Unable to remove

Hi All,
I have found that the following replaces it's self multiple times in my registry "http://69-50-179-61/se-html" i am unable to find its origin in the registry and wondered if anyone new of a fix for it

I have also found that the following regenerates itself also
"c/wondows/sys32/ole32aut.vbe" this is usually in multiples of 3

i found this info by useing the program called "highjackthis"

Any suggestions gratefully received
Mike Tennant

 

Can you take the following steps:

Step 1. Install and run CWShredder (free) available here:
https://www.wilderssecurity.com/showthread.php?t=14086

Step 2. Install update and run Spybot Search and Destroy (free) – Spyware removal and protection, with registry monitor.
http://beam.to/spybotsd

Step 3. Install update and run Adaware (free) – Spyware removal. What Spybot Search and Destroy doesn’t pick up, this will.
http://www.lavasoftusa.com

When your system is clean you may want to take a look here for further discussion on security:

https://www.wilderssecurity.com/showthread.php?t=45284&page=1&pp=25

and here for more:

https://www.wilderssecurity.com/showthread.php?t=43117

Hope this helps…

Let us know how you go…

Cheers

 

Thanks for the reply , and from an Aussie no less
I am useing the following programs to try to remove
1/adaware
2/ highjack this
3/ browser high jack blaster
4/ spyware blaster
5/ cw shredder
6/ sb search a destroy
7/ trojan remover
8/ spyware guard
9/ registry mechanic
10/ regedit .exe ( trying to find it manually )
High jack this is the only one that finds it and by the way it also re-installs the /sys32/ole32aut.vbe all the time i'm betting its a program but i'll be stuffed if i can find it
Thanks
Miket

 

Hi miket, and welcome to Wilders.

There is a backdoor trojan that creates the Sys32 folder in the Windows directory, then drops a .vbs file in the Windows\System folder:
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gool.html

This may, or may not be what you are dealing with, but if you have not done so already, I would suggest a full system scan with an on-line antivirus scanner: Free Services

You can also upload the 'ole32aut.vbe' file for a scan at one of these single file scanners to see if they identify it as infected:
Kaspersky
Jotti's Malware Scan.

Since you have HijackThis, I would strongly suggest not fixing anything with it by yourself as most of what HijackThis lists is harmless and even essential to the safe operation of your computer. After you have followed Blackspear's suggestions above, and done an on-line scan, the next step would be to go to one of the sites that do HijackThis analysis and have one of the Experts experienced with using HijackThis, review your log to ensure your system is clean. If there is any malware files still there, they will recognize them and instruct you on the safest way to remove them. You can find a list of sites in this link: http://a-sap.org/

Please let us know how it works out.

Regards,

snap

 

Thanks for all the ideas and advice
i used nearly all the programs on the site and finished up useing a program from "www.spywaredata.com" which involved an online scan this picked up a java thingy in the following
"hkey_local_machine\software\m'soft\code store database\{CAFEEFAC-0014-0002-OOO5-ABCDEFFEDCBA} "
i removed this and everything seem's to be ok and the entries are not re-apearing although i now have a problem with a thing dialing up my ISP as soon as i turn on the computer it's name seems to be "xadialup connection"
any ideas on this one
Again thanks for the help and assistance

Mike T

 

Hi Mike,

Have a close look at this page and see if it parallels your issue. View the whole page and proceed carefully.
Please keep us posted, OK.

GF