Re: javascript
From: Jan Il (abuse_at_localhost.com)
Date: 12/01/04
- Next message: PixelChic: "IE Slow Slow slow"
- Previous message: PA Bear: "Re: hotmail freezes IE 6"
- In reply to: Joker: "Re: javascript"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 1 Dec 2004 14:01:07 -0500
Hi Joker :-)
Did you go through all the removal steps that were listed, including running
the About:Buster? Is there an error message or something that is telling
you that it is a javascript type problem? If so, what is the exact wording?
Also, have you tried to reset the homepage to your normal homepage? Is it
still being changed to about:blank,. or won't let you reset? If so, the
hijacker is still on your system it just be removed before you can resolve
the resultant problems, so you might also try the following, which is a more
agressive removal process as it appears to be a more agressive variant. Be
sure to run the LSPIFX and the Winsock Fix. Follow the instructions very
carefully:
Courtesy of Jim Byrd -
Like any disinfection procedure, it's a bit risky - it deletes an important
registry key and subsequently restores a revised version. If something goes
wrong, your PC may no longer work normally.
YOU USE THIS PROCEDURE AT YOUR OWN RISK!
Download Registrar Lite 2.0, install it and run it.
http://www.majorgeeks.com/download469.html
http://www.softpedia.com/public/cat/12/5/12-5-21.shtml
Navigate to this key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
(note...should be all on one line)
and look at the AppInit_Dlls value.
Write down the name of the DLL file that's displayed!
(If you see several values separated by commas or spaces, which is unlikely,
use Windows Explorer to search for each one in the Windows\System32 or
Winnt\System32 directory. The one you can't find is the one to remember!)
Exit Registrar Lite.
Download and run this script. It will delete the CWS AppInit_Dlls value and
reboot Windows. After the reboot, the shield-DLL file is still on the hard
disk, but it's no longer a threat to your PC.
http://www.silentrunners.org/CWS%20Shield%20Dropper.vbs
Download Silent Runners here:
http://www.silentrunners.org/Silent%20Runners.vbs
Run it and look at the list of Browser Helper Objects. One of them will have
a strange name. Write down the the file name (including the full path)!
(If you're not sure which BHO was installed by CWS, reboot into Safe Mode
and follow steps 8-10 here. Commercial programs, such as PestPatrol, are
also available to identify and delete BHO pests.)
Download and run this script to delete the CWS shield-DLL and the BHO files.
No reboot will be required.
http://www.silentrunners.org/CWS%20File%20Cleaner.vbs
Reset your Internet Explorer home page. Your PC should now run normally.
If these steps do not resolve your problem, please post back to this thread
with the details and any error messages.
Hope this helps
Jan :)
Smiles are meant to be shared,
that's why they're so contagious.
Please reply to the newsgroup so others may benefit.
Replies are posted only to the newsgroup for the benefit or other readers.
How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm
> Hi Jan,
>
> It happened after using Ad-ware SE Personel and others. So I dont know
what
> to do ....
>
> Thanks anyway,
>
> J.
>
>
> "Jan Il" <abuse@localhost.com> wrote in message
> news:e40KBH81EHA.1188@tk2msftngp13.phx.gbl...
> > Hi Joker :-)
> >
> > You may have a hijacker, malware, spyware or parasites on your system
> > causing this problem. Thus, in addition to running your updated
> > anti-virus
> > program, you should do the following to be sure none of these are
present
> > on
> > your system. Although you may have already run one or more of the
> > programs,
> > please do so again according to the instructions below. Some variants
of
> > malware can replicate themselves over and over if not removed properly.
> > Please follow all instructions carefully to be sure your system is
> > thoroughly cleaned:
> >
> > Dealing with Unwanted Spyware and Parasites:
> > http://mvps.org/winhelp2002/unwanted.htm
> > Be sure to run CWShredder, Ad-aware and Spybot.
> > If these steps do not resolve your problem, please post back to this
> > thread
> > with the details and any error messages.
> > (or Spybot - Search and Destroy DSO Exploit Fix 1.3.1 TX)
> > http://www.majorgeeks.com/download4392.html
> > Also be sure to use the HijackThis. Please do not post your log to this
> > newsgroup, but to the HiJackThis Support Forum
> > http://www.hijackthis.de/forum/forumdisplay.php?f=10&guestlanguageid=4
> > or the Aumha HiJackThis forums
> > http://forum.aumha.org/viewforum.php?f=30
> > to allow the experts there to evaluate your log and advise you of the
> > necessary steps to clean your system.
> >
> > Also this program searches for hidden .dlls that recreate the malware.
> > About Buster:
> > http://www.majorgeeks.com/download4289.html
> >
> > CAUTION!!!!! Before you try to remove spyware using any of the programs
> > below, download a copy of LSPFIX from any of the following sites:
> > http://www.cexx.org/lspfix.htm
> > http://www.spychecker.com/program/winsockxpfix.html
> > (if your OS is Win2k or XP) The process of removing certain malware may
> > kill
> > your internet connection. If this should occur, this program, LSPFIX,
will
> > enable you to regain your connection.
> >
> > Also, get a copy of WINSOCKXPFIX available at:
> > http://www.spychecker.com/program/winsockxpfix.html
> > and
> > WinsockXP Fix- WinXP
> > http://www.spychecker.com/program/winsockxpfix.html
> > Also, with instructions, at
> > http://www.iup.edu/house/resnet/winfix.shtm
> > also
> > From LavaSoft- all versions of Windows-
> > http://digital-solutions.co.uk/lavasoft/whndnfix.zip
> > also ....
> > (NOTE: It is reported that in XP SP2, the command netsh winsock reset
> > will fix this problem without the need for these programs.)
> >
> > or ........
> >
> > Winsock Fix Utility
> > http://www.dfwonline.net/files/WinsockFix.zip
> >
> > Also.........
> >
> > Courtesy of Jim Byrd -
> >
> > Download Sysclean.com, from Trend Micro, here:
> > http://www.trendmicro.com/download/dcs.asp along with the latest pattern
> > file, here:
> > http://www.trendmicro.com/download/pattern.asp
> > Be sure to read the "How-to" info here:
> > http://www.trendmicro.com/ftp/products/tsc/readme.txt
> > You might also want to get Art's updater, SYS-UP.Zip, here for future
> > updating of these: http://home.epix.net/~artnpeg/.
> > (If you download and use the updater from the beginning, it will
> > automatically handle downloading the other files. Place them in a
> > dedicated
> > folder after appropriate unzipping, and then run. This scan may take a
> > long
> > time, as Sysclean is VERY extensive and thorough
> >
> > and......
> >
> > NOTE: If you can not download these programs from the Internet, if your
PC
> > has CD read capabilities, go to another computer with CD-ROM burning
> > capabilities. Create a folder on the hard drive of the other computer
> > called
> > HOLD, download the programs to that folder, then burn that folder to a
CD.
> > Copy the HOLD folder to your HD and then install the programs from
there
> > and run them. After you have IE access again, update all programs where
> > possible to get the latest definitions and run them again in Safe Mode
to
> > be
> > sure there are no lingering items on the system.
> >
> > also...........
> >
> > Additional information on how to protect your PC:
> > The Parasite Fight http://www.aumha.org/a/quickfix.htm
> > More security tips at http://www.aumha.org/a/parasite.htm
> > Bugs, Glitches & Stuffups: http://www.mvps.org/inetexplorer/Darnit.htm
> >
> > If these steps do not resolve your problem, please post back to this
> > thread
> > with the details and any error messages.
> >
> > Hope this helps
> >
> > Jan :)
> > Smiles are meant to be shared,
> > that's why they're so contagious.
> >
> > Please reply to the newsgroup so others may benefit.
> > Replies are posted only to the newsgroup for the benefit or other
readers.
> >
> > How to make a good newsgroup post:
> > http://www.dts-l.org/goodpost.htm
> >
> >
> >
> >
> >
> >> Hi,
> >>
> >> I have a problem with the example javascript below. It opens a
> > "about:blank"
> >> page instead of the web page "*****".
> >>
> >> What should i do ? Anything deleted from the registry or ?
> >>
> >> ***********************************************************
> >> javascript:sms_compose_popup(my_id, 374301, 'Donnvic', '2', '1',
> >> 'http://*****/photo/0/1E/374301.2.jpg')
> >> ***********************************************************
> >>
> >> Thanks,
> >>
> >> PS. Pop-up of this web-site is allowed
> >>
> >>
> >>
> >
> >
>
>
- Next message: PixelChic: "IE Slow Slow slow"
- Previous message: PA Bear: "Re: hotmail freezes IE 6"
- In reply to: Joker: "Re: javascript"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
