• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
cessna152

New BHO file

2 posts in this topic

C:\Windows\system32\msvg.dll

 

I can't find this file on my system. If I delete the entry using HT or regedit it reappears when I log on again.

I suspect this is the cause of IE hijack problem - frequent pop ups (from my local system), changes to IE's search, default URL, homepage etc.

 

Used up-to-date spybot but it's not much help.

 

Used HT to fix browser problems but there must be something I'm missing.

Can anyone help?

hijackthis.log

Share this post


Link to post
Share on other sites

Well, I think I've finally cleared this stuff off my system.

I'm not sure what actually did this, it could have been removing the CLSID associated with the BHO by using regedit whilst running in safe mode. I also ran AboutBuster, this didn't find the BHO but something else:

LEGACY___NS_Service_3 Key

(it removed this but it does this every time AboutBuster is run so I'm not sure what's going on)

 

I also found where the popup image files were hidden. These were in a file named "MSFT", which was located in each user's Local Settings\Temporary Internet Files folder (this is on XP Home). It was necessary to be logged on as another user to 'see' this hidden folder. Also, the main html file named 'console' or any of the other files could not be found using windows file search. They were also not cached. Crafy sods.

 

I'd still like to find out how a spoof CLSID entry for a non-existant dll can cause such problems. Microsoft have a lot to answer for by allowing BHO's to be so powerful and for having such an obscure and complicated architecture.

 

Thanks to all involved who provide the information for us to control this malware.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0