[JSntgRvr]

Ok, I believe is Quicker. lol

website that contains webcasts for my class

Let me have that link.

[Advertisements]

It is www.grayinstitute.com
You must logon to view a webcast.

You need a logon to view the webcasts.
Let me know if you need it!

[Linda68]

It is www.grayinstitute.com
You must logon to view a webcast.

You need a logon to view the webcasts.
Let me know if you need it!

[Linda68]

Here is the link I tried to open on the infected computer.
http://www.grayinsti...ot_Reach_08.wmv
I just tried it on my laptop, no problem opening it.

[JSntgRvr]

Hi, Linda68

It could be the Media Player. Remove and reinstall. This Trojan can patch any executable file.

If afterwards you experience the same issue., run MyPoppy.exe to clear the computer.

Then remove Windows Internet Explorer 7.0. It should revert back to 6.0. Retry the link with IE6.0. I would also suggest to download Firefox as an alternate bowser.

Keep me posted.

[Linda68]

Removing / reinstalling WMP, no problem. Works well ...
Removing IE from componenets (so now it is back to a "globe" labeled Internet on the Start Menu)
It opened up the Internet Properties box, it didn't open up the browser.

I'm more prone to believe it is Dragon Dictate or IE. Dragon Dictate, when this occurred, stated I didn't have a media device installed. Plus, my Creative Sounblaster programs were not opening either. Dragon Dictate was the program I believe I initially had a problem with, then it spawned from there.

Linda

[Linda68]

...should I reinstall IE or should I download Firefox from my laptop, install it to my desktop computer and try again???

[JSntgRvr]

Hi, Linda68

Download Firefox. It is always good to have a secondary browser.

What we a seeking here is to determine if there is a plug-in that is causing Bagle to re-spawn. Since the issue seems to recur when you attempt to open a Media Player file from the internet, I have to assume that, (1) you are using Windows Media Player as your default player, and (2) it is the plug-in that is causing this issue. Removing the Media Player, along with its files and folders, then reinstalling, should overwrite the plug-in. If that does not resolve the issue, then I have to assume it is a IE plug-in. In that case, removing IE7 and reverting back to IE6.0 can confirm this.

You can't reinstall Internet Explorer 7.0, unless is first removed. Internet Explorer should revert back to Internet Explorer 6.0.

Afterward, and since IE would have reverted back to 6.0, IE 7.0 can be re-downloaded and reinstalled.

I need to confirm: Is this issue only happens when you attempt to open a media file from the internet? Would it happens if you open a media file from your computer? In what other condition or environment would this happens?

[Linda68]

When I initially view the webcasts from grayinstitute, it does not (nor is it supposed to) open Media Player. A little pop-up webcast window pops up within the grayinstitute.com site. This windows IS popping up, but it doesn't load the webcast for some reason. However, it loads fine on my laptop. The screen on the desktop just stays white. Windows Media Player has nothing to do with this process.

Recently, I have tried to save the webcasts and then play it though Media Player. I do this playing the webcast on the grayinstitite site, then I right click on the webcast popup, go to properties by right clicking and then get the link to play it and ultimately save it to my hard drive for easier access. Then I use the Open-URL under File in WMP to play the webcast.

I want to do this because a) the picture is larger and b) I'll always have the webcast on my system for immediate use c) I can get to any part of the .mov file without waiting for it to complete the download process. Windows media player has no problem playing an .mp3 or a saved .mov file from my hard disk. Let me know if this answers what you need. I can send you a bitmap to show you what happens whenI try to start the webcast at grayinstitute.com if you'd like.

I uninstalled IE from control panel through WIndows Add / Remove components. As I mentioned, the Internet "globe" icon it left me did not direct me to the Internet, it just opened the Internet Properties box, so I don't know what version is left on my computer after this uninstall, IE 6.0? I could go through my laptop and download the most recent version, but think I'll download Firefox instead and try it. I'll let you know what happens.

[Linda68]

I just installed Firefox and the webcast worked IMMEDIATELY!
I haven't downloaded / installed IE7

[JSntgRvr]

Selecting Help, then About Internet Explorer from the menu will let you know which version is running. Can you send me those screenshots. Save them as jpeg, rather than a bitmap, and attach it to a reply.

Run this command and post the contents of the Report.txt on your desktop.

[codebox]CMD /C Dir /a "C:\WINDOWS\Downloaded Program Files" >"%Userprofile%\desktop\Report.txt"[/codebox]

[JSntgRvr]

I just installed Firefox and the webcast worked IMMEDIATELY!
I haven't downloaded / installed IE7

Great. And no problems with Trojan Bagle?.

[JSntgRvr]

I did modify the command. It starts with CMD /C

[Linda68]

After I uninstalled the IE component through COntrol Panel, the Internet icon (globe) it leaves on my startup menu does not let me get onto the Internet. It just opens up the Internet Property page with all the tabs. If IE doesn't open, I don't have access to the Help menu

[JSntgRvr]

Run the enclosed file and post its report.

[Linda68]

Volume in drive C has no label.
Volume Serial Number is 4864-BB69

Directory of C:\WINDOWS\Downloaded Program Files

04/12/2008 12:32 PM <DIR> .
04/12/2008 12:32 PM <DIR> ..
12/11/2007 10:30 AM 288 CpnMgr.inf
03/05/2006 10:10 PM 65 desktop.ini
05/22/2006 04:37 PM 1,793 erma.inf
05/16/2007 09:22 AM 399 gp.inf
06/06/2007 06:32 PM 377 ImageUploader4.inf
09/25/2007 02:33 AM 1,055 jinstall-6u3.inf
04/16/2007 10:50 PM 295 muweb.inf
06/03/2002 05:53 PM 144 QTPlugin.inf
06/03/2005 01:24 PM 395 SnapfishActivia1000.inf
06/11/2007 01:21 PM 5,021 swflash.inf
08/11/2004 02:22 AM 3,036 wmv9dmo.inf
04/16/2007 10:50 PM 293 wuweb.inf
12 File(s) 13,161 bytes
2 Dir(s) 1,301,176,320 bytes free
Volume in drive C has no label.
Volume Serial Number is 4864-BB69

Directory of C:\Windows\system32\dllcache

08/03/2004 08:07 PM 93,184 iexplore.exe
1 File(s) 93,184 bytes

Total Files Listed:
1 File(s) 93,184 bytes
0 Dir(s) 1,301,176,320 bytes free