Archived from groups: microsoft.public.windowsxp.help_and_support (
More info?)
Galen,
May have cracked it. In the Advanced Tools section of Microsofts Anti
Spyware, I found an IE BHO (all new things to me) attached to winhlp32.dll.
I took up the offer of permanently blocking the BHO, and in the last 2 hours
(fingers crossed) no pop-ups.
Like you say, an unusual company. It's more often some form of porn site!
Ta,
Paul
"Galen" wrote:
> In news:7618A056-F383-4521-AE1E-675A8BF41332@microsoft.com,
> Paul <Paul@discussions.microsoft.com> had this to say:
>
> My reply is at the bottom of your sent message:
>
> > Not sure I can answer that..
> >
> > I ran the instruction 'netsh winsock reset', and that has cured the
> > illegal NTVDM instruction messages. I then downloaded A Squared
> > which found a single instance of malware... I'm afraid I deleted it
> > without noting it down, sorry. I also downloaded Windows Anti-Spyware
> > (Beta), but this found nothing.
> >
> > Lo and behold, American Furniure Warehouse.com has just popped up
> > again.
> >
> > I'm sure it's something to do with this winhlp.dllalais file.
> >
> > I'll run all the cleaners again and see what happens...
> >
> > Cheers mate
> >
> > Paul
> >
> > "Galen" wrote:
> >
> >> In news:F844C03D-E084-4067-85E7-1C7439C159BF@microsoft.com,
> >> Paul <Paul@discussions.microsoft.com> had this to say:
> >>
> >> My reply is at the bottom of your sent message:
> >>
> >>> Thanks Galen. Seems to have done the trick.
> >>>
> >>> "Galen" wrote:
> >>>
> >>>> In news:F284A509-5EDB-46B0-B308-97995E70BB4C@microsoft.com,
> >>>> Paul <Paul@discussions.microsoft.com> had this to say:
> >>>>
> >>>> My reply is at the bottom of your sent message:
> >>>>
> >>>>> I have been getting repeated messages along the lines of:
> >>>>>
> >>>>> WINHLP1.EXE HAS CAUSED AN ILLEGAL INSTRUCTION IN NTVDM CPU
> >>>>>
> >>>>> I have also found a file called winhlp.dllalias which has
> >>>>> references to a website called Americanfurniturewarehouse.com
> >>>>> which repeatedly causes a pop-up on my internet explorer.
> >>>>> Deleting this file has no long term effect. It just reappears.
> >>>>>
> >>>>> Any ideas how to cure?
> >>>>
> >>>> Sounds like you're the victim of malware...
> >>>>
> >>>> Malware Cleaning :
> >>>>
http://kgiii.info/windows/all/general/malwarefix.html
> >>>>
> >>>> Galen
> >>>> --
> >>>>
> >>>> "You know that a conjurer gets no credit when once he has explained
> >>>> his trick; and if I show you too much of my method of working, you
> >>>> will come to the conclusion that I am a very ordinary individual
> >>>> after all."
> >>>>
> >>>> Sherlock Holmes
> >>
> >> No problem, for curiosity sake which application cleared it up and
> >> what was the name of the malware?
> >>
> >> Galen
> >> --
> >>
> >> "You know that a conjurer gets no credit when once he has explained
> >> his trick; and if I show you too much of my method of working, you
> >> will
> >> come to the conclusion that I am a very ordinary individual after
> >> all."
> >>
> >> Sherlock Holmes
>
> <g> Let me know how it turns out. I can say that I've never HEARD of a
> furniture store using hijackware. That doesn't mean they don't, just means
> that I've never heard of it. Make sure to delete all your temp internet
> files, including offline content, and maybe your cookies too if you don't
> have any special ones saved.
>
> Galen
> --
>
> "You know that a conjurer gets no credit when once he has explained his
> trick; and if I show you too much of my method of working, you will
> come to the conclusion that I am a very ordinary individual after all."
>
> Sherlock Holmes
>
>
>