Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

rpcss_pl.exe file, and computer is all screwy


  • Please log in to reply
16 replies to this topic

#1 dialated8

dialated8

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 10 March 2005 - 05:29 PM

Alright, i've never posted on any sites like this, but i've read a few so i'll try to mimic what i've seen in the past. My hijack log is posted down underneath, and here is my problem: I was infected with that rpcss_pl.exe thing, and my pc went crazy. I installed Adaware, Hijack, spybot S&D, CWShredder, etc.. ran them all in safe mode and normal mode over and over, got rid of like 200+ files/entries/cookies/etc. that were infected, used a combination of a batch file i made (delete.bat in the log down below, ignore that entry I just haven't erased it yet) and hijack to get rid of rpcss_pl.exe during bootup before it could attach itself to the RPC service. Finally after getting rid of that file my computer is running at a normal speed now BUT, i still have a few problems:

1. No matter what I seem to do, I cannot get the http://www.jimbutt.com page from staying off my browser, i've tried deleting the entry then locking it... tried running all my spyware programs over and over, nothing seems to work.

2. Not only is that site sticking to my homepage, it's also still popping up every 5 min, i've never seen anything this persistant, especially after running all my antispy stuff over and over, with rebooting in safe mode etc.

3. Ever since that rpcss_pl file first popped up, I haven't been able to install anything that uses the Windows Installer Service. After I deleted that file I went to the microsoft homepage and took the steps to reinstall the Windows Installer Service, but that just made it disappear completely. Now I have no antivirus running (because that file screwed up my EZtrust Armor, and I uninstalled it, thinking I could just install NAV or F-Secure, big mistake). I tried installing SP2, can't do that without that service, i'm really screwed here.

4. On my Internet Explorer, I can't open up any new pages by right clicking -> open new page, or just by hitting shift-click, which means I can't run any online virus scans that open up in a new window. Along with that, my restore button is gone in my tools menu on IE. Also I can't seem to open up certain pages, like windowsupdate, or my yahoo mail, i can get through the yahoo mail process untill it redirects me to my mailbox, then the screen is just blank. It seems anything with activex controls and java wont work too.

5. My task bar at the bottom was completely gone until I screwed with it a little, by going into the properties and turning things on and off, then finally it came up... sort of... It came up, and i can see my notification icons, time, and start button, however, whenever I open up an application, it doesn't show up in my task bar. When I minimize something the only way I can bring it back up is by alt-tab, it's not visible on the task bar (trying to paint a picture here coz this is hard to describe).

6. I cannot cut and paste any files, i'm extremely surprised actually that it let me cut and paste my hijack log in here. Oh, and in my services menu, I can't bring up any properties on any of the services.

Whew... ok, now let's hope that it lets me post here (crossing fingers)
Logfile of HijackThis v1.99.0
Scan saved at 5:10:08 PM, on 3/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\inKline Global\PC Booster\pcbooster.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
F:\Program Files\Boost XP\bxservice.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Matt\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jimbutt.com/stuffs/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {0E234239-88FF-11D2-8446-D7234234421F} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\pcbooster.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SndPnpMix] C:\WINDOWS\System32\wauctlxp4.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Boost XP Service] F:\Program Files\Boost XP\bxservice.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - Startup: delete.bat
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} -
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} -

I'll appreciate any help with this problem, this is the first time I haven't been able to manually take care of something like this, and I really need my computer for school work :D Thanks alot.

BC AdBot (Login to Remove)

 


m

#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,388 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:14 AM

Posted 10 March 2005 - 05:53 PM

You are using an outdated version of hijackthis. Please download the newer version.

Download HijackThis from:

HijackThis Download Site


Reboot your computer, DO NOT fix a thing, and post a new complete log. Do not leave anything out as it look s like you have removed the O23 entries from the log

#3 dialated8

dialated8
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 10 March 2005 - 06:30 PM

There you go, didn't leave anything out.

Logfile of HijackThis v1.99.1
Scan saved at 6:29:32 PM, on 3/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\inKline Global\PC Booster\pcbooster.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\wauctlxp4.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
F:\Program Files\Boost XP\bxservice.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Documents and Settings\Matt\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {0E234239-88FF-11D2-8446-D7234234421F} - C:\WINDOWS\System32\msasmsn7.dll
O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\pcbooster.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SndPnpMix] C:\WINDOWS\System32\wauctlxp4.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Boost XP Service] F:\Program Files\Boost XP\bxservice.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - Startup: delete.bat
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} -
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} -

#4 dialated8

dialated8
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 10 March 2005 - 06:33 PM

There are no O23 entries in my log, am i supposed to have them?

#5 dialated8

dialated8
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 10 March 2005 - 08:01 PM

Ah, and I just found out that I when I try to message anyone on yahoo instant messenger it comes up blank, i'm able to send and receive messages, I just cannot see them.

#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,388 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:14 AM

Posted 10 March 2005 - 11:29 PM

Print out these instructions and then close all windows including Internet Explorer.

Reboot your computer into Safe Mode

Then I want you to fix some of those entries. Please do the following:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:

O2 - BHO: (no name) - {0E234239-88FF-11D2-8446-D7234234421F} - C:\WINDOWS\System32\msasmsn7.dll
O4 - HKLM\..\Run: [SndPnpMix] C:\WINDOWS\System32\wauctlxp4.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - Startup: delete.bat
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} -
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} -


Then delete these files or directories (Do not be concerned if they do not exist)

C:\WINDOWS\System32\msasmsn7.dll
C:\WINDOWS\System32\wauctlxp4.exe



Reboot your computer to go back to normal mode and download the following two files:

http://www.bleepingcomputer.com/forums/ind...e=post&id=78601

and

http://www.bleepingcomputer.com/files/reg/fixrpcss.reg

and save them to your desktop. Double-click on each file and if it asks if you want to merge the data, press yes.

Reboot and post a new log and tell me if things are working again.

#7 dialated8

dialated8
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 11 March 2005 - 09:44 AM

Alright, I did that. I want to say thank you for helping me out, I can usually take care of these things on my own, but this one is just driving me nuts.

Anyway, I went through and did what you asked, the log is posted down beneith. Some of the entries I deleted just showed back up, and the jimbutt thing is back again, I did try to delete that along with the entries that you asked me to, but it just sticks there. I also downloaded firefox so I can click on your links that you give me and have a new window pop up. While waiting for your response I found out that on the european trendmicro website you can use firefox for their online virus scan (Housecall on the US website only allows Internet Explorer), and went ahead and did that. It found numerous trojans, and I cleaned them. Hope that didn't conflict with what you're helping me with.


Ok, on with the problems lol:

1. I still cannot open any new browser windows from a window in IE (with clicking, right clicking "open in new window," or by shift click).

2. I'm still getting the pop up every 5 min.

3. I still cant move, copy, drag or paste anything that I myself didn't type.

4. I still cannot Install anything, because the Windows Installer Service isn't there, and alot of my other services cannot start. (Can't goto properties on any of the services either)

5. My taskbar still doesn't show any applications.


I'm dying over here with this. I'd like to meet the guy who wrote that rpcss_pl.exe program and send him through a wood chipper.

Once again, thank you so much for being so helpful.

Here's the log:

Logfile of HijackThis v1.99.1
Scan saved at 9:26:48 AM, on 3/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\inKline Global\PC Booster\pcbooster.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
F:\Program Files\Boost XP\bxservice.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Documents and Settings\Matt\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jimbutt.com/stuffs/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {0E234239-88FF-11D2-8446-D7234234421F} - (no file)
O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\pcbooster.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Boost XP Service] F:\Program Files\Boost XP\bxservice.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} -
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} -

#8 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,388 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:14 AM

Posted 11 March 2005 - 12:26 PM

Open up regedit, and anvigate to this key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs

Right click on RPCSS, and export the key as a regedit file called rpcss.reg.

HKEY_CLASSES_ROOT\CLSID\{3050F406-98B5-11CF-BB82-00AA00BDCE0B}

Do the same thing to the above key, but right click on {3050F406-98B5-11CF-BB82-00AA00BDCE0B} and export it to about.reg.

Then right click on each reg file and click edit and post the contents of both reg files as a reply.

There may be more here we need to remove.

Download:

http://www.bleepingcomputer.com/files/imm/srvlook.zip

And extract it to c:\srvlook. Then run the runme.bat and when its done, there will be a srvlook.log file there. Please email that log file to grinler@yahoo.com and let me know you sent it with the other information i asked for

#9 dialated8

dialated8
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 11 March 2005 - 01:39 PM

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Enum]
"0"="Root\\LEGACY_RPCSS\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001



Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{3050F406-98B5-11CF-BB82-00AA00BDCE0B}]
@="Microsoft HTML About Pluggable Protocol"

[HKEY_CLASSES_ROOT\CLSID\{3050F406-98B5-11CF-BB82-00AA00BDCE0B}\InProcServer32]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,73,00,\
68,00,74,00,6d,00,6c,00,2e,00,64,00,6c,00,6c,00,00,00
"ThreadingModel"="Apartment"




There you go, thanks again for your help, I sent you my srvlook.log file to yahoo from my dialated8@yahoo email address.

#10 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,388 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:14 AM

Posted 11 March 2005 - 01:53 PM

Ok open up regedt and navigate to :

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum

and

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

and tell me if you see a listing under enum for LEGACY_BOOTCOM or just bootcom

#11 dialated8

dialated8
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 11 March 2005 - 01:56 PM

Under .../Enum there is neither Legacybootcom or bootcom

And under .../Services there is only bootcom

#12 dialated8

dialated8
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 11 March 2005 - 01:58 PM

Oh, and my taskbar is gone again, i just get a small line at the bottom of the screen that I cannot stretch up to view it.

#13 dialated8

dialated8
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 11 March 2005 - 06:01 PM

Finding more sypmtoms, my volume control wont work, and when I try to use Windows Media Player, it says "Can't perform operation, low memory"

#14 dialated8

dialated8
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 11 March 2005 - 11:30 PM

Update: I've figured out that I can get rid of the http://www.jimbutt.com/.../... entry and it will stay gone UNTIL something loads that causes this error to pop up saying that i need spyware protection (The exact error message I posted underneat this) and then forces Internet Explorer to open with that website. After that I cannot fix the www.jimbutt.com entry in HJT. I've tried blocking the execution of Internet Explorer, but the error message still comes up (without the internet explorer popping up), and the entry is back in my log, and cannot be fixed after that message pops up. So i'm assuming that this is a process running? I don't see any odd processes though, not sure... Maybe a process that just pops up for a second, then executes, then disappears? But there would still be a service or something that had to execute that... I donno, maybe I just don't know what i'm talking about lol, just food for thought. :thumbsup:

The error message:

Error #317 - Microsoft Windows Security Warning

Your Windows is corrupted with spyware virus <-lol nice grammar to the author
You must patch your PC urgently to protect your system
Private info is accessed by ports:

-8080
-3128

You can patch your PC for free now and delete all spyware viruses.

Click OK to choose and download free spyware removal using AntiSPY.

--------------------

I think that i'm going to email antispy just like I did with other spyware programs like spyZilla or whatever it's called, and tell them they have bad business ethics by promoting the distribution of spyware just so people will have to buy their product. Last time I did this, I actually got an email back from one of them telling me exactly how to get rid of the problem I was having before. Anyway, just giving you an update on what's going no on my end.

#15 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,388 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:14 AM

Posted 12 March 2005 - 12:42 PM

Click on start, then run, and type services.msc and press enter. Scroll down till you see Remote Procedure Call (RPC) and tell me if its started or not.

Then boot into safe mode, and delete the following key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bootcom

Reboot and see if you can delete

c:\windows\System32\drivers\bootcom.sys

Then tell me how it all went




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users