Home > Please Help > Please Help With Popuper/intmonp

Please Help With Popuper/intmonp

In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer run To delete the registry key this malware/grayware created: Open Registry Editor. Paste the following locations into KILL BOX one at a time. Please re-enable javascript to access full functionality. I already was running a few of those programs.

Download CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. While your computer is restarting, tap the F8 key continually until a menu appears. For that reason, I need you to submit it to Jotti's for analysis.1. Left click on "Apply"TO ENABLE SYSTEM RESTORE1.Remove check mark from "Turn Off System Restore"2.Click on "Apply"2. http://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/TROJ_PUPER.AO

Several functions may not work. Before I got chance to post the log I got called away on business and will not be back at the problem PC for some time. Also make sure that the System Files and Folders are showing/visible also.

Your message was fine, no worries here :) 05-29-2005, 11:50 AM #5 Omerr TSF Enthusiast Join Date: Feb 2005 Location: Israel Posts: 1,036 OS: XP Proffesional Hello again. Check out the forums and get free advice from the experts. Please post that log along with all others requested in your next reply.Open Ad-aware and do a full scan. Please provide me with the results of the analysis.Regards,Trevuren 0 #7 DimebagMonster Posted 17 July 2005 - 07:28 PM DimebagMonster New Member Topic Starter Member 4 posts Trevuren The file came

Chris RIP BROTHER DIME!!! 0 #4 Trevuren Posted 16 July 2005 - 11:58 PM Trevuren Old Dog Retired Staff 18,699 posts Download smitRem.zip and save the file to your desktop. My name is Trevuren and I will be assisting you with your log.However, before I am able to analyze your problem, you must read the information provided in the following link Thanks, Grant 05-29-2005, 06:59 AM #4 Omerr TSF Enthusiast Join Date: Feb 2005 Location: Israel Posts: 1,036 OS: XP Proffesional Hey grantw and thanx for your patience. http://www.geekstogo.com/forum/topic/44382-msole32-intel32-intmon-intmonp-popuper-resolved/ Please assume this issue is fixed and many many thanks for all your help.

Create Account How it Works Javascript Disabled Detected You currently have javascript disabled. You may opt to simply delete the quarantined files. Chris 0 Advertisements #2 Trevuren Posted 15 July 2005 - 11:21 AM Trevuren Old Dog Retired Staff 18,699 posts Hi Dimebagmonster welcome to Geeks 2 Go. Be sure to follow ALL instructions!

Check box beside "Turn Off System Restore"4. http://www.spywareinfoforum.com/topic/49619-intmonp-popuper-multiple-instances/ later rather than sooner I hope! Buy OnlineDownloadsPartnersUnited StatesAbout UsLog InWhere to Buy Trend Micro ProductsFor HomeHome Office Online StoreRenew OnlineFor Small BusinessSmall Business Online StoreRenew OnlineFind a ResellerContact Us1-888-762-8736(M-F 8:00am-5:00pm CST)For EnterpriseFind a ResellerContact Us1-877-218-7353(M-F 8:00am-5:00pm If you have a highspeed connection please Run an online virus scan from TrendMicro Please select the “autoclean” option when prompted to do so.

Hi, my first post here so apologies if I miss out anything, I seem to have been infected by this Thread Tools Search this Thread 05-29-2005, 06:19 AM Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem a.s.a.p Please be patient with me during this Click on the Processes tab and end the processes that were identified as related and any of the processes named in the list a bit further down. Thanx. 05-29-2005, 12:55 PM #6 grantw Registered Member Join Date: May 2005 Posts: 6 OS: win98 Hi Omerr, I located the file, there is no version tab though

This file really is a part from a hijack in your computer, please wait until I give you a reply with instructions how to act, I am sure we will solve Remove all it finds.Run Ewido:Click on scannerClick on Complete System Scan and the scan will begin.NOTE: During some scans with ewido it is finding cases of false positives.You will need to Click HERE to get to Jotti's site.2. Right click on the file and extract it to it's own folder on the desktop.Place a shortcut to Panda ActiveScan on your desktop.Please download the trial version of Ewido Security Suite

You may finish it though..if you like. In the Named input box, type the following: %System%\intmonp.exe In the Look In drop-down list, select My Computer then press Enter. Once done reboot into Normal Mode and post a new HijackThis log file to confirm what was removed and if it's clean or not.

please let me know!

Close all windows except HijackThis and click Fix checked: O4 - HKLM\..\Run: [MSN Messenger] C:\WINDOWS\SYSTEM\msmsgs.exe O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://dl.ad-ware.cc/D4VbraANxe5w-O...m::/on-line.exe O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://www.mir3europe.com/nProtect...Crypt/npkcx.cab O16 - Cheers! Else, check this Microsoft article first before modifying your computer's registry. Click "No" at the Pending Operations prompt.

Ok..on to the log….. everything seems tip top! With out these you are leaving the backdoor open.I strongly recommend installing the following applications:Spywareblaster <= SpywareBlaster will prevent spyware from being installed.Spywareguard <= SpywareGuard offers realtime protection from spyware installation Before we start fixing the problem, I will need you to check something: Please go to the following dir: Quote: C:\WINDOWS\SYSTEM\ Please find there MSMSGS.EXE, right click it and choose Properties.

Do NOT run a scan yet.If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:Ad-Aware SE SetupDon't run it yet!Next, please reboot Password Site Map Posting Help Register Rules Today's Posts Search Site Map Home Forum Rules Members List Contact Us Community Links Pictures & Albums Members List Search Forums Show Threads It is a file of major importance. what do I do next?

this Topic has been closed. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. Glad we could help. The Best Waterproof Gears for...

We want system restore ON and monitoring your current hard drive. and a yellow triangle with a black ! . Select the following and click Kill process for each one if they are still listed (they shouldn't be but make sure) C:\WINDOWS\SYSTEM\CMD32.EXE Check and fix the following in HijackThis if they All rights reserved.

Reset and Re-enable your System Restore to remove bad files from the backup that Windows makes as no program is able to clean those files:TO DISABLE SYSTEM RESTORE1. I have that frustrating BSOD background that I can't change, no tab to change it and of course the annoying toolbar icons that popup in the system tray saying my computer