TechSpot

Question about a Windows command

By TwistEdFish
Aug 20, 2006
  1. Greetings All,
    I have a question in regards to exactly what a certain widnows command will do to my computer. The situation is i have suddenly found that i have a auto installed exploit on my system that repeatedly opens Internet Explorer to any of about 6 different web sites, only thing is the sites appear to be empty and the actuall address in IE appears that it may be someones attempt to gain money by making my PC log on to a web site that pays them for traffic.

    I have contacted the owner of the domain names that open and he has responded with this msg.

    Hello
    you can remove the plugin using this command line
    "regsvr32 /u C:\WINDOWS\system32\101.dll"
    or
    "regsvr32 /u C:\WINDOWS\system32\102.dll"

    how to enter on command line: "Start" menu, "Run" -> type "cmd" <enter> then run those command line

    you can also download this batch file:
    http://www.boxsearch.net/remove_plugin.bat

    if that doesn't work, please let me know.


    Can anyone tell me if those commands hes offering me to solve this issue are legit or will they do even more damage to my system?

    Hope you can help youve always been able to in the past And Thank You very much in advance!!!!!!
     
  2. Shizat

    Shizat TS Rookie Posts: 70

    Sounds to me like a simple Spyware problem...

    Go to Download.com and get SpyBot Search & Destroy..
    If you are on legit windoze then you can try Windows Defender, but SpyBot should resolve it...

    And personally I think his bat file is a load of crap...
     
  3. TwistEdFish

    TwistEdFish TS Rookie Topic Starter

    Well i have run Ad-Aware which has always kept my system clean till now. i have tried Windows defender but no problems found, ran McAfee's it finds nothing. BUT i also just realized that even on this site some links like at bottom of page where it has a link that says TIME if i hover above that it shows that its going to take me to one of the web sites that has been popping up.

    I've looked in my windows/system32 folder and do not see either of the DLL's mentioned in his email thats what made me nervous about using those commands.

    so far the web sites that have popped up are
    boxsearch.com
    findelectronics.net
    oneplaying.com
    docash.net
    www1.webseeking.net

    and a few others i havent bothered to log i just kept closing the windows they seem to pop up at a certain interval also liek 15 minutes and if i leave 1 open another will pop at 15 minutes again.

    Now what has me thinking its a exploit from someone trying to get CLICK MONEY is each window that opens the address always has a number following the domain name,
    here is one of the address' as copied from the address bar in IE minus the http stuff to keep it from being a link.

    findelectronics.net/findelectronics.html?a2V5PWdhbWUmdXJsPWh0dHA6Ly93d3cucG9nby5jb20vaG9tZS9ob21lLmRvJTNmc2l0ZSUzZHBvZ29wJTI2bGtleSUzZHJvZ3Z2aG8waGdsbGRqZGdjbWFtZmdhYWtkdy4mY2lkPTBEMzg1NDgzM0QwNjREMjU5NzQwMTZFQkYwQjQwQUI1JmhpZGRlbj0wJnNjcmlwdHM9MCZsaW5rcz02JnNwb25zb3JlZD0wJmlzdXJsPTAma2V5d29yZHM9ZXh0cmElMmJnYW1lcyUyYnNvdW5kJndpZD0xMDA=

    hope this info helps in determining if its something i can safely get rid of Thanks again.

    Edited to show full address that appears in IE when pop up comes!!!!!
     
  4. Samstoned

    Samstoned TechSpot Paladin Posts: 1,018

    have you tried posting hijackthis logs
    do search I guess can post here are where the sticky says

    go to ms website do search for cmd window
    shows all the cmd's and more
    and yes, you can run from run, type, cmd,cmd window will open
    some times I shut off explorer exe afte I open this up
    keep task window open or you will need to reboot
     
  5. TwistEdFish

    TwistEdFish TS Rookie Topic Starter

    what is HiJackThis ? is it a program i need to DL in order to log these things ?

    NM i found it i think, if its called Spyware Doctor that is, good to see its made by a company i allready trust, i faithfully use PC-Tools Software's Registry Mechanic and its flawless operation is great, going to purchase their other software now and get my system even better protected.
     
  6. TwistEdFish

    TwistEdFish TS Rookie Topic Starter

    Anyone with any more information on this subject, I downloaded the Spyware doctor from PC Tools Software and ran it but it did not find any thing and im am still dealing with the pop up windows.
    Not sure yet what the Hijackthis log file is so that i could attach it here as the sticky post states. If any more info is required to help you understand my issue please let me know and I'll gladly post it.
     
  7. Mictlantecuhtli

    Mictlantecuhtli TS Evangelist Posts: 4,345   +11

    Legit. Regsvr32 is used to register or unregister Windows files (DLL or OCX usually).

    This is because all ActiveX files need to be "registered" before they can be used in Windows (I guess this has something to do with following the COM standard somehow).
     
  8. TwistEdFish

    TwistEdFish TS Rookie Topic Starter

    Thank you so very much Mictlantecuhtli,
    I used the command stopped the DLL and actually found it in the windows folder and got rid of it. the pop up windows have stopped. Your a life saver.
    Without the big hole in teh middle of course LOL thanks again for your assistance. I owe you!!!!!!
     
  9. Shizat

    Shizat TS Rookie Posts: 70

    GJ Mic...

    So I guess Im just the "hole in the middle"??? nah jk.

    I knew the regsvr32 was valid, but that BAT file would sownright scare me...
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...