Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

please help me! i have adware.CDN and my norton cant remove it!


  • This topic is locked This topic is locked

#91
playsoldier3

playsoldier3

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 110 posts
when the thing loads and asks for windows cd, there isnt a button to click to redirect, only buttons there are are, retry, more information, and cancel :whistling:
  • 0

Advertisements


#92
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,279 posts
Hi, playsoldier3 :whistling:

Were you able to find the i386 folder? If so, are you sure it is the installation folder (Explorer.EX_ is present in that folder)? Let me know the location.
  • 0

#93
playsoldier3

playsoldier3

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 110 posts
yes i found the 1386 folder, but there is no iexplore.exe in there :whistling:
  • 0

#94
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,279 posts

yes i found the 1386 folder, but there is no iexplore.exe in there :whistling:

It is not Iexplore.exe, It is Explorer.EX_->Note the underscore at the end and does not start with "I".
  • Click on FileFind.exe
  • In the box labeled "Directory"
    • Enter: C:\
  • In the box labeled "File"
    • Enter: Explorer.ex_
  • Now click on the "Search" button
  • Once the utility has found the files click on "Export"
  • A Notepad will open up. Please copy the entire contents of the Notepad and paste them here.
  • NOTE: The notepad is saved on your C:\ drive as "Export.txt"

  • 0

#95
playsoldier3

playsoldier3

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 110 posts
Oh, sorry yes it is in that folder lol, my bad


C:\WINDOWS\I386\EXPLORER.EX_ - 359533 Bytes
  • 0

#96
playsoldier3

playsoldier3

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 110 posts
hi, while my spysweeper was sweeping, it detected that my norton was tryin go change my host files or something, and it asked me to block or allow, i chose to block :S, duno what thats about
  • 0

#97
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,279 posts
Hi, playsoldier3 :whistling:

I will attempt to change the source path in your registry.

Backup your Registry with ERUNT again.


Download the enclosed file:
Save and extract its contents to the desktop. It is a folder containing a Registry Entries file, Regfix.reg . Once extracted, open the folder and double click on the Regfix.reg file and select Yes when prompted to merge it into the registry.

Restart the computer. Run SFC /Scannow.

Keep me posted.
  • 0

#98
playsoldier3

playsoldier3

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 110 posts
when i try to run the scan it asks for cd, and you said to rredirect the link to the 1886 folder, but it doesnt give me a redirecting button, it just says retry, or cancel or something
  • 0

#99
playsoldier3

playsoldier3

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 110 posts
Posted Image
  • 0

#100
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,279 posts
Hi, playsoldier3 :whistling:

Set your security to ignore the inetinfo file. It appears to be legit.

In regard to the System File Checker, if the regfix didn't do it nothin will. Try clicking on Retry.
  • 0

Advertisements


#101
playsoldier3

playsoldier3

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 110 posts
did they tell you guys? then why is it detecthing the inet as a trojan then.... :confused, im kinda confused here,
  • 0

#102
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,279 posts
Hi, playsoldier3 :whistling:

All the reports we have produced say so. I have contacted the Spykiller Forum to confirm.

Lets find out if there is a registry entry concerning inetinfo.exe.

1. Launch Notepad, and copy/paste the contents of the quote box below into a new Notepad file. Save it with file name options.txt and save as file type: all files to your desktop.

RegSearch Options File

[Search]
inetinfo.exe
CNNIC

[Exclude]

[Options]
Filter=KVDLUI



2. Download Registry Search to your desktop.
  • (I believe you already have this program)
  • Right click on the compressed RegSearch folder, and choose "Extract All". In the box that pops open, click "Next", then "Next" again, and then "Finish". You now have another RegSearch folder on your desktop.
  • Open the new folder, and double click on regsearch.exe
  • Click "Import" in the lower left corner and browse to the options.txt file that you just saved on your desktop. Do not choose the one in the RegSearch folder itself.
  • Click OK and Registry Search will scan your registry for the file(s), and a Notepad box will open with a report.
  • Please reply here with the entire contents of the Notepad file from RegSearch.

  • 0

#103
dvk01

dvk01

    Malware Expert

  • Visiting Consultant
  • 201 posts
  • MVP
C:\WINDOWS\system32\inetinfo.exe is infected with trojan.adware.win32.adhelper.cd

the genuine inetinfo file should be in
C:\WINDOWS\system32\inetsvr\inetinfo.exe
  • 0

#104
playsoldier3

playsoldier3

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 110 posts
so it is infected? is this from the spykiller?
  • 0

#105
playsoldier3

playsoldier3

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 110 posts
is that real bad? is the virus really harmful :whistling:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP