Question about a Windows command

Status
Not open for further replies.

TwistEdFish

Posts: 15   +0
Greetings All,
I have a question in regards to exactly what a certain widnows command will do to my computer. The situation is i have suddenly found that i have a auto installed exploit on my system that repeatedly opens Internet Explorer to any of about 6 different web sites, only thing is the sites appear to be empty and the actuall address in IE appears that it may be someones attempt to gain money by making my PC log on to a web site that pays them for traffic.

I have contacted the owner of the domain names that open and he has responded with this msg.

Hello
you can remove the plugin using this command line
"regsvr32 /u C:\WINDOWS\system32\101.dll"
or
"regsvr32 /u C:\WINDOWS\system32\102.dll"

how to enter on command line: "Start" menu, "Run" -> type "cmd" <enter> then run those command line

you can also download this batch file:
http://www.boxsearch.net/remove_plugin.bat

if that doesn't work, please let me know.


Can anyone tell me if those commands hes offering me to solve this issue are legit or will they do even more damage to my system?

Hope you can help youve always been able to in the past And Thank You very much in advance!!!!!!
 
Sounds to me like a simple Spyware problem...

Go to Download.com and get SpyBot Search & Destroy..
If you are on legit windoze then you can try Windows Defender, but SpyBot should resolve it...

And personally I think his bat file is a load of crap...
 
Well i have run Ad-Aware which has always kept my system clean till now. i have tried Windows defender but no problems found, ran McAfee's it finds nothing. BUT i also just realized that even on this site some links like at bottom of page where it has a link that says TIME if i hover above that it shows that its going to take me to one of the web sites that has been popping up.

I've looked in my windows/system32 folder and do not see either of the DLL's mentioned in his email thats what made me nervous about using those commands.

so far the web sites that have popped up are
boxsearch.com
findelectronics.net
oneplaying.com
docash.net
www1.webseeking.net

and a few others i havent bothered to log i just kept closing the windows they seem to pop up at a certain interval also liek 15 minutes and if i leave 1 open another will pop at 15 minutes again.

Now what has me thinking its a exploit from someone trying to get CLICK MONEY is each window that opens the address always has a number following the domain name,
here is one of the address' as copied from the address bar in IE minus the http stuff to keep it from being a link.

findelectronics.net/findelectronics.html?a2V5PWdhbWUmdXJsPWh0dHA6Ly93d3cucG9nby5jb20vaG9tZS9ob21lLmRvJTNmc2l0ZSUzZHBvZ29wJTI2bGtleSUzZHJvZ3Z2aG8waGdsbGRqZGdjbWFtZmdhYWtkdy4mY2lkPTBEMzg1NDgzM0QwNjREMjU5NzQwMTZFQkYwQjQwQUI1JmhpZGRlbj0wJnNjcmlwdHM9MCZsaW5rcz02JnNwb25zb3JlZD0wJmlzdXJsPTAma2V5d29yZHM9ZXh0cmElMmJnYW1lcyUyYnNvdW5kJndpZD0xMDA=

hope this info helps in determining if its something i can safely get rid of Thanks again.

Edited to show full address that appears in IE when pop up comes!!!!!
 
have you tried posting hijackthis logs
do search I guess can post here are where the sticky says

go to ms website do search for cmd window
shows all the cmd's and more
and yes, you can run from run, type, cmd,cmd window will open
some times I shut off explorer exe afte I open this up
keep task window open or you will need to reboot
 
what is HiJackThis ? is it a program i need to DL in order to log these things ?

NM i found it i think, if its called Spyware Doctor that is, good to see its made by a company i allready trust, i faithfully use PC-Tools Software's Registry Mechanic and its flawless operation is great, going to purchase their other software now and get my system even better protected.
 
Anyone with any more information on this subject, I downloaded the Spyware doctor from PC Tools Software and ran it but it did not find any thing and im am still dealing with the pop up windows.
Not sure yet what the Hijackthis log file is so that i could attach it here as the sticky post states. If any more info is required to help you understand my issue please let me know and I'll gladly post it.
 
TwistEdFish said:
"regsvr32 /u C:\WINDOWS\system32\101.dll"
or
"regsvr32 /u C:\WINDOWS\system32\102.dll"


Can anyone tell me if those commands hes offering me to solve this issue are legit or will they do even more damage to my system?
Legit. Regsvr32 is used to register or unregister Windows files (DLL or OCX usually).

This is because all ActiveX files need to be "registered" before they can be used in Windows (I guess this has something to do with following the COM standard somehow).
 
Thank you so very much Mictlantecuhtli,
I used the command stopped the DLL and actually found it in the windows folder and got rid of it. the pop up windows have stopped. Your a life saver.
Without the big hole in teh middle of course LOL thanks again for your assistance. I owe you!!!!!!
 
GJ Mic...

So I guess Im just the "hole in the middle"??? nah jk.

I knew the regsvr32 was valid, but that BAT file would sownright scare me...
 
Status
Not open for further replies.
Back