Error - template LAYOUT-DATA-WRAPPER not found

A configuration error was detected in the CGI script; the LAYOUT-DATA-WRAPPER template could not be found.

Error - template STYLE-SHEET not found

A configuration error was detected in the CGI script; the STYLE-SHEET template could not be found.

Error - template SUB-TOP-BANNER not found

A configuration error was detected in the CGI script; the SUB-TOP-BANNER template could not be found.
Subject:
Re: Hijacked browser, continued.
From:
David Grossman <[log in to unmask]>
Reply To:
PCSOFT - Personal Computer software discussion list <[log in to unmask]>
Date:
Wed, 12 Jan 2005 07:22:58 +0200
Content-Type:
text/plain
Parts/Attachments:
text/plain (63 lines) 
Some new developments have arisen since posting my previous message.

WinPatrol keeps popping up and trying to delete d3lx.dll and DeskAdServ.exe.
Sometimes it also tries to delete atlgw32.exe. I always tell it to delete
them. I hope this means that we can narrow down the problem to those files.

If I try to go into IE6 *right after* WinPatrol tries to delete the
programs, then I have a glorious "about:blank" screen without the hijacked
material. A few seconds later the obnoxious hijacked opening screen
reappears.

I am now receiving frequent error reports for IE6 and Outlook Express (the
program has encountered a problem and must close...).

David Grossman


----- Original Message -----
From: "David Grossman" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Wednesday, January 12, 2005 6:13 AM
Subject: Hijacked browser


> My browser (IE6) has been hijacked.
>
> Ad-Aware 6 gave it a clean slate, but only after running it several times
> both in normal mode and in Safe mode.
>
> SpyBot Search and Destroy shows DSO Exploit that keeps coming back. It
says
> that it is removed, and then it returns.
>
> WinPatrol found programs that keep coming back. It keeps removing them,
yet
> they keep returning. The programs that keep returning are
> c:\windows\d3lx.dll; c:\program files\Desk Ad Service\DeskAdServ.exe;
> Syslog32.exe (no path is indicated); c:\windows\system32\atlgw32.exe. It
> reports a hijacked home page as res://c:\windows\ajtoe.dll\ssp.html#12345
>
> All of these programs were updated today.
>
> I also get a message that I have to put in my Windows XP CD since some
files
> have been replaced. When I do so, it gives me the usual opening screen for
> Windows XP. Apparently it does not replace the files, and it asks for the
CD
> the next time I reboot.
>
> The computer is an Intel 2.4 GHz, 512MB, 80 MB hard drive with a dialup
> connection. I am using Windows XP without the service pack.
>
> Since these programs have not been able to remove the problem, is there
> another program that can do it?
>
> David Grossman
>
>

             Do you want to signoff PCSOFT or just change to
                    Digest mode - visit our web site:
                   http://freepctech.com/pcsoft.shtml

ATOM RSS1 RSS2

LISTSERV.ICORS.ORG Secured by F-Secure Anti-Virus CataList Email List Search Powered by LISTSERV