IE Pop-Up always coming out..Need Help

Hi, I need some help with this damn pop-up…It comes out for every 1-2hrs everyday. I used Dr Web detector or something, I used malwarebytes, and my own anti-virus, still, the pop-up still show every now and then. here’s a picture of the pop-up:

http://img198.imageshack.us/img198/1897/popupd.jpg

It’s damn annoying, so can anyone help me how to get rid of this? THanks a lot :D.

Post a HJT log.Choose ’ scan and save a log file’ Copy/paste the log here. Can you post a MBAM log too

http://filehippo.com/download_hijackthis/

Here it is:

You have a very strange,(unknown to google) entry running from your system32 folder.
Before you consider fixing the entries,can you upload DB63C0.EXE to virus total, and post the results please

http://www.virustotal.com/

C:\WINDOWS\system32\1C4E07\DB63C0.EXE

O4 - HKLM..\Run: [DB63C0] C:\WINDOWS\system32\1C4E07\DB63C0.EXE

O4 - Startup: DB63C0.lnk = C:\WINDOWS\system32\1C4E07\DB63C0.EXE

Somethings weird…

I searched for that DB63C0.exe file in search, I found it, in C:\Documents and Settings\Ramon Arceo\Start Menu\Programs\Startup

Then I looked at the properties of it, it says that it’s in C:\WINDOWS\system32\1C4E07\DB63C0.EXE…

So I went to virustotal.com, browsed for it, in the system32>1C4E07 folder, and there’s nothing in it…

Well,you could try showing hidden files/folders. http://www.bleepingcomputer.com/tutorials/tutorial62.html

I smell a rat here,I hope you don’t have a rootkit. There is no way you could have an unknown file running in that location.Try the ’ show hidden files’ .If that does not work,then we should fix the entries, and scan for a rootkit.

Also, you have two threads going,this is confusing,please stick to just one

For general cleaning procedure, I suggest:

  1. Clean your temporary files.
  2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
  3. Use MBAM (or SUPERantispyware or even Spyware Terminator) to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete them.
  4. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
  5. Make a HijackThis log to post here or this analysis site. Or even submit the RunScanner log to to on-line analysis.
  6. Disable System Restore and then reenable it again.
  7. Immunize your system with SpywareBlaster.
  8. Check if you have insecure applications with Secunia Software Inspector.

Tech,he already did some of what you advised. Your advice is excellent, but sometimes,seems, automated

Yes. Sorry for the repetition. The user could skip the steps he already done.
The worse is that the user continues to have experiencing trouble ::slight_smile:

From what Tech said, I just used the applications that most users here said were effective, which is DrWeb CureIT! and MBAM. I’ll go listen to micky77 first, cause he already started lol…thanks btw, it’ll be a backup :D.

@micky77

sorry, all I know on showing hidden files is the “show hidden files” one. So, here, I found it lol.

http://rapidshare.de/files/47606412/DB63C0.EXE.html

and about the 2 threads…im very sorry about that, its just that i dont want to get off topic here in this thread, so I made a new one lol…sorry.

Tech,is vastly more experienced and knowledgeable than me,i tried to download that file,i got alarm bells constantly going off about a trojan,from another av,not avast.

“hxxp://dl9.rapidshare.de/files/47606412/663424469/DB63C0.EXE”
a virus or unwanted program ‘TR/Dropper.Gen’ [trojan] was found.

Are you restoring you pc from an image ? If not,now that you have found the file,fix those entries,using HJT,then reboot,the file should still be there,but inactive.Then send the file to virustotal and avast and Nod http://www.virustotal.com/ virus@avast.com samples@eset.com
If you are restoring from a previous image,this is by far the best idea,if only everyone bothered to create backups, this part of the forum would be redundant. Sorry i did not get back sooner, i’ve been in A&E, having my broken and dislocated fingers mended :frowning:

I used hjt, reboot, then scan with virustotal.com…there are still trojans in it. trojandropper etc etc…

but the thing is, I think the pop up disappeared…as of now lol. thanks again for the help…

I actually have another problem…but I’ll make a new thread about it :D.

I don’t quite follow, even if you have fixed with HTJ, the file will still be on the pc, but you should be able to delete it.( in safe mode ) Or do you mean,after fixing,the entry is still returning in HJT logs ?

ohh…I didn’t do it in safe mode…sorry lol.