MSN XXX Popups...
Rush2004
Newbury
Recently i keep getting MSN pop-ups from girls with XXX material on them, they show up in the background of games and such,
I was wondering is there anyway of getting rid of these, i am running Windows Messenger 4.01, is this a virus or something Norton doesnt detect anything :P
Can anyone help or is there a patch that can sort this problem out
Cheers All
I was wondering is there anyway of getting rid of these, i am running Windows Messenger 4.01, is this a virus or something Norton doesnt detect anything :P
Can anyone help or is there a patch that can sort this problem out
Cheers All
0
This discussion has been closed.
Comments
From the version, I think you are looking up Windows Messenger Service version-- if not, your MSN Messnger needs to be upgraded if your version of Windows and your hardweare will support that. Note that Adaware 6.0, SpybotS&D, and HijackThis can find a lot of the junk that causes this-- try those, name search on google and you will find them by that name with links to the folks that write them and provide def sets for them. BUT, if you are not a user on a LAN, you can disable Windows Messenger Service and still have MSN messenger work. Try that also, and if you need to know how to do this, several people here know how.
Couple questions:
Are we working with XP, or 2000, or an earlier Windows???
What do you know about the hardware in the computer itself??? DirectX 9.0 is NOT compatible with all older hardware, especially the 3D part. The latest MSN Messenger and Media Player prefer DirectX 9.0b for best results. Your hardware might be very much unliking this version of DirectX if you were to load it, and you might get other headaches trying to load it.
So, info you can give about these two things might help to avoid a lot of problems that over the years have left me thinging seriously about pulling hair out a few times, and frustrated as heck also.
John D.
Happy that stopped THAT. Please do run the programs I mentioned, get the latest defs for them before running them, and post your HijackThis log. That will kill other nasty things or at least tell you that you don't have other problems on the computer also.
For Adaware, I use http://www.lavasoft.de/ and it will default to English when surfed to from English Windows boxes. Tell it update itself, you will get a def set dated in April of this year.
Lavasoftusa is inactive at this time and http://www.lavasoft.de had the most recent def sets first over the last two-three years anyway.
John D.
Thanks for the help all...
Logfile of HijackThis v1.97.7
Scan saved at 09:22:35, on 20/04/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Rush\LOCALS~1\Temp\EBU43.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Rush\My Documents\HijackThis.exe
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EEFD4302-E117-4A77-924C-41F052492EF0}: NameServer = 194.72.9.55 194.74.65.85
If they are just text like the one below, it is easy to fix your problem:
- Click Start > Run and type "services.msc" (no quotes) in the Open: line and click OK
- In the right pane, scroll down to Messenger.
- Double click Messenger and click the General tab.
- Under Service Status: click the Stop button.
- In the Startup Type: drop down box, select Disable.
- Click Apply and OK.
Dexter...
does that stop Win XP loading it auto when PC is first turnt on aswell?
once again thx for the help....
Rush
Is that the type of pop-ups you were getting? Or were they different? Did they have images in them?
Dexter...
C:\DOCUME~1\Rush\LOCALS~1\Temp\EBU43.exe
It is a file running from in your Temp directory, which is unusual. If you do not recognize this file, I recommend you delete your Temp directories.
Dexter...
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
Ive deleted the above^^
Cheers all