Casinoplaza in Explorer.exe

Hi,
Somehow the following item keeps putting a shortcut on my desktop and an entery into my Win XP Prof internet dialer and it also trys to dial the number and causes me to get drop off/outs
The entry is as follows
C:\program files\internet explorer\iexplore.exe http://www.casinoplaza.com/index.php?sourceid=101969
And the phone dialer is as follows
name of "rst*.au" the no is 12345
I have tryed numeous spyware tools but nothing seem's to find it or remove it as yet i canot find any reference to it in REGEDIT
Has anyone got an idea on removal please ?
Mike t

 

Removal of "casinoplazza.com"

I have a problem with the above it places a shortcut on my desktop and inserts a dialer into my dial up area and causes dropouts
The location of it is
"program files\internet explorer\iexplore.exe" http://www.casinaoplaza.com/index.php?sourceid=101969

The dialer is this RST*.au the no is 12345
i have been unable to locate it useing "regedit"
can anyone offer another fix please

Mike T

 

Hi miket,

Can you see if you can find this file: C:\WINDOWS\hxdefdrv.sys ?
Let me know.

And try to keep all your posts on this subject in one thread by using the Reply button. Thanks.

Regards,

Pieter

 

Hi,
please pardon my ignorance, but where do i look,
and how or what program do i use to read it when and if i find it
should i be worrying if i cant find it ??

Mike T

 

Hi miket,

Use the Find/Files in Windows:
Start > Run > Find
I am looking for possible infections and what infected people have in common, so we can come to a solution that works for all.

Regards,

Pieter

 

Hi,
i was unable to find the suggested file , i told it to look in all files includeing system files and folders

Trend security finds it but is unable to quarantine it

Thanks Mike t

 

Can you give me the filename and the full path to the file Trend finds?

Regards,

Pieter

 

Hi Pieter,
Thanks for your time so far the registry add is as follows

"c:\windows\ system\d3dbpgk.dll "

I contacted Trend they suggested i look in this area and it was exactly where they said but i delete it and it returns , i have a feeling it is actually somwhere else and keeps dropping copies when it see's the entry has been removed , so far it hasn't done any damage that i can see but trend keeps flashing up alarms and this gets annoying and makes me wonder if its sending my info outwards

Thanks Mike t

 

Sorry that should read "c:\windows\ system 32 \d3dbpgk.dll "

 

Please surf to http://www.billsway.com/vbspage/ and scroll down to
Registry Search Tool
Download, unzip and run RegSrch.vbs
Copy and paste this in the dialog box: d3dbpgk.dll

After a while a prompt will come up. Click OK to write the results to wordpad and post them.

Regards,

Pieter

 

Sorry all i get is a HTML file not a program and it opens in an obscure editor i was trialing

Mike T

 

Try this link: https://www.wilderssecurity.com/attachment.php?attachmentid=137409

Rightclick and choose Save as ... if necessary.

Regards,

Pieter

 

sorry if i am annoying you

i can still only get the html file

i recently removed Java runtime files could this be a problem ??

mike t

 

I think that "obscure editor" you were trialing has taken over some file associations it shouldn't have.

Can you see if uninstalling it fixes it?

Regards,

Pieter

 

Hi,
I have no hair left my eye's are going funny , I Give Up

Looks like a 40 Gig re-format for me Like i really need this

Thanks Mike T