Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help getting rid of Aurora - ABI network [CLOSED]


  • This topic is locked This topic is locked

#1
ergt317

ergt317

    New Member

  • Member
  • Pip
  • 7 posts
Help me please! I have this horrible aurora ABI network thing that keeps popping up. I have downloaded ewido and the HijackThis file. I just need instructions on what I should do now to get rid of this horrible Aurora thing.

Thanks sooo much!
  • 0

Advertisements


#2
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Welcome to GTG.

Please read the first link in my signature below and run through those steps if you haven't done so already. If you did that already, give me the HijackThis and Ewido logs now.

Just a note. Do not, I repeat, do not run the so-called uninstaller for ABI Network in the Add/Remove panel. Don't run any uninstallers for Aurora either. You will be compromising your privacy by doing so.
  • 0

#3
ergt317

ergt317

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I saved all the things from ewido, so here is the startup report:
---------------------------------------------------------
ewido security suite - Startup report
---------------------------------------------------------

+ Created on: 5:41:19 PM, 6/17/2005
+ Report-Checksum: 38C1951A

Reg\HKLM\Run MCAgentExe C:\Program Files\McAfee.com\Agent\mcagent.exe
Reg\HKLM\Run NvCplDaemon RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
Reg\HKLM\Run BCMSMMSG BCMSMMSG.exe
Reg\HKLM\Run diagent "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
Reg\HKLM\Run UpdReg C:\WINDOWS\UpdReg.EXE
Reg\HKLM\Run DVDSentry C:\WINDOWS\System32\DSentry.exe
Reg\HKLM\Run MCUpdateExe C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
Reg\HKLM\Run TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
Reg\HKLM\Run AdaptecDirectCD "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
Reg\HKLM\Run VirusScan Online c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
Reg\HKLM\Run DwlClient C:\Program Files\Common Files\Dell\EUSW\Support.exe
Reg\HKLM\Run Microsoft Works Update Detection C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
Reg\HKLM\Run SQInstaller SQInstaller.exe
Reg\HKLM\Run c:\WINDOWS\System32\
Reg\HKLM\Run nwiz nwiz.exe /install
Reg\HKLM\Run WebSavingsfromEbates wjview /cp:p "C:\Program Files\WebSavingsfromEbates\System\Code" Main lp: "C:\Program Files\WebSavingsfromEbates"
Reg\HKLM\Run SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
Reg\HKLM\Run QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
Reg\HKLM\Run ViewMgr C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
Reg\HKLM\Run WebRebates0 "C:\Program Files\Web_Rebates\WebRebates0.exe"
Reg\HKLM\Run iTunesHelper C:\Program Files\iTunes\iTunesHelper.exe
Reg\HKLM\Run WildTangent CDA "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
Reg\HKCU\Run SpyKiller C:\Program Files\SpyKiller\spykiller.exe /startup
Reg\HKCU\Run c:\WINDOWS\System32\
Reg\HKCU\Run NvMediaCenter RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
Reg\HKCU\Run zzb c:\WINDOWS\System32\zzb.exe
Reg\HKCU\Run MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background
Reg\HKCU\Run AIM C:\Program Files\AIM\aim.exe -cnetwait.odl
Reg\HKCU\Run DW4 "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
Reg\HKCU\Run ATnotes.exe C:\Program Files\ATnotes\ATnotes.exe
Shell\CommonStartup SpySubtract.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SpySubtract.lnk

here is the connection report:
---------------------------------------------------------
ewido security suite - Connection report
---------------------------------------------------------

+ Created on: 5:44:56 PM, 6/17/2005
+ Report-Checksum: F31BDCFE

TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1038 127.0.0.1:4999 ESTABLISHED
TCP 127.0.0.1:4999 0.0.0.0:0 LISTENING
TCP 127.0.0.1:4999 127.0.0.1:1038 ESTABLISHED
TCP 127.0.0.1:5001 127.0.0.1:1161 CLOSE_WAIT
TCP 127.0.0.1:5180 0.0.0.0:0 LISTENING
TCP 128.61.96.109:139 0.0.0.0:0 LISTENING
TCP 128.61.96.109:1260 63.111.66.56:80 CLOSE_WAIT
TCP 128.61.96.109:1269 64.233.161.99:80 ESTABLISHED
TCP 128.61.96.109:1270 64.233.161.99:80 ESTABLISHED
TCP 128.61.96.109:1273 64.233.161.104:80 ESTABLISHED
UDP 0.0.0.0:445
UDP 0.0.0.0:500
UDP 0.0.0.0:1026
UDP 0.0.0.0:1078
UDP 0.0.0.0:4500
UDP 127.0.0.1:123
UDP 127.0.0.1:1027
UDP 127.0.0.1:1056
UDP 127.0.0.1:1069
UDP 127.0.0.1:1900
UDP 128.61.96.109:123
UDP 128.61.96.109:137
UDP 128.61.96.109:138
UDP 128.61.96.109:1900

here is the process report:
---------------------------------------------------------
ewido security suite - Process report
---------------------------------------------------------

+ Created on: 5:41:34 PM, 6/17/2005
+ Report-Checksum: 4C6EB940

0: System Process
4: System Process
168: C:\WINDOWS\System32\nvsvc32.exe
176: c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
248: C:\WINDOWS\BCMSMMSG.exe
388: C:\WINDOWS\System32\DSentry.exe
456: C:\Program Files\McAfee.com\Agent\mcagent.exe
484: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
500: C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
508: C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
528: C:\Program Files\Common Files\Dell\EUSW\Support.exe
548: C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
572: C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
636: C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
656: \SystemRoot\System32\smss.exe
672: C:\Program Files\QuickTime\qttask.exe
704: \??\C:\WINDOWS\system32\csrss.exe
708: C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
728: \??\C:\WINDOWS\system32\winlogon.exe
772: C:\WINDOWS\system32\services.exe
784: C:\WINDOWS\system32\lsass.exe
912: C:\Program Files\iTunes\iTunesHelper.exe
952: C:\WINDOWS\system32\svchost.exe
968: C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
1020: C:\WINDOWS\system32\svchost.exe
1116: C:\WINDOWS\System32\svchost.exe
1168: C:\WINDOWS\System32\alg.exe
1208: C:\WINDOWS\System32\svchost.exe
1280: C:\WINDOWS\System32\svchost.exe
1300: C:\WINDOWS\System32\svchost.exe
1368: C:\WINDOWS\System32\MsPMSPSv.exe
1480: C:\WINDOWS\system32\spoolsv.exe
1792: C:\WINDOWS\Explorer.EXE
1888: C:\WINDOWS\System32\drivers\CDAC11BA.EXE
1908: C:\WINDOWS\system32\cisvc.exe
1920: C:\WINDOWS\System32\CTsvcCDA.exe
1956: C:\Program Files\ewido\security suite\ewidoctrl.exe
1980: C:\Program Files\ewido\security suite\ewidoguard.exe
2088: C:\Program Files\Internet Explorer\iexplore.exe
2164: C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
2172: C:\WINDOWS\system32\RUNDLL32.EXE
2196: C:\Program Files\Outlook Express\msimn.exe
2224: C:\Program Files\AIM\aim.exe
2240: C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
2264: C:\Program Files\ATnotes\ATnotes.exe
2292: C:\Program Files\Internet Explorer\iexplore.exe
2296: C:\Program Files\Internet Explorer\iexplore.exe
2480: c:\PROGRA~1\mcafee.com\vso\mcshield.exe
2592: C:\Program Files\iPod\bin\iPodService.exe
2680: C:\WINDOWS\system32\wscntfy.exe
2984: C:\Program Files\ewido\security suite\SecuritySuite.exe
3892: c:\Program Files\InterMute\SpySubtract\SpySub.exe
3924: C:\WINDOWS\system32\cidaemon.exe
3980: C:\WINDOWS\system32\wuauclt.exe

here is the hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 5:43:39 PM, on 6/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AIM\aim.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\ATnotes\ATnotes.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch...px?tb_id=%tb_id
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.dellnet.com
R3 - Default URLSearchHook is missing
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SQInstaller] SQInstaller.exe
O4 - HKLM\..\Run: [] c:\WINDOWS\System32\
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WebSavingsfromEbates] wjview /cp:p "C:\Program Files\WebSavingsfromEbates\System\Code" Main lp: "C:\Program Files\WebSavingsfromEbates"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [] c:\WINDOWS\System32\
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [zzb] c:\WINDOWS\System32\zzb.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [ATnotes.exe] C:\Program Files\ATnotes\ATnotes.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...81/mcinsctl.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)

thanks again for helping me!!
  • 0

#4
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
That's not the Ewido log I want. Didn't it give you a report once it's finished scanning? It should tell us how many files were infected and how many were deleted....No problem. We'll run it again:

Please print out the instructions here (or save it in Notepad) so that you can follow along more easily.

Download Ewido Security Suite at http://www.ewido.net/en/download/ and install it. Update to the newest definitions. If you have trouble updating, you may do it manually at http://www.ewido.net...wnload/updates/ Do NOT the Ewido scan yet.

Please download Nailfix at http://www.noidea.us...050515010747824 Unzip it to the desktop but do NOT run it yet.

Reboot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work.

Once in Safe Mode, please double-click on nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Next run a full scan in Ewido. Save the log from the Ewido scan so that you can post it later.

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch...px?tb_id=%tb_id
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - Default URLSearchHook is missing
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
O4 - HKLM\..\Run: [SQInstaller] SQInstaller.exe
O4 - HKLM\..\Run: [] c:\WINDOWS\System32\
O4 - HKLM\..\Run: [WebSavingsfromEbates] wjview /cp:p "C:\Program Files\WebSavingsfromEbates\System\Code" Main lp: "C:\Program Files\WebSavingsfromEbates"
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [] c:\WINDOWS\System32\
O4 - HKCU\..\Run: [zzb] c:\WINDOWS\System32\zzb.exe
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)


Close all open windows except for HijackThis and click Fix Checked.

Uninstall these from the Add/Remove panel if listed:

Viewpoint
Ebates_MoeMoneyMaker
Web_Rebates
WebSavingsfromEbates

SpyKiller - it’s rogueware (or known to be rogueware in the past) and we highly recommend that you uninstall it. Rogue/Suspect means that these products are of unknown, questionable, or dubious value as anti-spyware protection.

WeatherBug - it's adware. If you didn't install this yourself, uninstall it. If you did install it yourself, you may keep it and ignore any fixes/deletions listed below.

WildTangent - This is an online gaming package that is installed by a number of third party applications and even OEMs, ISPs and AIM. The games aspect of this is really rather cool. The being installed without you asking for it isn't cool at all. They collect information about you and your usage. We recommend uninstalling it.


Delete these if found:

C:\Program Files\Viewpoint\
C:\Program Files\WildTangent\
C:\WINDOWS\systb.dll (file missing)
SQInstaller.exe
C:\Program Files\SpyKiller\
c:\WINDOWS\System32\zzb.exe
C:\Program Files\Web_Rebates\
C:\Program Files\WebSavingsfromEbates\
C:\Program Files\Ebates_MoeMoneyMaker\
C:\WINDOWS\svcproc.exe


Restart your computer.

Download FindIt's.zip http://forums.net-in...=post&id=142443 to your desktop.

1. Unzip/extract the files inside to a folder on your desktop.
2. Open the folder. Double click on FindIt's.bat and wait for Notepad to open a text file. It will take a while so please be patient... Note: If you are having problems using FindIt's.bat (16 bit error), copy autoexec.nt from the C:\WINDOWS\repair folder to C:\WINDOWS\system32 folder. Now try running FindIt's.bat.
3. Then post the results here along with the new HijackThis log. Also post the Ewido scan results here.
  • 0

#5
ergt317

ergt317

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Okay, so I did everything again and followed your instructions.
I did have a few errors, and here are what they were:

In the Add/Remove part, when I tried to remove WebSavingsfromEbates, I received and error that said "ERROR: Could not execute Main: The system cannot find the file specified"

When I tried to remove SpyKiller, I got an error that said "Could not load initialization file"

When I tried to delete c:\WINDOWS\System32, it said that System32 is a Windows system folder and is required for Windows to run properly. It cannot be deleted.

I think that is all the problems I had.

Here is the ewido scan results:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 11:39:52 AM, 6/18/2005
+ Report-Checksum: E14F354E

+ Date of database: 6/17/2005
+ Version of scan engine: v3.0

+ Duration: 75 min
+ Scanned Files: 155399
+ Speed: 34.25 Files/Second
+ Infected files: 41
+ Removed files: 41
+ Files put in quarantine: 41
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\

+ Scan result:
C:\Documents and Settings\Erin\Cookies\erin@ads.as4x.tmcs[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Erin\Cookies\erin@advertising[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Erin\Cookies\erin@atdmt[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Erin\Cookies\erin@citi.bridgetrack[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Erin\Cookies\erin@data.coremetrics[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Erin\Cookies\erin@doubleclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Erin\Cookies\erin@html[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Erin\Cookies\erin@mediaplex[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Erin\Cookies\erin@realmedia[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Erin\Cookies\erin@search.msn[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Erin\Cookies\erin@servedby.advertising[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Erin\Cookies\erin@tribalfusion[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Erin\Cookies\erin@valueclick[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP640\A0035757.dll -> Spyware.Wheaterbug.a -> Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP640\A0035758.exe -> TrojanDownloader.Alchemic -> Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP640\A0035759.exe -> TrojanDownloader.MlFree -> Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP640\A0035760.exe -> TrojanDownloader.Small.en -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\ccfzchgb.dll -> Trojan.TalkStocks.a -> Cleaned with backup
C:\WINDOWS\lc.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\WINDOWS\msgcenter_lminv1.exe -> TrojanDownloader.Lalus -> Cleaned with backup
C:\WINDOWS\NDNuninstall5_48.exe -> Spyware.NewDotNet -> Cleaned with backup
C:\WINDOWS\NDNuninstall5_64.exe -> Spyware.NewDotNet -> Cleaned with backup
C:\WINDOWS\optimize.exe -> TrojanDownloader.Dyfuca.dk -> Cleaned with backup
C:\WINDOWS\polmx.exe -> TrojanDownloader.Agent.ae -> Cleaned with backup
C:\WINDOWS\poltt.exe -> TrojanDownloader.Agent.ae -> Cleaned with backup
C:\WINDOWS\preInsTT.exe -> Trojan.KeyHost.e -> Cleaned with backup
C:\WINDOWS\SYSTEM32\aaa.exe -> TrojanDownloader.Small.cg -> Cleaned with backup
C:\WINDOWS\SYSTEM32\hs.exe -> TrojanDownloader.Benuti.b -> Cleaned with backup
C:\WINDOWS\SYSTEM32\polall1m.exe -> TrojanDownloader.Agent.ae -> Cleaned with backup
C:\WINDOWS\SYSTEM32\randreco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\WINDOWS\SYSTEM32\rsd.exe -> TrojanDownloader.Small.el -> Cleaned with backup
C:\WINDOWS\SYSTEM32\smb.exe -> TrojanDownloader.Benuti.a -> Cleaned with backup
C:\WINDOWS\SYSTEM32\tt_reco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\WINDOWS\ttil_sbc.exe -> Spyware.EZula.a -> Cleaned with backup
C:\WINDOWS\winfavorites.exe -> TrojanDownloader.WinFavorites -> Cleaned with backup
C:\WINDOWS\wlkzagis.dll -> Trojan.TalkStocks.a -> Cleaned with backup
C:\WINDOWS\wsem302.dll -> TrojanDownloader.Dyfuca.dc -> Cleaned with backup
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtvh.dll -> Spyware.WildTangent.b -> Cleaned with backup
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.3.1.001\npwthost.dll -> Spyware.WildTangent.b -> Cleaned with backup
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.3.1.001\wtvh.dll -> Spyware.WildTangent.b -> Cleaned with backup
C:\WINDOWS\wt\wtvh.dll -> Spyware.WildTangent.b -> Cleaned with backup


::Report End

I ran HijackThis after I deleted the things you told me to, and here is the log after I deleted the things:
Logfile of HijackThis v1.99.1
Scan saved at 12:24:57 PM, on 6/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AIM\aim.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\ATnotes\ATnotes.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.dellnet.com
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [ATnotes.exe] C:\Program Files\ATnotes\ATnotes.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...81/mcinsctl.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe


Thanks!!
  • 0

#6
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Mistake on my part about that system32 folder. I edited my reply.

OK, for the other two (WebSavingsfromEbates and SpyKiller), did you delete their folders. Just to double check, you were in Safe Mode when you tried to uninstall those 2 right? OK, delete the folders if they are still found.

Check and fix this in HijackThis:

O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)


Delete that Ebates folder if found.

Go back to HijackThis->Config->Misc. Tools->Open Uninstall Manager and look for SpyKiller and WebSavingsfromEbates. If found, click on them and hit the Delete button in HijackThis.

Your log is clean.

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer and uncheck the same box to enable System Restore.

Make sure to get the latest updates for Windows and Internet Explorer at http://v5.windowsupd...t.aspx?ln=en-us.

To help prevent future spyware installations/infections, please read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If not, you should be set to go.
  • 0

#7
ergt317

ergt317

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thanks so much! Everything seems to be fine, and no nasty Aurora pop-ups. However, I do have one question. My internet explorer keeps messing up and shutting down. This happens when I go to certain websites. I cannot go to gap.com, anntaylor.com, bedbathandbeyond.com (those are the specific ones I remember). When I type in the website, the page loads, but then immediately, a box pops up that says Internet Explorer has encountered a problem and needs to close. We are sorry for the inconvenience. Then that window closes. If I have other windows open, they remain open. Any ideas what could be causing this?

Thanks!
  • 0

#8
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Glad everything is better now.

OK, to that problem at hand. Go to c:\windows\system32\drivers\etc and open up the hosts file (no extensions) up in Notepad. There should be a bunch of lines with a # in front of them followed by a single line like:

127.0.0.1 localhost

If you have anything after that, please post them here.

Then go to c:\windows\inf\ and right click on ie.inf and choose Install. It installs instantly, so no need to do anything else. Now restart and try going to those sites again.

Any problems still?
  • 0

#9
ergt317

ergt317

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I didn't have anything in hosts file other than what you said should have been there.

I don't have the ie.inf file. I do have and ie file. I right-clicked to install that, and it said that The file 'IEXPLORER.EXE' on Windows XP Professional Service Pack 2 CD is needed. Then it tells me to Type the path where the file is located.

What does this mean?

I do have IE.PNF, is that something similar?
  • 0

#10
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
It's not the same file. OK, we'll need the SP2 CD then.

Order the XP SP2 CD from Microsoft. It's totally free (shipping and everything :tazz:).

If you want, you can give this a try (if you have fast internet connection). Download XP SP2 for IT developers. That should allow you to save the actual SP package. Try installing again (the ie file that is) and if asked for the CD, point it to this file you just downloaded instead.

Do you have hide known file extensions checked? If so, uncheck because I think that ie file you see has an extension but it's hidden. No need to uncheck it as I'm almost positive that it's the correct file.
  • 0

#11
ergt317

ergt317

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Okay, I installed it from the website. The only problem now is that when it tells me that I need the 'IEXPLORER.EXE' file and it tells me to type the path, when I installed it, it didn't tell me it put it anywhere specific, and the filepath C:\WINDOWS\INF\i386 is already typed in, and I click OK and it just prompts me again. That's as far as I can get.

I dont know what you mean by checking the hide unknown file extention thing?

Sorry, I'm not too good with computers! (if you can't tell) but luckily I am good at following directions!
  • 0

#12
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
No problem, you're doing fine here :tazz: You may ignore that part with the file extension. My guess is that you have known file extensions hidden since you can right click on that ie file and Install. The .INF part is hidden. ;)

OK, when you downloaded the SP2 file from Microsoft, where did you say it to? All you have to do is change that file path to where you downloaded to. Hopefully that will work, so give it a try.
  • 0

#13
ergt317

ergt317

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I didn't tell it to save anywhere. I just clicked to get the SP2 and it did everything automatically.
  • 0

#14
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Which download did you choose? I think you might have selected the wrong one. You want the IT developer download since that should give you the FULL version download instead of just a setup file.

The link is here. See if that download is huge (I think over 200MB). If so, that's the one.
  • 0

#15
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP