Hangover from the spyaxe trojan

Discussion in 'Virus Information' started by nlscb, Jan 21, 2006.

  1. nlscb

    nlscb Guest

    I thought that I was able to get the spyaxe trojan off my computer, but
    it still tries to automatically install adobe acrobat 7.0 on my
    computer whenever I open IE. Is there a file that I can modify to get
    IE to stop doing this whenever it opens?
     
    nlscb, Jan 21, 2006
    #1
    1. Advertisements

  2. Hi there nlscb,
    The first question I would have to ask is this. What spyware/trojan
    did you have? The second question is this. Do you have Adobe Acrobat
    installed on that computer at all? Or even Adobe Acrobat Reader
    (although I'm not sure if this would produce the behavior).

    The reason I ask is, if you have Acrobat installed, then it will try
    to install a couple of buttons (BHO--Browser Helper Object) inside of
    Internet Explorer. That way, if you decide you want to create a pdf of
    the currenly viewed website, you can. It also provides you the ability
    to view pdf files inside of Internet Explorer, instead of it having to
    download a copy and open Acrobat.

    HTH.
     
    Patrick Dickey, Jan 21, 2006
    #2
    1. Advertisements

  3. Forget the first part of my question. When I read this, I thought it
    said the spyware trojan.
     
    Patrick Dickey, Jan 21, 2006
    #3
  4. Seem's like you have BHO extension in your computer that tracks your
    navigates and tries to download smthing for you. BHO are registered here:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
    Helper Objects

    You will see a list of BHO (their CLSID's) try manually rename each of them
    (don't remove, some of them might be usefull) and detect which is
    responsible for your problems.
     
    Scherbina Vladimir, Jan 21, 2006
    #4
  5. From: "nlscb" <>

    | I thought that I was able to get the spyaxe trojan off my computer, but
    | it still tries to automatically install adobe acrobat 7.0 on my
    | computer whenever I open IE. Is there a file that I can modify to get
    | IE to stop doing this whenever it opens?

    Please explain what you men by the above. Are you talking about the full installer of Adobe
    Reader or are you just talking about the ability to read a PDF from within IE ?

    Please full describe what's happening.
     
    David H. Lipman, Jan 21, 2006
    #5
  6. nlscb

    nlscb Guest

    When I open up IE or open a new window in IE, the gray box indicating a
    Windows installation occurs. It then says that it is beginning the
    installation of Adobe Acrobat 7.0, even though I installed Acrobat 7.0
    (full version, to creat PDFs) 9 months ago on my computer. I have to
    hit the cancel button about 4 times to get it to stop doing this.
    Before it finally stops, the same Installing Adobe Acrobat 7.0 gray box
    pops back up immediately. It does this immediately without asking my
    permission. I find this very annoying, and a little troubling. It
    makes me wonder what I might have missed in getting rid of the trojan.

    nlscb
     
    nlscb, Jan 21, 2006
    #6
  7. nlscb

    nlscb Guest

    he second question is this. Do you have Adobe Acrobat
    installed on that computer at all? Or even Adobe Acrobat Reader
    (although I'm not sure if this wouldt produce the behavior).

    Hey Patrick,
    I already have a Acrobat Standard (to allow me to generate PDFs) on
    my computer. I installed this over 9 months ago, well before I got the
    spyaxe trojan on my computer. I got those buttons that you described
    in the rest of MS Office 2000, but they never seemed to appear in IE
    from what I can see. After I got rid of spyaxe, I continue to have
    this problem where the gray installer box appears without my prompting.
    I have to hit cancel 4 times to get it to disappear.

    Sincerely,
    Niels
     
    nlscb, Jan 21, 2006
    #7
  8. nlscb

    nlscb Guest

    Dear Vladimir,
    Do these registered files have extensions that I can search for? I
    am having trouble finding the path you are describing? Is it normally
    hidden?

    Niels
     
    nlscb, Jan 21, 2006
    #8
  9. Yea, you see some "strange numbers" - GUIDS (Globally Unique IDentifiers),
    to search files you need to find corresponding entries in
    HKEY_CLASSES_ROOT\CLSID section. So, suppose, you have folloding BHO
    registered as:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
    Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

    You need to take this GUID - 06849E9F-C8D7-4D59-B87D-784B7D6BE0B3 and search
    it in the HKEY_CLASSES_ROOT\CLSID section, it's present on my machine at:

    HKEY_CLASSES_ROOT\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}.

    When you locate it look at subnode "InprocServer32", open it and you will
    see "default" value that contains path to dll. In my case this path is
    H:\Program Files\Acrobat Reader\Reader\ActiveX\AcroIEHelper.dll
     
    Scherbina Vladimir, Jan 21, 2006
    #9
  10. nlscb

    Malke Guest

    I don't think this has anything to do with the trojan. Try running the
    Windows Installer Cleanup Utility:
    http://support.microsoft.com/default.aspx?scid=kb;en-us;290301

    Malke
     
    Malke, Jan 21, 2006
    #10
  11. I would let it install. That's most likely what it's trying to do
    (install those buttons to IE).

    If you continue to get the installer after you let it go, then I would
    go to Adobe's support site for more help.
     
    Patrick Dickey, Jan 22, 2006
    #11
  12. nlscb

    nlscb Guest

    Thanks Patrick.
    I think that maybe the problem is that in resetting the computer, it
    may now be autoinstalling the "little buttons" that it didn't do the
    first time, when I installed Acro 7 about 9 months ago.

    Niels
     
    nlscb, Jan 24, 2006
    #12
  13. nlscb

    nlscb Guest

    Thanks! I'll give it a shot.
     
    nlscb, Jan 24, 2006
    #13
  14. nlscb

    Althorson Guest

    You need to delete all your temp files, use this
    Crap cleaner
    http://www.ccleaner.com/ then use this

    Windows Installer Cleanup Utility:
    http://support.microsoft.com/default.aspx?scid=kb;en-us;290301

    Or if you are bold just use the new beta which now includes a windows
    installer cleanup
    http://www.ccleaner.com/beta/





     
    Althorson, Jan 25, 2006
    #14
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.