Need Help with Unregistering DLLs

Hi, everyone.

I've been hit with a particularly intrusive and obnoxious piece
of spyware called ABetterInternet. Throughout the day, I have
numerous firewall dialogs popping up saying that a particular
upload/download application is trying to access the Internet, and
identifying the application with www.abetterinternet.com. I deny
the action and check the box to always do so, but it doesn't
help; they keep coming back. Various filenames are used:
meaningless or nonsensical ones such as thnall1ac.exe,
aurareco.exe, thin-94-1-x-x.exe, and ifslbqysnh.exe. (The last
one is actually identified as Buddy, which might possibly be a
separate piece of spyware; I don't know yet.) The files usually
run from a temp folder, and when I look for them there I don't
find them.

I did a search and found removal instructions at:

http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453076992

One of the steps involves unregistering a long list of DLLs using
regsvr32.exe; another involves removing a list of registry
entries using RegEdit.

Before proceeding with the cleanup, I have some questions I'd
like answered.

1. Can anyone give me a clear explanation of exactly what it
means to "register" or "unregister" a component? I've been
reading about this process for years, but have never really
understood it. I've read several knowledge base articles and
checked several books on XP and programming windows; most just
use the expressions without ever really defining them. Does
registering a control just create entries for it in the registry
(or is there more involved than that)? If so, what is the
difference between unregistering a dll and just deleting the
registry entries? (Why do the instructions include both?)

2. I did a search for regsvr32.exe on my XP Pro system, expecting
to find it in one of the standard Windows directories. Instead, I
found versions in various application directories (obviously
installed along with the applications): programs such as X-Setup,
Enfish, Visual Studio 6 (but not .NET, apparently), and Visual
Basic Runtime. Naturally, the files have various dates and sizes.
I'm concerned about the consequences of possibly running any
particular version. Is any one preferred, or should I download a
later version?

Thanks very much in advance for your help.

--
Keith
.

Relevant Pages

  • Re: Edit Registry from DOS
    ... >>entries, however, I couldn't remove the most important ... >>is gone, I can't remove the entry out of the registry, ... >>state, when the system boots, it looks for the spyware ... >>file during the winlogon process, ...
    (microsoft.public.windowsxp.general)
  • Re: URGENT : Running Spybot - Search and Destroy Gives problems.
    ... > spyware but, at the same time, it is doing some really harmful ... In simple words it just junks the registry and in turn, ... I have ran Spybot on thousands of different configurations, ... entries, but the applications/associations having been modified/corruputed ...
    (microsoft.public.windowsxp.customize)
  • Re: Final Report Vundo
    ... registry is more easily done from the XP partition. ... ddayv.exe and ddayv.dll in the system32 directory, ... I can also boot into ... Download and run firefox to protect your from future spyware ...
    (microsoft.public.windowsxp.configuration_manage)
  • Re: How do I get rid of this annoying site?
    ... you know why spyware is such a headache is that there are hybrids ... One registry cleaner and make sure it knows what it is doing. ... Unfortunately when you go to install ... > as once most get on your system they don't leave after uninstall. ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: VX2 - My Victory!
    ... I was having problem with an unknown VX2 spyware. ... it will call a DLL. ... >> I search the registry for these two files. ... I DID NOT RESTART THE COMPUTER. ...
    (microsoft.public.security.virus)