Guest Snowcrash Posted February 15, 2005 Report Share Posted February 15, 2005 This is a very deep rooted spyware What Is It? IEPlugin Removal - se.dll What Does it Do? IEPlugin is an IE BHO that monitors web site addresses you visit, form contents and even your local file browsing! It also automatically updates and adds a few items to your favorites list. On top of this it will display ads when it finds certain keywords in your browser. Quote Link to comment Share on other sites More sharing options...
Guest wirefreak Posted February 15, 2005 Report Share Posted February 15, 2005 http://toolbar.cc is the company doing this crap Quote Link to comment Share on other sites More sharing options...
Guest Guest Posted February 15, 2005 Report Share Posted February 15, 2005 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Win Server HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Win Server Updt HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Win Server Updt [C:\WINDOWS\wupdt.exe] HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Win Server Updt HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conscorr Reboot your system then: Make sure you click start --> Run and type in msconfig. Then select the startup tab. Any references to the processes below should be deleted End Processes (may or may not exist): extract.exe se.exe systb.exe wdskctl.exe wupdt.exe winserv.exe Unregister DLLs: Quote Link to comment Share on other sites More sharing options...
Guest Snowcrash Posted February 15, 2005 Report Share Posted February 15, 2005 You can use the Regsvr32 tool (Regsvr32.exe) to register and unregister object linking and embedding (OLE) controls such as dynamic-link library (DLL) or ActiveX Controls (OCX) files that are self-registerable. This may be necessary to troubleshoot some issues with Windows, Microsoft Internet Explorer, or other programs. It is also frequently used by program hacks. 1.) Copy the files you would like to register to [C:\WINDOWS\system32] 2.) Go to the command prompt Start --> Run --> cmd 3a.) To install/register the file type in: regsvr32 file.dll or regsvr32 file.ax 3b.) To uninstall the files type: regsvr32 -u file.dll or regsvr32 -u file.ax 4.) Some type of message should be displayed that says you successfully registered or unregistered the file Extra info: Regsvr32 [/u] [/n] [/i[:cmdline]] dllname /u - Unregister server<BR/> /i - Call DllInstall passing it an optional [cmdline]; when used with /u calls dll uninstall /n - do not call DllRegisterServer; this option must be used with /i More information @ MS Quote Link to comment Share on other sites More sharing options...
Guest Snowcrash Posted February 15, 2005 Report Share Posted February 15, 2005 Each file is in several locations so you'll need to search for them and unregister + delete them in every location you find. ieplugin.dll se.dll systb.dll winobject.dll Quote Link to comment Share on other sites More sharing options...
Luke_Wilbur Posted February 15, 2005 Report Share Posted February 15, 2005 According to Symantec here is what you can do Behavior Adware.IEPlugin is an Internet Explorer (IE) Browser Helper Object that monitors Web site addresses, content entered into forms, and local file names that are browsed. Adware.IEPlugin displays an advertisement when it sees a targeted keyword. It will also install a running process to update itself by contacting servers every few minutes. This adware may also add a few bookmarks to your Favorites menu. -------------------------------------------------------------------------------- Note: LiveUpdate virus definitions, which were released on December 10, 2003, may erroneously trigger a detection of Backdoor.Imiserv on files that behave in a manner similar to the behavior of files detected as Adware.IEPlugin. To correct this, virus definitions released on December 15, 2003 will detect such samples as Adware.IEPlugin. -------------------------------------------------------------------------------- Symptoms The files are detected as Adware.IEPlugin. Transmission Active-X, drive-by downloads, which may be on pop-up ads, install this adware. File names: Wupdt.exe When this adware is executed, the installer performs the following actions: Installs several files in the %Windir% folder. Starts a running process (usually Wupdt) that can make calls to various servers to update its code. Adds the value: "Win Server Updt" = "%WinDir%\Wupdt.exe" to the registry key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run May add the value: "Win Server" = "%WinDir%\winserv.exe" to the registry key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run Symantec Security Response has developed a removal tool for Adware.IEPlugin. Use this removal tool first, as it is the easiest way to remove this threat. The tool can be found here: http://securityresponse.symantec.com/avcen...er/FxIeplgn.exe The current version of the tool will have a digital signature timestamp equivalent to 16/12/2004 02:42 AM PST. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.