Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Loadingwebsite.com, tvs_b.exe, rranrn.exe [RESOLVED]


  • This topic is locked This topic is locked

#16
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,675 posts
Gee. No half measures.

If you're up to it I'd like to pursue this, but there is no real need for you to do this.
It is a lot of work and a registry cleaner could do it in milliseconds.
It will help me understand this infection better, that's all.

Click Start > Run > copy&paste regedit /e c:\itsalitter1.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78bcbb75-3be7-4818-8f0a-27688e347dfd}" >OK

That will create the file c:\itsalitter1.txt
Post the content of that file please

Repeat the same procedure for:

regedit /e c:\itsalitter2.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85248fb3-f340-49d9-8714-04134119b9b4}"

Regards,
  • 0

Advertisements


#17
youreditor

youreditor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hey, if it helps you, after helping me get my machine back (no popups plus
it's running much faster) -- I'm up for it.

Here is itsalitter1.txt:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78bcbb75-3be7-4818-8f0a-27688e347dfd}]
@="rrjirixo.class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78bcbb75-3be7-4818-8f0a-27688e347dfd}\InProcServer32]
@="C:\\WINDOWS\\system32\\ccqdc.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78bcbb75-3be7-4818-8f0a-27688e347dfd}\ProgId]
@="rrjirixo.class"

Here is Itsalitter2.txt:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85248fb3-f340-49d9-8714-04134119b9b4}]
@="rrjirixo.class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85248fb3-f340-49d9-8714-04134119b9b4}\InProcServer32]
@="C:\\WINDOWS\\system32\\ccqdc.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85248fb3-f340-49d9-8714-04134119b9b4}\ProgId]
@="rrjirixo.class"


I hope these tell you something!
  • 0

#18
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,675 posts
Appreciated. :tazz:

Copy the part in bold below into notepad and save it as twodown.reg

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78bcbb75-3be7-4818-8f0a-27688e347dfd}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85248fb3-f340-49d9-8714-04134119b9b4}]


Doubleclick the file and confirm you want to merge it with the registry.

Then use regsrch.vbs to look for rrjirixo.class

Reagrds,
  • 0

#19
youreditor

youreditor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
As requested:

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "rrjirixo.class" 6/15/2005 12:31:53 PM

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_USERS\S-1-5-21-652881117-1028471153-1521841884-1007\Software\Microsoft\Search Assistant\ACMru\5603]
"001"="rrjirixo.class"
  • 0

#20
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,675 posts
Ah. The end of the trail.

Thanks for assistance youreditor :tazz:

Regards,
  • 0

#21
youreditor

youreditor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Thanks, Pieter!

My computer is working well and all scans are clean.
  • 0

#22
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,675 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP