• Quick note - the problem with Youtube videos not embedding on the forum appears to have been fixed, thanks to ZiprHead. If you do still see problems let me know.

Registry Key and Popups

Quasi

Critical Thinker
Q
Joined
Oct 7, 2002
Messages
424
Hi everyone,

I am having a problem with "Gator" Corporations legal virus on my fathers computer. It has embedded itself into the registry- so it is not on the hard drive. He has Windows 2000 Pro, and the Microsoft Messenger has been disabled. We have also tried Spybot, etc. Nothing works. I have fixed this virus in the past by re-installing the operating system, but this takes many, many hours. Any programmers out there who can help? How do you clean out the registry!!?! Basically, the computer is inoperable because it is so full of popups after a few minutes it crashes, and all of the programs run slow.

PS This comes from "Travelocity" web site, and I heard other people have been infected after signing up there.
 
Are the pop-ups from the messenger part of Windows, or do they open in IE as a website?
 
Man, I feel sorry for you. That Gator bastard came preinstalled with one of my PC's and it was annoying to say the least.

Just to correct you on something:

It has embedded itself into the registry- so it is not on the hard drive.
Click to expand...

First of all, the registry is stored on your hard drive. Second of all, the registry simply contains settings used by different applications (windows included). Gator is sitting on your harddrive, it just hasn't registered itself properly (so it doesn't show up in Add/Remove programs dialog).

Fixing your problem is pretty easy. Just go into start/run, type in regedit (to edit the registry).

Look for HKEY_LOCAL_MACHINE, then SOFTWARE, then MICROSOFT, then Windows, then "Currentversion" then "Run", expand the "Run" tab to see a list of programs that load during Windows startup. Look for gator.exe (or something similar) and delete it from registry.

There may be other programs sitting there that shouldn't be running. You might want to check into deleting them as well.

To remove gator for the future, record the path to gator.exe and then delete it.
 
There is a small program called "Hijack This" that can help you. It tells you what programmes load at startup. You can find it here: Hijack .

This programme together with Spybot and AdAware has removed Gator & Co from my computer several times. Also you might want to use some of Spybot's "immunisation" features to prevent further trouble. ;)
 
if you dont know what to do with hijackthis

after you download it, run the program, click scan and then save log.

go here LINK, open a new thread by pasting the log and ask if there´s something wrong with it.
 
Thanks everyone, I will try this tonight when I get back from work.
 
Or you could just run msconfig and get exactly the same information plus be given the option which programs to remove from startup... Saves bandwidth and time. :)

Or you could just edit the registry like I posted. :p

Ove said:
There is a small program called "Hijack This" that can help you. It tells you what programmes load at startup. You can find it here: Hijack .

This programme together with Spybot and AdAware has removed Gator & Co from my computer several times. Also you might want to use some of Spybot's "immunisation" features to prevent further trouble. ;)
Click to expand...
 
Or you could just run msconfig and get exactly the same information plus be given the option which programs to remove from startup... Saves bandwidth and time.

Or you could just edit the registry like I posted
Click to expand...


Yes you can if you are an experienced windows user and knows 100% what you're doing but i got the impression that Quasi is quite unsure of what to do. Hijackthis provides some very helpfull tools. ;)
 
Very true. :)

Ove said:

Yes you can if you are an experienced windows user and knows 100% what you're doing but i got the impression that Quasi is quite unsure of what to do. Hijackthis provides some very helpfull tools. ;)
Click to expand...
 
Simple answer...


Go Google...put in "Remove Gator"...

See what comes up...

Your prayers will be answered...

DB
 
I have tried lots of things. The registry search turned up several viruses. Some other searches turned up others. After trying a combination attack, the system worked well for about 5 minutes, but then the viruses loaded themselves back again. I am definetly missing something, somewhere. My father is going to break down soon and pay off Norton Utilities to protect the computer, which he thinks will work. I will try the google "remove gator" bit and see what happens. Damn agressive these programs are. The irony is that so many popups appear, the computer is useless, so any marketing value is lost.
 
Quasi...

Download "POW" from Analogx.com

It works a treat...you only ever get the pop ups once....then never again...

DB
 
Just removing them from the registry is NOT ENOUGH. That's because they write themselves back into your registry. You need to delete the actual file the registry points to.

I suggest you press CTRL+ALT+DEL, go into task manager and click on the processes tab (not applications, processes). You'll see the very same "viruses" that your registry had references to. You need to shut them down then delete them off your hard drive, then remove them from the registry.

Quasi said:
I have tried lots of things. The registry search turned up several viruses. Some other searches turned up others. After trying a combination attack, the system worked well for about 5 minutes, but then the viruses loaded themselves back again. I am definetly missing something, somewhere. My father is going to break down soon and pay off Norton Utilities to protect the computer, which he thinks will work. I will try the google "remove gator" bit and see what happens. Damn agressive these programs are. The irony is that so many popups appear, the computer is useless, so any marketing value is lost.
Click to expand...
 
Quasi said:
I have tried lots of things. The registry search turned up several viruses.
Click to expand...

"Virus" is a misnomer. A virus continuously replicates itself, looking for other system to infect.

What you have is spyware, which can be far more troublesome in some aspects.

Download Spybot Search & Destroy and run it. Remove all the spyware.

http://www.pcworld.com/downloads/file_download/0,fid,22262,fileidx,1,00.asp

Also use the immunize function, as well as the "block all pages silently" function. Good stuff.

And remove Kazaa, use Kazaa Lite instead. Kazaa comes with Gator, if you keep it installed after you've removed the spyware you're right back where you started.
 
Once you remove Gator, you can stop it from installing itself on your system once and for all by simply setting your browser not to download and install software or run ActiveX controls from untrusted sites. Then you can whitelist sites you trust on a case-by-case basis.
 
Hear my words:

If you can't keep spyware (or virii) off your machine, you would be wiser to sell it and buy a Macintosh.
 
Thanks for the advice. I will try these things tonight. I used POW!, but that had no effect, even with MS Messenger disabled. I tried Spybot S&D, but the programs kept coming back. This computer does not have Kazaa. This all started when I viewed a travel web site, and registered. It must have downloaded the spyware. I have heard the same complaint from others who visited the same web site. Anyway, wish me luck!
 
There is a good chance you are talking about the popup ads you get on port 1214. If so, this is unrelated to gator. Unfortunately, there is no way to block these in windows without also destroying your ability to use DNS - because the programmers at MS are a load of morons. I've found two ways around the probelm:

1) Install a firewall that will block incoming traffic on port 1214.
2) Install software that will block incoming traffice on port 1214. The free version of ZoneAlarm will do this - and is highly recommended - if you set the second two checkboxes on the "Services and Controller app" to disable.

This will disable those annoying popup ads that you get - 90% of te ones I get are advertisements for how to get rid of the advertisements! I swear, if I ever meet anyone at the companies sending thoe ads out, I will kill them.

-Chris
 
Quasi said:
This all started when I viewed a travel web site, and registered.
Click to expand...

Which travel site is this? Do you have the URL?

You can check your Trusted Sites (Tools->Internet Options -> Security -> Trusted Sites and click the "sites" button) to see if it added itself to your trusted site list. If it did then it can load anything on your machine when you visit that site.

If you use the immunize feature, as well as the "block all pages" feature of Spybot then you can stop a huge amount of spyware from loading on your machine again.
Just scanning & removing isn't enough.
 
Quasi said:
Thanks for the advice. I will try these things tonight. I used POW!, but that had no effect, even with MS Messenger disabled. I tried Spybot S&D, but the programs kept coming back. This computer does not have Kazaa. This all started when I viewed a travel web site, and registered. It must have downloaded the spyware. I have heard the same complaint from others who visited the same web site. Anyway, wish me luck!
Click to expand...

try with hijackthis
 
You must log in or register to reply here.

Back
Top Bottom