Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Major (?) Adware Problems

  • Please log in to reply
2 replies to this topic

#1 wlp1


  • Members
  • 1 posts
  • Local time:06:26 AM

Posted 25 May 2005 - 03:10 PM


I'm new to BC forum, I've read some of the posts and the help here and think this service looks wonderful.

I'm running XP Home on a Dell Inspiron 5150 notebook.

I have in the last few days (over the weekend) had my browser hijacked with the following symptoms:
>Homepage change
>Search page change
>New buttons on IE toolbar.
>ACT! Email not loading properly (log-in/User Block Error) - possibly unrelated.
>these are the symptoms I've noticed, at least.

When I open Control Panel - Add/Remove Programs, there is a program called "Search Extender" there.

I have the following programs and have run them all to attempt to resolve my issue(s):
>Norton AV 2005 (bundled w/Norton Internet Security 2005)
>Adaware SE
>Most Recently, Microsoft AntiSpyware (Beta 1)

With Norton AV, the following files were identified as Adware - IEfeats, and could not be deleted or quarantined:

The first of these files that I became aware of was msnz32.exe, it is located in Windows/System32 folder. Attempts to delete this file either through NAV or manual deletion have failed....it indicated that the file is in use or write-protected.

Other symptoms include:
>On reboot, an error comes up upon Windows reloading saying "Windows cannot find Windows/system32/mfceo.exe" or "Windows/jexk32.exe" or "Windows/system32/nste.exe" among others.
>msnz32.exe has been known to attempt to connect to a DNS server.
>"Unclassified.spyware.65" has repeatedly tried to install.

I'm at my wit's end....
I've tried all my antispyware programs, and still have problems. I've attempted System Restore up to 2 weeks back but have failed (for this reason and because of the ACT! problem I haven't disabled System Restore prior to system scans).

I think the key is the msnz32.exe program, because it was the first sign of a problem when i did the first scan after pop-ups began to appear....and I haven't been able to get rid of it. Maybe I'm wrong.

I'm hoping your expertise will provide some guidance, please help!

Thank you!

BC AdBot (Login to Remove)


#2 tg1911


    Lord Spam Magnet

  • Members
  • 19,274 posts
  • Gender:Male
  • Location:SW Louisiana
  • Local time:05:26 AM

Posted 25 May 2005 - 06:01 PM

Run these online virus scanners:

Download, install, update and run:
Spybot S&D
aČ free

Run all of your security programs in Safe Mode.
How to start Windows in Safe Mode

Please read this tutorial on Spybot S&D before using it. Spybot can do SERIOUS damage, if not used properly.

If that doesn't help, then:

Read the pinned post in the HijackThis forum, here
Please read, and follow, all directions carefully.

Then, run a log, and post it in the HJT forum, at this link. Do not, fix anything, yet.
A member, of the HJT Team, will help you out.
It may take a while to get a response, because the HJT Team are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.

Once you have made the post, please, DO NOT make another post in the HJT forum, until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post, there will be 1 reply. The team member, glancing over the replies, might assume someone is already helping you out, and will not respond. So, just make your post, and let it sit there, until a team member responds. This way you will be taken care of, in the most timely manner.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#3 Enthusiast


  • Members
  • 5,898 posts
  • Location:Florida, USA
  • Local time:06:26 AM

Posted 25 May 2005 - 07:22 PM

Here is a new address for Trend Micro that will provide a malware scan as well as a virius scan:


You must use Internet Explorer to accomplish these scans use Active X which isn't available on Firefox.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users