gergermen

O17 - HKLM\System\CCS\Services\Tcpip\..\{9B69C40C-4719-4BCA-85F7-49A8AFC67880}: NameServer = 205.252.144.28 218.102.23.77

之前用HIJACKTHIS掃過嘅LOG中有呢個，一下冇留意，你清唔清楚呢個IP，也許就是POPUP嘅來源，佢將你個IP重定向呢個到，用HIJACKTHIS修復。

147ak477

Originally posted by gergermen at 2006-1-15 03:53 PM:


唔係啩~~~

CAP張圖睇下（下...

i have fix the O-17 file lu

also do u mean cap the screen of those files in regedit?

147ak477

after i fix the O-17
all the pop ups shows cannot find server
and one of those link is
http://www.ad-w-a-r-e.com/cgi-bin/PopupV3?ID={8583258A-8641-7559-614F-AEC2FEBEBF81}&type=normal&mSkip=1&rnd=19054

gergermen

Originally posted by 147ak477 at 2006-1-15 16:36:
after i fix the O-17
all the pop u...

而家應該冇事嘞？係唔係
你POST嘅LINK係連去呢度（賣廣告）
http://www.health-yshopping.com/normal/yyy102.html

147ak477

after i fix O-17 for a while .
i disconnect and re-connect internet (coz cannot load 26fun.com) , but now the ads-pop -up can show again!

also i attach the screen cap for regedit
some of the directory in the local machine cannot be find

147ak477

links for some other ads:
http://www.hug-ediscounts.com/normal/yyy102.html
all of the URL ends like that


i scanned using hijackthis and find tha O-17 files again!
and i need to fixed it again

[ Last edited by 147ak477 on 2006-1-15 at 04:58 PM ]

gergermen

又出返啲POPUP
睇啲圖又冇嘢

你之前有冇裝過啲咩SOFTWARE/ 咩TOOLBAR之類，同埋之前有冇呢種情況，幾時出現。

用HIJACKTHIS再掃一次
OR
揾下呢兩個FILE：HOST / LMHOST，用NOTEPAD打開。
host內容係唔係咁（紅色嗰度）

# Copyright (c) 1998 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP stack for Windows98
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

127.0.0.1       localhost

lmhost入面啲內容最尾係唔係呢個：# end of this file.

[ Last edited by gergermen on 2006-1-15 at 05:12 PM ]

147ak477

Originally posted by gergermen at 2006-1-15 05:09 PM:
又出返啲POPUP
睇啲圖又冇嘢

你...

hosts file starts similar to the one u shown but ends with like:

127.0.0.1       localhost
127.0.0.1  sds-qckads.com
127.0.0.1  status.qckads.com
127.0.0.1  www.qoolaid.com
127.0.0.1  www.qoologic.com
127.0.0.1  www.CLKPrecision.com
127.0.0.1  www.urllogic.com
127.0.0.1  www.clkoptimizer.com
127.0.0.1  www.isearch.com
127.0.0.1  isearch.com
127.0.0.1  www.idownload.com
127.0.0.1  idownload.com
127.0.0.1  www.mytotalsearch.com
127.0.0.1  mytotalsearch.com
127.0.0.1  www.lop.com
127.0.0.1  lop.com
127.0.0.1  www.websearch.com
127.0.0.1  websearch.com
127.0.0.1  www.page-not-found.net
127.0.0.1  page-not-found.net
127.0.0.1  www.isearchhere.com
127.0.0.1  isearchhere.com
127.0.0.1  as.adwave.com
127.0.0.1  sr.adwave.com
127.0.0.1  www.adwave.com
127.0.0.1  adwave.com EVENT:HOST:127.0.0.1
127.0.0.1  www.pacimedia.com
127.0.0.1  www.exactsearch.net
127.0.0.1  www.contextplus.net
127.0.0.1  www.contextplus.net
127.0.0.1  www.contextplus.net
127.0.0.1  www.contextplus.net
127.0.0.1  www.contextplus.net
127.0.0.1  www.contextplus.net
127.0.0.1  www.contextplus.net
( a lot of them)

lmhosts
starts and ends like normal

[ Last edited by 147ak477 on 2006-1-15 at 05:17 PM ]

gergermen

Originally posted by 147ak477 at 2006-1-15 17:15:



hosts file starts similar to ...

就係佢，你改成我POST咁，得呢行“127.0.0.1       localhost ”就得
大功告成冇POPUP以後

嗰地址係連去一啲廣告網站.

[ Last edited by gergermen on 2006-1-15 at 05:20 PM ]

147ak477

Originally posted by gergermen at 2006-1-15 05:17 PM:


就係佢，你改成我POST咁，就大功告成

嗰地址係連去一個搞DESKTOP MARKETING網站.

do u mean i manually edit the" hosts" file
and deleted everything after    127.0.0.1       localhost
and save?