:: Your Computer Technical Resource Headquarters! :: Your Computer Technical Resource Headquarters!
Computer Support Forums arrow Software Support arrow Operating Systems : Microsoft arrow Topic: WinXP security and popup ads
August 15, 2020, 06:23:27 AM

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
August 15, 2020, 06:23:27 AM

Login with username, password and session length
 Featured Sites:
New  We now offer Merchandise! Every purchase goes towards maintaining our site.
Thank you for supporting!
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: WinXP security and popup ads  (Read 1025 times)
Pili Potter
Full Member

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 50

Bookmark and Share

View Profile
« on: November 06, 2005, 05:37:38 PM »

Operating System Version:Windows XP SP2
Problem Application Name & Version:Windows XP SP2

Every since I installed SP 2 about a month ago, it seems that I'm getting popups. I have Zonealarm, and popup blockers and still they get through, especially one called WinFix2000 or something like that. Is it possible that they're coming through because of SP2? I really don't know what else to try to stop the popups.
I'd really appreciate any help on this
Thanks in advance

Global Moderator
Hero Member

Karma: +25/-1
Offline Offline

Gender: Female
Posts: 3175

Bookmark and Share

View Profile
« Reply #1 on: November 06, 2005, 05:59:56 PM »

SP2 was not the cause of this.
Download the trial version of SpySweeper and run it.

Also Download and install:  HiJackThis.

(Always create a Folder for HiJackThis anywhere but your Temp/Temporary Internet Folders or Desktop. A good place to make a folder would be in My Documents, as this is where it will save the backup files needed if there's a problem.)

Then doubleclick HijackThis.exe, and hit "Do A System Scan And Save Log". Make sure all Windows and Browsers are closed.
When the scan is finished, best to save your text file in the same folder as where you put HiJackthis.

Create a New Topic in Security & Viruses Forum and Copy/Paste the info from your saved Hijackthis log file into your new topic.
« Last Edit: November 06, 2005, 06:00:42 PM by Geekgirl » Logged

Girlz Rule ...Boyz Drool
Hero Member

Karma: +1/-1
Offline Offline

Gender: Male
Posts: 221

Bookmark and Share

View Profile
« Reply #2 on: November 07, 2005, 10:34:58 AM »

(from Jim Byrd, MVP)
Four approaches to removing Winfixer (Vundo)

1 - Symantec has a new Vundo remover:

2 - It's been reported that the McAfee Removal Tool here is worthwhile:

3 - Then, courtesy of MVP Suzi Turner and Mosaic1:

"Atribune, a guy in the forums, has a Vundo fix tool as well:

Instructions for use by user as posted in the SpywareWarrior forum:

'Please download VundoFix.exe to your desktop. Here's a link:

Double-click VundoFix.exe to extract the files
This will create a VundoFix folder on your desktop.
After the files are extracted, please restart your computer into Safe Mode.

Once in safe mode open the VundoFix folder and double-click on KillVundo.bat

A command window will open and it should look like this:

VundoFix V2.1 by Atri
By pressing enter you agree that you are using this at your own risk

At this point press enter one time.

Next you will see:

Type in the filepath as instructed by the forum staff
Then Press Enter, to continue with the fix.

At this point please type the following file path (make sure to enter it
exactly as below!):

Press Enter.

Next you will see:

Please type in the second filepath as instructed by the forum staff

At this point please type the following file path (make sure to enter it
exactly as below!):

Press Enter to continue.

The fix will run then HijackThis will open.
In HijackThis, please place a check next to the following items and click

O2 - BHO: MSEvents Object - {52B1DFC7-AAFC-4362-B103-868B0683C697} -
O20 - Winlogon Notify: geeby - C:\WINDOWS\system32\geeby.dll

After you have fixed these items, close Hijackthis.

The fix will tell you to shutdown using the Power button. Hold in your power
button until the computer shuts down. Wait about 15 seconds and then restart
the computer into regular windows.

Chkdsk will run. This is normal. It will take a few minutes and is checking
your file system because of the Bad Shutdown we caused.

Go for free online Virus scans here:

Allow them to clean

Panda will have the option to create a log after the scan has finished.
the See Report button. Then click the save Report button. It will be saved
under the name activescan.txt Do that and post that log into your next reply

Run hijackthis and post the new log and the vundofix.txt file from the
vundofix folder into as well.'

The forum helpers have reported this fix from Atribune works.  I don't know
about the Symantec tool.

If you'd like to join Spyware Warrior, you could see the thread where the
helpers are discussing this.


Note:  Here's some added info relative to the above courtesy of MVP Steve
Wechsler  (akaMowGreen):

"the .dll's file name :


will be different on different systems. What you can do to identify it
is to scan the system with HijackThis and look at the O2 BHO and/or O20
Winlogon entries to find out it's name. Close all other programs and
browsers prior to scanning with HJT.
REMEMBER that there is a hidden file that will have the name of the .dll
spelled backwards. Enter that name when the VundoFix requests the path
to the second file.

4 - Grinler, a Security MVP, has another removal method that can be used if
the recommended method fails :"

Here's the HijackThis info you may need:

Download HijackThis, free, here: (Always download a new
fresh copy of HijackThis [and CWShredder also] - It's UPDATED frequently.)
You may also get it here if that link is blocked:

There's a good "How-to-Use" tutorial here:

In Windows Explorer, click on Tools|Folder Options|View and check "Show
hidden files and folders" and uncheck "Hide protected operating system
files". (You may want to restore these when you're all finished with

Place HijackThis.exe or unzip into its own dedicated folder
at the root level such as C:\HijackThis (NOT in a Temp folder or on your
Desktop), reboot to Safe mode, start HT then press Scan. Click on SaveLog
when it's finished which will create hijackthis.log. Now click the Config
button, then Misc Tools and click on Generate StartupList.log which will
create Startuplist.txt

Then go to one of the following forums:

Spyware and Hijackware Removal Support, here:
or Jim Eshelman's site here:
or Bleepingcomputer here:
or Computer Cops here:
or Tom Coyote here:
or Net-Integration here:

Register if necessary, then sign in and READ THE DIRECTIONS at the beginning
of the particular site's HiJackThis forum, then copy and paste both files
into a message asking for assistance, Someone will answer with detailed
instructions for the removal of your parasite(s).  Be sure you include at
the beginning of your post a description of "What specific
problem(s)/symptoms you're trying to solve" and "What steps you've already

ONLY IF you've successfully eliminated the malware, you can now make a new,
clean Restore Point and delete any previously saved (possibly infected)
ones. The following suggested approach is courtesy of Gary Woodruff: For XP
you can run a Disk Cleanup cycle and then look in the More Options tab. The
System Restore option removes all but the latest Restore Point. If there
hasn't been one made since the system was cleaned you should manually create
one before dumping the old possibly infected ones.

When you get things cleaned up, take a look at my Blog, Defending Your
Machine, addy in my Signature below, for some additional curative and
preventive measures you might want to implement to help prevent this type of
thing in the future.

Regards, Jim Byrd, MS-MVP/DTS/AH-VSOP
<end quote>


Noel Paton
(MS - MVP, Windows, 2002-2006)

Nil Carborundum Illegitemi
Pages: [1] Go Up Print 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page August 22, 2017, 03:16:19 PM