Spy creating problems.
Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: Spy creating problems.

  1. #1
    Senior Member
    Join Date
    May 2004
    Posts
    107

    Spy creating problems.

    Hello All:

    I think I have a spy in my Win98 box. I use IE6.
    Everytime I open Internet Explorer( whose default homepage is set as 'about: blank' ), I get to see a webpage with many links(art, entertainment, health ...), 'n so much unwanted stuff, though the browser shows 'about blank' itself.
    If I click on a link on the page, it goes to a page like http://searchx.cc/search.php?pin=58&...etball+betting (showing "Connection Problem" )
    The most annoying fact is that I get popup applets telling that I'm infected with a spy, 'n when click the "Find out more", I get redirected to a page http://search.morgen.cc/search.php?p...pyware+remover (again saying "Connection Problem.. Plz. try later)

    Yea. At first what I though was that the popup was of some of the spyware remover trying to warn me of some spy. But since both the links (from the webpage and the popup) point to similar sites, I understood that the popup was also fishy. Every time a I open a new browser window, or everytime I enter a new address, similar popups appear.... ugh! ..so annoying.

    I tried running two free spywares removers. Though they found out some spies 'n removed them, this problem still persists.
    So, I decided to try fixing it myself .

    I viewed the source of the loading page. (which is attached)
    I saw something like <base href="res://%43%3a%5c%57%49%4e%44%4f%57%53%5c%53%59%53%54%45%4d%5c%4a%4e%50%47%42%2e%44%4c%4c/"> on the very first line.
    I uncoded the url and found it to be 'C:\WINDOWS\SYSTEM\jnpgb.dll .
    So I opened the dll file using wordpad. 'n found that it had something to do with the page. After around the the first half of the doccument, I could see html code in black and white relating to the website. What am I to do next ??.. Is jnpgb.dll a standard windows file ??
    Is there any onr can edit the contents of the so set 'about: blank' homepage ??

    Thanx b4hand .

    PS. attachment is of the source of the webpage loaded.
    XNikon
    please don\'t visit www.BusyTalk.com

  2. #2
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    This seems more like a spyware issue so I've moved the thread here. You might want to take a shot at CWShredder and HiJackThis as methods of solving the issue. A quick Google search on "search.cc spyware" resulted in this forum's solution
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  3. #3
    Senior Member
    Join Date
    May 2004
    Posts
    107
    and here is the jnpgb.dll file... When u open it in wordpad, you see some code of the webpage after half the document...

    PS. I've renamed the .dll to .txt
    XNikon
    please don\'t visit www.BusyTalk.com

  4. #4
    Senior Member OverdueSpy's Avatar
    Join Date
    Nov 2002
    Posts
    556
    Spy creating problems. posted Today 07:34 AM
    Hey I resemble that remark! I didn't do it!

    I DENY everything and DEMAND proof!
    The mentally handicaped are persecuted in this great country, and I say rightfully so! These people are NUTS!!!!

  5. #5
    Senior Member Zonewalker's Avatar
    Join Date
    Jul 2002
    Posts
    949
    open up C:\program files - do you have a folder there called wintools?

    Z
    Quis Custodiet Ipsos Custodes

  6. #6
    Senior Member
    Join Date
    May 2004
    Posts
    107
    no .. no folder called wintools
    XNikon
    please don\'t visit www.BusyTalk.com

  7. #7
    Senior Member therenegade's Avatar
    Join Date
    Apr 2003
    Posts
    400
    Download HijackThis,CWShredder from here:http://www.spywareinfo.com/~merijn/downloads.html
    Unzip HijackThis to a permanent directory and run it..attach the logs to a file here(thought you might want to try to remove it yourself..funner that way?lol..Just search for the file entries on google and see if you come up with some dirt if you want to do it yourself)
    Also,you might want to get Adaware and Spybot S&D..here's athe latest thread on AO onspyware/adware removal:http://www.antionline.com/showthread...hreadid=257183

  8. #8
    Senior Member
    Join Date
    Aug 2003
    Posts
    300
    I would first DL a few programs:

    HijackThis which the link has been given above.

    Spybot S & D Spybot Website . Download the updates and run this prog and most likely it will solve your problem.

    However if this problem still is not eradicated from the two progs. Go to google. Type in the name of the company that looks as though it is advertising. Type into google something like "spyware company" and more then likely you will find a way to go to the registry and delete the bogus entries.



    - Adiz
    Ultimately everyone will have their own opinion--this is mine.

    OOOUUUUCH! <throaty sound> That ain\'t cool baby.</throaty sound> (right before this I had made fun of the \'girl\' and she took it out on my balls... Luckily later on they were \"taken care of.\"

  9. #9
    Senior Member Zonewalker's Avatar
    Join Date
    Jul 2002
    Posts
    949
    no .. no folder called wintools
    sorry meant to reply to this hours ago.... well thats good anyway - I asked because I recently had to clean out a friends machine suffering much the same problems as yours seems to be. The friends box was infected with wtoolsa and wtoolsb - they tend to reside in c:\program files\wintools amongst other places. best thing you can do is download the above tools mentioned and run them in safe mode - very important to run it in safe mode (as no one else seems to have mentioned it)

    actually... one other thing - have you noticed a new toolbar appear on your IE bar? if so make sure you run spybot v1.3 because v 1.2 will not remove the thing. and do also run adaware as it does pick up things that spybot doesn't.
    Quis Custodiet Ipsos Custodes

  10. #10
    Senior Member
    Join Date
    Aug 2003
    Posts
    1,019
    Also, just another note on wintools, there is a variation that runs as a service, so if all else fails, check there. Once disabled, it can then be deleted.

    And yet another variation locks itself into the startup files and has to be disabled through msconfig.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •