Unable to remove

Discussion in 'other security issues & news' started by miket, Aug 31, 2004.

Thread Status:
Not open for further replies.
  1. miket

    miket Registered Member

    Jun 9, 2004
    Hi All,
    I have found that the following replaces it's self multiple times in my registry "http://69-50-179-61/se-html" i am unable to find its origin in the registry and wondered if anyone new of a fix for it

    I have also found that the following regenerates itself also
    "c/wondows/sys32/ole32aut.vbe" this is usually in multiples of 3

    i found this info by useing the program called "highjackthis"

    Any suggestions gratefully received
    Mike Tennant o_O
  2. Blackspear

    Blackspear Global Moderator

    Dec 2, 2002
    Gold Coast, Queensland, Australia
    Can you take the following steps:

    Step 1. Install and run CWShredder (free) available here:

    Step 2. Install update and run Spybot Search and Destroy (free) – Spyware removal and protection, with registry monitor.

    Step 3. Install update and run Adaware (free) – Spyware removal. What Spybot Search and Destroy doesn’t pick up, this will.

    When your system is clean you may want to take a look here for further discussion on security:


    and here for more:


    Hope this helps…

    Let us know how you go…

    Cheers :D
  3. miket

    miket Registered Member

    Jun 9, 2004
    Thanks for the reply , and from an Aussie no less
    I am useing the following programs to try to remove
    2/ highjack this
    3/ browser high jack blaster
    4/ spyware blaster
    5/ cw shredder
    6/ sb search a destroy
    7/ trojan remover
    8/ spyware guard
    9/ registry mechanic
    10/ regedit .exe ( trying to find it manually )
    High jack this is the only one that finds it and by the way it also re-installs the /sys32/ole32aut.vbe all the time i'm betting its a program but i'll be stuffed if i can find it
    Miket :mad:
  4. snapdragin

    snapdragin Administrator

    Feb 16, 2002
    Southern Ont., Canada
    Hi miket, and welcome to Wilders. :)

    There is a backdoor trojan that creates the Sys32 folder in the Windows directory, then drops a .vbs file in the Windows\System folder:

    This may, or may not be what you are dealing with, but if you have not done so already, I would suggest a full system scan with an on-line antivirus scanner: Free Services

    You can also upload the 'ole32aut.vbe' file for a scan at one of these single file scanners to see if they identify it as infected:
    Jotti's Malware Scan.

    Since you have HijackThis, I would strongly suggest not fixing anything with it by yourself as most of what HijackThis lists is harmless and even essential to the safe operation of your computer. After you have followed Blackspear's suggestions above, and done an on-line scan, the next step would be to go to one of the sites that do HijackThis analysis and have one of the Experts experienced with using HijackThis, review your log to ensure your system is clean. If there is any malware files still there, they will recognize them and instruct you on the safest way to remove them. You can find a list of sites in this link: http://a-sap.org/

    Please let us know how it works out.


    Last edited: Sep 2, 2004
  5. miket

    miket Registered Member

    Jun 9, 2004
    Thanks for all the ideas and advice
    i used nearly all the programs on the site and finished up useing a program from "www.spywaredata.com" which involved an online scan this picked up a java thingy in the following
    "hkey_local_machine\software\m'soft\code store database\{CAFEEFAC-0014-0002-OOO5-ABCDEFFEDCBA} "
    i removed this and everything seem's to be ok and the entries are not re-apearing although i now have a problem with a thing dialing up my ISP as soon as i turn on the computer it's name seems to be "xadialup connection"
    any ideas on this one
    Again thanks for the help and assistance

    Mike T :D
  6. GlobalForce

    GlobalForce Regular Poster

    Jun 30, 2004
    Garden State, USA
    Hi Mike,

    Have a close look at this page and see if it parallels your issue. View the whole page and proceed carefully.
    Please keep us posted, OK.

    Last edited: Sep 8, 2004
Thread Status:
Not open for further replies.