Unoffical empeg BBS

Quick Links: Empeg FAQ | RioCar.Org | Hijack | BigDisk Builder | jEmplode | emphatic
Repairs: Repairs

Topic Options
#162600 - 23/05/2003 12:44 How do I get rid of this?
CrackersMcCheese
pooh-bah

Registered: 14/01/2002
Posts: 2489
When I start IE, it goes to this address first

http://c5429.wabu.com/passthrough/index.html?http://www.msn.co.uk/

Then loads a nav bar with casinos and sex - how can I remove it?

Top
#162601 - 23/05/2003 12:48 Re: How do I get rid of this? [Re: CrackersMcCheese]
morrisdl
enthusiast

Registered: 21/08/2000
Posts: 346
Loc: Rochester, NY USA
"Tools" Menu,
"Internet Options"

Update the "home" URL


Attachments
160655-Clipboard01.jpg (99 downloads)

_________________________
Cheers, -Doug Morrison Mk2-32G Back light buttons, Neon red screen

Top
#162602 - 23/05/2003 12:49 Re: How do I get rid of this? [Re: morrisdl]
CrackersMcCheese
pooh-bah

Registered: 14/01/2002
Posts: 2489
Yes, but it keeps defaulting to the other address. Its like theres a program running in the background. Trouble is I have a huge list of processes and don't know what they are due to cryptic naming!

Top
#162603 - 23/05/2003 12:56 Re: How do I get rid of this? [Re: CrackersMcCheese]
tonyc
carpal tunnel

Registered: 27/06/1999
Posts: 7058
Loc: Pittsburgh, PA
Damn, seems to be an epidemic.

Don't know the permanent fix, but as a temporary measure, open up your HOSTS file (c:\winnt\system32\drivers\etc\hosts in NT/2k/XP or c:\windows\hosts in Win9x) and add this line:

127.0.0.1 c5429.wabu.com

That should at least keep that site from loading up. Then look for an ad cleaner of some time, many are mentioned in the thread linked above.
_________________________
- Tony C
my empeg stuff

Top
#162604 - 23/05/2003 13:07 Re: How do I get rid of this? [Re: tonyc]
CrackersMcCheese
pooh-bah

Registered: 14/01/2002
Posts: 2489
Worrying thing is I've not installed anything lately, my firewall and router are on, so I don't understand where this has come from.

Top
#162605 - 23/05/2003 13:10 Re: How do I get rid of this? [Re: CrackersMcCheese]
tonyc
carpal tunnel

Registered: 27/06/1999
Posts: 7058
Loc: Pittsburgh, PA
Worrying thing is I've not installed anything lately, my firewall and router are on, so I don't understand where this has come from.
Don't have Windows auto-update running, do ya?

_________________________
- Tony C
my empeg stuff

Top
#162606 - 23/05/2003 13:20 Re: How do I get rid of this? [Re: CrackersMcCheese]
wfaulk
carpal tunnel

Registered: 25/12/2000
Posts: 16706
Loc: Raleigh, NC US
It's a trojan dealy.

http://www.onlinepcfix.com/spyware/Lop.htm

Ad-Aware will supposedly fix it, too.
_________________________
Bitt Faulk

Top
#162607 - 23/05/2003 14:03 Re: How do I get rid of this? [Re: wfaulk]
CrackersMcCheese
pooh-bah

Registered: 14/01/2002
Posts: 2489
I ain't paying $14 to remove it!

Top
#162608 - 23/05/2003 14:06 Re: How do I get rid of this? [Re: CrackersMcCheese]
loren
carpal tunnel

Registered: 23/08/2000
Posts: 3826
Loc: SLC, UT, USA
Man. what sites are you guys going to that are installing all this junk. I gotta stay the hell away from them.
_________________________
|| loren ||

Top
#162609 - 23/05/2003 14:18 Re: How do I get rid of this? [Re: CrackersMcCheese]
wfaulk
carpal tunnel

Registered: 25/12/2000
Posts: 16706
Loc: Raleigh, NC US
I didn't notice that. Just get AdAware.
_________________________
Bitt Faulk

Top
#162610 - 23/05/2003 14:31 Re: How do I get rid of this? [Re: loren]
CrackersMcCheese
pooh-bah

Registered: 14/01/2002
Posts: 2489
I don't know... I mean, I only went to bigandbouncy.com a few times.

Seriously though I have no idea! And I made that site up!

Top
#162611 - 23/05/2003 15:51 Re: How do I get rid of this? [Re: wfaulk]
CrackersMcCheese
pooh-bah

Registered: 14/01/2002
Posts: 2489
Its not working. I've tried 3 times. An exe file loads up each time I start my machine - its like a random name each time.

kpf1.exe
hgf1.exe
dfr1.exe

and so on.

My firewall kicks in each time and I deny access. I've also tried to remove the file manually from its location (documents and settings\local settings\temp) but it won't delete as it says its in use.

Now if I end the process, the icon disappears from the folder. As it changes its name each time I can't search for it.

I've attached a screen shot of the file in the folder - maybe someone will recognise the icon.



Cheers


Attachments
160670-Image2.jpg (95 downloads)



Edited by PhilipOHare (23/05/2003 15:55)

Top
#162612 - 23/05/2003 16:13 Re: How do I get rid of this? [Re: CrackersMcCheese]
matthew_k
pooh-bah

Registered: 12/02/2002
Posts: 2298
Loc: Berkeley, California
This sounds like a job for safe mode. If the file is always three chars and the numeral 1 in the temp directory it should be hard to find. Safe mode will prevent it from starting so you'll be able to delete it. It'd be interesting to know if this is a program that adaware and the like havn't heard of, as I'm sure they'd be interested.

Matthew

Top
#162613 - 23/05/2003 16:31 Re: How do I get rid of this? [Re: matthew_k]
loren
carpal tunnel

Registered: 23/08/2000
Posts: 3826
Loc: SLC, UT, USA
it's sad that some people use programming talent like that for the dark side.
_________________________
|| loren ||

Top
#162614 - 23/05/2003 23:23 Re: How do I get rid of this? [Re: wfaulk]
time
enthusiast

Registered: 20/11/2000
Posts: 279
Loc: Pacific Northwest
I like Spyware Blaster as an extra layer of protection too and the price is righ!

- Tim

Top
#162615 - 24/05/2003 03:43 Re: How do I get rid of this? [Re: matthew_k]
CrackersMcCheese
pooh-bah

Registered: 14/01/2002
Posts: 2489
Ok, I tried safe mode and I managed to delete the file. I then ran ad-aware in safe mode and rebooted.

The annoying menu is now gone, but another ***1.exe file has been created and tries to access lop.com. WHERE is this coming from?

Edit: Aaaagg... the bar is back. There must be another program creating these exe files. Someone help me please!


Edited by PhilipOHare (24/05/2003 03:45)

Top
#162616 - 24/05/2003 04:13 Re: How do I get rid of this? [Re: CrackersMcCheese]
Roger
carpal tunnel

Registered: 18/01/2000
Posts: 5683
Loc: London, UK
Something that occurs is that you could grab a copy of FileMon from http://www.sysinternals.com/ and see if you can get that to tell you which process is creating the EXE file.

Alternatively, reinstall Windows: "I say we take off and nuke the site from orbit. It's the only way to be sure."

_________________________
-- roger

Top
#162617 - 24/05/2003 04:15 Re: How do I get rid of this? [Re: Roger]
CrackersMcCheese
pooh-bah

Registered: 14/01/2002
Posts: 2489
Your just a grunt, you can't make that kind of decision. No offence.


Edited by PhilipOHare (24/05/2003 04:16)

Top
#162618 - 24/05/2003 05:51 Re: How do I get rid of this? [Re: CrackersMcCheese]
Roger
carpal tunnel

Registered: 18/01/2000
Posts: 5683
Loc: London, UK
None taken.
_________________________
-- roger

Top
#162619 - 24/05/2003 10:01 Re: How do I get rid of this? [Re: CrackersMcCheese]
Taym
carpal tunnel

Registered: 18/06/2001
Posts: 2504
Loc: Roma, Italy
I don't promise anything, but maybe a list of the task running could help to detect what is running on your pc and should not. If we get what it is, you could search the registry to avoid that it gets loaded at boot. Just make a grab of windows taskmanager, or, if you have a resource kit installed, type this at the command prompt:

PULIST

and post the output here.

Also, I am attaching a simple .cpl that will tell you what starts at your pc boot. Just install it and go to the control panel. You will have a new icon called "startup". Start it and delete the items you don't want to be loaded on boot.


Attachments
160732-StartupCPL.zip (55 downloads)

_________________________
= Taym =
MK2a #040103216 * 100Gb *All/Colors* Radio * 3.0a11 * Hijack = taympeg

Top
#162620 - 24/05/2003 10:05 Re: How do I get rid of this? [Re: Taym]
CrackersMcCheese
pooh-bah

Registered: 14/01/2002
Posts: 2489
Thanks... I'll give this a go. It didn't appear on safe mode, so i will try to narrow down the program from this.

Top
#162621 - 26/05/2003 06:17 Re: How do I get rid of this? [Re: CrackersMcCheese]
JaBZ
addict

Registered: 08/08/2001
Posts: 452
Loc: NZ
manual removal instructions
http://www.doxdesk.com/parasite/lop.html

pity antivirus software doesnt do it, this is a biatch to remove..... i think it's high time antivirus software included scanning/removal of all things ADware related too..


Edited by JaBZ (26/05/2003 06:20)

Top
#162622 - 27/05/2003 08:30 Re: How do I get rid of this? [Re: JaBZ]
drakino
carpal tunnel

Registered: 08/06/1999
Posts: 7868
pity antivirus software doesnt do it, this is a biatch to remove..... i think it's high time antivirus software included scanning/removal of all things ADware related too..
The user agrees to have such adware installed when they agree to the license presented to them. Thus, it is not a virus, and not something that virus scanners need to search for.

That was their excuse last time I heard anyhow.

Top
#162623 - 27/05/2003 10:00 Re: How do I get rid of this? [Re: JaBZ]
trs24
old hand

Registered: 20/03/2002
Posts: 729
Loc: Palo Alto, CA
lop is nasty. Last year I accidentally ran across a lop mirror by mistyping a url. It took me months to get rid of all of the adware stuff that was installed. They definitely do have some talented programmers working for them.

- trs
_________________________
- trs

Top
#162624 - 27/05/2003 10:02 Re: How do I get rid of this? [Re: trs24]
tonyc
carpal tunnel

Registered: 27/06/1999
Posts: 7058
Loc: Pittsburgh, PA
They definitely do have some talented programmers working for them.
As far as I'm concerned, when you use your programming skill for something like this, the word "talented" should not apply.
_________________________
- Tony C
my empeg stuff

Top
#162625 - 27/05/2003 11:37 Re: How do I get rid of this? [Re: JaBZ]
tfabris
carpal tunnel

Registered: 20/12/1999
Posts: 31600
Loc: Seattle, WA
i think it's high time antivirus software included scanning/removal of all things ADware related too..
Agreed completely. We need a convergence of tools that do similar things. I'd like to see ad removal and virus prevention in the same package. There are some other things that would dovetail nicely into a realtime-disk-access-monitoring driver that would be useful to have all under one UI...

_________________________
Tony Fabris

Top
#162626 - 29/05/2003 11:30 Re: How do I get rid of this? [Re: CrackersMcCheese]
njtomlin
stranger

Registered: 28/05/2003
Posts: 25
Loc: The Ohio Valley (USA)
I have had great luck with Spybot Search & Destroy (not in any way related to the currently circulating Spybot virus). You can download it for free here:

http://security.kolla.de/

Best of luck!
_________________________
[red] Nick Tomlin [/red] 02 Cadillac Escalade 60gb MkIIa - Blue

Top