Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

deleted ms0b920b.dll file


  • Please log in to reply
5 replies to this topic

#1 Dustin

Dustin

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:14 AM

Posted 13 January 2005 - 11:56 AM

I found that I had a home page hijacker "about:blank". I got rid if it using "adware away" software but now I have a missing dll file "c:\windows\system32\ms0b920b.dll". Is there a file I can download to get it back?

BC AdBot (Login to Remove)

 


#2 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:08:14 AM

Posted 13 January 2005 - 11:59 AM

You don't want that file back. It is part of a new variant of CWS, and is not a valid Windows file.

I am guessing that the main part of the infection is still on there, and it is looking for that .dll. The main infection is qqtask.exe, which normally is a valid Quick Time file, but in this case, CWS has rewritten it.

#3 Dustin

Dustin
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:14 AM

Posted 13 January 2005 - 12:01 PM

so how do i get things like msn messenger and other programs that need it to work again?

I did a search for the qqtask.exe file and it was not found.

Edited by Dustin, 13 January 2005 - 12:12 PM.


#4 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:08:14 AM

Posted 13 January 2005 - 12:17 PM

:flowers: Those programs don't need it to run. I am going to go out on a limb here and guess that you have some other issues going on as well, and you probably should post up a HJT log in the forums so that someone can take a look at it and see what is going on.

The instructions for posting a log can be found here:
http://www.bleepingcomputer.com/forums/t/956/how-to-submit-a-hijackthis-log/

:thumbsup:

#5 ddeerrff

ddeerrff

    Retired


  • Malware Response Team
  • 2,741 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Upper Midwest, US
  • Local time:08:14 AM

Posted 13 January 2005 - 12:54 PM

That would be Holax. So is "adware away" removing Holax?

Repair would involve reinstalling the programs that have been damaged, or installing a dummy .dll file to replace.

From a Grinler post

To get those startup programs working again, Bobince has released a dummy file dll that just loads and does nothing. This can be used as a replacement for the infection dll so that the infected programs will continue to operate. Have them download this dummy dll and rename it to the name of the infected dll (ms0b920b.dll). Reboot and those startup programs will now work.

http://www.doxdesk.com/file/software/win32/InetDummy.dll


Derfram
~~~~~~

#6 Dustin

Dustin
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:14 AM

Posted 13 January 2005 - 01:56 PM

Thanks a lot ddeerrff & groovicus. I did as ddeerrff said in the last posting and also put the dll file in the correct place, restarted my comp and everything came back up with no error messages. Yall kick ass.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users