Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
A couple of days ago I noticed it taking a long time booting after I click my login icon. Then the first time I run IE6 or Netscape, ZoneAlarm tells me rundll.exe is trying to access the internet, so I stop it. Next, my browser winds up on spotresults.com (no, not my home page)and an error msg. appears saying, "an exception occurred while trying to run ""C:\WINDOWS\SYSTEM32\6ro4svc.cpy.dll".umonitor". I look into the system32 subdirectory and find 2 odd dll's this one and 6ro4svc.dll. I can delete the .cpy.dll but not the other because it says it's in use by someone or another program. I did find out the electronic signature is by Nictech Networks. I've tried a bunch of spyware programs, Adaware comes te closest but not enough. Help!
I have no signature.
Try booting into safe mode and then delete the files. Keep tapping F8 while Windows is loading to get to safe mode.
-Clinton
0 
nah bill am afraid u got a toejammer virus or worm..please download this awesome antivirus which u will love am sure
www.grisoft.com...click download and lefthand side download avg 6.0 free..fill out your info they email u a key..and run it..
80% sure u got a virus on there bill
oh yeah avg insures 100% detection of any virus/worm/toejammer...enjoy and look at my tweak for avg to make it be one hell of a fighting force.
any future probs please post here
enjoy
0
hi bill,
check your directories to see if you have any of these files:
msg116.dll, msg117.dll, msg118.dll, msg119.dll, msg120.dll, msg121.dll, msg122.dll, upd116.exe, upd117.exe, upd118.exe, msg121.cpy.dll, msg.dll
if you do you may have the spyware Look2me and or the spyban trojan.
to get rid of this run both spybot and adaware, then go to www.thepublicworks.com, security section, and link to Ants in free anti-trojan software and download A Squared, get latest def's and scan your machine.
if you have the spyban trojan and want to delete it manually do this:
click Start then Run.
The Run dialog will appear.
Type regedit and click OK.
The registry editor will open.
Browse to the key:
'HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run
In the right pane, delete the value called 'SpyBan', if it exists.
Exit the registry editor.
Reboot your computer.
then
Delete the following files and folders:
this is in C:\Program Files\spyban
all the best,
murve
0
Sorry guys, I tried your suggestions but no success. Adaware seems to recognize the files in question but is unable to erradicate them. I appreciate all your suggestions. Any takers?
I have no signature.
0
hi bill,
you might have the loxoscam virus.
here's some info on it:
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.loxoscam.html
all the best,
murve
0
Testing reply (last time I tried it told me I needed to login first, but then it totally lost everything I had typed).
0
You have Look2Me installed, courtesy of NicTech. Many people are having similiar problems, including me. All the removal instructions I have seen are a little difficult, except for getting the removal program from NicTech. See this URL: http://www.kephyr.com/spywarescanner/library/look2me/index.phtml He has both manual removal instructions (which may be incomplete, see below) and instructions for getting NicTech's removal program. Note: He claims you have to supply an email address to get the serial number. I followed his instructions today and a serial number was supplied me on a web page. I never had to supply an email address. I have downloaded the removal program but have not used it yet (I'm at work, the Look2Me adware is on my home computer).
Here is a forum where Look2Me/NicTech is being discussed. There are manual removal instructions in the thread: http://www.computercops.us/modules.php?name=Forums&file=viewtopic&p=141536
You can go to Adaware's support forums: http://www.lavasoftsupport.com/ then press the search button (upper right) and search for Look2me. You'll see that there are multiple discussions going on. The one titled "Look2Me ######" has removal instructions in it, posted by Option^Explicit at Apr 18 2004, 07:12 AM.
Good luck.
0
I had the same problem and it was being caused by VX2.BetterInternet. I've managed to remove the dll's and registry entries and everything seems ok so far. I followed the solution by Zupe at:
http://www.dslreports.com/forum/remark,9979574~mode=flat
----The post was as follows:----
This will take a few steps:
First, please download and unzip the latest version of the Killbox from here: »http://download.broadbandmedic.com/VbStuff/KillBox.zip
After that:
said by Option^Explicit - »http://forums.broadbandmedic.com/cgi-bin/ib3/ikonboard.cgi?;act=ST;f=1;t=6 :
----------------------1.) Go to Start->Settings->Control Panel->Administrative Tools->Local Security Policy & Under Local Profiles>>User Rights Assignment. On the right side look for Debug Programs, Right-click on it and select Properties.
2.) Click Add User or Group and when the next Window opens, click the Object Types button, and now put a Check in the box for Groups. click OK.
3.) That Window will close. On the one you are left with, click Advanced and from the next Window Find Now
*Look under Name(RDN) for Administrators and select it & Click OK.4.) Administrators should show up in the box beside "Check Names" just Click OK, then that Window will close..On the next Window under the only Tab "Local Security Setting" should have Administrators listed in it, if it does Click Apply then OK again.
With a reboot that fixes that.
*Make sure you reboot!After rebooting...
Close all open Windows, start the KillBox and under the Fix L2M menu choose Kill VX2.BetterInternet. Your computer will Shut down. On rebooting, the 2 files will be deleted.
Because we accessed these .dll files, they will have corrupted the User Rights Assignment again, but no big deal. Repeat the same process you did earlier of adding the Administrators Group to Debug Programs again, and since the offending files are gone, this time those settings will stay put.
Things to do with Killbox after removing these files:
1.)Click Find>>Find VX2.BetterInternet
*Nothing Should show up in the next window, if it does you are infected still. But if Clean then...2.)Click Find->User Agent String, highlight the CLSID key, and under the Action menu choose Delete User Agent String
3.)Click Fix L2M and choose Import L2M.reg to remove various registry keys set by the software.
----------------------After all that, please update Ad-Aware and run a full scan, removing any leftovers it finds.
0
I have read several boards with postings with regard to files from NicTech..
The ones on my machine were in the system32 directory aiptif.cpy.dll and aitpif.dll..
I have Windows XP Home and tried ever move to get rid of them..
Finally used a straight foward approach..
I removed the drive from the machine and placed it in another XP machine as a second drive..
Used explorer to locate files and deleted them..
Replaced the drive used Ad-aware to remove any remaining files..
Machine now works fine..
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
