Major probs with IE

**kr5kernel** · November 8th, 2004, 07:29 PM

let me be more specific:
start > run >cmd
netstat -o

find what pid is running on port 7212

do a :
tasklist /svc
and match up pid 7212 with a exeecutable

**willowmoon** · November 8th, 2004, 07:45 PM

Soooo what exactly is netstat?

Oh, and let me say thanks cause you've been really helpful

**kr5kernel** · November 8th, 2004, 08:01 PM

netstat is a command that comes with windows that shows processes listening for connections on your machine. You have it already. Follow the steps above.

**willowmoon** · November 8th, 2004, 08:03 PM

ok, did that.....7212 does not even show up on there

**kr5kernel** · November 8th, 2004, 08:07 PM

are you sure? try a netstat -a -o
it should be on the left side of the screen and say

YOURCOMPUTERNAME:8080
or YOURCOMPUTERNAME:7212

***jinxy*** · November 8th, 2004, 08:07 PM

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about :NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about :NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about :NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about :NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about :NavigationFailure
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about :NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int
ernet Settings,ProxyServer = 127.0.0.1:7212
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\System32\IETie.dll
O2 - BHO: (no name) - {C18A70F9-6155-4670-BB6F-3BBAB02EF91D} - C:\WINDOWS\System32\gfb.dll

Check and fix the above using Hijackthis. Then in safe mode delete the file: C:\WINDOWS\System32\IETie.dll

I'd get rid of wild tangent and weather bug and ghost surf if i where you also.

**dantesheaven** · November 9th, 2004, 12:29 AM

I had problems with the same thing basically except my homepage was always hijacked and redireced to coolwebsearch or something like that. It was called the Homesearch bug or something like that. Just find somebody that can help u a little more in depth on what to remove using hijack this, run adaware, spybot, make sure they are updated. Not gonna lie to you, it took my like six hours of going around finding somebody to help me and figuring out what to do exactly but I finally got rid of it. I'm guessing that because you wiped harddrive that you got rid of it but perhaps u went back to the same site and got it again? Use firefox, not too many people writing exploit code for that.

**bucket** · November 9th, 2004, 02:08 AM

I believe that about:blank is a vatiety of CoolWebSearch.
You might have to format.
Here is a link to the new CWShredder that Intermute now owns>>

CWShredder

This might help.

**willowmoon** · November 9th, 2004, 05:36 PM

I downloaded cwshredder and ran it. It came up saying that there were not probs. I am currently running my ad-aware again and so far there are some issues showing up. Here is a question though.....several people have told me to ditch ghostsurf. Why is that? I mean, I can see that the spy ware seems to be getting through....but I thought ghostsurf was suppose to stop it from getting through. When I bring up the log it is showing me all the stuff that it blocked.....so is it just some kind of huge scam or something? If so what CAN I do to try and keep this crap out of my system?

**willowmoon** · November 9th, 2004, 05:52 PM

I just finished running ad-aware and what it mostly had on it was coolwebsearch, it also had something called tracking...., something called possible..., and mru list (?) I had no clue what any of those are.

Thread: Major probs with IE

Thread Tools

Display

Posting Permissions