downloader.dia.a

No alerts nothing ran AVG again nothing. Ran the fix, still the same problems. I dont know where to go from here, except to delete NPO and win32bl application and maybe run windows installer again........any ideas chaps

 

This file what you did send me is clean.
no viral code - it has not even a valid exe header.

 

Ok, let's try some things who can be causing an "invalid syntax error"

Can you try to give the exact error message you receive when you try to go online?

And check :

Click Start, point to Settings, and then click Control Panel.
Double-click Internet.
On the General tab, click Fonts.

What type is displayed there? And what language script?

Thanks

Cheers,

 

The exact error message is
The page you are tryingf to look of rmight have been removed or had its name changed.

At the very top of the screnn on the blue line it says
invalid syntax error


I tried to do what you asked, however i could not open the fonts tab!!!!

does that help(is this related to the inability to play sound files)

I think some files have been damaged? or maybe altered

 

Hi- i dont now if this info helps. it is the story how AVG detected "dia" how i ignored it, then ad-aware detected it, and i let ad-aware remove some 3 reg keys ect... then after the fact i read this other info on the net. maybe something there will help you?

ADLOGIX MALWARE delivered by a trojan in a file called test.ocx.
it apparently contained a trojan. i mistook it for the active x controls for an online virus scanner.

AVG anti-virus discovered it:
C:\WINDOWS\Downloaded Program Files\TEST.OCX - TrojanDownloader:Win32/Dia -> Infected

since i mistook it for part of the online viru-scanner, i did not remove it. then...

Ad-Aware discovered it:
AdLogix RegKey Malware HKEY_CLASSES_ROOT:CLSID\{F5192746-22D6-41BD-9D2D-1E75D14FBD3C}\ c:\windows\downloaded program files\test.ocx
AdLogix File Malware c:\windows\downloaded program files\test.ocx
AdLogix RegKey Malware HKEY_CLASSES_ROOT:TYPELIB\{7D49A157-A1EB-4538-8B0D-6AC430C92D0B}\c:\windows\downloaded program files\test.ocx
AdLogix RegKey Malware HKEY_CLASSES_ROOT:ddm_download.ddm_control\ ({F5192746-22D6-41BD-9D2D-1E75D14FBD3C})
AdLogix RegKey Malware HKEY_LOCAL_MACHINE:Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/TEST.OCX\
AdLogix RegValue Malware HKEY_LOCAL_MACHINE:Software\Microsoft\Windows\CurrentVersion\SharedDLLs\c:\windows\downloaded program files\test.ocx

naturally, i let Ad-Aware remove it.


Also,some guy on a BBS had this story:
O16 - DPF: {532217E3-860C-4EEE-8BBD-3F342DCD9AE9} (InPop.InControl) - http://adlogix.com/inpop/InPop.CAB

See:
http://www.net-integration.net/cgi-bin/for...=ST;f=32;t=7287
http://www.spywareinfoforum.com/index.php?sh...6782&hl=adlogix

This appears to be a recent one (unless I've been completely out to lunch).

InPop.CAB contains 6 files:

update.txt
InPop.ocx
IPU.exe
PHelper.dll
regobj.dll
InPop.INF

The installer (.INF) file is interesting as it contains the following line (right after the line to install the browser helper object):

HKCR,"Licenses",,,"Licensing: Copying the keys may be a violation of established copyrights."

This is puzzling: are they attempting to use copyright law to prevent folks from using information from the Reg keys they install to spread information about their application or target them for blocking or removal? Curious...

"I think my spaceship knows which way to go"
-David Bowie

 

what am i doing wrong with those links?

 

Nothing, HandsOff probably copied the text somewhere instead of the full links.

I'll see if I can found out where they lead.

brb,

Pieter

 

thanks again Pieter

 

That should be number one: http://forums.net-integration.net/index.php?showtopic=7287

The second one remains a mystery, but I found this one on SpywareInfo while looking for it: http://www.spywareinfoforum.com/index.php?showtopic=17019

Regards,

Pieter

 

notice you in one of the other forums!!!

Should i try the ie repair facility??

 

It's worth a shot.

Pieter

 

Unzy any idea why i cant click on fonts??
it doesnt do anything?

 

Guess what i found? an lsp.dll file . Removed it and i have my web access back!!!!

Still do not have any sounds though. Am going to try a few things, ie installing newest drivers for sound card... and reinstalling my realone player and windows media player.

I think some files have been corrupted, removed somewhere but not sure where from.
If anyone has any ideas it would be very much appreciated.

Thanks again!
Pieter and everyone else,thank you very much for your time

 

Good job JC so far

The lsp.dll should have showed in the HijackThis log though

I don't understand why lspfix or the other links didnt work

The sound is not the real priority, your webaccess is more important. You'll get the sound fixed eventually.

I have no idea why you wouldnt be able to check font settings in the IE general tab , unless there was some 06 control panel entry in the Hijackthis log as well

This is all very weird, almost sounds like a corrupted windows after some infection

Keep us posted

Cheers,

 

I think your right, i think ill try and install windows again.
Some other things of note

My sound card is working fine, i can play my mp3.s on another media player, but not on realone player or windows media player.
I uninstalled & re- installed realone, but to no avail, i keep getting a messaage that the player is being used by another process. Same with windows media.

I also get no noises, ie startup shut down, i have tried to play them and i get an error message that the files in C:\windows\media are missing or are corrupted.

Have tried copying the files across again but still getting the same message. Is it possible that files are actually missing that allow the playing of the said files?

It has been noticeable that some files have 'disappeared'............
Is there anything else i can run to see if theres some other infection?
Ill try and do a new log as well, this evening.

Guys once again thanks for all your help

 

Further to this i tried to run Scan disk last night(as i have a long file name error appearing during boot) and it said the scandskw.exe file was missing

 

OK, i have been through a few things on my Pc, and quite alot of things are missing , managed to copy quite alot across form my old hd. However i tried to run scan disk and my pc then says cannot hard drive has been locked!!!!!!!!!
I dont understand how it can be
then i tried to run setup.exe to run windows installer again. i get another message

"Setup could not check harddrive on pc. "
and then " Got to run Scandisk /All from command line in MSdos" or something similar....

Any ideas guys??Please

 

oh yeah, and i get an error message on startup that reboot.exe has failed

 

That's an easy one.
Have HijackThis fix:
O4 - Startup: Reboot.exe

Also please try this:
Start > Run > type or copy&paste sfc /scannow > OK

This should alert you to any missing, corrupted or outdated system files.
Have your Windows CD handy in case you are prompted for it.

Regards,

Pieter

 

thanks pieter, ill let you know how i get on

 

Gives me the following message

"the command line parameters are not valid. The following parameters are not recognized "scannow"

 

You did put in a space between sfc and /scannow ?

Regards,

Pieter

 

yes

 

ok for somereason my local settings file was moved to temporary internet files.

scannow now works but keeps defaulting to a file called precopy which contains the following
ksproxy.ax
ksuser.dll
msanalog.vxd
msjstick.drv
vjoyd.vxd

 

OK i ran sfc, didnt use the scannow instruction. However i cannot run my setup for win98, i keep getting the error message that the hard drive is locked?
I hope its not failing