Jump to content


Photo

How to get rid of hijacking files?


  • Please log in to reply
5 replies to this topic

#1 cessna152

cessna152

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 07 July 2004 - 03:17 PM

After following the advice form this forum I think I've fixed my problem with IE hijacking and pupup ads. The problem went away after removing a BHO entry with a non existent dll (c:\windows\system32\msvg.dll). I never did find that dll or any other executable- how then was IE hijacked?
I did find the popup images and html but still have no idea how it was being activated.
Does anyone know where I can find this info?
Thanks in advance.

#2 beatsntoons

beatsntoons

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 07 July 2004 - 03:40 PM

I'd like to know how you got rid of the .dll?
I'm running WinXP, and I don't know how to find/rid myself of the hidden .dll (I can't even delete the one that's in the open)

#3 RubbeR DuckY

RubbeR DuckY

    Marcin

  • Developer
  • PipPipPipPipPip
  • 878 posts

Posted 07 July 2004 - 03:43 PM

When a Bho is removed through Hijack This the file is removed with it.

beatsntoons - If the file is in use you need to delete it on next reboot or in safe mode.

Unless you have the new variant of About:Blank then start a new topic.
Marcin Kleczynski
Chief Executive Officer
Malwarebytes Corporation

Follow me on Twitter or check out my Blog!

#4 beatsntoons

beatsntoons

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 08 July 2004 - 07:56 AM

Hi RubbeR DuckY

I have already made a thread but no one's responded as yet. I'm not complaining or anything, as I know everyone is busy here.

#5 cessna152

cessna152

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 08 July 2004 - 09:53 AM

I used About:Buster in safe mode but it didn't list the BHO so I deleted the entry in the registry manually. Then I ran About:Buster again and it produced:

About:Buster Version 1.25
Attempted Clean Of Temp folder.
Removed LEGACY___NS_Service_3 Key
Pages Reset... Done!

Not sure what this means but when I run About:Buster again it produces the same thing. As a result I'm not sure what finally sorted my hijack problem.

What my post was really about was that the BHO's dll did not exist so far as I could tell. Was it hidden? If so how? - I searched through everything, including system files. If the dll didn't exist then it makes me wonder if this was the real cause of the problem.

ie what happens if there's a BHO with a non existant dll but a valid registered CLSID? Does IE do some default behaviour? If so what?

#6 RubbeR DuckY

RubbeR DuckY

    Marcin

  • Developer
  • PipPipPipPipPip
  • 878 posts

Posted 08 July 2004 - 10:18 AM

Hijack this shows a (no file) or (file missing) after the entry. If there is nothing like that after the entry the bho still exists.

Although finding it may not be easy. It could be hidden as a hidden file or system file.
Marcin Kleczynski
Chief Executive Officer
Malwarebytes Corporation

Follow me on Twitter or check out my Blog!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button