Hi,
I keep getting a pop-up on my screen telling me that i have to pay a bill for something i have not knowingly subscribed to. The subscription is apparently to something called sexxpassport.

I know someone else has had this problem and this forum helped him out i tried to read the thread he posted, but it realy confused me as im not too good with computers, so if there is anyone who can help me could you please dumb things down for me so that i will be able to understand.

thanx,
LMac

Welcome to PCHF lmac!

Can you follow the PCHF Prework link in my signature and then post back here a Hijackthis log and an AVG report, then a member of our security team will help you get rid of it.

Thanks,

Chris

thanxs chris,
i have done what was asked.
My problem in more detail is, i keep getting a pop-up on my screen from a company called MBS billing agency, it says that i have to pay £19.00 for a monthly subscription to something called sexxpassport, which i never subscribed to, and i have no history of visting this site.
Someone else has had this same problem and this forum has helped him and i hope the same can be done for me.

thanx lmac

Attached Files

hijackthis.log (4.0 KB, 2 views)

Yep it sounds like malware, hopefully our security team can help you otherwise it will be reffered back here.

[Moved to HJT Logs Forum]

Please do not pay anything, as this is a scam. We have seen a few cases here at PCHF as well. Follow the instructions below carefully.


First, please open Add/Remove programs and uninstall New.Net or NewDotNet from there if listed. If it is not listed, follow these instructions:

· From a computer that has Internet access, click on the following link:
http://www.new.net/support/uninstall6_90.exe.
· Download and save uninstall6_90.exe to the Desktop.
· Go to the Desktop and double-click on uninstall6_90.exe
· Click on the OK button.
· After removal, you may be prompted to reboot. Please reboot even if not prompted.



Next download this and run it:
WinSock XP Fix download and review - fix XP internet connectivity from SnapFiles

Click the fix button. It should ask to reboot. Do so. Boot into Safe Mode:
PC Hell: How to Start Windows in Safe Mode


In safe mode, run HijackThis and place a checkmark by the following entries if still present:
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll (file missing)
O4 - HKLM\..\Run: [mbssm32] C:\WINDOWS\system32\mbssm32.exe

Close all other windows except HijackThis and press "Fix Checked". Then close HijackThis and restart the computer. You should get back to normal mode automatically.


Download Avenger from here:
Swandog46’s Public Tools Page

Open the program. Check the 'Input script manually' option.
Click the Magnifying Glass icon.
In the box that opens, paste this:
and click 'Done'

Click the Traffic Light icon to start the program, and OK the prompts to reboot your PC.


Post the Avenger output.txt (which you can find at C:\Avenger\.txt), along with a new HijackThis log.

hi Thanx,
I tryed to follow the intsructions that you gave me, but i encounted a few problems. i couldnt place a checkmark in Hijackthis on O4 - HKLM\..\Run: [mbssm32] C:\WINDOWS\system32\mbssm32.exe as it wasnt listed. Also avenger couldnt find the file C:\WINDOWS\system32\mbssm32.exe.
Thanx Lmac

Alright then, please post a new HijackThis log. Is the pop-up still appearing?