Bridge DLL error

Discussion in 'adware, spyware & hijack cleaning' started by zarzenz, May 16, 2004.

Thread Status:
Not open for further replies.
  1. zarzenz

    zarzenz Registered Member

    Joined:
    May 19, 2002
    Posts:
    449
    Location:
    UK
    My son has this intrusion on his XP laptop.

    For now I have disabled the startup reference to it so he can boot without the error... and also deleted the file in the downloaded folder.

    Will running Ad Aware clean it out completely and does this remove the 04 HKLM reference that always shows up in folks HijackThis logs who also have it, or can this be done manually without needing to use HijackThis if Ad Aware doesn't do this.

    I need to keep it simple for him as he doesn't live with me, or else I may need to spend some time doing a clean up for him if these methods don't work.

    I also see a reference to a system DLL to be removed... so I am guessing that this has to be done manually after un-hiding these files.

    Is this a serious threat... he seems to be able to use his system as normal at the moment as far as I am aware. It seems quite common.
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Hi zarzenz,

    Unfortunately AdAware does not remove the Startup entry. That is why you see so many posts about it. People don't notice they have it, until the file gets removed by one of their scanners and they get an error.

    Unchecking it in msconfig will do if you are sure the file itself is gone. (It is also registered as a BHO and will still be active that way if present)

    Regards,

    Pieter
     
  3. zarzenz

    zarzenz Registered Member

    Joined:
    May 19, 2002
    Posts:
    449
    Location:
    UK
    Thanks pieter,

    So should I find the system32 DLL and simply remove this as well and then leave well alone whilst he is able to use his pc ok now.
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Hi zarzenz,

    Remove the bridge.dll file and uncheck the line in msconfig pointing to it will only leave a few orphaned links in the registry that should bother no-one.

    Regards,

    Pieter
     
  5. zarzenz

    zarzenz Registered Member

    Joined:
    May 19, 2002
    Posts:
    449
    Location:
    UK
    Thanks Pieter,

    I've done some checking here since posting the above, and it's all been very interesting.

    I downloaded HijackThis and ran it on my system to see exactly what this little gem of a program actually does, and I'm very impressed... it's an excellent little utility.

    Anyway, because of my mind... and how I like to find stuff out for myself... I decided to see what exactly these 04 entries were all about.

    Quite simply, they appear to be a list of the startup entries that are found in msconfig... and are therefore easy to remove manually.

    I had to find out exactly how to navigate to the 04 locations, but they showed up in...

    HKLM\software\microsoft\windows\currentversion\ run

    So it would seem easy to lift the offending entry manually from there and then as you say take out the DLL fron the system32 folder, and that should do it.

    I wonder how this got on his system... he likes music sites a lot so maybe it was from one of those... anyway... many thanks for your help.

    I'll contact him later to see if he can do this himself... although I don't really want him doing stuff in the registry as he is not really technical as such, and also he may get mixed up with the system file if it needs un-hiding so maybe I'll do all this for him on my next visit in a few days time.

    Thanks again... this site is so amazing for sorting out all these problems... in fact it's indispensable really... cheers.
     
  6. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
  7. zarzenz

    zarzenz Registered Member

    Joined:
    May 19, 2002
    Posts:
    449
    Location:
    UK
    Hi Pieter,

    Thanks so much for that link there... really fantastic, and I'm gonna enjoy looking at this in detail now to see what this little nasty is all about.

    This kinda stuff is just what I like to get into, and extend my personal knowledge of such matters as best as I can, and with help from such dedicated people as yourself and others here, it is so much easier.

    Many thanks Pieter. :)
     
Thread Status:
Not open for further replies.