pop-ups won't go away

**jholland1964** · 07-05-2007, 01:20 PM

Try looking HERE Brant for those Content.IE5 folders;
C:\Documents and Settings\Local Service\Local Settings\Temporary Internet Files\Content.IE5
AND here
C:\Documents and Settings\Network Service\Local Settings\Temporary Internet Files\Content.IE5

Think it is odd Kaspersky scan says they are located here;
C:\Documents and Settings\Brant\Local Settings\Temporary Internet Files\Content.IE5\
and you did find them there before but now they are not there?
Checked on mine and mine are not located under my default name either but under the two I just gave you.
Anyway...if you find those files, and look both places, open all four oddly named folders and select all and delete all you find in the FOLDERS. Don't delete the folders themselves.

**branthamel** · 07-06-2007, 08:18 AM

I'll check again. But here are the log files. I also ran housecall, but did not see an option for a log file.

thank you,
Brant

**branthamel** · 07-06-2007, 09:22 AM

I checked the other locations

I did find the Content.IE5 folder in C:\Documents and Settings\Local Service\Local Settings\Temporary Internet Files\

It had four strangely named subfolders and the only file in each subfolder was desktop.ini which I deleted.

I did not find a content.IE5 folder in
C:\Documents and Settings\Network Service\Local Settings\Temporary Internet Files

or in C:\Documents and Settings\Brant\Local Settings\Temporary Internet Files

or in C:\Documents and Settings\Brant\Local Settings\Temp\Temporary Internet Files (where I did originally find it)

**jholland1964** · 07-06-2007, 01:15 PM

Things look much better.
You are going to need to go in and delete the following items. Even though they have been disinfected, the entries themselves are now probably useless since they have been disinfected.
C:\Documents and Settings\Brant\Application Data\Qualcomm\Eudora\attach\Edward.zip[12.exe]
C:\Documents and Settings\Brant\Application Data\Qualcomm\Eudora\attach\error-mail_info.zip[Winzipped-Text_Data.txt.exe]
C:\Documents and Settings\Brant\Application Data\Qualcomm\Eudora\attach\Health_and_knowledge.z ip[1.exe]
C:\Documents and Settings\Brant\Application Data\Qualcomm\Eudora\attach\Information.zip
C:\Documents and Settings\Brant\Application Data\Qualcomm\Eudora\attach\In_park.zip[f22-013.exe]
C:\Documents and Settings\Brant\Application Data\Qualcomm\Eudora\attach\Kitten.zip[f22-013.exe]
C:\Documents and Settings\Brant\Application Data\Qualcomm\Eudora\attach\mail_info.zip[Winzipped-Text_Data.txt .exe]
C:\Documents and Settings\Brant\Application Data\Qualcomm\Eudora\attach\Readme.zip
C:\Documents and Settings\Brant\Application Data\Qualcomm\Eudora\attach\The_new_prices.zip[1.exe
C:\Documents and Settings\Brant\Application Data\Qualcomm\Eudora\attach\Valentyne.zip[12.exe]
C:\Documents and Settings\Brant\Desktop\Virus issue\programs\ComboFix.exe[nircmd.exe]
C:\Documents and Settings\Brant\My Documents\Rarely used\installs\virus removal tools\dcomm\DCOMbob.exe
Also go into here;
C:\Program Files\Internet Explorer\and remove this file
holenu83122.dll

Then right click My Computer.
Choose Properties, System Restore.
Place a checkmark in Turn Off System Restore.
You will get a warning that you will lose all restore points, click ok or yes, whatever the choice is.
System Restore will then shut down.
Reboot the computer.
Go back into System Restore and turn it back on.
Then run one more Panda Scan and have it fix anything found.
Run Kaspersky and save the log.
Post back here with both logs.

**branthamel** · 07-07-2007, 01:13 PM

Judy,
Hello. I deleted all the zipped files I found in the Eudora attach folder. They did not seem to have the same names as you mentioned though...

I also deleted combofix.exe and dcombob.exe. I did not find holenu83122.dll.

I turned off system restore, rebooted and turned it back on. I ran the activescan and the kaspersky scan and also one more hjt log which are all attached.

They seemed to look good, but you can interpret them better than I for sure. Thanks again for all the help, its very generous of you.

-Brant

**ShadowPuterDude** · 07-09-2007, 07:52 PM

Judy is on vacation.

Couple of observations:
The installed version of Java on this compter is out-dated. Install Java Runtime Environment (JRE) 6u2 available at Major Geeks. Uninstall all older versions of Java on your computer, before installing the latest version of Java.

The OS on this Computer is seriously out-dated. you are running SP1 and should be running XP SP2. Not running the latest Service Pack and associated updates puts your computer at serious risk of infection. Install SP2 and run Windows Update.

Otherwise I see no further signs of infection in your logs.

**jholland1964** · 07-17-2007, 08:30 PM

Hi Brant,
Have returned tanned and rested. Thanks to SPD for reading the logs.
Please follow ALL of his instructions to avoid further problems.

Thread: pop-ups won't go away

Thread Tools

Display

Thread Information

Users Browsing this Thread

Posting Permissions