Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Amazing Victory Over 85.255.120.29!


  • Please log in to reply
2 replies to this topic

#1 v999

v999

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:19 PM

Posted 03 October 2007 - 02:02 PM

I defeated 85.255.120.29!!!


I use XP, IE6


When clicking some Google search results I got this URL //85.255.120.29/search/?q

We cannot find this search


---------------------------------------------------------------------

I fixed this 85.255.120.29 problem 5 days ago with //siri.urz.free.fr/Fix/SmitfraudFix_En.php

But same 85.255 problem came back and I could not fix it.


I installed and ran

SmitfraudFix
ATF-Cleaner
AVG Anti-Spyware
FixIt fixwareout
freefixer
HijackThis
Bazooka
Spyware Terminator
Ad-Aware 2007
smitRem
avgas
Spybot
etc.


Nothing worked.


Until a friend told me in IE6 to go to Tools, Manage Ads-ons, Highlight and Disable each and every Ad-on in the list, Restart.

And, OOOOOOOO miracle, 85.255.120.29 problem was gone!!!

Edited by v999, 03 October 2007 - 04:08 PM.
to sanitize URL links above


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,602 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:19 PM

Posted 03 October 2007 - 02:47 PM

You probably had a wareout infection which uses IPs in that range resolving to Atrivotechnologies, EstHost hosting company, Tartu Peapostkontor, pk. 12, Estonia, estdomains (aka InterCage), Technologii Maybutnego LLC, Hosting.UA, Inhoster, Ukraine.

InHoster IPs are are in the 85.255.112.0 - 85.255.127.255 range.

Internet Explorer add-on tools are plug-in applications designed for Microsoft Internet Explorer Web browser. The "Manage Add-ons" lists all the third-party browser extensions installed in Internet Explorer and provides the ability to disable them selectively. The "Manage Add-ons" feature cannot be used to delete them. If an add-on is disabled, Internet Explorer adds the CLSID control to the don't load list in the registry so when launching a new instance of it, the list is checked by iexplore.exe and explorer.exe processes and never loads that control.

Add-ons may be ActiveX controls, Toolbar extensions, Browser extensions and Browser Helper Objects (BHOs). BHOs are plug-in applications designed for Microsoft Internet Explorer Web browser. More specifically, they are code modules (.dlls) that are loaded into Explorer and Internet Explorer and run automatically every time you start your browser. BHO's were designed to allow developers to extend the functionality of Windows and improve features. However, some BHO's are malicious malware components which can act as a toolbar or browser plug-in and can be difficult to remove. Also see What Is A BHO?

Are you sure your system is clean as this infection is basically a rootkit?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 v999

v999
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:19 PM

Posted 03 October 2007 - 03:24 PM

I understand half of the above. Yet, I think you are right. Those files (or add-on tools) are important.

I will re-enable them one by one and try to find out which particular one caused the problem. It will take some time to do and to post.

Are you sure your system is clean --------------- no I am not.

But I am so happy the 85.255 is gone. And no single scan I ran before has found or shown 85.255 in logs

======================================

I already found that re-enabling this add-on AcroIEAdvHlprObj causes the 85.255 problem to start again

Any comment on that?

Edited by v999, 04 October 2007 - 06:42 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users