• Welcome to Valhalla Legends Archive.
 

Infection (tagpa.dll)

Started by j0k3r, June 16, 2004, 05:57 AM

Previous topic - Next topic
Print
|
Go Down Pages 1 2
User actions

iago

#15
June 17, 2004, 01:20 PM
Quote from: Eli_1 on June 17, 2004, 01:02 PM
- I hate the god damn banner at the very top.
I don't even notice it most of the time, you'll get over it.  Plus, it's a tiny banner, especially on linux :)

Quote
- I don't like how the page will load and then all the little pictures will start popping up everywhere. It reminds me too much of AOL. If the page isn't fully loaded I don't want to see it yet.  >:(
There's probbaly an option to turn it off, but, again, you'll get over it :)
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

Eli_1

#16
June 17, 2004, 01:54 PM
Quote from: iago on June 17, 2004, 01:20 PM
Quote
- I don't like how the page will load and then all the little pictures will start popping up everywhere. It reminds me too much of AOL. If the page isn't fully loaded I don't want to see it yet.  >:(
There's probbaly an option to turn it off, but, again, you'll get over it :)

Yea there was an option for it, thanks iago.
Tools -> Preferences -> Windows -> Redraw when loaded

muert0

#17
June 17, 2004, 02:05 PM
Offtopic but with that avatar you should only say angry things and he should have his finger in the air and be saying I'm doing this as hard as I can.:)

I guess I'll laso leave a list of tips and tricks for firefox:
http://texturizer.net/firefox/tips.html
Also, in your browser type about:config for an easy way to alter the configuration.
To lazy for slackware.

Hazard

#18
June 18, 2004, 09:54 AM
Did you ever get any help from anyone at the ComputerCops website jok3r?

"Courage is being scared to death - but saddling up anyway." --John Wayne

Grok

#19
June 19, 2004, 03:34 AM
FWIW, while I take reasonable precautions against virii, trojans, vulnerabilities, sometimes things get through.  When it happens, I always reformat and reinstall the OS, then restore my system from a clean backup, and roll forward with other installs.  It is the quickest, safest method that doesn't cost much in time or disk space.

You have to assume that once exploited, your system is their system.  There are too many places in MS Windows to hide things, and no one security system can find and identify them all.  That is why a good backup is your best protection.

j0k3r

#20
June 19, 2004, 05:17 AM
Quote from: Eli_1 on June 17, 2004, 01:54 PM
Yea there was an option for it, thanks iago.
Tools -> Preferences -> Windows -> Redraw when loaded
Thanks man, I'd never bothered going into there, turned off pop ups too.

Quote from: Hazard on June 18, 2004, 09:54 AM
Did you ever get any help from anyone at the ComputerCops website jok3r?
http://www.computercops.us/postp210740.html#210740
:-\

Grok -- The only things I care about are my music downloads and game files, because it would take about 10hours to re-download everything I have. Fortunately I did back them up and I buy all my games.

Actually, it'd be nice if I could save my computer and internet settings too, then reload them from CD, does XP offer this feature?
QuoteAnyone attempting to generate random numbers by deterministic means is, of course, living in a state of sin
John Vo

warz

#21
June 19, 2004, 10:56 AM Last Edit: June 19, 2004, 10:58 AM by warz
Well, I fixed this problem on my sisters computer. I'll tell you how I did it.
If I remember correctly, it keeps replicating itself with tons of random .dll files, and randomly named exe files. First, I deleted the .dll file that the IE browser uses as its homepage. Then, I deleted "C:\WINDOWS\system32\syssg32.dll {66EF0D72-55A0-257D-BE1E-869C17411C8A}", that file seemed to be the culprit of most of the replication, considering once I deleted it, nothing else ever popped back up. Then, I went into the C:\WINDOWS folders, and system32 folders, and had to deleted the randomly named dll and exe files that would be running in the task manager. Youll recognize them because they are randomly named, and around 4 letters long, and you won't know wtf they are :-P. Then I hit up the registry, and deleted a bunch of the entries that pointed to those file names. The keys i looked in were:
Code Select

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

and then the HKEY_CURRENT_USER equiv. of those keys also. After that it hasn't popped up again.

edit: after that I installed TCMonitor, moosoft.com, it's a great registry monitoring program.

j0k3r

#22
June 24, 2004, 05:50 AM
Well, I found tagpa.dll in the system32 folder and deleted it but I think it will come back, the rest of youre instructions (syssg32.dll, registry, 4 letter proccesses) didn't exist.

Right now I took what I did with my mail button and gmail, and applied it to the shortcut. It overrides the homepage and takes me where I told it to by adding the address of the webpage after the target path for the shortcut. I'm still getting the popups though and need to reinstall.
QuoteAnyone attempting to generate random numbers by deterministic means is, of course, living in a state of sin
John Vo
Print
|
Go Up Pages 1 2
User actions