Hey, it's been awhile since my last post but anyways...So I reformat my computer and I got all my files up and running, then I go to a site and it completely rapes my computer. I get like 20 things installed all at once, the reason was because my firewall was going bonkers and I turned it off, still if I let it stay on the files were still going to go on my computer. Anyway, I got rid of all the problems except for one. I find it very weird because I spent an hour looking through my entire registry, but can't find what's wrong. The problem is IEXPLORE. If I open it, it will say: "Do you wish to wach a news video every day?" Reguardless of what I press yes or no, it will open internet explorer for me. After opening internet explorer I look into my C: and there is a file name called config.sys.bak, now if I delete this and I open Internet explorer it will say the "Do you wish to wach a news video every day?" again, if I don't delete it and I open internet explorer it will be normal like nothing is wrong and just open without the pop up message. When I open my task manager there is an IExplore.exe running without any Web browser opened. When I end it's process nothing happens. Oh yea also to mention the program r5gsvr32.exe opens as well when all this is done. When I close it it opens again when I open internet explorer. r5gsvr32.exe has no information on google.com nor is it found in my registry or my hard drives. I don't know why this thing is so complicated. It's those 2 problems and there pissing me off. I wonder if anyone out there had run into the same thing and just played with the registry to fix it. I spent hours and hours fiddling through registry and I get no luck. It's very weird because it seems like the message that pops up when opening IExplorer is directly connected to IExplorer since it shows the root (C:\program files\internet explorer\iexplorer.exe) in the title of the message. Please HELP!!! I am curious wether I'm the only one that actually plays with registry instead of just using one of those retarded virus/spyware removers & scanners that don't work in the first place and do more damage then fix anything. Thanks for anyones help I really appreciate it!
-
We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.
Virus/Spyware Attached to IEXPLORE.exe plus r5gsvr32.exe
- Thread starter NomisST
- Start date
Oh I did all that, and it found around 30 things in ad-aware, 12 things in spybot and AVGFree 3 things, but none of them fixed the problem that I physically encounter. Those retarded programs only fix crap that don't bother you, anyway...I still get the message when opening IE after I delete the file config.sys.bak and I still have that program r5gsvr32.exe opened in my task man...by the way I have windows 2000. Thanks for the reply though I appreciate it. I need more help though than from free virus/spyware scanners. Thanks for the help.
OS: WINDOWS 2000 PRO
OS: WINDOWS 2000 PRO
i can't find any quick refs to that file.
If you are sure that it is the problem,
boot into safe mode [might even have to try recovery mode]
delete that file and any file that was created within a few seconds of it.
Go thro registry and del any keys/values [careful here] which reference that file, or one of the other files.
i trust that you will have backed up your registry before you attempt to do this.
After, boot into safe mode and see if this file still gives probs.
If yes,
try downloading 'filemon' and regmon [i think from analogx]
they will tell you in realtime what is happening.
could also try hijackthis - [never used it myself, but seen lots of good things about it]
If you are sure that it is the problem,
boot into safe mode [might even have to try recovery mode]
delete that file and any file that was created within a few seconds of it.
Go thro registry and del any keys/values [careful here] which reference that file, or one of the other files.
i trust that you will have backed up your registry before you attempt to do this.
After, boot into safe mode and see if this file still gives probs.
If yes,
try downloading 'filemon' and regmon [i think from analogx]
they will tell you in realtime what is happening.
could also try hijackthis - [never used it myself, but seen lots of good things about it]
mechBgon
Super Moderator<br>Elite Member
1) what version of Windows, and what Service Pack level, are you currently using?
2) what antivirus software (if any) were you using at the time of the attack?
3) what site did you visit that had the junk?
Lots of threats now generate random .exe names, so you cannot simply look up r5gsvr32.exe on Google and get info on the threat. My suggestion is to
1) enable your firewall
2) install the Microsoft Antispyware beta
3) install a free 15-day trialware of McAfee VirusScan 9.0
3) disable System Restore (important)
4) restart in Safe Mode
5) while in Safe Mode, run a Microsoft Antispyware scan, thorough mode
6) also while in Safe Mode, run a McAfee antivirus scan
7) note the exact names of the threats that are detected, so we have something to go on besides a randomly-named meaningless .exe here
8) after you're done, reboot into normal mode and see how the system behaves, then run a Microsoft Baseline Security Analyzer scan. MBSA download
9) if you are going to visit "that type" of site, then use a Limited user account (aka "Restricted User" account in Win2000). They are far more resistant to subversion than an Administrator-class account.
10) stop being a 'tard and get some robust antivirus software. 😛 If you need an install-and-forget antivirus, McAfee VirusScan 9.0 is a good bet because it's mostly pre-configured (plus it detects Trojans very well, as well as a certain amount of adware/spyware). You should schedule a routine antivirus scan (I suggest daily, but otherwise make it Wednesday evening) and probably disable its informational alerts so they don't drive you crazy.
2) what antivirus software (if any) were you using at the time of the attack?
3) what site did you visit that had the junk?
Lots of threats now generate random .exe names, so you cannot simply look up r5gsvr32.exe on Google and get info on the threat. My suggestion is to
1) enable your firewall
2) install the Microsoft Antispyware beta
3) install a free 15-day trialware of McAfee VirusScan 9.0
3) disable System Restore (important)
4) restart in Safe Mode
5) while in Safe Mode, run a Microsoft Antispyware scan, thorough mode
6) also while in Safe Mode, run a McAfee antivirus scan
7) note the exact names of the threats that are detected, so we have something to go on besides a randomly-named meaningless .exe here
8) after you're done, reboot into normal mode and see how the system behaves, then run a Microsoft Baseline Security Analyzer scan. MBSA download
9) if you are going to visit "that type" of site, then use a Limited user account (aka "Restricted User" account in Win2000). They are far more resistant to subversion than an Administrator-class account.
10) stop being a 'tard and get some robust antivirus software. 😛 If you need an install-and-forget antivirus, McAfee VirusScan 9.0 is a good bet because it's mostly pre-configured (plus it detects Trojans very well, as well as a certain amount of adware/spyware). You should schedule a routine antivirus scan (I suggest daily, but otherwise make it Wednesday evening) and probably disable its informational alerts so they don't drive you crazy.
I contracted the same problem today. You are the one and only hit on Google.
I was looking for a fix program and downloaded crack22a.exe, scanned it, virus free, ran it, unlike other setup programs, instead of asking me next next next finish it just rolls right into installing 'something'
I went to my ad remove programs and removed about 5 things and it reduced the pop ups. I went into internet options and deleted any semi-quazi object. Spybot cleaned up a lot of fstuff.
But every time I boot my browser it it launches a process r5gsvr32.exe
I cannot find this file anywhere on my hard drive.
I cannot find this file anywhere in my registry.
I even audited the shortcut for bringing up the browser and it still seems to be pointed at iexplore.exe
I tried overwriting it with the same file from another simular computer didnt help.
I tried virus scans and spybot scans in safe mode and it comes back next time I launch my browser.
Oh ya, its my work computer. Yuk.
sigh.. guess I need to get my hands on some hard trace programs that monitor memeory and such and see where this comes from.
I was looking for a fix program and downloaded crack22a.exe, scanned it, virus free, ran it, unlike other setup programs, instead of asking me next next next finish it just rolls right into installing 'something'
I went to my ad remove programs and removed about 5 things and it reduced the pop ups. I went into internet options and deleted any semi-quazi object. Spybot cleaned up a lot of fstuff.
But every time I boot my browser it it launches a process r5gsvr32.exe
I cannot find this file anywhere on my hard drive.
I cannot find this file anywhere in my registry.
I even audited the shortcut for bringing up the browser and it still seems to be pointed at iexplore.exe
I tried overwriting it with the same file from another simular computer didnt help.
I tried virus scans and spybot scans in safe mode and it comes back next time I launch my browser.
Oh ya, its my work computer. Yuk.
sigh.. guess I need to get my hands on some hard trace programs that monitor memeory and such and see where this comes from.
one other proggie that i have recently had brilliant success with is
GIANT
can dl a free 30 day trial -
http://www.giantcompany.com/files/GIANTAntiSpyware.exe
GIANT
can dl a free 30 day trial -
http://www.giantcompany.com/files/GIANTAntiSpyware.exe
GOT IT!!!!!
I loaded ZoneAlarm on my system and invariably, a pop up came up asking for permissiong for
r?gsvr32.exe to access the net, of course i said no.
the file was in \winnt\system32
BE CAREFUL
there are TWO FILES
regsvr32.exe & regsvr32.exe
one is like 11K and is your REAL system file and the other is liek 392K and hidden and wont let you rename it because the SYS flag is on.
I renamed the file, booted in safemode and ran Adaware and Spybot to fix everything and I have control of my Internet Explorer again.
I think I am going to zip this b@st@rd and send it to the Spyware experts.
I hope this helps.
I loaded ZoneAlarm on my system and invariably, a pop up came up asking for permissiong for
r?gsvr32.exe to access the net, of course i said no.
the file was in \winnt\system32
BE CAREFUL
there are TWO FILES
regsvr32.exe & regsvr32.exe
one is like 11K and is your REAL system file and the other is liek 392K and hidden and wont let you rename it because the SYS flag is on.
I renamed the file, booted in safemode and ran Adaware and Spybot to fix everything and I have control of my Internet Explorer again.
I think I am going to zip this b@st@rd and send it to the Spyware experts.
I hope this helps.
kalyankrishna
Junior Member
was able to catch it using HijackThis.
A key with something r?gsvr32.exe and
there was a "omboova.dll" in winnt\system32. Removed this and no longer the r5gsvr32.exe in taskman.
:thumbsup:
A key with something r?gsvr32.exe and
there was a "omboova.dll" in winnt\system32. Removed this and no longer the r5gsvr32.exe in taskman.
:thumbsup:
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 25K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 24K
-
-
