How to Stop This Popup

[Wren]

This is the properties info for a popup that keeps trying to get you to load Gain, which is spyware. Registry, cookies, etc have been cleaned up, but it still persists. Cannot find out what is causing this popup to keep returning, no matter what's done, short of a format. There's something somewhere prompting this popup window, but what?

res://C:WINDOWSsystem32shdoclc.dll/dnserror.htm#http://count.exitexchange.com/exit/1105694


Archived topic from Iceteks, old topic ID:2140, old post ID:18222

[Red Squirrel]

Is it like a browser popup? You probably got a highjack or something. Try running adaware to see if it will clean it up.

Archived topic from Iceteks, old topic ID:2140, old post ID:18223

[Wren]

It's not on my system, was trying to help someone. Adaware, Spybot and another spyware scan has been done. Nothing shows up, whatever it is seems to be well hidden. It was removed from the registry and came back up again. Will see about running a Hijack This log.

Archived topic from Iceteks, old topic ID:2140, old post ID:18226

[Red Squirrel]

Try to do a registry search for the filename it's trying to execute. That usually works depending on what type of infection it is. Hopefully it's not a system file that is infected.

I know shdoclc.dll is part of internet explorer / windows but not sure what http://count.exitexchange.com/exit/1105694 is since it does not work at my end. I just get a 404 error.

Archived topic from Iceteks, old topic ID:2140, old post ID:18227

[Wren]

The link worked in IE. Just a car buying ad. No browser hijacks found.

Archived topic from Iceteks, old topic ID:2140, old post ID:18228

[Chris Vogel]

Let's see...

Before you do this, you will have to enable the viewing of hidden folders. You do this by going to VIEW>FOLDER OPTIONS>VIEW (tab)>DO NOT SHOW HIDDEN FILES AND FOLDERS (checkbox to uncheck).

After you do that, go to C:WINDOWSSYSTEM32driversetc. There, you should see a HOSTS file. It shouldn't be associated with any program, so when you double click it you will get the option of opening it with a program from a list. Open it with Notepad.

Tell me what's there if you don't mind.


You could try flushing your DNS cache. Type "CMD" (without quotes) into the Run dialogue, and this type this:

ipconfig /flushdns


This may not help, and I may be making a fool of myself, but it can't do any harm... I just noticed the "DNS error" thing in your post, so...

Archived topic from Iceteks, old topic ID:2140, old post ID:18230

[Wren]

Thanks tak, I'll pass the info along...as I said, it's not on my pc, was trying to help someone.

This is what's in the host file:

" 127.0.0.1 localhost"



Archived topic from Iceteks, old topic ID:2140, old post ID:18231

[Chris Vogel]

Yep, that's what I'd expect to see in there. I thought maybe something would be in there, but I guess it isn't.

I've never had this problem. I just hoped it would help. I hope someone has the solution.

Archived topic from Iceteks, old topic ID:2140, old post ID:18232

[Wren]

It may be one of those unsolved mysteries. The cache was flushed also.

Archived topic from Iceteks, old topic ID:2140, old post ID:18233

[Wren]

There are a lot of drivers with exch in front of them, like scripto.dll


So it looks like exch_scripto.dll. Are they normal to have ?

Update:
I just found out they are files in the restore feature.

Archived topic from Iceteks, old topic ID:2140, old post ID:18234

[rovingcowboy]

find the free surfer II pop up killer it has a rule system that allows you to add in the url of pop up browser adds and kill them.

free surfer II is free or pro make sure you find the free link. and you might get it at the http://www.webattack.com site. that url has changed but maybe that will re direct you.



Archived topic from Iceteks, old topic ID:2140, old post ID:18235