P
Patricia
Has anyone heard of Trojan virus Roing17.ocx.I have had it cleaned/deleted
but I find no reference to it in the list with Trend Micro. Y2ranga
but I find no reference to it in the list with Trend Micro. Y2ranga
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
G
Guest
Patricia
I fought "roings" for over three hours today over the phone, so I hope I can be of some help. First of all, this adware/spyware is VERY difficult to remove. (It was successfully removed from the PC I was dealing with by using Windows System Restore to restore the system back two days and then download and run Lavasoft's AdAware WITH UPDATED DEFINITION FILES. AdAware only added roings to its definition files on 16-May-2004.) The following link has a manual removal method at the bottom of the page, but note that it did NOT work for me - it may, however, work for you
http://www.pestpatrol.com/PestInfo/r/roings_com.as
Another fix I read that worked was to download and run a small (27 kb) uninstall program from www.errorplace.com (which has only two sentences and one link on that site - no contact information, etc.)
Here's a detailed forum that suggests many possible solutions
http://www.webhostingtalk.com/archive/thread/264974-1.htm
Many of the websites suggest running HijackThis (HJT) and posting the entire logfile from HJT to the message boards. Someone will get back to you on what you need to do. I guess this is to help newbies fix their problem(s) without creating new ones. Granted, I'm just another user who's still learning about trojans, adware/spyware, and how Windows works so awfully to allow such programs to install and run without a user's consent or knowledge. (Short slam on Microsoft... sorry). The download site for HijackThis is
http://tomcoyote.com/hjt
.... which includes instructions on how to post the logfile, etc
One last thing I can offer you is to delete any BHO entries that you do not recognize. BHO stands for Browser Helper Objects. Unless you have SPECIFICALLY installed the Google toolbar, Yahoo! companion, or some other program that runs in the Internet Explorer toolbar, BHO's are mostly harmful. They are used in this manner, presumably, because all BHO's load automatically (from the Windows registry, I believe) when you start IE (Internet Explorer), WITHOUT THE USER'S KNOWLEDGE. From my research today, BHO's can be loaded using ActiveX controls that deceive users. Two examples are installing a program by clicking "Cancel" on a dialog box in IE, or installing in the background whenever you close a window - both WITHOUT the user's knowledge or consent. Granted, I am not an expert and AM making the assumption that ActiveX will allow such actions, but if true then Microsoft really needs to re-evaluate the usefulness of ActiveX against its apparent security flaws (at least, in IE). Oops... another slam at MS. Sorry
Oh, I just thought of another tip I discovered today. Scan your hard drive for a file called "Hosts" (no extension). If found, open it in Notepad. Scroll to the bottom and find the entry "127.0.0.1 localhost". The IP address 127.0.0.1 refers to your local machine (not any web server). If there are any other entries below this one, you should probably delete them. PLEASE USE YOUR OWN JUDGEMENT HERE. (If in doubt, copy Hosts to another folder on your hard drive and rename it to Hosts.txt before making changes. You can then make changes to the original Hosts file, and if anything screws up, simply copy your backup and rename it back - overwriting the file you modified.) The Hosts file also houses websites that you place in the "Restricted sites zone" in Internet Explorer, I believe, so you may not want to delete them from Hosts
And finally, I'd strongly suggest using a browser OTHER THAN INTERNET EXPLORER! ActiveX seems to be the primary method for maliciously spreading adware/spyware (along with email attachments, including joke programs), and only IE supports ActiveX. I suggest using Mozilla, which is totally free and also includes a decent email client as an alternative to Outlook Express
Just a reminder... I could NOT find any website that could tell me, in a straightforward manner, how to remove roings myself. Most forums contain HijackThis logs that are confusing and fairly unique to each user, with unique recommendations for removing roings and similar programs. The cure for the PC I was dealing with was to use Windows System Restore (Start Menu/All Programs/Accessories/System Tools/System Restore) to roll the system back two days, download Lavasoft's AdAware version 6.0.1, UPDATE THE DEFINITION FILES, and clean roings. I was told the entire process, from System Restore to cleaning with AdAware, was very simple and required little user interaction. I hope so very much that this helps you and is not too much information for my FIRST post EVER! Good luck, Patricia
JW
I fought "roings" for over three hours today over the phone, so I hope I can be of some help. First of all, this adware/spyware is VERY difficult to remove. (It was successfully removed from the PC I was dealing with by using Windows System Restore to restore the system back two days and then download and run Lavasoft's AdAware WITH UPDATED DEFINITION FILES. AdAware only added roings to its definition files on 16-May-2004.) The following link has a manual removal method at the bottom of the page, but note that it did NOT work for me - it may, however, work for you
http://www.pestpatrol.com/PestInfo/r/roings_com.as
Another fix I read that worked was to download and run a small (27 kb) uninstall program from www.errorplace.com (which has only two sentences and one link on that site - no contact information, etc.)
Here's a detailed forum that suggests many possible solutions
http://www.webhostingtalk.com/archive/thread/264974-1.htm
Many of the websites suggest running HijackThis (HJT) and posting the entire logfile from HJT to the message boards. Someone will get back to you on what you need to do. I guess this is to help newbies fix their problem(s) without creating new ones. Granted, I'm just another user who's still learning about trojans, adware/spyware, and how Windows works so awfully to allow such programs to install and run without a user's consent or knowledge. (Short slam on Microsoft... sorry). The download site for HijackThis is
http://tomcoyote.com/hjt
.... which includes instructions on how to post the logfile, etc
One last thing I can offer you is to delete any BHO entries that you do not recognize. BHO stands for Browser Helper Objects. Unless you have SPECIFICALLY installed the Google toolbar, Yahoo! companion, or some other program that runs in the Internet Explorer toolbar, BHO's are mostly harmful. They are used in this manner, presumably, because all BHO's load automatically (from the Windows registry, I believe) when you start IE (Internet Explorer), WITHOUT THE USER'S KNOWLEDGE. From my research today, BHO's can be loaded using ActiveX controls that deceive users. Two examples are installing a program by clicking "Cancel" on a dialog box in IE, or installing in the background whenever you close a window - both WITHOUT the user's knowledge or consent. Granted, I am not an expert and AM making the assumption that ActiveX will allow such actions, but if true then Microsoft really needs to re-evaluate the usefulness of ActiveX against its apparent security flaws (at least, in IE). Oops... another slam at MS. Sorry
Oh, I just thought of another tip I discovered today. Scan your hard drive for a file called "Hosts" (no extension). If found, open it in Notepad. Scroll to the bottom and find the entry "127.0.0.1 localhost". The IP address 127.0.0.1 refers to your local machine (not any web server). If there are any other entries below this one, you should probably delete them. PLEASE USE YOUR OWN JUDGEMENT HERE. (If in doubt, copy Hosts to another folder on your hard drive and rename it to Hosts.txt before making changes. You can then make changes to the original Hosts file, and if anything screws up, simply copy your backup and rename it back - overwriting the file you modified.) The Hosts file also houses websites that you place in the "Restricted sites zone" in Internet Explorer, I believe, so you may not want to delete them from Hosts
And finally, I'd strongly suggest using a browser OTHER THAN INTERNET EXPLORER! ActiveX seems to be the primary method for maliciously spreading adware/spyware (along with email attachments, including joke programs), and only IE supports ActiveX. I suggest using Mozilla, which is totally free and also includes a decent email client as an alternative to Outlook Express
Just a reminder... I could NOT find any website that could tell me, in a straightforward manner, how to remove roings myself. Most forums contain HijackThis logs that are confusing and fairly unique to each user, with unique recommendations for removing roings and similar programs. The cure for the PC I was dealing with was to use Windows System Restore (Start Menu/All Programs/Accessories/System Tools/System Restore) to roll the system back two days, download Lavasoft's AdAware version 6.0.1, UPDATE THE DEFINITION FILES, and clean roings. I was told the entire process, from System Restore to cleaning with AdAware, was very simple and required little user interaction. I hope so very much that this helps you and is not too much information for my FIRST post EVER! Good luck, Patricia
JW
P
Patricia
Thanx for your response, you are right I know not what I do, but I do, do
what I know.I will certainly investigate your suggestions.
remove. (It was successfully removed from the PC I was dealing with by
using Windows System Restore to restore the system back two days and then
download and run Lavasoft's AdAware WITH UPDATED DEFINITION FILES. AdAware
only added roings to its definition files on 16-May-2004.) The following
link has a manual removal method at the bottom of the page, but note that it
did NOT work for me - it may, however, work for you:
one link on that site - no contact information, etc.).
on what you need to do. I guess this is to help newbies fix their
problem(s) without creating new ones. Granted, I'm just another user who's
still learning about trojans, adware/spyware, and how Windows works so
awfully to allow such programs to install and run without a user's consent
or knowledge. (Short slam on Microsoft... sorry). The download site for
HijackThis is:
SPECIFICALLY installed the Google toolbar, Yahoo! companion, or some other
program that runs in the Internet Explorer toolbar, BHO's are mostly
harmful. They are used in this manner, presumably, because all BHO's load
automatically (from the Windows registry, I believe) when you start IE
(Internet Explorer), WITHOUT THE USER'S KNOWLEDGE. From my research today,
BHO's can be loaded using ActiveX controls that deceive users. Two examples
are installing a program by clicking "Cancel" on a dialog box in IE, or
installing in the background whenever you close a window - both WITHOUT the
user's knowledge or consent. Granted, I am not an expert and AM making the
assumption that ActiveX will allow such actions, but if true then Microsoft
really needs to re-evaluate the usefulness of ActiveX against its apparent
security flaws (at least, in IE). Oops... another slam at MS. Sorry.
Notepad. Scroll to the bottom and find the entry "127.0.0.1 localhost".
The IP address 127.0.0.1 refers to your local machine (not any web server).
If there are any other entries below this one, you should probably delete
them. PLEASE USE YOUR OWN JUDGEMENT HERE. (If in doubt, copy Hosts to
another folder on your hard drive and rename it to Hosts.txt before making
changes. You can then make changes to the original Hosts file, and if
anything screws up, simply copy your backup and rename it back - overwriting
the file you modified.) The Hosts file also houses websites that you place
in the "Restricted sites zone" in Internet Explorer, I believe, so you may
not want to delete them from Hosts.
adware/spyware (along with email attachments, including joke programs), and
only IE supports ActiveX. I suggest using Mozilla, which is totally free
and also includes a decent email client as an alternative to Outlook
Express.
HijackThis logs that are confusing and fairly unique to each user, with
unique recommendations for removing roings and similar programs. The cure
for the PC I was dealing with was to use Windows System Restore (Start
Menu/All Programs/Accessories/System Tools/System Restore) to roll the
system back two days, download Lavasoft's AdAware version 6.0.1, UPDATE THE
DEFINITION FILES, and clean roings. I was told the entire process, from
System Restore to cleaning with AdAware, was very simple and required little
user interaction. I hope so very much that this helps you and is not too
much information for my FIRST post EVER! Good luck, Patricia.
what I know.I will certainly investigate your suggestions.
can be of some help. First of all, this adware/spyware is VERY difficult toImAnAmateur said:Patricia,
I fought "roings" for over three hours today over the phone, so I hope I
remove. (It was successfully removed from the PC I was dealing with by
using Windows System Restore to restore the system back two days and then
download and run Lavasoft's AdAware WITH UPDATED DEFINITION FILES. AdAware
only added roings to its definition files on 16-May-2004.) The following
link has a manual removal method at the bottom of the page, but note that it
did NOT work for me - it may, however, work for you:
uninstall program from www.errorplace.com (which has only two sentences andhttp://www.pestpatrol.com/PestInfo/r/roings_com.asp
Another fix I read that worked was to download and run a small (27 kb)
one link on that site - no contact information, etc.).
entire logfile from HJT to the message boards. Someone will get back to youHere's a detailed forum that suggests many possible solutions:
http://www.webhostingtalk.com/archive/thread/264974-1.html
Many of the websites suggest running HijackThis (HJT) and posting the
on what you need to do. I guess this is to help newbies fix their
problem(s) without creating new ones. Granted, I'm just another user who's
still learning about trojans, adware/spyware, and how Windows works so
awfully to allow such programs to install and run without a user's consent
or knowledge. (Short slam on Microsoft... sorry). The download site for
HijackThis is:
not recognize. BHO stands for Browser Helper Objects. Unless you havehttp://tomcoyote.com/hjt/
... which includes instructions on how to post the logfile, etc.
One last thing I can offer you is to delete any BHO entries that you do
SPECIFICALLY installed the Google toolbar, Yahoo! companion, or some other
program that runs in the Internet Explorer toolbar, BHO's are mostly
harmful. They are used in this manner, presumably, because all BHO's load
automatically (from the Windows registry, I believe) when you start IE
(Internet Explorer), WITHOUT THE USER'S KNOWLEDGE. From my research today,
BHO's can be loaded using ActiveX controls that deceive users. Two examples
are installing a program by clicking "Cancel" on a dialog box in IE, or
installing in the background whenever you close a window - both WITHOUT the
user's knowledge or consent. Granted, I am not an expert and AM making the
assumption that ActiveX will allow such actions, but if true then Microsoft
really needs to re-evaluate the usefulness of ActiveX against its apparent
security flaws (at least, in IE). Oops... another slam at MS. Sorry.
drive for a file called "Hosts" (no extension). If found, open it inOh, I just thought of another tip I discovered today. Scan your hard
Notepad. Scroll to the bottom and find the entry "127.0.0.1 localhost".
The IP address 127.0.0.1 refers to your local machine (not any web server).
If there are any other entries below this one, you should probably delete
them. PLEASE USE YOUR OWN JUDGEMENT HERE. (If in doubt, copy Hosts to
another folder on your hard drive and rename it to Hosts.txt before making
changes. You can then make changes to the original Hosts file, and if
anything screws up, simply copy your backup and rename it back - overwriting
the file you modified.) The Hosts file also houses websites that you place
in the "Restricted sites zone" in Internet Explorer, I believe, so you may
not want to delete them from Hosts.
EXPLORER! ActiveX seems to be the primary method for maliciously spreadingAnd finally, I'd strongly suggest using a browser OTHER THAN INTERNET
adware/spyware (along with email attachments, including joke programs), and
only IE supports ActiveX. I suggest using Mozilla, which is totally free
and also includes a decent email client as an alternative to Outlook
Express.
straightforward manner, how to remove roings myself. Most forums containJust a reminder... I could NOT find any website that could tell me, in a
HijackThis logs that are confusing and fairly unique to each user, with
unique recommendations for removing roings and similar programs. The cure
for the PC I was dealing with was to use Windows System Restore (Start
Menu/All Programs/Accessories/System Tools/System Restore) to roll the
system back two days, download Lavasoft's AdAware version 6.0.1, UPDATE THE
DEFINITION FILES, and clean roings. I was told the entire process, from
System Restore to cleaning with AdAware, was very simple and required little
user interaction. I hope so very much that this helps you and is not too
much information for my FIRST post EVER! Good luck, Patricia.
Ask a Question
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.