Vintage Mustang Forums banner

1 - 8 of 8 Posts

·
Registered
Joined
·
2,596 Posts
Discussion Starter #1
Over the weekend, I visited a couple dozen web sites looking for motorcycle safety gear.

Apparently, one (or more) of the sites I visited left me a little present. Somebody downloaded some software on my home machine (not this one), that automatically launches links to advertising sites for everything from gambling sites, to dietary supplement sites, to "Free AOL Broadband".

In spite of the fact that I have AOL pop up controls turned on ( The machine is a Windows ME/AOL 8.0, MSIE), I keep opening new windows with these full-screen pop-up ads that cannot even be closed in a conventional manner. To add insult to injury, these sites I am automatically linking to just load me up with tracking cookies. I cannot delete them fast enough to keep up.

Furthermore, whatever this little worm is, it seems to have figured out a way to disable my "spybot search and destroy" software. Every time I launch spybot, it starts to open a window for it, but it gets blown away no sooner than it starts. This little devil evidently knows about Spybot and is able to clobber it. I even went as far as removing and re-installing spybot, but that did not help.

Has anybody seen this kind of little advertising bugger before? Where does it live and how can I kill it?
 

·
Registered
Joined
·
1,103 Posts
I ended up , somehow, with something called "E2G" which turned out to be basically an advertizing trojan horse. Every 5 mins or so it gave me this nice huge ad window - and was a PITA to get rid of.

I found it in the add/remove programs and uninstalled it. But, it remained. I found the folders it was stored in - and it wouldnt let me delete them. I couldnt delete the files from DOS because my file system was NTFS, and i couldnt terminate the process when windows was running. The registry keys that it was associated with (according to a few sites) werent to be found, but still this f##king thing remained!

Long story short, i did a fresh install ::

Whatever it turns out to be, have fun ::

Gary
 

·
Registered
Joined
·
2,596 Posts
Discussion Starter #3
THanks, Gary. I'll buy you a beer the next time I'm in Dublin. ::

It sounds exactly like what I have. You've gotten me on the right track in hunting this little critter down!
 

·
Registered
Joined
·
2,596 Posts
Discussion Starter #4
By the way, I've read that Ad Aware can get rid of it, although I think that this latest version (the one that I have) has already proven itself capable of defeating Spybot. Wouldn't be surprised if they'd figured out a way to smash Ad Aware, as well.

Here's something else I'd found on the topic:
Description
E2Give is an Internet Explorer Browser Helper Object that redirects accesses to web merchants in order to claim their affiliate fees.

Variants
E2Give/E2GBHO is an early version distributed form December 2002. Its main file is e2gbho.dll, stored in an 'E2Give' folder in Program Files.

E2Give/IeBHOs is a newer variant, main file iechos.dll, stored in a folder called 'E2G' in the root of the C: drive.

Distribution
Installed by ActiveX drive-by download, believed to be used in pop-up advertisements.

What it does
Advertising
No.

Privacy violation
Not known.

Security issues
Not known.

Stability problems
No, though it can make opening new Windows Explorer windows very slow.

Removal
The E2GBHO variant has an entry in the Control Panel's Add/Remove Programs feature — choose ‘E2Give Browser Add On’

Manual removal
Open a DOS command prompt window (from Start->Programs->Accessories), and enter the following commands, for the E2GBHO variant:

cd "%WinDir%\System"
regsvr32 /u "\Program Files\E2Give\e2gbho.dll"
Or, for the IeBHOs variant:

cd "%WinDir%\System"
regsvr32 /u "C:\E2G\iebhos.dll"
Restart the computer and you should be able to delete the folder 'E2Give' in Program Files (E2Give variant), or 'E2G' in the C: drive (IeBHOs variant).

You can also open the registry (Start->Run->regedit) and delete the key HKEY_LOCAL_MACHINE\SOFTWARE\E2Give to clean up, if you like.

Links
E2Give official site.

Parasite detection & information

[email protected]
 

·
Registered
Joined
·
1,103 Posts
You know, the most ironic thing is that some of the ads were FOR adware removal tools! :p

I couldnt kill the processes of the files, it just wouldnt let me. So they were in use and couldnt be deleted.

iebhos.dll
That one rings a very loud, annoying bell..... ::

Im not a fan of those adware removal thingys so didnt even go down that road. I preferred to just do a format and reinstall, and be more careful in the future.

Good luck! ;)

Gary
 

·
Incorporated Sell Out
Joined
·
17,130 Posts
In the future, spyware and ad stop software aside, the best way I have found to stop this crap is to raise the security settings for IE and then unblock cookies from selected site such as the VMF. IT takes a little while to get it set up, and everytime you go to a site that will become a regular stop (like news or webmail or whatever) you have to add the site to the unblocked list usually so you can take advantage of some of the special features.
 
G

·
Guest
Joined
·
0 Posts
The BEST way to stop the madness is to not use IE. Download the latest build of mozilla, disable pop-ups, and proceed with life. Just because you're using AOL to connect to the internet doesn't mean you have to use their browser.
 

·
Incorporated Sell Out
Joined
·
17,130 Posts
Well I am now running modzilla to see if I like it.
There is a much noticable lag time in page loads, but that may be because I don't have all the standard images and code from various sites cached yet....but we will see.

I like trying new things ::
 
1 - 8 of 8 Posts
Top