Simviation Forums

[Gixer]

Ok, I am not sure if anyone else is having this problem, but if I have Active Controls and Plugins (in the internet security properties) enabled then when ever I use this site I get a virus/Trojan appear.  It consists of a few files.  It keeps making a yellow and blue popup for mobile phones/ringtones appear.  I got rid of it ok  ;D

anyone else havin this problem here?

Strange though I dont get it from any other site???

[ozzy72]

I've not had any problems Gixer.

[jordonj]

Have you scanned your system for Ad ware.

[GeForce]

Gixer,

Please let me know how you got rid it?

Cheers,

Jon

[Gixer]

Ok well here goes.

Ok first with it comes a few files.  I hope you have XP coz i know where there are then.

Ok here is what i did, Do not open any IE pages while doing it!

Open registry and goto HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\currentversion\run

In there you should see somthin titled adstartup. Note what program this is running, mine was trying to run one called Automove.exe.

Delete this entry then go and delete automove.exe from where it was, if you have XP it will be in windows/system32

Now I did have a weird *.XML file appearing when I double clicked on my computer then C:/ Was called ad****.XML I cant remeber what anyhow delete that too.

Ok now go into c:/windows/system32 Arrange files by modified and scroll down to bottom. There will be a file called Swin32.dll or summin like that, its this *.dll that is causing it to come back. Rename this file Swin32aaaa.dll

Turn off system restore on all drives then reset PC

Once re-booted go and delete the Swin32aaaa.dll Coz you renamed it it didnt load so you can now delete it  

Ok now go into your program files dir and see if a dir called 'Internet Optimizer' has appeared.  If it has delete it and its contents.

Now goto your temp dir which is here C:\Documents and Settings\**Your Name**\Local Settings\Temp

Delete all of the files in here especially if there is one called Optimize!! its a little grey symbol.

Ok now your system should be clean as long as you opened no IE pages whilst doing the above.

Also Download Adware 6. Its free off www.download.com  Update it and scan it will pick up a few other things it come with and will clean it for you.

To stop it from getting you any more do this. Get your Internet properties up, click on Security tab, choose internet, click on custom level, set 'Run ActiveX Controls and Plug Ins to 'Diasble'  I dunno if this will stop some stuff functioning on sites but it gets annoying with it on promt as its always askin!

This one was buggin me for two days but I wasnt gonna give up, spyware, adware progs picked it up but couldn't get rid of it or gave the wrong instructions how to. Let me know how u get on.

[GeForce]

Thanks Gixer!

All the reg keys and files mentioned were there and I did exactly what the instructions said. So far - no more popups!

Thanks very much!

Jon

[propnut]

Hi ,

As mentioned above, ad aware is a good program for finding and removing spy-ware from your system, especially if it is kept up to date. I have used this programm for a few years and have had good luck with it.


The last year or so I have been using a program called Spybot-search and destroy which is a little more powerful (and  dangerous) because it has access to your registry. A search on google will find it's location for download.

I run this program each day after downloading files over the net and have had very few problems.

Clear Skies,
Paul

[GeForce]

Hi Paul!

I agree AdAware and Spybot are excellent programs and do a great job, but they can't do everything. Doing it manually means you can. You can make the decision of what is good/bad and delete as necessary.

Programs like HijackThis allow you to see exactly what's happening and lets you delete things - permanently!

Obviously though, for people who don't know how to do it manually, Ad-Aware/Spybot are the perfect things

Jon

[Gixer]

And Ad-ware and Spybot are not invincible! I have both and run both frequently, but it didn't pick this one up!!

I prefer manually removing these kinda things, using Hijack This, to highlight problems, least I know its all gone then.

[GeForce]

Yup, that's exactly what I was saying Gixer. Nothing beats doing it manually

[Gixer]

Geforce just to let you know, I believe the reason I was getting them was because I didn't have the latest XP and IE updates.  I d/loaded a few more off the M$ site and dont get the problem anymore.  Guess someone just found another one of the loopholes!!