 2
It is suggested that you execute each tool in Normal Mode then in Safe Mode.
If you are using any version of Sun Java that is prior to JRE Version 5.0, then
you are are strongly urged to remove any/all versions that are prior to JRE
Version 5.0. There are vulnerabilities in them and they are actively being
exploited.
It is possible that is how you got infected with malware.
Therefore, it is highly suggested that if there are any prior versions of Sun
Java
to Version 5 on the PC that they be removed and Sun Java JRE Version 5.0 Update 6
be installed ASAP.
http://www.java.com/en/download/manual.jsp
Part 1
------------
Download Adware-Virtumundo Removal Tool v1.5 --
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
Information on the Adware-Virtumundo Removal Tool:
http://forums.mcafeehelp.com/viewtopic.php?t=57049
Part 2
------------
Download WinFixerFix.exe from the URL --
http://www.ik-cs.com/programs/virtools/WinFixerFix.exe
Execute; WinFixerFix.exe { Note: You must accept the default of C:\McAfee }
Choose; Unzip
Choose; Close
NOTE: You may have to disable your software FireWall or allow WGET.EXE to go
through your
FireWall to enable WGET.EXE to download the needed McAfee related files.
Execute; c:\mcafee\clean.bat
{ or Double-click on 'Clean Link' in c:\mcafee }
A final report in HTML format called C:\mcafee\ScanReport.HTML will be
generated. At the
end of the scan, it will be displayed in your browser (Opera, FireFox or
Internet Explorer).
It is suggested that you move the report out of c:\mcafee before performing
another scan.
It would be a good idea to scan in Safe Mode and in Normal Mode and save a copy
of the HTML
report for each session.
Please Copy and Paste the contents of the HTML Log file;
C:\mcafee\ScanReport.HTML in your
reply.
* * * Please report back your results * * *
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
|
| Similar Threads | Posted | | Winantivirus Pro 2007 | May 21, 2007, 3:25 pm |
| WinFixer2005 | March 10, 2006, 10:17 am |
| WinFixer2005 Installer | August 20, 2005, 5:24 pm |
| Vundo Trojan Problems | June 11, 2008, 9:11 am |
| Vundo/Virtumonde trojan removal | February 24, 2008, 10:04 pm |
| REMOVE: WinFixer 2005, Vundo Trojan and Virtumundo Adware | November 30, 2005, 2:33 pm |
| virus, trojan, malware | August 20, 2008, 4:32 pm |
| trojan.agent.f / ewido/grisoft-anti-malware ? | December 19, 2006, 5:13 pm |
| Vundo fix not finding vundo virus - windows tool deletes virus | May 14, 2008, 2:06 pm |
| Vundo | April 7, 2006, 6:58 pm |
|
|
|
XML site map