Random IE window keeps popping up! Help!

[im1knight]

okay... i dont know where on earth did i get this from... but this is REALLY ANNOYING!!!! about every half minutes.. a chinese website auto open up with IE. after it open up, it refreshes itself every 30 sec!!! so other window just auto minimize and let he stupid website open up! i mean jeez..... what on earth is going on! #-o i scanned with ad-aware...fine something that has a rating of 8.. i deleted it. but the samething just keep coming back again fro some reason... im currently scanning with Norton... and it find nothing...so is there anyway to solve this problem?!?! if u can TYVM!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

[im1knight]

forgot add something.. it changes the window of watever u r browzering to the website its ading.. which is http://www.mowind.com (caution, dangerous site)

 

 

 

i can understand whats written on there since i can read chinese it just seems to b a normal website..no idea wats wrong with it..

 

 

 

here are some picture..

 

 

 

top half, and for some reason that toolbar appear out of no where.. and i can't delete it.

 

 

 

 

 

 

 

 

 

 

bottom half

 

 

 

[cmeski]

Try downloading Spybot-S&D.

 

 

 

Try booting your computer in safe mode and scan with your ad-aware and then your Spybot-S&D. If the problem still isn't resolved you could post a HijackThis log.

[Aznhuskarl]

First of all, don't write in caps and don't beg for help without specifying in your title what your problem is.

 

 

 

 

 

 

 

Second of all, Try another Antivirus, Adware and Spyware Scanner like AVG, SpyBot, and StopSign {the antivirus and its other component as well} to check your computer's condition. Norton won't likely to be helpful in that condition.

[im1knight]

tried...still find nothing..

[coltm4carbine]

Erm HJT log?

 

 

 

 

 

 

 

It's not a standalone tool but it should tell us what's in your PC.

 

 

 

 

 

 

 

Also the site you've mentioned. I've visited it and it literally crippled my VM. lol

[Jaziek]

Erm HJT log?

 

 

 

 

 

 

 

It's not a standalone tool but it should tell us what's in your PC.

 

 

 

 

 

 

 

Also the site you've mentioned. I've visited it and it literally crippled my VM. lol

 

 

 

 

 

 

 

i was gonna try and visit, but i'll not now - i hate sites that absolutely cripple my PC when they come on, seriall springs to mind.

 

 

 

 

 

 

 

Yeah, a hijackthis log is needed here i feel

[Cruiser]

You may want to try running your scans in safe mode (Hold F8 before windows starts). This will load only the essential processes windows needs to run and prevent anything else from automatically starting. If AdAware found something, and said it was removed, the program most likely replaced itself if it was running.

[im1knight]

.

 

 

 

 

 

 

 

Also the site you've mentioned. I've visited it and it literally crippled my VM. lol

whoa... thats powerful-.-..anyways im gonan try to start pc in safe mode and run scan

 

 

 

 

 

 

 

 

 

 

 

also... i have see 18 unauthorized access from the website according to my Norton firewall log

 

 

 

 

 

 

 

 

 

 

 

and is there anyway to block my cmputer from visiting the site?

[im1knight]

finished scanning in safe mode..... find the same virus thing as before..and when i start windows in normal mode... the stupid window pop up again...

 

 

 

 

 

 

 

and also..i noticed that the place where its been placed is in system restore[some numbers] so...maybe i cant remove it? any ideas

[Cruiser]

You can remove all system restore points by turning it off and then back on in Control Panel > System > System Restore.

 

 

 

 

 

 

 

Posting a HJT log for colt to look over would be a good idea since AdAware doesn't seem to be doing the job.

[im1knight]

 

 

 

Posting a HJT log for colt to look over would be a good idea since AdAware doesn't seem to be doing the job.

 

 

 

 

 

 

 

erm.. how do u post on that site.....

[blade995]

Post the log here. Go into Hijackthis and click do a system scan and save a log file. Copy and paste the log here.

[im1knight]

Post the log here. Go into Hijackthis and click do a system scan and save a log file. Copy and paste the log here.

ere..where do i click for system scan?

[weezcake]

YOu have to download the program first, make a folder, and move hijackthis[Caution: ExecutableFile] into the new folder.

 

 

 

 

 

 

 

Open the program and click system scan + logfile. Copy+paste that log here and we can help you out.

[im1knight]

ok....not sure if this is the log u guys wanted..but uh..here it is almost every of them r ended with "[Caution]" after i pasted on the forum dunno why...but hopefully it dont effect u guys looking at it and TYVM for take time out and read the.....entire....list...and hopefully u guys can find a solution=)

 

 

 

 

 

 

 

Logfile of HijackThis v1.99.1

 

 

 

Scan saved at 19:42:46, on 2006-12-11

 

 

 

Platform: Windows XP SP2 (WinNT 5.01.2600)

 

 

 

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

 

 

 

 

 

 

 

Running processes:

 

 

 

C:\WINDOWS\System32\smss[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\winlogon[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\services[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\lsass[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\Ati2evxx[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\System32\svchost[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Symantec Shared\ccSvcHst[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\SERVICES[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\Explorer[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\ctfmon[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\spoolsv[Caution: ExecutableFile]

 

 

 

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\cisvc[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm[Caution: ExecutableFile]

 

 

 

C:\Program Files\Analog Devices\Core\smax4pnp[Caution: ExecutableFile]

 

 

 

C:\Program Files\HP\hpcoretech\hpcmpmgr[Caution: ExecutableFile]

 

 

 

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy[Caution: ExecutableFile]

 

 

 

C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile]

 

 

 

C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\AOL\1155133248\ee\AOLSoftware[Caution: ExecutableFile]

 

 

 

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\RunDLL32[Caution: ExecutableFile]

 

 

 

C:\Program Files\HP\HP Software Update\HPWuSchd2[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Symantec Shared\ccApp[Caution: ExecutableFile]

 

 

 

C:\Program Files\Java\jre1.5.0_09\bin\jusched[Caution: ExecutableFile]

 

 

 

C:\PROGRA~1\Yahoo!\ASSIST~1\YLive[Caution: ExecutableFile]

 

 

 

C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile]

 

 

 

C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile]

 

 

 

C:\Program Files\HP\Digital Imaging\bin\hpqtra08[Caution: ExecutableFile]

 

 

 

C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden[Caution: ExecutableFile]

 

 

 

C:\Program Files\Google\Web Accelerator\googlewebaccclient[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\svchost[Caution: ExecutableFile]

 

 

 

C:\Program Files\HP\hpcoretech\comp\hptskmgr[Caution: ExecutableFile]

 

 

 

C:\Program Files\HP\Digital Imaging\bin\hpqgalry[Caution: ExecutableFile]

 

 

 

C:\Program Files\Internet Explorer\IEXPLORE[Caution: ExecutableFile]

 

 

 

C:\PROGRA~1\Yahoo!\browser\ycommon[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\svchost[Caution: ExecutableFile]

 

 

 

C:\Program Files\Mozilla Firefox\firefox[Caution: ExecutableFile]

 

 

 

C:\WINDOWS\system32\cidaemon[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc[Caution: ExecutableFile]

 

 

 

c:\program files\common files\aol\1155133248\ee\aim6[Caution: ExecutableFile]

 

 

 

C:\Documents and Settings\ma kevin\Desktop\New Folder\HijackThis[Caution: ExecutableFile]

 

 

 

 

 

 

 

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll

 

 

 

R3 - URLSearchHook: Yahoo! ÃÆÃÂ¥ÃâïÃâüÃÆèÃâ¹Ã¢â¬Â ÃâêÃÆæÃâÃ

[wahoo]

where have you been surfing recently? :P

[im1knight]

hmm...runescape...wenxuecity.com google search... tip.it runehq.. and i think thats about it..and mail.yahoo.com.cn aol.com and msn.com i guess thats it

[im1knight]

any ideas..... :-s

[Varda]

Btw.

 

 

 

Get Avast! Antivirus and CrapCleaner, CCleaner for clearing up your history for a lot of junk, and whatever strange things might hide there.

 

 

 

 

 

 

 

Avast is free, and better than Norton.

 

 

 

 

 

 

 

http://www.avast.com

[coltm4carbine]

Please don't disable system restore yet. If I accidentally cripple your system then at least you have something to restore to. (no, I'll try not to cripple your system but I think I'll play it safe for this log).

 

 

 

 

 

 

 

Is your computer a Chinese computer (I think it is)?

 

 

 

 

 

 

 

I don't trust translators. That's why I asked. If your computer is not a Chinese version then I would just nuke the entries.

 

 

 

 

 

 

 

Did you add the files into your HOSTS? The files in the hosts looks dodgy.

 

 

 

 

 

 

 

Can you also give me a log from the programs you've scanned with?

 

 

 

 

 

 

 

Let's get you started by cleaning out some crap:

 

 

 

 

 

 

 

Please go HERE to run Panda's ActiveScan

• 
   
   
   
  [*:25yzv5hx]Once you are on the Panda site click the Scan your PC button
   
   
   
  [*:25yzv5hx]A new window will open...click the Check Now button
   
   
   
  [*:25yzv5hx]Enter your Country
   
   
   
  [*:25yzv5hx]Enter your State/Province
   
   
   
  [*:25yzv5hx]Enter your e-mail address and click send
   
   
   
  [*:25yzv5hx]Select either Home User or Company
   
   
   
  [*:25yzv5hx]Click the big Scan Now button
   
   
   
  [*:25yzv5hx]If it wants to install an ActiveX component allow it
   
   
   
  [*:25yzv5hx]It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
   
   
   
  [*:25yzv5hx]When download is complete, click on My Computer to start the scan
   
   
   
  [*:25yzv5hx]When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

 

 

 

 

 

 

 

Also rename Hijackthis[Caution: ExecutableFile] to scan[Caution: ExecutableFile]

 

 

 

 

 

 

 

Cheers

[im1knight]

Please don't disable system restore yet. If I accidentally cripple your system then at least you have something to restore to. (no, I'll try not to cripple your system but I think I'll play it safe for this log).

 

 

 

 

 

 

 

Is your computer a Chinese computer (I think it is)?

 

 

 

 

 

 

 

I don't trust translators. That's why I asked. If your computer is not a Chinese version then I would just nuke the entries.

 

 

 

 

 

 

 

Did you add the files into your HOSTS? The files in the hosts looks dodgy.

 

 

 

 

 

 

 

Can you also give me a log from the programs you've scanned with?

 

 

 

 

 

 

 

Let's get you started by cleaning out some crap:

 

 

 

 

 

 

 

Please go HERE to run Panda's ActiveScan

• 
   
   
   
  [*:3suhrrdn]Once you are on the Panda site click the Scan your PC button
   
   
   
  [*:3suhrrdn]A new window will open...click the Check Now button
   
   
   
  [*:3suhrrdn]Enter your Country
   
   
   
  [*:3suhrrdn]Enter your State/Province
   
   
   
  [*:3suhrrdn]Enter your e-mail address and click send
   
   
   
  [*:3suhrrdn]Select either Home User or Company
   
   
   
  [*:3suhrrdn]Click the big Scan Now button
   
   
   
  [*:3suhrrdn]If it wants to install an ActiveX component allow it
   
   
   
  [*:3suhrrdn]It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
   
   
   
  [*:3suhrrdn]When download is complete, click on My Computer to start the scan
   
   
   
  [*:3suhrrdn]When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

 

 

 

 

 

 

 

Also rename Hijackthis[Caution] to scan[Caution]

 

 

 

 

 

 

 

Cheers

 

 

 

 

 

 

 

nope..mine is English Windows Xp. and i did not nstall any translators. and does the panda scan thingy install AV to my computer since Norton don't allow any other AV program? and also... my IE is now becaming rarely useable since th virus is on. everytime i click the scan button... it frozen... and it dont support firefox...so any ideas.. also.. should i just do a system restore? i know its no good fro the computer since last time i do system restore and it burned up my hard drive :-w but is there anyway to opent he panda scan without using IE? and feel free to add me on messenger since it took so long on forum to get a reply..lol

[weezcake]

Those hosts entries look a bit dodgy. have you ever been to those sites?

[im1knight]

Those hosts entries look a bit dodgy. have you ever been to those sites?

nope..not even once

[coltm4carbine]

Ok I won't guarantee anything I'll try my best.

 

 

 

 

 

 

 

The IP from the hosts smells like a new Chinese infection.

 

 

 

 

 

 

 

Do this with HJT, Let's uninstall some crap first (Before we fix anything).

 

 

 

 

 

 

 

Open HijackThis, click Config, click Misc Tools

 

 

 

Click "Open Uninstall Manager"

 

 

 

Click "Save List" (generates uninstall_list.txt)

 

 

 

Click Save.

 

 

 

Exit HijackThis

 

 

 

 

 

 

 

Post the uninstall log and a new HJT log.