Posted on 07/19/2004 11:15:57 PM PDT by jra
Any time you have something like this come up, just put the name into GOOGLE.. You will get any number of sites that are dedicated to getting rid of this trash..
http://computercops.biz/article-5199-nested-0-0.html
The above link contains the following instructions...
1) With Reglite.exe find name of hidden file:
Double Click on AppInit_DLLs located in HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows The value window reveals the hidden file name. (mine was hlpl.dll, yours may be different!) In this example lets call it hidden.dll
2) Rename the hidden file:
Close Windows and reboot using Windows Recovery Console Go to c:Windowssystem32 and do two things. Change file from read only by typing attrib r hidden.dll Then rename it (I dont know why, but this procedure did not work until I renamed it) type rename hidden.dll nasty.dll (and remember that hidden.dll is for this explanation only use the name you found earlier) Type exit and reboot to Windows.
3) Edit registry to remove hidden file
Run reglite.exe again. Double Click on AppInit_DLLs located in HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows Delete the file in value window, the size window changes also. Apply changes and exit reglite.exe
4) Edit registry to remove the second file
Run HiJackThis.exe and scan the registry. Check the boxes to remove the following entries:
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:WINDOWSSystem32jheckb.dll/sp.html (obfuscated)
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = res://C:WINDOWSSystem32jheckb.dll/sp.html (obfuscated)
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = res://C:WINDOWSSystem32jheckb.dll/sp.html (obfuscated)
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:WINDOWSSystem32jheckb.dll/sp.html (obfuscated)
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = res://C:WINDOWSSystem32jheckb.dll/sp.html (obfuscated)
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = res://C:WINDOWSSystem32jheckb.dll/sp.html (obfuscated)
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,HomeOldSP = about:blank (as you can see my second .dll was called jheckb.dll yours may be different) For this example lets call it obvious.dll.
Finally delete the two .dlls (hidden.dll and obvious.dll) You should be running again.
By the way, if you go offline with Internet Explorer and type OK To these nasty adware windows you will see the guys who benefit. From this hijacker. I found:
www.palsol.com
www.likesurfing.com
www.vn.msie.cc (the real web page)
They seem to be selling adware/spyware protection Pass the word, Boycott them, Who needs to be extorted for protection money?
I wouldn't suggest messing around in the registry file unless you know what you are doing. The slightest typo will possibly render your system unbootable.
Laugh!
Or telling you to get a Mac or switch to Linux. I know what you mean. You ask for help with a tune-up and folks tell you to get a new car.
From what I have been reading, that is where the spyware comes from. But no matter, a visit to Drudge will result in anywhere from 3 to 7 spyware programs being desposited into your computer. A debate over where they came from only clouds the issues.
It is easy enough to test for. Do you have a spyware removal program?
Use Firefox, like me. I only use IE for sites that refuse to use standard html style.
That periodically happens to me, whenever I remove a "data miner" via Ad-Aware. What's up with that? I just assume it's some form of crap I get for using Media Player.
The Mac folks are the best. You ask for help with your Chevy, and they tell you to buy a Lexus.
"I wouldn't suggest messing around in the registry file unless you know what you are doing. The slightest typo will possibly render your system unbootable."
Neither do I, that's why I use Hijack This. It prints out a registry log and you simply check the registry files you wish deleted.
Checking the wrong file could be a problem, but there is risk in everything we do...just be careful and double check.
If you use about Blank as your home page and its getting hijacked to MSN.com, it may be Lavasofts Ad-aware doing it.
It seems that some hacker is disguising itself with the About Blank home page setting.
To combat this, Ad-aware version 6.181 flags the About Blank home page setting as a Possible hijack attempt. If you allow Ad-aware to fix it, Ad-aware will reset your home page to the Windows default, MSN.com.
To avoid this, when the Ad-aware scan is done and the bad guys are listed, right click on possible browser attempt and select Add selection to the ignore list this will stop Ad-aware from resetting your home page to MSN.com.
Ad-aware and SpyBot.
I've never been infected. The only thing they ever find is tracking cookies. No big deal there.
I visit Drudge several times a day. Never have I picked up any Spyware or browser Hijackers.
As far as browsers go, I have Netscape 4.7, Opera, Mozilla, IE and iRider all installed and used at one time or another. They've all been to Drudge Report one time or another. No program installations of any kind short of temporary Java stuff.
Pop-up ads and cookies are another matter. iRider is very effective with pop-up ads so I very rarely ever see one. Cookies are deposited on my machine by nearly every Web site I visit. I don't consider that much of an issue. I let Ad-aware and SpyBot clean those up every so often.
I do keep my MS security patches current along with Norton AV.
http://www.lavasoftusa.com/software/adaware/
http://www.spybot.info/en/index.html
And no, I'm not getting programs loaded onto my computer from the Web (other than the usual Java scripts).
I've been a heavy user of computers for the last 20 years. I'm an engineer as well. I pay close attention to what is on my computer as it is my primary work tool.
Perhaps you should simply accept the fact that the Drudge Report isn't the real source of your infestations.
I would accept it if that were true. But I have tested it. You can too.
1. Clear your computer of all spybots/spyware using a program like Adaware (Lavasoft).
2. Go to Drudge's site and no other site.
3. Run your spybot/spyware program again.
4. You will find anywhere from 3 to 7 programs have been loaded on to your computer.
Repeat the process going to a site like MyWay.com or GoGov.com that do not put spyware on your computer and see what happens.
If you have a way to prevent Drudge from loading up your computer then by all means let us know about it. There are many dial-up connection people that would love it if their computers were not coming to a grinding halt from all the junk loaded and runniing on their systems by Drudge. Many have reported back that their systems are significantly faster after clearing their computers of spyware and after they stopped using Drudge as their home page.
Really, you should share your secret. Why are you keeping it from everyone?
Without serious security holes in your system hijack/malware/spy programs don't just find their way onto your system easily.
Perhaps you don't know the difference between cookies and "programs".
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.