| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 81806 | 2007-08-07 23:59:00 | IS THIS SPYWARE/NASTY? | denisegun (9804) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 577985 | 2007-08-08 17:05:00 | I've just had a blonde moment! Why don't I just do a system restore from any time before I saw this goddamm window? Will it work?It's worth a try. | Greg (193) | ||
| 577986 | 2007-08-08 20:30:00 | I've just had a blonde moment! Why don't I just do a system restore from any time before I saw this goddamm window? Will it work? I wouldn't. You may have had spyware then too and when you do a restore it brings it all back. Just remove the thing manually: Installation: File: NPND2FN.DLL Hash: f217630186f9991ee4c1df3cb23fda2e File: N2PLUGIN.DLL Hash: e03ca7d18a3f2073cdd7da483df6127a File: ND2FNBAR.DLL Hash: a2799fc1585474709d8eb2629552e926 This adware application may get bundled with file-sharing application like kazaa. Upon installation of this adware application the following changes occur in the user's system. The following toolbar is installed: ND2FNBAR.DLL is installed as Browser Helper Object. The following directories are created: %Program Files%\Need2Find %Program Files%\Need2Find\bar %Program Files%\Need2Find\bar\Cache %Program Files%\Need2Find\bar\History %Program Files%\Need2Find\bar\Settings The following Registry keys are added: HKEY_CURRENT_USER\Software\Need2Find HKEY_LOCAL_MACHINE\Software\Need2Find HKEY_CLASSES_ROOT\Need2FindBar.SettingsPlugin HKEY_CLASSES_ROOT\Need2FindBar.ToolbarPlugin.1 This application is an Error Page Hijacker. Error Page Hijacker is an application which resets internet explorer’s settings to displays a new error page when the requested URL is not found. Take all those files and reg entries out, do it in Safe Mode. |
pctek (84) | ||
| 577987 | 2007-08-08 20:51:00 | Okay - done that. BUT guess what I found in programs? Need2findbar!!! When I click to remove I get: Error Loading C:\PROGRA~1\NEED2F~\bar\1.bin\Nd2fnBar.dll The specified module could not be found What the ??? is all this? Sounds like its been removed, these are just the remnants of it, since that dll couldnt be found. |
Speedy Gonzales (78) | ||
| 577988 | 2007-08-08 20:53:00 | I don't think Denise's Hijackthis entries relate to the Howstuffworks episode. What ever she's found was already there. |
PaulD (232) | ||
| 577989 | 2007-08-08 22:33:00 | Sounds like its been removed, these are just the remnants of it, since that dll couldnt be found. Cheers Speedy. Shut down last night and ran all the checks this morning and can't find a trace anywhere thank goodness. Think we might have cracked it. Thanks heaps. |
denisegun (9804) | ||
| 577990 | 2007-08-08 23:51:00 | Could you please not be so lavish with the praise or speedy might think he is good enough to go and help Mr Gates and leave us poor mortals who need him a WEEE bit | kjaada (253) | ||
| 577991 | 2007-08-09 00:15:00 | Too late he's already booked the flight :D | intel hunter (6666) | ||
| 577992 | 2007-08-09 00:29:00 | I guess thats why he has not been on here much lately,probably packing. DAMN |
kjaada (253) | ||
| 577993 | 2007-08-09 01:41:00 | I don't think Denise's Hijackthis entries relate to the Howstuffworks episode. What ever she's found was already there. Yes. Exactly. She was hijacked already. |
pctek (84) | ||
| 577994 | 2007-08-09 08:45:00 | Yes. Exactly. She was hijacked already. How so? I update AVG every day. I run Adaware all the time. Don't go to "no go" places. How does this happen to us mere mortals? |
denisegun (9804) | ||
| 1 2 3 4 5 6 | |||||