OK..been working on this for hours and I can't find the root of this problem on the boot. I am not that familiar with XP :(

I quarantined the files with ad-aware...but on a reboot they just reload again. I have found who originated it, but I still don't know how the cockholster did it.

It appears to have disrupted and exploited Media Player..

When I launch explorer, it defaults to
res://mshp.dll/index.html 23658
[his porn search affiliate code revealed his identity]

I have to get some sleep, so if anyone knows what i am experiencing and has a remedy, i would be grateful.

Thanks,
Fold

OldFold - I just sent this to Ed, he is online. He is out #1 tech guy!

Fold - not entirely sure what sort of nasty-ass bug you've got there... But I do have an idea for ya -

http://www.pchell.com/support/lookfor.shtml

I know that by DEFAULT, XP probably has the "system restore" function turned on.... You'll have to turn it off (its in the "System Information" section of your Control Panel) and follow their instructions on the website to remove the evil hack :grrr:

Thanks Mike...
Edd...The system restore was not clicked [it was off]
I never accessed so i did not even know it existed.

Its nasty.....
It actually runs a process that blocks view source/makes the double click on your main screen inoperative [can't open anything via the desktop or the start menu]

I have found some stuff, reloaded Media Player [i noticed in the Zone Alarm Log that the installed wmplayer.exe did not have an MS auth cert.
???????

Now Media Player works...gonna try and reboot again.
I have identified the offending dll, but as you know i can't just remove them...

Gracias

oh..i'm gonna check that site now.

doxdesk is a little behind
:okthumb:



Last edited by MikeFold at Mar 4 2004, 03:21 AM

http://www.apple.com/switch/ :)

Edd..
That link looks good [promising]
I recognize some of that stuff it mentions
I am going to do it in the morning......

Thanks a bunch......
:bjump:

thanks hooper....


B)

unfortunately, although i was brought up on a Mac, I have these things now.

idownload, is that your proggy?

lol. j/k about the switch. some of those spyware programs are very evil. almost all run by idiots though.

yes idownload is my baby.

Hey Mike,

I have seen that exploit and adware didn't clean it..

But Spybot did http://www.tucows.com/preview/310138.html

Once you install spybot run the "Search for Updates" option,
then run "Search & Destroy" .

Questions give me a buzz...

hello mike

i have to agree with "bangwang" on using the "spybot search and destroy" program.

i have used "adaware" and "search and destroy". "Search and destroy" seems to find some stuff that "adaware" does not. keep the updates current and it will take care of most of your problems.


laterz.

Bangwang, is that you, Richard?

Originally posted by Bangwang@Mar 4 2004, 03:17 AM
Hey Mike,

I have seen that exploit and adware didn't clean it..

But Spybot did http://www.tucows.com/preview/310138.html

Once you install spybot run the "Search for Updates" option,
then run "Search & Destroy" .

Questions give me a buzz...
I use both Spybot and Ad-aware too. The two of them together have knocked out everything I've seen. I miss Linux sometimes. As soon as i switched to Windows, I realized what a battlefield my PC was going to become.

Thanks to everyone.....
Richard, long time no see

:)

The only fun part of this is playing Joe Sleuth and tracking down
where I picked it up.
6:17 p.m. yesterday my rundll32 was modified,

I am not this irked very often, but whoever dropped this on me
beware ....

and i will put the pieces together

[like this rectal cancer plug is gonna read oprano]
:hic:

Originally posted by Bangwang@Mar 4 2004, 03:17 AM
Hey Mike,

I have seen that exploit and adware didn't clean it..

But Spybot did http://www.tucows.com/preview/310138.html

Once you install spybot run the "Search for Updates" option,
then run "Search & Destroy" .

Questions give me a buzz...
I love Spybot. Every morning I run Adware and Spybot. What a big difference.

I use Spy Bot too.

Gotta love the way it even immunizes your computer from all known spyware out there too.

and the beat goes on.....

ran em both...[ad-aware & spybot]
both located a bunch of files--
looked like it worked initially...
opened google search page, searched for "porn"
and got a popup over the google results.....

launched a new browser, and there was the
res://mshp.dll/index.html#37049
again......
[nice looking page flying the microsoft logo]

:blink:

OK...
It appears to be resolved
:bjump: :bjump:

A program called CWShredder found 5 more files...
It is fast and quite efficient, but strictly for CWS hijacks.....

CWShredder (http://www.spywareinfo.com/~merijn/cwschronicles.html)

Thanks to all for the assistance...
Colin, how ya doing I am a MORON,?

Mike you have to be careful what you download. It is ashame, but the spyware wars are JUST starting. It is going to get uglier and uglier.

This is why I do not download anything off the web, and only install software I know that works. I am probably missing out on a lot of "Killer Aps" but my computer works.

Mike...
Thats whats scary....
I didn't download anything....
I have Spectorsoft [keystroke logger and screen caps every 04 seconds]
on the machine, I reveiwed the activities prior to this intrusion, and I did nothing.
There was an entry in Zone Alarm as well as Symantec logs that was wierd, and I am persuing that now....
I have the IP but am still deciphering all the tech jargon on those logs

Thanks again....quick learning curve
:agrin: