| JREF Homepage | Swift Blog | Events Calendar | $1 Million Paranormal Challenge | The Amaz!ng Meeting | Useful Links | Support Us |
 |
|
| JREF Homepage | Swift Blog | Events Calendar | $1 Million Paranormal Challenge | The Amaz!ng Meeting | Useful Links | Support Us |
|
|
|
|
|||||||
| Notices |
|
Advertisement
|
| Welcome to the JREF Forum, where we discuss skepticism, critical thinking, the paranormal and science in a friendly but lively way. You are currently viewing the forum as a guest, which means you are missing out on discussing matters that are of interest to you. Please consider registering so you can gain full use of the forum features and interact with other Members. Registration is simple, fast and free! Click here to register today. |
1st September 2003, 06:47 PM
|
#1 |
|
Critical Thinker
Join Date: Oct 2002
Posts: 424
|
Registry Key and Popups
Hi everyone,
I am having a problem with "Gator" Corporations legal virus on my fathers computer. It has embedded itself into the registry- so it is not on the hard drive. He has Windows 2000 Pro, and the Microsoft Messenger has been disabled. We have also tried Spybot, etc. Nothing works. I have fixed this virus in the past by re-installing the operating system, but this takes many, many hours. Any programmers out there who can help? How do you clean out the registry!!?! Basically, the computer is inoperable because it is so full of popups after a few minutes it crashes, and all of the programs run slow. PS This comes from "Travelocity" web site, and I heard other people have been infected after signing up there. |
|
|
|
1st September 2003, 07:35 PM
|
#2 |
|
Graduate Poster
Join Date: Nov 2002
Posts: 1,329
|
Re: Registry Key and Popups
Are the pop-ups from the messenger part of Windows, or do they open in IE as a website?
|
|
__________________
"After all, a week ago, there were — Yasser Arafat was boarded up in his building in Ramallah, a building full of, evidently, German peace protestors and all kinds of people. They're now out. He's now free to show leadership, to lead the world." —George W. Bush, Washington, D.C., May 2, 2002 Will Ferrell playing President Bush on SNL: "According to a recent poll, nearly 90% of the Arab world believes that some years ago, Egyptian president Hosni Mubarek, Saddam Hussein, and the sultan of Brunei were kidnapped by the CIA and replaced wih Israeli look-alikes. And that later, these look-alikes were killed and replaced by Israeli robots, one of which is a lesbian robot. Also, one of the robots is invisible. Let me just say that this is at best a gross oversimplification of the truth." |
|
|
|
|
|
1st September 2003, 08:09 PM
|
#3 |
|
Muse
Join Date: Jul 2002
Posts: 803
|
Man, I feel sorry for you. That Gator bastard came preinstalled with one of my PC's and it was annoying to say the least.
Just to correct you on something:
Quote:
Fixing your problem is pretty easy. Just go into start/run, type in regedit (to edit the registry). Look for HKEY_LOCAL_MACHINE, then SOFTWARE, then MICROSOFT, then Windows, then "Currentversion" then "Run", expand the "Run" tab to see a list of programs that load during Windows startup. Look for gator.exe (or something similar) and delete it from registry. There may be other programs sitting there that shouldn't be running. You might want to check into deleting them as well. To remove gator for the future, record the path to gator.exe and then delete it. |
|
__________________
"You are a bunch of kook haters and a hate-group. " - the now gone Jedi Knight describing the board's attitude to dangerous and out of this world ideas. |
|
|
|
|
|
1st September 2003, 10:08 PM
|
#4 |
|
Master Poster
Join Date: Aug 2001
Location: Denmark
Posts: 2,888
|
There is a small program called "Hijack This" that can help you. It tells you what programmes load at startup. You can find it here: Hijack .
This programme together with Spybot and AdAware has removed Gator & Co from my computer several times. Also you might want to use some of Spybot's "immunisation" features to prevent further trouble. 
|
|
__________________
I am sitting here, completely surrounded by NO BEER..... (Onslow) |
|
|
|
|
|
1st September 2003, 11:10 PM
|
#5 |
|
Student
Join Date: Dec 2001
Posts: 45
|
if you dont know what to do with hijackthis
after you download it, run the program, click scan and then save log. go here LINK, open a new thread by pasting the log and ask if there´s something wrong with it. |
|
__________________
"And so you exercise your own free will, I exercise my f*cking right to kill your vicious lies..." - Pennywise |
|
|
|
|
|
2nd September 2003, 05:50 AM
|
#6 |
|
Critical Thinker
Join Date: Oct 2002
Posts: 424
|
Thanks everyone, I will try this tonight when I get back from work.
|
|
|
|
|
2nd September 2003, 05:37 PM
|
#7 |
|
Muse
Join Date: Jul 2002
Posts: 803
|
Or you could just run msconfig and get exactly the same information plus be given the option which programs to remove from startup... Saves bandwidth and time.
 Or you could just edit the registry like I posted. 
Quote:
Originally posted by Ove
There is a small program called "Hijack This" that can help you. It tells you what programmes load at startup. You can find it here: Hijack . This programme together with Spybot and AdAware has removed Gator & Co from my computer several times. Also you might want to use some of Spybot's "immunisation" features to prevent further trouble.
|
|
__________________
"You are a bunch of kook haters and a hate-group. " - the now gone Jedi Knight describing the board's attitude to dangerous and out of this world ideas. |
|
|
|
|
|
2nd September 2003, 10:16 PM
|
#8 |
|
Master Poster
Join Date: Aug 2001
Location: Denmark
Posts: 2,888
|
Quote:
Yes you can if you are an experienced windows user and knows 100% what you're doing but i got the impression that Quasi is quite unsure of what to do. Hijackthis provides some very helpfull tools.
|
|
__________________
I am sitting here, completely surrounded by NO BEER..... (Onslow) |
|
|
|
|
|
3rd September 2003, 12:05 AM
|
#9 |
|
Muse
Join Date: Jul 2002
Posts: 803
|
Very true.
Quote:
Originally posted by Ove
Yes you can if you are an experienced windows user and knows 100% what you're doing but i got the impression that Quasi is quite unsure of what to do. Hijackthis provides some very helpfull tools.
|
|
__________________
"You are a bunch of kook haters and a hate-group. " - the now gone Jedi Knight describing the board's attitude to dangerous and out of this world ideas. |
|
|
|
|
|
3rd September 2003, 03:34 AM
|
#10 |
|
Scourge of the Believer
Join Date: Feb 2002
Posts: 5,508
|
Simple answer...
Go Google...put in "Remove Gator"... See what comes up... Your prayers will be answered... DB |
|
__________________
I've made nearly 20,000 posts on the JREF... Trouble is..over 14,000 have been deleted... And you think you're 'Hardcore'.. (DB) |
|
|
|
|
|
3rd September 2003, 09:41 AM
|
#11 |
|
Critical Thinker
Join Date: Oct 2002
Posts: 424
|
I have tried lots of things. The registry search turned up several viruses. Some other searches turned up others. After trying a combination attack, the system worked well for about 5 minutes, but then the viruses loaded themselves back again. I am definetly missing something, somewhere. My father is going to break down soon and pay off Norton Utilities to protect the computer, which he thinks will work. I will try the google "remove gator" bit and see what happens. Damn agressive these programs are. The irony is that so many popups appear, the computer is useless, so any marketing value is lost.
|
|
|
|
|
3rd September 2003, 10:13 AM
|
#12 |
|
Scourge of the Believer
Join Date: Feb 2002
Posts: 5,508
|
Quasi...
Download "POW" from Analogx.com It works a treat...you only ever get the pop ups once....then never again... DB |
|
__________________
I've made nearly 20,000 posts on the JREF... Trouble is..over 14,000 have been deleted... And you think you're 'Hardcore'.. (DB) |
|
|
|
|
|
3rd September 2003, 03:38 PM
|
#13 |
|
Muse
Join Date: Jul 2002
Posts: 803
|
Just removing them from the registry is NOT ENOUGH. That's because they write themselves back into your registry. You need to delete the actual file the registry points to.
I suggest you press CTRL+ALT+DEL, go into task manager and click on the processes tab (not applications, processes). You'll see the very same "viruses" that your registry had references to. You need to shut them down then delete them off your hard drive, then remove them from the registry.
Quote:
|
|
__________________
"You are a bunch of kook haters and a hate-group. " - the now gone Jedi Knight describing the board's attitude to dangerous and out of this world ideas. |
|
|
|
|
|
3rd September 2003, 04:41 PM
|
#14 |
|
Graduate Poster
Join Date: Jul 2001
Posts: 1,201
|
Quote:
What you have is spyware, which can be far more troublesome in some aspects. Download Spybot Search & Destroy and run it. Remove all the spyware. http://www.pcworld.com/downloads/fil...leidx,1,00.asp Also use the immunize function, as well as the "block all pages silently" function. Good stuff. And remove Kazaa, use Kazaa Lite instead. Kazaa comes with Gator, if you keep it installed after you've removed the spyware you're right back where you started. |
|
__________________
"One wonders how one augur may pass another in the street without laughing." -Marcus Porcius Cato, 2nd Century B.C. referring to the fortune tellers of his time "I could tell you that it is because I don't want The Language Award to appear too cliqueish. But I won't. 'Cause you're not one of the cool people." - Tricky |
|
|
|
|
|
4th September 2003, 02:03 AM
|
#15 |
|
Critical Thinker
Join Date: Sep 2002
Posts: 279
|
Once you remove Gator, you can stop it from installing itself on your system once and for all by simply setting your browser not to download and install software or run ActiveX controls from untrusted sites. Then you can whitelist sites you trust on a case-by-case basis.
|
|
|
|
|
4th September 2003, 06:50 AM
|
#16 |
|
Penultimate Amazing
Join Date: Feb 2003
Location: Queensland
Posts: 10,290
|
Hear my words:
If you can't keep spyware (or virii) off your machine, you would be wiser to sell it and buy a Macintosh. |
|
|
|
|
4th September 2003, 09:19 AM
|
#17 |
|
Critical Thinker
Join Date: Oct 2002
Posts: 424
|
Thanks for the advice. I will try these things tonight. I used POW!, but that had no effect, even with MS Messenger disabled. I tried Spybot S&D, but the programs kept coming back. This computer does not have Kazaa. This all started when I viewed a travel web site, and registered. It must have downloaded the spyware. I have heard the same complaint from others who visited the same web site. Anyway, wish me luck!
|
|
|
|
|
4th September 2003, 10:10 AM
|
#18 |
|
Master Poster
Join Date: Nov 2001
Posts: 2,696
|
There is a good chance you are talking about the popup ads you get on port 1214. If so, this is unrelated to gator. Unfortunately, there is no way to block these in windows without also destroying your ability to use DNS - because the programmers at MS are a load of morons. I've found two ways around the probelm:
1) Install a firewall that will block incoming traffic on port 1214. 2) Install software that will block incoming traffice on port 1214. The free version of ZoneAlarm will do this - and is highly recommended - if you set the second two checkboxes on the "Services and Controller app" to disable. This will disable those annoying popup ads that you get - 90% of te ones I get are advertisements for how to get rid of the advertisements! I swear, if I ever meet anyone at the companies sending thoe ads out, I will kill them. -Chris |
|
__________________
"Facts are meaningless. You could use facts to prove anything that's even remotely true." - Homer Simpson "I was thinking about painting my house, but I was worried about how well the latex paint we bought would bond to the existing siding. So I got on the Interweb and searched for latex bondage." |
|
|
|
|
|
4th September 2003, 10:38 AM
|
#19 |
|
Graduate Poster
Join Date: Jul 2001
Posts: 1,201
|
Quote:
You can check your Trusted Sites (Tools->Internet Options -> Security -> Trusted Sites and click the "sites" button) to see if it added itself to your trusted site list. If it did then it can load anything on your machine when you visit that site. If you use the immunize feature, as well as the "block all pages" feature of Spybot then you can stop a huge amount of spyware from loading on your machine again. Just scanning & removing isn't enough. |
|
__________________
"One wonders how one augur may pass another in the street without laughing." -Marcus Porcius Cato, 2nd Century B.C. referring to the fortune tellers of his time "I could tell you that it is because I don't want The Language Award to appear too cliqueish. But I won't. 'Cause you're not one of the cool people." - Tricky |
|
|
|
|
|
4th September 2003, 12:22 PM
|
#20 |
|
Student
Join Date: Dec 2001
Posts: 45
|
Quote:
|
|
__________________
"And so you exercise your own free will, I exercise my f*cking right to kill your vicious lies..." - Pennywise |
|
|
|
|
|
4th September 2003, 07:35 PM
|
#21 |
|
Critical Thinker
Join Date: Oct 2002
Posts: 424
|
Hi everyone. I suspect this will be my last post on this thread. Well, it turned out to be a file called "mfin32.exe" which embedded itself into the registry. It looked like official Microsoft stuff, so I ignored it the first few times around. Then when I hooked up to the internet tonight, this program took up over 98% of the system resources, and the popups poured in so fast it crashed IE. Basically, I went back to the registry, deleted it, and at the folder source too- as you guys suggested. Result? Popups completely eliminated. Thanks guys!
|
|
|
|
|
4th September 2003, 10:10 PM
|
#22 |
|
Master Poster
Join Date: Aug 2001
Location: Denmark
Posts: 2,888
|
Congratulaitons, job well done.
 I know 100% how you must be feeling now, it's a wonderful feeling to get your computer "back" from captivity. 
|
|
__________________
I am sitting here, completely surrounded by NO BEER..... (Onslow) |
|
|
|
|
 |
| Bookmarks |
| Thread Tools | |
|
|
