PC user here.

I just found out how evil kazaa was- a friend said I'd love it, and needless to say, I'm not talking to her anymore- teaches me to trust people.

Anyway, I'm having problems REMOVING kazaa. The B3DKiller claims that I'm missing a .dll file... it's driving me nuts, since that annoying purple "connect" thing that's appeared whenever I sign on since I've signed up with Kazaa WON'T GO AWAY. My net connection is slower by the day, and... well, I'm sure you know. I tried the standard CTRL+ALT+DEL to see what programs are running, and it says nothing is, but I see the purply icon there.... and I can quit or shut it down.

I'm desperate... any idea? Or had kazaa won the battle?

~ Aishuu
???

Have you tried running AdAware on your system?
You can find it from this very site, try here http://www.wilders.org/downloads.htm look under the Lavasoft section.

Try running this and keep us informed.

By the way it sounds as if you have Kazaa set to run at startup,it might be worth checking your startup list to disable it.

Start>Run> type Msconfig>Startup tab, untick anything relating to Kazaa

And what is in the Add/Remove programs or the program folder of Kazaa itself?
Did you remove it from there and reboot of course?
If you started removing it, of course B3DKiller won't find a missing dll to remove so that's ok.
What Tinribs says to get it out of the autostartup files.
Not sure about the slowing down, are you getting lot of stuff in or are people connecting to you to grab yours?
Not sure what a firewall does here, as you're part of the network yourself, giving some access permissions.
Not sure if your caches collect extra much garbadge and manual cleaning might help a lot, those things.
Was Kazaa showing up in cont+alt+del before your halfway
uninstall?
What happens when you click the icon, is there still a program behind it?
You are not running Windows ME are you with the system restore happily putting it back (but not complete it seems)

There is a Kazaa light version, without the spy part in it and true or not true Kazaa would have told the spying would no longer be part of their official version too (i don't know, others do).
Anything more wrong? Don't let a software come between a good friendship.

Let's start by having a look at your Startups;

Download StartupList 1.30 at http://www.lurkhere.com/~nicefiles/index.html

Doubleclick it, and it will generate a text file that will list all running processes, and all applications that are loaded automatically when you start Windows.

Go to Edit > select all, copy it and please post the contents here.

Also do this:

Download BHODemon (http://www.definitivesolutions.com/bhodemon.htm), launch the program, and tell us what BHOs it detects.

:o

This is so not good.

I heard there was a virus going around from the comp expert at work- we're newspaper, though, so we use Macs... wasn't sure if it'd affect PCs... The virus was called WTC Survivor. Now I know I didn't open it, but my mother will open anything with WTC in front of it, even though I gave her the lecture about forwards..

Apparently, I'm missing a neccessary .dll to install StartupList 1.30 ... now I'm in deep and sinking faster. Anyway I can salvage this? This is the second .dll I've noticed missing... should I just reinstall all my hardhare?

Note: I already have Adaware and run it weekly.

~ Aishuu

Don't panic, this is no big deal.

You're probably missing msvbvm60.dll.

Download the MS visual basic 6.0 runtime files (http://download.microsoft.com/download/vb60pro/install/6/Win98Me/EN-US/VBRun60.exe)

Just doubleclick after downloading, and let it install.
Reboot, and you'll be able to run the list.

Chill! :D

WTC Survivor could hardly have caused your problems since it is a hoax: http://vil.mcafee.com/dispVirus.asp?virus_k=99245 and http://www.symantec.com/avcenter/venc/data/wtc.survivor.hoax.html

Regards,

Pieter

-{ Quote: " quoting: TonyKlein link=board=18;threadid=3649;start=0#24548 date=1032019406]
Don't panic, this is no big deal.

You're probably missing msvbvm60.dll.

Download the MS visual basic 6.0 runtime files (http://download.microsoft.com/download/vb60pro/install/6/Win98Me/EN-US/VBRun60.exe)

Just doubleclick after downloading, and let it install.
Reboot, and you'll be able to run the list.

Chill! :D
" }-

That is correct - sorry for my late reply.

The missing dll error is probably for the VB 6 run-time files. Just download them at the link posted above, and you'll be able to run B3DKiller.

You may also want to download Ad-Aware or Spybot S&D to get rid of all the other spyware KaZaA installs.

-Javacool

I agree! :)

If I may be finicky, what I always advise is take a look at the startups first, then disable any dubious entries, and reboot before running Ad-Aware or Spybot.

They do a more thorough job that way.

Cheers,

You're all being so kind- that missing .dll file fixed the problem with the BDB killer and the start up. I ran the killer, and that purple thing IS STILL THERE.

WTC is a virus? I will be having a chat with our comp expert- he handed it out through the whole building via hardcopy... ><

Suggestions? Ideas?

~ Aishuu



StartupList report, 9/14/02, 9:20:01 PM
Detected: Windows 98 Gold (Win9x 4.10.1998)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\DELFIN\PROMULGATE\PGMONITR.EXE
C:\PROGRAM FILES\AIM95\AIM.EXE
C:\PROGRAM FILES\CHECKIT\UTILITIES\TOOLBOX.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\MY DOCUMENTS\DOWNLOAD\STARTUPLIST13\STARTUPLIST.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
CheckIt ToolBox.lnk = C:\Program Files\CheckIt\Utilities\ToolBox.exe
Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
TaskMonitor = C:\WINDOWS\taskmon.exe
SystemTray = SysTray.Exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
PromulGate = "C:\Program Files\DelFin\PromulGate\PgMonitr.exe"

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

AIM = C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\SYSTEM\MSHTA.EXE "%1" %*

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components

[{89820200-ECBD-11cf-8B85-00AA005B4383}]
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {89820200-ECBD-11cf-8B85-00AA005B4383}

[PerUser_LinkBar_URLs]
StubPath = C:\WINDOWS\COMMAND\sulfnbk.exe /L

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C}

[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
StubPath = C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl

[{7790769C-0471-11d2-AF11-00C04FA35D02}]
StubPath = "C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=Explorer.exe
SCRNSAVE.EXE=

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:

[Rename]
NUL=C:\WINDOWS\TEMP\ADWARE\WEBINSTALL.EXE

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------
End of report, 5,578 bytes
Report generated in 0.685 seconds

StartupList version: 1.30.0
Started from: C:\MY DOCUMENTS\DOWNLOAD\STARTUPLIST13\STARTUPLIST.EXE

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

Did you run an AntiVirus and Trojan scan?

tapisrv.exe and rnaapp.exe could associate with Trojan!


Technodrome

I'm guessing the "purple thing" is a program named "Bonzi Buddy".

Ad-Aware and Spybot S&D should detect it...

-Javacool

Still there.... I ran Ad aware for the fifth time, Kaspersky, Spybot search and destroy, TDS-3... All of them claim nothing is wrong.... but I have this purple thing which I know doesn't belong there.

It only appears when I connect to the net...

Any other programs I should try? I really appreciate your help- my comp is running more smoothly, but that purple thing is annoying me.

~ Aishuu

Can you post a screen shot from that "purple thing"?

regards.

paul

This may sound too simple, but go to control panel -> add/remove programs, and see if there's anything suspicious or plain unknown listed there.

This may sound too simple, but go to control panel -> add/remove programs, and see if there's anything suspicious or plain unknown listed there.

I can almost guarantee the "purple thing" is Bonzi Buddy.

Am I correct that its a purple ape/monkey that tries to talk to you and/or offers to help you search, etc on the internet?

If so, you should be able to remove it by searching for "Bonzi Buddy" in Add/Remove programs.

Hope this helps.

-Javacool

Complete removal instructions for this "ape" can be found at: http://www.pchell.com/support/bonzibuddy.shtml

Regards,

Pieter

Checkout, you're a genius. It says I STILL have Kazaa Media Desktop. And no, the purple thing doesn't do anything- just shows up on my taskbar, and says it's connected to the net, which worries me...

*tries to keep from screaming* Why won't it GO AWAY??? I've USED all of the above listed... is it destined to haunt me for eternity?

And how do I take a screenshot? I've never done it before.

~ Aishuu

BonziBuddy has a banana icon in the systray when playing, not his purple ape face. Former versions might have had or the detop icon. Starting it, it would give you a swinging purple ape over your screen doing all kinds of things.

If he's on your system, there is a folder on your system in windows\msagent
hars in which he is as bonzi.acs
And in program files\BonziBuddy or such a kind of name.
Once msagent itself is installed on a system, it can't be removed completely but for bonzi you might be able to uninstall his desktop service programs.

I don't think it was bonzi as he was not in the startup programs, nor the additional descriptions, and if he had been in the contr+alt+del you would have seen such a name.

I never installed kazaa so i don't know the systray icon of that, and visiting their web site i did not see any purple colored logo of t too.

For screenshots you might like the Traction Screen Grab Pro which is the easiest and free http://www.traction-software.co.uk/screengrabpro/
Start the , press F8 and get the part you want, save with a name you can remember and paste it here in the forum.

Had to edit this as my posting became damaged while somebody else was posting in the tread and my former repair of it was lost with the next person posting :)

Your screenshot is thre in the meantime: you see, nothing like bonzi in that :)

Wonder HOW you uninstalled Kazaa, with add/remove?

-{ Quote: " quoting: Jooske link=board=18;threadid=3649;start=15#24678 date=1032128910]
BonziBuddy has a banana icon in the systray when playing, not his purple ape face.
" }-

My apologies - I haven't really installed the latest versions of Bonzi Buddy ;D (because it always seems to infest the system in every way possible).

-Javacool

Okay, I think I managed a screenshot... this is my bar: see that purple thing? I WANT IT GONE!!!

~ Aishuu

Bizarre. I thought of one other thing - have you run sysedit and taken a look at the sys.ini file for example? If there is a line there with the words "kazaa" or anything similar - back up the file first, and then just zap that line and save. and reboot.

Another thought - go to System in the Control Panel. Then look at the Device Manager tab. Look in "Network Adapters", "Other Devices", and maybe even "System Devices" (wouldn't hurt)....see if there is anything strange there. Do you dial-up or are you using a broadband connection to the net? If using dial-up, also go to "Dial-Up Networking" and see if there is anything under properties there that looks funny.

That screen shot looks like a purple megaphone maybe? When you click on that does anything come up?

John
Luv2BSecure

The System in the control panel looked normal. I even went to remove Kazaa from the control panel (very bad, I know) and I got an error message. cd_clint.dll was the errored file.

:-\ This is getting very frustrating. I had heard kazaa was evil... I had no idea it was satanic.

~ Aishuu

Found this on the net.....I have no way of knowing how savvy you are with computers, but here is a list of what "belongs" to Kazaa:
C:\Program Files\Kazaa\
C:\Windows\Start Menu\Programs\KaZaA\
C:\Windows\Desktop\Kazaa Media Desktop.lnk
C:\Windows\Desktop\My Shared Folder.lnk
C:\Windows\Desktop\Kazaa Promotions.lnk
HKEY_CURRENT_USER\Software\Kazaa
HKEY_LOCAL_MACHINE\Software\Kazaa
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\KaZaA Media Desktop_is1

Obviously the easiest way to fix the registry entries is to go to "run" from the start menu and type in "regedit"....go to "EDIT" and "FIND" and type in Kazza. Normally I wouldn't suggest a manual regedit unless I knew you knew what you were doing. But, in this case, do the above and anywhere it says "Kazaa" - DELETE. Then hit "F3" to continue searching for more Kazaa entries until you have cycled around.

All of the above and all everybody else has suggested is all I can think of. Good luck and let us know how it goes.

John
Luv2BSecure

My computer skills? I know enough to be dangerous, as I like to say. I am very good at file management (run a company of 50's organizational system), can make the Microsoft programs dance, and am a quick study with most other informational programs- in other words, I'm a user, not a programmer.

I manually removed those kazaa files I could find, but for some reason, my system didn't have the same organizational system. Don't ask why- I think it may be because my uncle is a programmer and he set it up. Unfortnately, he's out of contact at the moment. I did a find, and nothing else came up kazaa.

Here's my current run list and I don't see kazaa but that purple thing is still there... Any more ideas, or should I just call it quits? I can track down and mannual delete anything that looks like it doesn't belong, but... that kinda scares me. For some reason, Adalert and spybot didn't grab kazaa for me, so I'm wondering what ELSE they missed.

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\AVPCC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\DELFIN\PROMULGATE\PGMONITR.EXE
C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\AVPCC.EXE
C:\PROGRAM FILES\CHECKIT\UTILITIES\TOOLBOX.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\AVPM.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\MY DOCUMENTS\DOWNLOAD\STARTUPLIST13\STARTUPLIST.EXE

~ Aishuu

Good you found the regkey already John and description about the find and delete there.

And with all you've been trying, is the system still slow?

No other trojans, TDS or other found nothing of the like?

Sometimes a program mixes with another program which it has nothing to do with at all and forces us to uninstall the other and after uninstalling the one we really want to be rid of, we have to reinstall the second one we want to keep. Could be something like that has happened.
So if the regcleaning and finding files does not help, ...

I always like to look deeper with Faber Toys (free) www.faberbox.com to all what is running and dll's and all that belonging to each process. Might give light in the situation?

Did you initially remove the files manually, and not use the uninstall option or add/remove first? Then there can be still be files left everywhere with names you don't recognize immediately, and entries in sys.ini and win.ini maybe even.
(see explanation how to handle with those in the other posting above)
In some cases to have everything it can help to install the program again, and after uninstall in the proper way via uninstall or add/remove and after go through the registry and files hunting. How about that option?

-{ Quote: " quoting: aishuu link=board=18;threadid=3649;start=15#24674 date=1032124741]Checkout, you're a genius." }-
Ah, if only! I hope it helps you eradicate this beast.

*sighs* I'm actually getting kind of amused by this- if it's stumping you guys, it means it's not because I'm simple.

No, I tried to uninstalled kazaa properly. I never manually remove anything except word docs, txt files, Quark files, jpegs, or other things I create personally. Messing with the system is best left to people who know what each file DOES rather than people like me, who use those files to create things. Then I tried to kill it with ad alert, then spybot, before I got the kazaa killer working, and none of them has come through.

My system is connect to a 56K, so I'm not sure if it's slow or not, though it was finicky in word yesterday until I restarted after I performed a scan. I think one of the new programs (possibly Kaspersky since it's SLOW and seems to have a long running time- I'm not fond of that virus scan- I'm think of investing in Norton's since apparently it's the best-known and most people I know use it) glitches word- it freezes it, then types in lwhatever I entered later- it's only a few seconds delay that most people would shrug off, like an AIM delay, but since I need to do so much Word processing, I can't tolerate ANY Word malfunctions.

Aside from that, everything is ok. I just have that purple thing on the bar- it's not sucking up my connection anymore, and even if it were, I'd put up a better firewall. I'll be getting a cable modem later this month (live in the middle of nowhere so it took forever for them to wire this area or whatever they had to do) so that should compensate.

Still, I'll download that fabertoys and see what it does. I think I know enough to follow it, though it looks for serious users- which I am not. I'm a dabbler.

~ Aishuu

I've never seen that one before. Are you running a firewall ?
If so, check the "apps" that are running or are connected while online ! Look for something unfamiliar !
Hope this helps !!
bill ;)

hi

sorry to hear about ya troubles i got an idea that migth help try this

http://www.karenware.com/powertools/ptbrowse.asp

its a free lil app that shows ya every file on ya comp when it was created what created it and and what app it belongs to and why it was created

also if ya want to run a striped out crapware free version of kazaa kazaa lite here is where it can be found

ADMIN edit The link has been removed. I don't mean to be a jerk, spyware does suck, but if you don't like spyware then don't use Kazaa. This board cannot condone the use of software in such a way that it violates its EULA or any laws.


juging from ya screen shot it looks like ya got some sort of bogus dialer software installed happens to me all the time all

have ya tryed lookin at internet options/conections tab and in my computer/dialup networking folder

if all eles fails and its really buggin ya that much reformat ya harddrive and reinstall ya os and this will undo everything thats gone wrong on ya comp and set it back to factory settings

let me know how ya get on

I've looked through everything, current programs that are up... yadda yadda... and according to it, it SHOULDN'T be there.

I'm stumped.

I think that... getting mixed in with someone else suggested is most likely.

Well, I'm getting a BRAND NEW computer in January. I won't be transfering any of my hardware (just a few word files... which I save on disk, anyway!) so as long as this doesn't crash until then....

I think I must conceed defeat. Though it IS annoying. I think I'll head over to the... Ten Forward...? is that the random chat?? around early December and see what people recommend to start of right. New System... should set up right!

Though it is against my nature to give up, I refuse to bang my head into the wall on this anymore. I've spent at least... 10 hours trying to debug this.

~ Aishuu