Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
Home
Discussion GroupsWindows VistaWindows XPWindows MeWindows 98Windows 95Virtual PCInternet ExplorerOutlook ExpressWindows MediaSecurity
Related Topics
MS Server ProductsMS OfficePC HardwareMore Topics ...
Windows Forum / Windows 98 / Performance / February 2004

Tip: Looking for answers? Try searching our database.

Multiple Problems - Long Delays, Popups, registry modifications

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Cameron - 23 Feb 2004 23:46 GMT
Hi All,

Recently I have had tons of problems.  Long delays between mouse clicks,
popups appearing, ad-aware constantly detecting registry modifications.

I constantly run ad-aware and it finds stuff, and it deletes it.  I run
Hijack This, and post it (with all startups running) and they reply back on
what to delete, and I delete it.  I've ran CWshredder and it deletes stuff.

I know I have a rapidblaster problem.  I followed numerous posts and
websites to get rid of it. but the RB32 came back, the very next day.

Every week, everything comes back.  I've done everything that other posts
have said. WORD FOR WORD, so don't tell me that I have missed something.
I've done it in safe mode, I've done it with nothing running in the
background.  I am at the end of my rope, and I think the final resort is to
format.

I don't open emails with attachments, unless I know who they are from, the
preview window is disabled.  I don't let website install their 'mandatory'
plugins, I trust no content from any website except for Microsoft.

The most recent problem is these registry modifications:
New Data:c:\WINDOWS\System\<HEAD>
New Data:c:\WINDOWS\System\  <TITLE>Error</TITLE>
New Data:c:\WINDOWS\System\<BODY>
New Data:c:\WINDOWS\System\The site you have requested doesn't exist.
New Data:c:\WINDOWS\System\<P>
New Data:c:\WINDOWS\System\The associated domain name has probably been
reserved by a client from
New Data:c:\WINDOWS\System\<A HREF="http://www.gandi.net/">GANDI</A> then
parked.
New Data:c:\WINDOWS\System\</BODY>
New Data:c:\WINDOWS\System\</HEAD>

everytime I reboot these come up in ad-aware.  I block it everytime.

Please help if possible.
Cameron
Reply to this Message
Cameron - 23 Feb 2004 23:50 GMT
I also have all the latest updates, for all my software and drivers
Reply to this Message
glee - 24 Feb 2004 01:45 GMT
As I wrote re: this problem in your earlier thread, read here:

http://www.doxdesk.com/parasite/RapidBlaster.html

http://www.wilderssecurity.net/specialinfo/rapidblaster.html

RapidBlaster Killer removal tool:
http://www.wilderssecurity.net/specialinfo/rapidblaster.html

After you have gotten rid of it using RapidBlaster Killer, install SpywareBlaster, update it, select all entries for protection and click Protect All.  Update it very regularly after that, select all new entries, and Protect All.
http://www.javacoolsoftware.com/spywareblaster.html
Signature

Glen Ventura, MS MVP W95/98 Systems
http://dts-l.org/goodpost.htm

> Hi All,
>
[quoted text clipped - 35 lines]
> Please help if possible.
> Cameron
Reply to this Message
Cameron - 24 Feb 2004 16:22 GMT
Thanks,

I haven't tried these yet, but you might here back from me in a week.
Cameron

As I wrote re: this problem in your earlier thread, read here:

http://www.doxdesk.com/parasite/RapidBlaster.html

http://www.wilderssecurity.net/specialinfo/rapidblaster.html

RapidBlaster Killer removal tool:
http://www.wilderssecurity.net/specialinfo/rapidblaster.html

After you have gotten rid of it using RapidBlaster Killer, install
SpywareBlaster, update it, select all entries for protection and click
Protect All.  Update it very regularly after that, select all new entries,
and Protect All.
http://www.javacoolsoftware.com/spywareblaster.html
Signature

Glen Ventura, MS MVP W95/98 Systems
http://dts-l.org/goodpost.htm

Reply to this Message
Cameron - 25 Feb 2004 16:52 GMT
Spyware blaster removed some files.
RBKiller removed RB

I scanned this morning with Ad-aware and it found rapidblaster.  The
registry entry and the folder in program files.  It wasn't there after I ran
the RBKiller, I checked.

The computer was running all night.  No one rebooted it. The only things
that were running was Wingate VPN, Ad-watch, Norton Systemworks
(Anti-Virus), Direct Update.

We are behind a firewall (router).

Cameron

> Thanks,
>
[quoted text clipped - 15 lines]
> and Protect All.
> http://www.javacoolsoftware.com/spywareblaster.html
Reply to this Message
glee - 26 Feb 2004 11:48 GMT
Are you on a broadband connection?
What is "Direct Update"?  Do you mean "Live Update"?
Apparently, something is still on the machine undetected, and causing these items to be reinstalled.  Else, the online connection is allowing something in.  Check your firewall settings for both incoming and outgoing, and also install a software firewall (Sygate or Kerio personal editions are free).

Without seeing a full HijackThis report using the latest version, I can only guess.

The standard procedures are:

Update your anti-virus app and then run a full-system virus scan.

Read here:
http://doxdesk.com/parasite/CoolWebSearch.html
and
http://www.merijn.org/cwschronicles.html

Use CWShredder, the removal tool, available here:
http://computercops.biz/downloads-cat-14.html
http://www.majorgeeks.com/downloads31.html
http://www.zerosrealm.com/downloads/CWShredder.zip

In addition, install Ad-Aware 6 free edition, start it, click its 'Check for Updates' link in the app to install updates, then use it to scan your system, and remove what it finds.
Ad-Aware:
http://www.lavasoftusa.com/support/download/

Install, update and run SpyBot Search & Destroy, scan your system, and then remove the items in RED only.
SpyBot S&D:
http://www.safer-networking.org/index.php?page=download

Download, unzip, and run Hijack This from one of these locations:
http://computercops.biz/downloads-cat-14.html
http://www.majorgeeks.com/downloads31.html
http://www.spywareinfo.com/downloads/tools/HijackThis.exe
Unzip to a folder other than your Desktop or the Temp folder,  doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished,  the  "Scan"  button will change into a "Save Log"  button.
Press that,  save the log somewhere you can find it (Desktop, My Documents, or similar).
Most of what it lists will be harmless or even required, so do NOT fix anything yet.

Copy the log files and paste them into a new post at one of these forums:
http://forums.net-integration.net/
http://computercops.biz/forums.html
http://forums.spywareinfo.com/index.php?showforum0
http://tomcoyote.org/forums/
http://www.lavasoftsupport.com
http://boards.cexx.org/

The folks there will tell you what to remove.
Signature

Glen Ventura, MS MVP W95/98 Systems
http://dts-l.org/goodpost.htm

> Spyware blaster removed some files.
> RBKiller removed RB
[quoted text clipped - 30 lines]
> > and Protect All.
> > http://www.javacoolsoftware.com/spywareblaster.html
Reply to this Message
Cameron - 27 Feb 2004 16:41 GMT
1.  I don't know what a broadband connection is.  We have a cable modem into
our router, which then goes to a hub.  All ports are blocked except for the
VPN port.
2.  Direct Update is a program that updates my dynamic IP to a website which
in turn gives me a static IP name.  I use it in conjunction with WinGate VPN
so I can use a static IP.

But it is too little to late.  I am going to format the drive this weekend.
If I have time.

Cameron

Are you on a broadband connection?
What is "Direct Update"?  Do you mean "Live Update"?
Apparently, something is still on the machine undetected, and causing these
items to be reinstalled.  Else, the online connection is allowing something
in.  Check your firewall settings for both incoming and outgoing, and also
install a software firewall (Sygate or Kerio personal editions are free).

Without seeing a full HijackThis report using the latest version, I can only
guess.

The standard procedures are:

Update your anti-virus app and then run a full-system virus scan.

Read here:
http://doxdesk.com/parasite/CoolWebSearch.html
and
http://www.merijn.org/cwschronicles.html

Use CWShredder, the removal tool, available here:
http://computercops.biz/downloads-cat-14.html
http://www.majorgeeks.com/downloads31.html
http://www.zerosrealm.com/downloads/CWShredder.zip

In addition, install Ad-Aware 6 free edition, start it, click its 'Check for
Updates' link in the app to install updates, then use it to scan your
system, and remove what it finds.
Ad-Aware:
http://www.lavasoftusa.com/support/download/

Install, update and run SpyBot Search & Destroy, scan your system, and then
remove the items in RED only.
SpyBot S&D:
http://www.safer-networking.org/index.php?page=download

Download, unzip, and run Hijack This from one of these locations:
http://computercops.biz/downloads-cat-14.html
http://www.majorgeeks.com/downloads31.html
http://www.spywareinfo.com/downloads/tools/HijackThis.exe
Unzip to a folder other than your Desktop or the Temp folder,  doubleclick
HijackThis.exe, and hit "Scan".

When the scan is finished,  the  "Scan"  button will change into a "Save
Log"  button.
Press that,  save the log somewhere you can find it (Desktop, My Documents,
or similar).
Most of what it lists will be harmless or even required, so do NOT fix
anything yet.

Copy the log files and paste them into a new post at one of these forums:
http://forums.net-integration.net/
http://computercops.biz/forums.html
http://forums.spywareinfo.com/index.php?showforum=30
http://tomcoyote.org/forums/
http://www.lavasoftsupport.com
http://boards.cexx.org/

The folks there will tell you what to remove.
Signature

Glen Ventura, MS MVP W95/98 Systems
http://dts-l.org/goodpost.htm

Reply to this Message
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.