weird kb.elidel.com popups

[loudawg]

I've frequently been seeing popups that only contain the following code:

<script language=javascript>self.close();</script>

This seems to be coming from the following URL (although there was another, similiar one that I seem to have misplaced):

hxxp://kb.elidel.com/ocode_branded/sitepop.php?NovaId=&uid=1132321263:764286306&pgs=3&source=01025&creative=101657&campaign=ELI-9314&placement=104596&site=101055&ent=0&cohort=1

I can't find any malware or other weird programs running that could be causing these popups. I'm not sure if anyone else has seen these, but the only discussion on the net seems to be very recent (within the past week). It's possible that they could just be caused by an add, but if that's the case then they're probably tracking something. kb.elidel.com should, therefore, at least be added to the immunizations.

[tashi]

Hi there.
We need more information before an item can be considered for addition to detections.

If you have a file you can submit:
detections AT spybot.info

Do you have a popup stopper and/or have you adjusted your browser settings to prevent popups?

Cheers.

[Dand99]

I have the same problem. Besides Spybot, I've tried Ad-aware, Ewido and HijackThis but I can't get rid of it. And I haven't been able to find much on the web about it.

I've had it for about 2 weeks now. I'm getting more worried about what it might be doing. I'm thinking about reinstalling my OS.

Dan

I've frequently been seeing popups that only contain the following code:

<script language=javascript>self.close();</script>

This seems to be coming from the following URL (although there was another, similiar one that I seem to have misplaced):

hxxp://kb.elidel.com/ocode_branded/sitepop.php?NovaId=&uid=1132321263:764286306&pgs=3&source=01025&creative=101657&campaign=ELI-9314&placement=104596&site=101055&ent=0&cohort=1

I can't find any malware or other weird programs running that could be causing these popups. I'm not sure if anyone else has seen these, but the only discussion on the net seems to be very recent (within the past week). It's possible that they could just be caused by an add, but if that's the case then they're probably tracking something. kb.elidel.com should, therefore, at least be added to the immunizations.

[Dand99]

I wanted to add that I also use SpySweeper and I have a second popup blocker but they don't stop this popup.

Dan

[Dand99]

I have a suggestion for the tech department. Why don't you go to [removed] and see if you can get the spyware/spam/virus or whatever it is on a machine and then you can figure out how to get rid of it.

Dan

[Rosenfeld]

Have you tried adding a line in your HOSTS file

127.0.0.1 kb.elidel.com

Not sure that would work, but maybe worth a try.

[Dand99]

Thanks for the suggestioin. Did it work for you?

Dan

Have you tried adding a line in your HOSTS file

127.0.0.1 kb.elidel.com

Not sure that would work, but maybe worth a try.

[Rosenfeld]

I am not infected, so can't test:-)

[joncin]

I found this forum by googling the same popup address as in the first message. I am getting this same nasty popup now for the last couple of weeks and can't seem to stop it with SPYbot, ADAware SE, Norton Internet Security popup blocker, as well as several other popup blockers I tried just for grins.

A different one popped up in the last couple days that has the following address. It seems to be rules for cookie handling but it's waaaaaay over my head. <G>

hxxp://kb.elidel.com/ncode_site/grab_data.js.php

Anybody???

[Dand99]

Try the hosts file solution that is mentioned in another message in this thread. I was able to stop it using the hosts file.

Here's one site that explains using the hosts file in more detail.
http://www.mvps.org/winhelp2002/hosts.htm

Dan