Popup issue
Solved
Oldi
-
speedtrakker Posted messages 49 Status Membre -
speedtrakker Posted messages 49 Status Membre -
Hello everyone! I'm writing this message because I've had a little issue for a while now...
Having a computer with Windows 7, for the past few days, a little window has been popping up regularly in the middle of the screen. It states that it comes from Internet Explorer and displays:
Do you really want to leave this page?
Message from the web page:
false
...followed by two options: "Leave this page" and "Stay on this page".
Let me clarify that not only is Internet Explorer not active at these times, but I also NEVER use it (well, to be honest, I used it once... to download Firefox, that’s all).
After some research on the internet, I've concluded that it probably comes from a malicious program caught on some random site. I ran a full system scan with my Avast antivirus: no results. A scan with Malwarebytes Anti-Malware: it found a few small nuisances that weren't very harmful, but unfortunately, the problem persists even after their removal. Following some advice found online, I also reset Internet Explorer: again, no results.
I admit I'm a bit stumped now, and it really bothers me because I'm working a lot on my computer at the moment, and there’s nothing more annoying than being interrupted in the middle of work by this kind of thing, as you can imagine!
So, if there happens to be a kind soul passing by here ready to enlighten me on the method to adopt to fix this situation, I’d be grateful. Thanks in advance!
Having a computer with Windows 7, for the past few days, a little window has been popping up regularly in the middle of the screen. It states that it comes from Internet Explorer and displays:
Do you really want to leave this page?
Message from the web page:
false
...followed by two options: "Leave this page" and "Stay on this page".
Let me clarify that not only is Internet Explorer not active at these times, but I also NEVER use it (well, to be honest, I used it once... to download Firefox, that’s all).
After some research on the internet, I've concluded that it probably comes from a malicious program caught on some random site. I ran a full system scan with my Avast antivirus: no results. A scan with Malwarebytes Anti-Malware: it found a few small nuisances that weren't very harmful, but unfortunately, the problem persists even after their removal. Following some advice found online, I also reset Internet Explorer: again, no results.
I admit I'm a bit stumped now, and it really bothers me because I'm working a lot on my computer at the moment, and there’s nothing more annoying than being interrupted in the middle of work by this kind of thing, as you can imagine!
So, if there happens to be a kind soul passing by here ready to enlighten me on the method to adopt to fix this situation, I’d be grateful. Thanks in advance!
4 réponses
Solution found! So, for those who might have the same problem, here’s how to fix it...
It seems that the issue comes from an advertisement on Skype that goes through Internet Explorer. To get rid of this pop-up window, you need to:
1) Delete the temporary files from Internet Explorer.
To do this, in the latest version of IE, open the settings (the little gear icon at the top right), then go to Internet Options.
In the window that appears, in the General tab, under Browsing history, click the Delete button. In the window that appears, check Temporary Internet files and website files if it’s not already checked, then Delete.
2) Disable Skype ads.
To do this, still in the Internet Options window, go to the Security tab this time. You will see a series of icons, including a red one shaped like a prohibition sign labeled Sensitive Sites. Click on it, then click the Sites button.
In the window that appears, you will see a text box preceded by the label Add this website to the zone. In this box, type the text:
...then click Add. If it worked, the text should be included in the Websites text box.
You can now exit Internet Explorer. To validate all of this, all you have to do is launch Skype or restart it if it was already open.
There you go, I hope this helped! And big thanks to Malekal_morte- for his help.
To thank you, here’s a photo of adorable red pandas.
http://diversitudes.fr/img/2012/05/26rrbijj.jpg
Have a great day everyone!
It seems that the issue comes from an advertisement on Skype that goes through Internet Explorer. To get rid of this pop-up window, you need to:
1) Delete the temporary files from Internet Explorer.
To do this, in the latest version of IE, open the settings (the little gear icon at the top right), then go to Internet Options.
In the window that appears, in the General tab, under Browsing history, click the Delete button. In the window that appears, check Temporary Internet files and website files if it’s not already checked, then Delete.
2) Disable Skype ads.
To do this, still in the Internet Options window, go to the Security tab this time. You will see a series of icons, including a red one shaped like a prohibition sign labeled Sensitive Sites. Click on it, then click the Sites button.
In the window that appears, you will see a text box preceded by the label Add this website to the zone. In this box, type the text:
https://apps.skype.com
...then click Add. If it worked, the text should be included in the Websites text box.
You can now exit Internet Explorer. To validate all of this, all you have to do is launch Skype or restart it if it was already open.
There you go, I hope this helped! And big thanks to Malekal_morte- for his help.
To thank you, here’s a photo of adorable red pandas.
http://diversitudes.fr/img/2012/05/26rrbijj.jpg
Have a great day everyone!
Michel
Thank you, it seems to be working.
ninousnini
Thank you! :)
Seven
Thank you so much! It was going to drive me crazy!
speedtrakker
Posted messages
49
Status
Membre
Personally, I deleted everything and I still have these windows popping up!
Hello
Start with an Adwcleaner cleanup by following the instructions in the Adwcleaner tutorial https://www.malekal.com/adwcleaner-supprimer-virus-adwares-pup/?t=33839&start=
Provide the cleanup report in response.
Then
Follow the FRST tutorial https://www.malekal.com/tutoriel-farbar-recovery-scan-tool-frst/
(make sure to take the time to read it thoroughly to apply it correctly - everything is explained there).
Download and run the FRST scan, which will generate three FRST reports:
Send these three reports to the website http://pjjoint.malekal.com as explained, and in return, provide the three pjjoint links that lead to these reports here in a new response so that we can review them.
--
Start with an Adwcleaner cleanup by following the instructions in the Adwcleaner tutorial https://www.malekal.com/adwcleaner-supprimer-virus-adwares-pup/?t=33839&start=
Provide the cleanup report in response.
Then
Follow the FRST tutorial https://www.malekal.com/tutoriel-farbar-recovery-scan-tool-frst/
(make sure to take the time to read it thoroughly to apply it correctly - everything is explained there).
Download and run the FRST scan, which will generate three FRST reports:
- FRST.txt
- Shortcut.txt
- Additionnal.txt
Send these three reports to the website http://pjjoint.malekal.com as explained, and in return, provide the three pjjoint links that lead to these reports here in a new response so that we can review them.
--
Thank you for this quick response!
Here is the AdwCleaner report:
-------------------------------------------------------------------------------------------------------------------
# AdwCleaner v5.037 - Report created on 03/04/2016 at 18:07:04
# Updated on 02/28/2016 by Xplode
# Database: 2016-03-02.1 [Server]
# Operating system: Windows 7 Home Premium Service Pack 1 (x64)
# Username: Admin - ADMIN-PC
# Executed from: C:\Users\Admin\Desktop\adwcleaner_5.037.exe
# Option: Scan
# Support: http://toolslib.net/forum
Folder Found: C:\Users\Admin\AppData\Roaming\RPEng
File Found: C:\Windows\SysNative\LavasoftTcpService64.dll
File Found: C:\Windows\SysNative\LavasoftTcpServiceOff.ini
File Found: C:\Windows\SysWOW64\lavasofttcpservice.dll
File Found: C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}
Here is the AdwCleaner report:
-------------------------------------------------------------------------------------------------------------------
# AdwCleaner v5.037 - Report created on 03/04/2016 at 18:07:04
# Updated on 02/28/2016 by Xplode
# Database: 2016-03-02.1 [Server]
# Operating system: Windows 7 Home Premium Service Pack 1 (x64)
# Username: Admin - ADMIN-PC
# Executed from: C:\Users\Admin\Desktop\adwcleaner_5.037.exe
# Option: Scan
# Support: http://toolslib.net/forum
- [ Services ] *****
- [ Folders ] *****
Folder Found: C:\Users\Admin\AppData\Roaming\RPEng
- [ Files ] *****
File Found: C:\Windows\SysNative\LavasoftTcpService64.dll
File Found: C:\Windows\SysNative\LavasoftTcpServiceOff.ini
File Found: C:\Windows\SysWOW64\lavasofttcpservice.dll
File Found: C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
- [ DLL ] *****
- [ Shortcuts ] *****
- [ Scheduled Tasks ] *****
- [ Registry ] *****
Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}
- [ Browsers ] *****
- [ Browsers ] *****
C:\AdwCleaner\AdwCleaner[S1].txt - [1250 bytes] - [03/04/2016 17:26:55]
C:\AdwCleaner\AdwCleaner[S2].txt - [1170 bytes] - [03/04/2016 18:07:04]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1244 bytes] ##########
-------------------------------------------------------------------------------------------------------------------
I will now get to work on the FRST tutorial. I will keep you posted on how it goes.
As requested, here are the three reports:
FRST:
http://pjjoint.malekal.com/files.php?read=FRST_20160304_q6t6s7f14y6
Shortcut:
http://pjjoint.malekal.com/files.php?read=20160304_z8l13s14d8t15
Addition:
http://pjjoint.malekal.com/files.php?read=20160304_o11f8u15i10w14
Hoping this will help you identify the problem!...
FRST:
http://pjjoint.malekal.com/files.php?read=FRST_20160304_q6t6s7f14y6
Shortcut:
http://pjjoint.malekal.com/files.php?read=20160304_z8l13s14d8t15
Addition:
http://pjjoint.malekal.com/files.php?read=20160304_o11f8u15i10w14
Hoping this will help you identify the problem!...
Here's the correction to be made with FRST. You can refer to this explanatory note with screenshots.
Open Notepad: Windows key + R,
In the "Run" field, type notepad and hit OK.
Copy/Paste the following into it:
Once the text is pasted into Notepad,
Go to the "File" menu and then "Save As",
On the left, navigate to the Desktop,
In the field at the bottom, file name enter: fixlist.txt
Click "Save", this will create fixlist.txt on the Desktop.
Restart FRST and click on the "Fix" button
A reboot may be necessary (not mandatory)
A text file will appear, copy/paste the content here in a new message.
Then:
Manually reset your browsers and/or manually reconfigure your WEB browsers (homepage, search engine, etc.) and also remove/disable unnecessary/parasite extensions.
To help you with this cleanup, click below on the name of the WEB browser you are using:
--
Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left
Open Notepad: Windows key + R,
In the "Run" field, type notepad and hit OK.
Copy/Paste the following into it:
Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-09-12] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-09-12] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-09-12] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-09-12] (Lavasoft Limited)
Winsock: Catalog9 15 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-09-12] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-09-12] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-09-12] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-09-12] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-09-12] (Lavasoft Limited)
Winsock: Catalog9-x64 15 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-09-12] (Lavasoft Limited)
cmd: netsh winsock reset
Once the text is pasted into Notepad,
Go to the "File" menu and then "Save As",
On the left, navigate to the Desktop,
In the field at the bottom, file name enter: fixlist.txt
Click "Save", this will create fixlist.txt on the Desktop.
Restart FRST and click on the "Fix" button
A reboot may be necessary (not mandatory)
A text file will appear, copy/paste the content here in a new message.
Then:
Manually reset your browsers and/or manually reconfigure your WEB browsers (homepage, search engine, etc.) and also remove/disable unnecessary/parasite extensions.
To help you with this cleanup, click below on the name of the WEB browser you are using:
--
Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left
I performed the manipulation with FRST, and here is the report obtained:
----------------------------------------------------------------------------------------------
Results of the Farbar Recovery Scan Tool (x64) Version:04-03-2016
Executed by Admin (2016-03-04 19:03:17) Run:1
Executed from C:\Users\Admin\Desktop
Profiles loaded: Admin (Available profiles: Admin)
Boot mode: Normal
==============================================
fixlist content:
Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-09-12] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-09-12] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-09-12] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-09-12] (Lavasoft Limited)
Winsock: Catalog9 15 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-09-12] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-09-12] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-09-12] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-09-12] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-09-12] (Lavasoft Limited)
Winsock: Catalog9-x64 15 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-09-12] (Lavasoft Limited)
cmd: netsh winsock reset
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001" => key deleted successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002" => key deleted successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003" => key deleted successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004" => key deleted successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015" => key deleted successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001" => key deleted successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002" => key deleted successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003" => key deleted successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004" => key deleted successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000015" => key deleted successfully
========= netsh winsock reset =========
The function initialization InitHelperDll in NSHHTTP.DLL failed;
error code: 10107
The Winsock catalog has been reset successfully.
You must restart the computer to finalize the reset.
========= End of CMD: =========
...then, after restarting the computer, I performed a proper reset of Firefox and IE (even though there wasn't much to reset here since I never used them, but hey! better do everything right...) Everything is done now. Did this solve the problem?
----------------------------------------------------------------------------------------------
Results of the Farbar Recovery Scan Tool (x64) Version:04-03-2016
Executed by Admin (2016-03-04 19:03:17) Run:1
Executed from C:\Users\Admin\Desktop
Profiles loaded: Admin (Available profiles: Admin)
Boot mode: Normal
==============================================
fixlist content:
Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-09-12] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-09-12] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-09-12] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-09-12] (Lavasoft Limited)
Winsock: Catalog9 15 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-09-12] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-09-12] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-09-12] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-09-12] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-09-12] (Lavasoft Limited)
Winsock: Catalog9-x64 15 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-09-12] (Lavasoft Limited)
cmd: netsh winsock reset
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001" => key deleted successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002" => key deleted successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003" => key deleted successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004" => key deleted successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015" => key deleted successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001" => key deleted successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002" => key deleted successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003" => key deleted successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004" => key deleted successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000015" => key deleted successfully
========= netsh winsock reset =========
The function initialization InitHelperDll in NSHHTTP.DLL failed;
error code: 10107
The Winsock catalog has been reset successfully.
You must restart the computer to finalize the reset.
========= End of CMD: =========
End of Fixlog 19:03:19
----------------------------------------------------------------------------------------------...then, after restarting the computer, I performed a proper reset of Firefox and IE (even though there wasn't much to reset here since I never used them, but hey! better do everything right...) Everything is done now. Did this solve the problem?
We should see if you still have the warning, but it doesn’t seem to originate from an infection.
Could you provide a screenshot of the message to see if it comes back?
--
Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left
Could you provide a screenshot of the message to see if it comes back?
--
Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left
None at all, actually! Internet Explorer isn't even open. This window just appears out of nowhere, like that, poof, randomly. I'm waiting for its next appearance, but it seems to me that everything I had open during its last visit was a Firefox page with my DeviantArt account and a YouTube video... nothing too unusual... I admit I don't understand. /: