Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

IE Hijacked and Popups [resolved]


  • This topic is locked This topic is locked

#16
fishingsteve

fishingsteve

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Yes, I tried deleting the entire \BDE folder. It would try, then say access denied.

I found 4 NDNuninstal*.exe files (* being the difference between each). Should I empty the recycle bin?

What next?

thanks,
steve
  • 0

Advertisements


#17
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
delete any variation of NDNuninstal*.exe it's NewDotNet programs and you don't want them :tazz:

Your recycle bin should be clean since we ran Cleanup, but if you want to feel free! ;)

Let's look in your computer to make sure all the BDE files are gone.

Go to Start > Control Panel > Add/Remove programs and look to see if anything like this is in there:

B3d Projector

Reboot in safe mode (make sure you can view hidden files)

Navigate to C:\Windows\System32 and look for these files, if any are found DELETE them:

bdeinstall.exe
bdeinsta2.dll
bdefdi.dll
bdedata2.dll
bdedownloader.dll
bdeverify.dll
bdesecureinstall.exe
bdesecureinstall.cab


Then we'll need to search the registry to see if it left anything behind. I'll tell you how to do that after doing the above steps

Michelle ;)
  • 0

#18
fishingsteve

fishingsteve

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I found no remnants of BDE. How do I search my registry?

thanks again,
steve
  • 0

#19
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Be very careful when modifying the registry!

Go to Start > Run - Type regedit click OK

Click the "+" next to HKEY_CLASSES_ROOT and look for the following:

b3d
b3ds
s3d_auto_file
b3dini_auto_file
BDEPLAYER.BDEPlayerCtrl[.1]
BDESmartInstaller.BDESmartInstallerCtrl[.1]
b3dini


Delete any of these if they are there - make sure only to delete these!

Exit regedit.

Let me know if you find any of them.

Michelle :tazz:

Edited by bananafanafo, 26 March 2005 - 10:58 PM.

  • 0

#20
fishingsteve

fishingsteve

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi Michelle,
I checked the registry as you described. There were no traces of the files you suggested that I look for.

Thanks for your continued dedication to fighting these terrorists!!

steve
  • 0

#21
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts

Thanks for your continued dedication to fighting these terrorists!!


It's my pleasure! :tazz:

Ok, since there are no files associated with that bde folder in the registry or in the systems folder, then it's most likely just clutter and won't affect your system. The other components of that bde program were previously removed by something and the folder remained.

Let's try deleteting it this way: (be very careful and follow my instructions exactly!)

Reboot your computer into "Safe Mode with Command Prompt". This way explorer.exe doesn't load. There will be a black window open. Follow the directions below:

Type in CD\Windows (it will have now changed to C:\Windows)

Type in RMDIR BDE
hit enter

If it moves onto the next command line without any error messages, then it should be gone. Reboot in normal mode and go to Windows Explorer to see if it's still there.

Michelle ;)

Edited by bananafanafo, 27 March 2005 - 11:31 AM.

  • 0

#22
fishingsteve

fishingsteve

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi Michelle,
I booted in Safe with command prompt. When I type rmdir bde, it says the directory is not empty. If I try to delete each folder separately, it says access is denied. Any other tricks in your bag?

thanks,
steve
(Happy Easter!)
  • 0

#23
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Happy Easter to you as well! :tazz:

hmmm... let me think about it and get back to you!

Michelle ;)
  • 0

#24
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Ok, I think I've figured out why we can't delete it! Since there are no brilliantdigital adware files anywhere on your computer or registry then the adware is gone. You must have another program on your computer that uses the Borland Database Engine that placed a BDE folder in your system - which is why it would show inuse. It's not going to affect your computer any and if it's being used by another, legitimate, program then we defintely want to delete it. So, how is your computer running?

Michelle :tazz:
  • 0

#25
fishingsteve

fishingsteve

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
You mentioned that it shows the BDE folder "in use". I don't recall seeing that message. Only that it is inaccessible. Everything on my system is running much better.

Thank you very much for your support on this.

steve
  • 0

Advertisements


#26
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Either way, it isn't anything to worry about ;)

Of course, if you have any other problems with your system, you're more than welcome to come back! ;)

Congratulations you log is clean! Great job on the clean up :tazz:

I highly recommend going to the microsoft website, clicking on windows updates, and installing any critical updates available.

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

Detect and Remove Programs:
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
Prevention Programs:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
Other necessary Programs:
  • AntiVirus Program<= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kapersky, this is a must have.
  • Firewall<= A firewall is definatley a must have. Two good free versions are Sygate and ZoneLabs.
And also see TonyKlein's good advice
So how did I get infected in the first place? and AntiSpyware Net's spyware article: Spyware, Adware, Malware: What it is, how it got on my computer, how to get rid of it, and how to prevent it.
  • 0

#27
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
You are very welcome! Happy to help! :tazz:

Michelle
  • 0

#28
fishingsteve

fishingsteve

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Thanks Michelle!!!
  • 0

#29
Michelle

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
This topic has been resolved and is now closed. If the original poster has any other problems and needs it re-opened, please contact a staff member.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP