Attack of the pop up monster

[Sindawe]

Well, if your searches online show it to be the source, delete it.  If you want to be cautious (rarely a fault), edit the name so that it no longer matches that in the registry and see if anything important is broken.

The villains who write this stuff are getting sneakier by the day.  When my workstation got hit, SpySweeper, SpyBot, AdAware, MS and Symantec all failed to clean it all up.  As I said above, I had to WATCH what was occuring and being started, then track it down my hand to kill it.

[Lennyjoe]

Problem is, it doesnt show up anywere in the files or folders when you explore or go to regedit.  The running application is ngpw36 but the hidden program is ngpw40.  Nothing has picked it up either in normal mode or safe mode.  I'm working with the folks at spywarewarrior.com now to fix the problems.

Will see what happens.   The wife keeps screaming "reformat"  

[Firethorn]

Problem is, it doesnt show up anywere in the files or folders when you explore or go to regedit.  The running application is ngpw36 but the hidden program is ngpw40.  Nothing has picked it up either in normal mode or safe mode.  I'm working with the folks at spywarewarrior.com now to fix the problems.

Will see what happens.   The wife keeps screaming "reformat"  

Boot into safemode before moving/renaming the file.

Also, check in the registry for things booted in startup.  remove the line.

I cleaned out a popup program that would replace the executable and registry entries whenever you removed them unless you were in safemode.

[Lennyjoe]

I got it done this afternoon.  Did exactly what you said.