-=PCTechTalk=- Re: IE Association Error
- From: dktrfaustus@xxxxxxxxxx
- To: pctechtalk@xxxxxxxxxxxxx
- Date: Thu, 28 Apr 2005 00:37:13 +0100
On 27 Apr 2005 at 17:50, C.E. Cochran wrote:
> Hi - I did all this, Norton Antivirus found no infections, CW
> Shredder said Cool Web Search was not found on this system, and I ran
> AdAware and it found 47 critical objects, all tracking cookies. I
> deleted these, ran it again, and it found nothing else.
Good job.
> I rebooted,
> and went to the site I mentioned,
> http://www.getptr.com/pages/index.php?refid=northlodge , and I still
> got the Browser Helper error. I just got back on, so no instances of
> the "busy window" yet.
>
> I appreciate all your help greatly...where do I go from here?
Well, just to the confirm: the page loads fine for me, in several
different browsers.
However, on closer examination of your original error-message post,
I've found several other people reporting this same error message in
various security forums. It's _definitely_ a spyware-related problem.
It would seem a nasty little thing is clinging on to your system for
dear life!
Once we find out the name of this program, we can remove it.
Unfortunately, there are some conflicting reports about what specific
piece of malware causes this error. (Two likely suspects at this time
are "CNSMine" and "CyDoor").
One way to determine exactly what it is, is to find out the name of
the file it places in system startup.
[While logged in as yourself]
1. Click Start button >> Run >> type "regedit" >> OK
2. Navigate to:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
3. Right-click on the "Run" folder and select Export. In the "Save as
type" drop-down box, select "Text files (*.txt)". Then, give it the
name RUN1.TXT and click Save.
4. Navigate to:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
RunServices
5. Repeat Step 3 -- "RUN2.TXT"
6. Navigate to:
HKEY_CURRENT_USER\Software\Microsoft\Ole
7. Export as "RUN3.TXT"
...you get the idea. Do the same for the following registry keys:
* HKEY_CURRENT_USER\System\CurrentControlSet\Control\Lsa
* HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
* HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
RunServices
* HKEY_LOCAL_MACHINE\Software\Microsoft\Ole
* HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
When done, open your e-mail program and start a new message. Attach
all of the .TXT files you created, and send to:
dktrfaustus@xxxxxxxxxx
I'll take a look and try to find out the name of the malware, and how
we can remove it.
Faustus
--
<Please delete this line and everything below.>
To unsub or change your email settings:
http://www.freelists.org/webpage/pctechtalk
To access our Archives:
http://groups.yahoo.com/group/PCTechTalk/messages/
http://www.freelists.org/archives/pctechtalk/
- Follow-Ups:
- -=PCTechTalk=- Re: IE Association Error
- From: dktrfaustus
- References:
- -=PCTechTalk=- Re: IE Association Error
- From: C.E. Cochran
Other related posts:
- » -=PCTechTalk=- Re: IE Association Error
- » -=PCTechTalk=- Re: IE Association Error
- » -=PCTechTalk=- Re: IE Association Error
- » -=PCTechTalk=- Re: IE Association Error
- » -=PCTechTalk=- Re: IE Association Error
- » -=PCTechTalk=- Re: IE Association Error
- » -=PCTechTalk=- Re: IE Association Error
- » -=PCTechTalk=- Re: IE Association Error
- » -=PCTechTalk=- Re: IE Association Error
- » -=PCTechTalk=- Re: IE Association Error
- » -=PCTechTalk=- Re: IE Association Error
- » -=PCTechTalk=- Re: IE Association Error
- -=PCTechTalk=- Re: IE Association Error
- From: dktrfaustus
- -=PCTechTalk=- Re: IE Association Error
- From: C.E. Cochran