Fp Pc On Internet.com Pop Ups Spyware Problems
Hello,
I have been getting pop ups from fp-pc on internet.com for the last 5 days after I installed a download software "Thunder network" ( The part I marked underline) . I've already uninstalled it and tried using Adaware but the pop ups are still there. Any help would be appreciated.
Can anybody help me to find solution for this problem?
Here is my hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:33:33, on 6/28/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Kenny\AppData\Local\qoqykac.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
O1 - Hosts: ::1 localhost
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - d:\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {465E08E7-F005-4389-980F-1D8764B3486C} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - d:\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O3 - Toolbar: Dr.eye WebPage Translation - {92B255FE-94E2-4BCA-958D-3926CE38913F} - C:\Program Files\Inventec\Dreye\DreyeMT\DreyeIEBar.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [synTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "c:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en
O4 - HKLM\..\Run: [TPwrMain] "C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE"
O4 - HKLM\..\Run: [HSON] "C:\Program Files\TOSHIBA\TBS\HSON.exe"
O4 - HKLM\..\Run: [00TCrdMain] "C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe"
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [NvSvc] "RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [spyware-Secure] C:\Program Files\Spyware-Secure\Spyware-Secure_trial.exe
O4 - HKCU\..\Run: [sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [qoqykac] c:\users\kenny\appdata\local\qoqykac.exe qoqykac
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 屏幕剪辑程序和启动程序.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Monitor.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 使用迅雷下载 - 
\Thunder Network\Thunder\Program\geturl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - \Thunder Network\Thunder\Program\getallurl.htm
O8 - Extra context menu item: 导出到 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ表情 - \Tencent\QQ\AddEmotion.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: ???ˉ??à×5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - d:\Thunder Network\Thunder\Thunder.exe (file missing)
O9 - Extra 'Tools' menuitem: ???ˉ??à×5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - d:\Thunder Network\Thunder\Thunder.exe (file missing)
O9 - Extra button: ·¢?í?á OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: ·¢?í?á OneNote(amp;E) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - https://h50203.www5.hp.com/HPISWeb/Customer...DataManager.CAB
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s2.work4sure.com/c/ge/w4sgeen9.exe
O16 - DPF: {2375BEE5-F175-4F1C-81EC-8E4E2E72E2DD} (PhotoDraw Class) - http://imgcache.qq.com/qzone/client/photo/...toDrawSetup.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} (Hewlett-Packard Printer Diagnostics) - http://h50203.www5.hp.com/HPISWeb/Customer...SWebManager.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - http://update.microsoft.com/windowsupdate/...b?1177537349483
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin10USA.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\system32\bgsvcgen.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 12822 bytes
/applications/core/interface/file/attachment.php?id=2349" data-fileid="2349" rel="">hijackthis.log
Comments
-
Hello jianjili,
Please put the following file in a ZIP archive, with the password infected:c:\users\kenny\appdata\local\qoqykac.exe
Attach the archive to your next post.
Cris.0 -
Thank you, Cris. But I can't find c:\users\kenny\appdata\local\qoqykac.exe on my laptop, even I selected the show hidden files and folders option. Could you please tell me detail for how to find it? Thanks again, I appreciate.
0 -
Hello,
The file has to exist, because it's listed as a running process, which means it exists.
Please read this: How To Find Hidden Malware (and make sure you follow all the steps writen there). Also, be sure that the options stay un-checked (some malware prevent users from changing those settings, in which case we have to take an alternative approach).
Cris.0 -
Hi Cris.
Because my operation system is vista sp1, so some setps are different with the instruction. But I thought I did it as you required. Unfortunately, still can't find that file. Attachment is the picture which show you what files is inside. Thanks again.
0 -
That's very weird... but what if you look in TaskManager? Can you see that process as running? If you look in your first post here, HijackThis detected it as running, and also as a startup item.
0 -
It's not in my task manager. See attachment. Thank you so much.
0 -
Hi, Cris. I found c:\users\kenny\appdata\local\owmugue.exe from MSCONFIG, it's a stratup item. Look is similar with c:\users\kenny\appdata\local\qoqykac.exe. But also can't find fom the folder and task manager.
Does it help?0 -
Hello jianjili,
I see some traces off the Thunder Network Toolbar. Please open Internet Explorer go to the tools menu,manage add-ons,select Add-ons that have been used by Internet Explorer see if you can find references to Thunder Network select disable restart IE. The entries you should disable are :
xunleiBHO_Now.dll
TDAtOnce_Now.dll
Can you please download combofix you will find it here. Print the following instructions and read them carefully. Please post the output of the scan into your next post. So I or someone else can see if there is still some infections.
Kind regards,
Niels0 -
Hi, Cris. I found c:\users\kenny\appdata\local\owmugue.exe from MSCONFIG, it's a stratup item. Look is similar with c:\users\kenny\appdata\local\qoqykac.exe. But also can't find fom the folder and task manager. Does it help?
Ok...this looks like the file is somehow changing it's name (??).
If somehow, you can find a file with a weird name in that folder, please attach it here (in a ZIP file).
Also, follow Niles' advice and post the Combofix log and a new HijackThis log.
Cris.0 -
Hi Cris. I found owmugue.exe in safe mode. Please see attachment. And my vista was upgraded from XP, so I still try to know how to access recovery enrionment. I have a cd but only for upgrade, can't boot from it. Thanks Cris and Nile.
0 -
Thank you for the sample. I'll send it for analysis as soon as possible and tell you the result.
About the recovery environment... I assume you ask this because you saw it in the Combofix instructions? If this is the case, then don't worry about it. Just skip those steps, and read the actual instructions of Combofix itself. Also keep the instructions offline, in case the internet connection doesn't work anymore after you run Combofix (see the last part of those instructions).
Cris.0 -
Hi, Cris and Nile. Don't know why, I can't run Combofix. Even I closed my antivirus and firewall and run it as administrator. It's nothing show up on my screen. Hope to have the result from you soon. Thanks again.
0 -
Hello jianjili,
Please download Deckard's System Scanner. You need to save it on your desktop. Close all other applications and windows. First right click on dss(.exe) and choose for run as administrator. Now double click on dss(.exe) Confirm the warnings. It can take a while. Please copy the content of main and extra textfiles. Extra will be minimized and paste it at your next post. Because it will be large spread them about a few posts.
Kind regards,
Niels0 -
The previously attached file was checked by BD labs and it's, indeed, infected. Detection will be available in BD in one of the future updates.
Also, I'd like to know if you could post an installation kit of Thunder network (or a link to download it). It might be infected also. If you post a link, please don't post it directly into your post (instead write it in a TXT file and attach that file).
Cris.
P.S.: I asked one of the guys at the labs about ComboFix and Vista (because you said that you couldn't run it) and I was told that Combofix just refuses to work on Vista (it detects this OS and just refuses to start). I guess it's tools are not fully compatible with Vista, so the authors prevented it from running in Vista...0 -
Hi Cris. Attachment is Thunder Network download address. Thanks.
0 -
Hello jianjili,
Can you please also the output off the Deckard's scan? That also includes a similar program as combofix that should work in vista.
Kind regards,
Niels
PS Cris:
The strange thing on some vista pc's combofix does run. But it could be that in newer version it doesn't work. But I found logfiles off vista based computer posted not so long ago more specificly 15 th June 2008.0 -
Hi Niels. Attachment are DDS's scan. Hope they help for tis problem. Thank you so much.
/applications/core/interface/file/attachment.php?id=2396" data-fileid="2396" rel="">main.txt
/applications/core/interface/file/attachment.php?id=2397" data-fileid="2397" rel="">extra.txt
0 -
Hello jianjili,
I see some entries off Spyware-Secure which infact is a rogue security product which reports false positivs and displays pop-up's. Can you please click on start,my computer,program files,spyware-secure,see if you still can find Spyware-Secure_trial.exe. If so please upload it here also. If iit's too big. Upload it to an online file host and attach the download link into a text file.
Please press the windows button together with r now type regedit press enter. Expand hkey_local_machine by pressing on the +-sign,open the following folders and subfolders: software,microsoft,windows,currentversion,run take a look at the right side look for and entry that is called Spyware-Secure select it and press on delete.
Kind regards,
Niels0 -
Hi Niels. There are not Spyware-Secure_trial.exe. And I had deleted Spyware-Secure from my registry. Thank you.
0 -
Hello jianjili,
After looking again. I found something suspecious. Please click on start,my computer,windows,downloaded program files,look for an entry called w4sgeen9.exe delete it. This could be the cause off your pop-up's. Because this is loaded everytime that you start Internet Explorer.
Kind regards,
Niels
PS: To virus researchers I've attached the sample. Password is infected./applications/core/interface/file/attachment.php?id=2413" data-fileid="2413" rel="">w4sgeen9.rar
0 -
Hi Niels. I found some information about this file from other website. Please check the website address in the attachment. If you think I still need to delete it, please let me know. Thank you so much.
/applications/core/interface/file/attachment.php?id=2418" data-fileid="2418" rel="">w4sgeen9.exe.txt
0 -
Hello jianjili,
Did you visited the website memorystore.com and ran their memory wizard? But from what I read the file should be automatically being removed after a run. What is suspecious is the random name that the file has. So it could be infected. Deleting it will not harm your computer. It could be that this is the case off your pop-up's. If you visit the website again you can always redownload it. Or try this temporary disable this active x file to do that go in Internet Explorer to the tools menu,manage add-ons,enable or disable add-ons,in the show drop down menu please select downloaded active-x controls. Left click on the entry that have w4sgeen9.exe as file choose disable and press on ok.
Kind regards,
Niels0 -
Hi jianjili!
Visite this website http://www.pc-on-internet.com/uninstall.php?lg=EN , you'll see
"You have decided to uninstall the Favorit contextual advertising component that you downloaded jointly with the software on your computer.
Customer satisfaction is important to us as well as the quality of our products. We thank you for confiding in us and will provide you with everything to uninstall the component.
The software you have downloaded is completely free since it is financed by advertising that appears through the Favorit contextual advertising component. Using the software therefore meant occasionally seeing some advertising pop-ups related to websites that you visited. However, we never registered any information whatsoever related to your web surfing habits.
Favorit would like to give you the option to provide any commentaries about the software in the text box below. If you would like to receive a response from us, please indicate a valid email address in the message.
The security code is the only required field. "
this is the solution to your problem!
PS: I speak a broken English
KORMODO0
