Help - PAL Spyware Remover, Installed and Ad that Pops up Options

[Guest_Annoyed_*]

I did not install this program, nor have I ever heard of this program until the da** Pop Ups keep kicking me out of Full Screen modes when I'm playing PC Games.

Apparently some random website somehow installed an Ad pop up thing INTO my computer. Every now and then I get a pop up trying to fool me that says in a Window dialogue box (with information icon):
_________________________
Messenger Service <- Title

Stops popups, kills adaware and spyware, erases cookies and history. Protect your privacy. Download only award-winning software now. Find out what you really need.
__________________________

I knew it was a scam from the moment it came up, so eventually I just tried and hit the OK option instead of the CANCEL option to see where it took me.

Internet Explorer opened up and brought me to a site:

http://www2.palsol.com/spyrem_offer/index.html?hop=microseft


Can someone please help me remove this pop up message thing? Ad aware and Spybot S&D can not detect it and so can't remove it. This thing is crippling me ><

[FBJ]

Close DCOM by downloading and running DCOMbobulator from this adress:

http://grc.com/dcom/

[Guest_Guest_*]

It seemed to have worked. But after coming out of a PC games MMORPG and using internet explorer I was once again hit by the Windows Popup. I'm going insane.

[Guest_Annoyed_*]

I really don't know what to do. It seems like there is no way to get rid of this problem other than by reformatting my harddrive.

Everytime I turn off Tea Time (Spybot S&D) Norton immediatly comes up with a warning about Bloodhound.exploit.6

I also tried blocking the palsol site, but that doesn't work either. I still get redirected randomly to that site.

[CalamityKen]

palsol is an affiliate marketer that flogs questionable products.

Please post a HijackThis log here.

[Guest_Annoyed_*]

Here is my HijackThis Logfile:

Logfile of HijackThis v1.97.7
Scan saved at 9:25:43 PM, on 5/25/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Security\HijackThis.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM (HKLM)
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8008.8984259259

[Guest_Guest_*]

has anyone figured out how to get rid of this... i have the same problem...

[CalamityKen]

The pop ups are due to not running a firewall. ZoneAlarm free is OK.
http://www.firewallguide.com/

[Guest_Guest_John_*]

WARNING!!!!!!!
That link above to close the DCOM vulnerability contains the virus "RpcDcom.b" when you go and try to download it. McAfee 7.0 snatched it quickly when I tried to download it.

[Perhaps]

Guest_John ->

McAfee now and then find this when downloading DCombobulator. Only McAfee find this. It is a false positive.

Try to use an onlinescanner (Panda or Housecall) and they will not find the mentionened virus.

[Guest_Cataclysm_*]

My word this is a giant sized problem isnt it??
I get told that my computer is infected with software that normal virus scanners cannot pick up. The link is to the PAL spyware adware website. The problem is, I get this pop up about 3 times every five minutes! Switching my Windows firewall on helps but i cant leave it on as it leaves my ID too low for downloading anything. Surely with all these new international spam laws, what PAL is doing is illegal?? (PS Message came up three times while i was writing this message).
Its a shocker and with my limited computer knowledge, i dont know what else to do but reinstall windows.

[MadameX]

Cataclysm,

If you feel you need help, refer to this post and follow the instructions to post a HijackThis log in the HijackThis forum:

http://forums.maddoktor2.com/index.php?showtopic=321

Note that HJT has a newer version now, available at these sites:

http://aumha.org/downloads/hijackthis.exe

http://tools.radiosplace.com/HijackThis.exe



Deb

[Guest_jedi_*]

PAL Solutions are a U.K. based Limited Company. In relation to another similar issue concerning them and their affiliates I did a company search and paid to download their company details, so if anyone has a problem with their software I suggest you contact them directly at
Registered Office: THE MEDIA CENTRE, 7 NORTHUMBERLAND STREET, HUDDERSFIELD, WEST YORKSHIRE HD1 1RL

or you can contact the Company Director himself:

Director: CHAMPION, CHRISTIAN
Appointed: 18/07/2002 Date of Birth: 29/03/1980
Nationality: BRITISH
No. of Company Appointments: 2
Address:
FLAT 6
71 SAINT JOHNS ROAD
HUDDERSFIELD
HD1 5DX

Ha! No hiding place!

[Guest_Pissed off by PAL_*]

PAL? No pal of mine! My Norton Internet Security 2004 firewall doesn't stop the da** thing popping up to tell me to go to various websites. And to rub salt into the wound there are mistakes in the English in several of the bloody things!
Has anyone risked downloading PAL's spyware program to see if it can get rid of its own spyware?
Thanks for the director's address. I'm looking for some really shocking junk to have sent to him. Makes me feel a little better but won't solve the problem. Does anyone know what will?

[GoonMan]

PAL? No pal of mine! My Norton Internet Security 2004 firewall doesn't stop the da** thing popping up to tell me to go to various websites. And to rub salt into the wound there are mistakes in the English in several of the bloody things!
Has anyone risked downloading PAL's spyware program to see if it can get rid of its own spyware?
Thanks for the director's address. I'm looking for some really shocking junk to have sent to him. Makes me feel a little better but won't solve the problem. Does anyone know what will?

Hello Pissed Off by Pal, Welcome tot eh Forum

Please go to the HijackThis Logs and Assistance and read the Pinned topics.

Download HiJackThis and install it to it's own folder. Run HJT and Post a log of what it found in a new Thread, do not fix anything and one of our log readers will be along to assist you . Please be patient.

[Guest_Linda_*]

Hi,

Just found this forum from a Google search on PAL spyware remover. I loaded PAL on my system today and have had a bad feeling about it ever since. I am now worried that I have instead installed spyware instead of a spyware remover. What is the deal with this PAL?? Can I just use the PAL uninstall command and be OK? I have not had any pop ups, or other noticable problems since I installed it. It did not find or remove any problems on my system.

Thanks for any insight you have on this...

Linda

[Guest_Itdoesntmatter_*]

Hey ppl! i loaded Pal but you have to register it to use it. The bloody window kept popping up so i tried installing it finally. The only was to get back at these guys is to laod this software and try registering it for free with a crack or a serial and then though haath thy revenge! ANd in case any of u guys find a serial please mail me [b]edited out e-mail address. Best of luck guys [/b]













Please do not post your e-mail address in you posts unless you like alot of spam from e-mail harvesters.

This post has been edited by GoonMan: Oct 30 2004, 02:18 AM

[Guest_Lydia_*]

Hi guys, yes i downloaded PAL too. It didn't show up anything even though webroot spysweeper did, so i uninstalled it....but i think there are bits of it around still doing strange things......have they installed their own spyware??

Thx

[Guest_JavZ_*]

Finally I find some information on this, I am so completely annoyed with this thing, my pop up stopper blocks it but its still annoying. I sent an abuse message to their domain registrant go-daddy explaining what they are doing.

[Guest_Javz_*]

http://www.dnsmadeeasy.com
and godaddy.com

Everybody complain to this dns server and domain server about:

win-clean.com
XP-FIX.com