Problems with Internet Explorer
Thread Starter
Join Date: Jun 2003
Location: UK
Posts: 474
Likes: 0
Received 0 Likes
on
0 Posts
Problems with Internet Explorer
Just come back from my friend’s- his computer was a mess (from, amongst other things, going to broadband, surfing Kazaa and other similar sites, and not using his Anti-Virus and Spy ware on a regular basis. Ran Spybot and Adaware, and picked up, respectively, 30 and 120 malware objects. Ran AVG, and came up with a virus that won’t go away.
Having successfully run AVG with nothing detected, I successfully connected to the internet. However, whenever I tried to connect to Internet Explorer, AVG flagged up, again and again, a Trojan horse virus by the name of Startpage.16.bd.
On deleting it each time, a box with the white cross in the red circle comes up reading:
RUNdll
Error loading C:Docume~\Richard\locals~-1\Temp\se.dll
Access is denied
Trying again and again came up with the same result. I would try Hijack this, and post on this pprune thread, but he doesn’t have it. I presume I can copy my version on a memory stick, and transfer it to his, and then copy the results for posting?
Anyone any suggestions?
Having successfully run AVG with nothing detected, I successfully connected to the internet. However, whenever I tried to connect to Internet Explorer, AVG flagged up, again and again, a Trojan horse virus by the name of Startpage.16.bd.
On deleting it each time, a box with the white cross in the red circle comes up reading:
RUNdll
Error loading C:Docume~\Richard\locals~-1\Temp\se.dll
Access is denied
Trying again and again came up with the same result. I would try Hijack this, and post on this pprune thread, but he doesn’t have it. I presume I can copy my version on a memory stick, and transfer it to his, and then copy the results for posting?
Anyone any suggestions?
Join Date: Mar 1999
Location: Ashbourne Co Meath Ireland
Age: 73
Posts: 470
Likes: 0
Received 0 Likes
on
0 Posts
Looks like it's in the internet explorer temporary files area, which can be a pig to get things out of.
It might be worth bringing the machine up in safe mode, then doing a search for the file name, and deleting it that way. Make sure that system restore is turned off temporarily if it's an XP machine. Can't be completely sure, as it's not showing the full file path.
Safe mode will hopefully prevent it from being loaded at startup, which is probably what's preventing it being deleted now, as it's being accessed.
It might be worth bringing the machine up in safe mode, then doing a search for the file name, and deleting it that way. Make sure that system restore is turned off temporarily if it's an XP machine. Can't be completely sure, as it's not showing the full file path.
Safe mode will hopefully prevent it from being loaded at startup, which is probably what's preventing it being deleted now, as it's being accessed.
Join Date: Jul 2004
Location: Detroit USA
Posts: 60
Likes: 0
Received 0 Likes
on
0 Posts
You can remove it with your registry editor. First, be certain you are deleting the correct file. In the unfortunate event that you delete the wrong one, iIt can be a bigger problem than you started with!
Press start, go to run. type REGEDIT. A page similar to windows explorer pops up.
click the plus sign to expand at HKEY LOCAL MACHINE. Find your file. Right click and delete.
If this still denies you access, you need to change permissions. Right click file select PERMISSIONS. Change to allow full access, then delete.
Good luck!
Press start, go to run. type REGEDIT. A page similar to windows explorer pops up.
click the plus sign to expand at HKEY LOCAL MACHINE. Find your file. Right click and delete.
If this still denies you access, you need to change permissions. Right click file select PERMISSIONS. Change to allow full access, then delete.
Good luck!
Chief Tardis Technician
Join Date: Jan 2001
Location: Western Australia S31.715 E115.737
Age: 71
Posts: 554
Likes: 0
Received 0 Likes
on
0 Posts
can be fixed with a bit of fiddling.
Go to the directory listed, and rename se.dll to something else like gone.beast (anything meaningless).
Run msconfig, and uncheck se.dll in the startup list.
Turnoff system restore in the settings panel.
Restart computer
you will now be able to delete the renamed se.dll.
restart system restore,
everything should now work ok. (at least as far as se.dll goes.
the same trick works for a few other similar things.
Go to the directory listed, and rename se.dll to something else like gone.beast (anything meaningless).
Run msconfig, and uncheck se.dll in the startup list.
Turnoff system restore in the settings panel.
Restart computer
you will now be able to delete the renamed se.dll.
restart system restore,
everything should now work ok. (at least as far as se.dll goes.
the same trick works for a few other similar things.
Thread Starter
Join Date: Jun 2003
Location: UK
Posts: 474
Likes: 0
Received 0 Likes
on
0 Posts
Thanks for the advice. Unfortunately, having got back on the infected computer today, I went through the procedures suggested, found the Startpage entry in the registry, deleted it, restarted the computer, and- the little booger keeps coming back every time I started Internet Explorer. AVG detected it as I tried to open IE, but it comes back at each new try!
Any more suggestions?
Thanks,
Tosh
Any more suggestions?
Thanks,
Tosh
Chief Tardis Technician
Join Date: Jan 2001
Location: Western Australia S31.715 E115.737
Age: 71
Posts: 554
Likes: 0
Received 0 Likes
on
0 Posts
Try this, but first do a google on se.dll and have a bit of a read.
this info should help.
Overview:
IEPlugin is an IE BHO that monitors web site addresses you visit, form contents and even your local file browsing! It also automatically updates and adds a few items to your favorites list. On top of this it will display ads when it finds certain keywords in your browser.
brought to you by: http://www.ieplugin.com
Destroy Autorun:
Delete the following keys
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion \Run\Win Server
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion \Run\Win Server Updt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Run\Win Server Updt [CWINDOWS\wupdt.exe]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ Run\Win Server Updt
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ Run\conscorr
Reboot your system then:
Make sure you click start --> Run and type in msconfig. Then select the startup tab. Any references to the processes below should be deleted
End Processes (may or may not exist):
extract.exe
se.exe
systb.exe
wdskctl.exe
wupdt.exe
winserv.exe
Unregister DLLs:
Tip: this is only a list of known files/locations. You will want to do a search by the name of the file to see if they're on your system.
A while back I wrote a guide to Register/remove DLL or AX files which you will need if you don't know how to unregister these files.
Each file is in several locations so you'll need to search for them and unregister + delete them in every location you find.
ieplugin.dll
se.dll
systb.dll
winobject.dll
. You could also obtain Hijack this and post a copy of the log here for analysis. Disable smileys first or the post will reject.
Good luck
P.S. ther are a few files to clear to get rid of this.
You could always install Firefox or Mozilla, and use these instead of IE, not affected by this stuff.
this info should help.
Overview:
IEPlugin is an IE BHO that monitors web site addresses you visit, form contents and even your local file browsing! It also automatically updates and adds a few items to your favorites list. On top of this it will display ads when it finds certain keywords in your browser.
brought to you by: http://www.ieplugin.com
Destroy Autorun:
Delete the following keys
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion \Run\Win Server
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion \Run\Win Server Updt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Run\Win Server Updt [CWINDOWS\wupdt.exe]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ Run\Win Server Updt
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ Run\conscorr
Reboot your system then:
Make sure you click start --> Run and type in msconfig. Then select the startup tab. Any references to the processes below should be deleted
End Processes (may or may not exist):
extract.exe
se.exe
systb.exe
wdskctl.exe
wupdt.exe
winserv.exe
Unregister DLLs:
Tip: this is only a list of known files/locations. You will want to do a search by the name of the file to see if they're on your system.
A while back I wrote a guide to Register/remove DLL or AX files which you will need if you don't know how to unregister these files.
Each file is in several locations so you'll need to search for them and unregister + delete them in every location you find.
ieplugin.dll
se.dll
systb.dll
winobject.dll
. You could also obtain Hijack this and post a copy of the log here for analysis. Disable smileys first or the post will reject.
Good luck
P.S. ther are a few files to clear to get rid of this.
You could always install Firefox or Mozilla, and use these instead of IE, not affected by this stuff.
Use Opera 8 or Firefox (personally I prefer Opera)
Been using Opera for years, never had a pop-up, and found it vastly better than IE in just about every way possible.
Join Date: Sep 1999
Location: Deepest Dark Afrika
Posts: 175
Likes: 0
Received 0 Likes
on
0 Posts
Well, just to balance things out, I vote for Firefox! And it's free too!
Seriously, the more I get to know Firefox, the more charmed I am - and once upon a long time ago I did actually give Opera a try ..
Seriously, the more I get to know Firefox, the more charmed I am - and once upon a long time ago I did actually give Opera a try ..
Thread Starter
Join Date: Jun 2003
Location: UK
Posts: 474
Likes: 0
Received 0 Likes
on
0 Posts
I'm trying to post a HijackThis log for this problem, but keep getting this message:
"Bulletin Message
You have included too many images in your signature or in your previous post. Please go back and correct the problem and then continue again.
Images include use of smilies, the vB code [img] tag and HTML <img> tags. The use of these is all subject to them being enabled by the administrator."
It's just a regular HijackThis log. What's happening?
Tosh
"Bulletin Message
You have included too many images in your signature or in your previous post. Please go back and correct the problem and then continue again.
Images include use of smilies, the vB code [img] tag and HTML <img> tags. The use of these is all subject to them being enabled by the administrator."
It's just a regular HijackThis log. What's happening?
Tosh
Too mean to buy a long personal title
You need to disable smilies in your post before posting, otherwise much of the log is accidentally automatically "translated" into smilie images.
Just check the appropriate box ("Disable Smilies in This Post") before clicking Submit Reply.
Just check the appropriate box ("Disable Smilies in This Post") before clicking Submit Reply.