Infuriating pop up warning about ad.uk.doubleclick.net & m.uk.2mdn.net

Avoriaz

Since yesterday I am getting an infuriating pop up when logged onto hotmail.com. It is a security warning and states:…..

---

The current web page is trying to open a site on the internet. Do you want to allow this?

Current site http://ad.uk.doubleclick.net

Internet site: http://m.uk.2mdn.net

There is a yellow shield in the bottom left and a warning that this can expose my computer to security risks.

---

No, I don’t want to access that bloody suspicious site. I keep clicking “no” but it keeps popping back up and what is worse it pops up in front of my active window and is interfering with everything I am trying to do.

I run XP home and I have AVG anti virus and Spybot anti adware, both fully up to date. I have run Spybot which has cleared out the usual 10 or 20 dodgy entries and cookies etc but the problems remains. I have not had a problem like this for years.

Any useful suggestions or advice would be gratefully received?

Thanks:)

Nikolai

Could be that in spybot you have the options set to ask for confirmation when blocking tracking cookies etc. Try opening spybot, go to immunize, then in the 'bad download blocker' option, select block 'all bad pages silently'.
I think they are tracking cookies and spybot is trying to stop them.

Blacksheep1979

have you got windows messenger service disabled? Google for how to dissable it if not (is different to msn messenger etc before youask)

Browntoa

this is a malware infection, i'll be back in a second with a file to download and run, using spybot WILL NOT BLOCK THIS

Browntoa

do this first

Please download FixWareOut from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://swandog46.geekstogo.com/Fixwareout.exe

Save it to the Desktop and run it.
Click Next, then Install, and make sure Run fixit is checked
Click: Finish

The program starts; follow the prompts.
If a security alert appears, allow the program to run.
When asked to reboot the computer, please do.
If the system takes longer than usual to load, this is normal.

When the Desktop loads please post the text that opens (report.txt)

Browntoa

then straight away follow posts 1 to 4 of this thread

http://forums.moneysavingexpert.com/showthread.html?t=133269

at the end of post 4 it tells you how to produce a hijackthis log, please post that and the report.txt file above back in this thread and await further instructions from me

Avoriaz

Thanks Browntoa. I have downloaded Fixwareout, installed it and it has rebooted my system and produced the report below. I have to go out now so I will do the rest later when I have more time and post again. I appreciate your help.


Fixwareout Last edited 2/11/2007
Post this report in the forums please
...
»»»»»Prerun check

»»»»» System restarted

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....

Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the

following URL'S for further inspection.



Click browse, find the file then click submit.
http://www.virustotal.com/flash/index_en.html
Or http://virusscan.jotti.org/

»»»»» Other



»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\R

un]
"ATIModeChange"="Ati2mdxx.exe"
"Apoint"="C:\\Program Files\\Apoint\\Apoint.exe"
"PRONoMgr.exe"="C:\\Program

Files\\Intel\\NCS\\PROSet\\PRONoMgr.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control

Panel\\atiptaxx.exe"
"Dell QuickSet"="C:\\Program

Files\\Dell\\QuickSet\\quickset.exe"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"DVDSentry"="C:\\WINDOWS\\System32\\DSentry.exe"
"PCMService"="\"C:\\Program Files\\Dell\\Media

Experience\\PCMService.exe\""
"ADUserMon"="C:\\Program

Files\\Iomega\\AutoDisk\\ADUserMon.exe"
"pmcqt"="c:\\windows\\system32\\pmcqt.exe /nocomm"
"EvtHtm"="c:\\windows\\system32\\evthtm.exe /nocomm"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec

Shared\\ccApp.exe\""
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1

\\SNDMon.exe /Consumer"
"Media Access"="C:\\Program Files\\Media Access\\MediaAccK.exe"
"Media Gateway"="C:\\Program Files\\Media

Gateway\\MediaGateway.exe"
"GhostSurf Reminder"="\"C:\\Program Files\\GhostSurf 2005

\\Privacy Control Center.exe\" reminder"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\"

-atboottime"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11

\\bin\\jusched.exe\""
"AcctMgr"="C:\\Program Files\\Norton Password

Manager\\AcctMgr.exe /startup"
"SpeedTouch USB Diagnostics"="\"C:\\Program

Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon"
"NWEReboot"=""
"NeroFilterCheck"="C:\\Program Files\\Common

Files\\Ahead\\Lib\\NeroCheck.exe"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ru

n]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\"

/background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"BgMonitor_!!79662E04-7C6C-4d9f-84C7-

88D8A56B10AA}"="\"C:\\Program Files\\Common

Files\\Ahead\\Lib\\NMBgMonitor.exe\""
....
Hosts file was reset, If you use a custom hosts file please

replace it
C:\WINDOWS\System32\AUTOEXEC.NT missing
»»»»» End report »»»»»

Browntoa

pmcqt.exe Troj/Dluca-V Tojan

evthtm.exe Troj/Dluca-EJ Trojan

fixwareout should havd dealt with them

the reat of the 2nd thread will make sure you are clean

Avoriaz

AVG anti spyware has done the job. I will also run the other defences but my Hotmail is fine again already.

Many thanks for your help Browntoa, it is really appreciated.

I have relied on AVG anti virus and Spybot for a while and this is the first problem I have had in three years. I shall also run those other defences in future.

I wish I could strangle the little sh1ts who write those trojans and adware stuff.