Infection (tagpa.dll)

j0k3r · June 16, 2004, 05:57 AM

Before any of you suggest it, I'm not changing browsers.

Recently I clicked on a picture, and got f'ed over. My homepage is always set to (res://tagpa.dll/index.html#96676), I've used ad-aware, Norton, cleared all internet folders, and tried deleting it manuually, to no avail. I've also downloaded IE6SP1 and tried to reinstall, however while installing it says that it has not been logo certified by Microsoft (or something similar), I got it off microsoft.com. A google search came up with nothing on tagpa.dll.

Has anybody had any experience with this? Right now I'm looking towards a reformat, but wanted to know any other options so that I don't waste 10CDs backing everything up.

Hazard · June 16, 2004, 06:01 AM

I've had similar situations where something like that has happend to me but it was more of just a browser hijacker. I'm sure somebody has had your same problem and I think what you should do is make a log of your scan after you scan with a program called HijackThis (I don't have the link on hand) and then post it on the Computer Cops forums. More likely than not, they will be able to help you with your problem.

Eibro · June 16, 2004, 06:05 AM

Sounds similar to what happend to me. The dll name is random as far as I can tell. It's injected into explorer.exe-- to delete it you need to eject it, or kill explorer.exe and delete it. After that, ensure your winnt folder isn't shared (this was one of the side effects of the infection) and run through the registry and delete all references to the dll in HKEY_LOCAL_MACHINE & HKEY_CURRENT_USER \SOFTWARE\Microsoft\Internet Explorer. Finished? Now, switch browsers.

iago · June 16, 2004, 10:02 AM

My friend had a problem with an IE hijack, and nothing would solve it. Every time he uses his computer, it comes back. He runs some protection programs now, so every time it reinstalls itself he's instantly alerted. Fortunately, the only time he gets it is when IE is running, or something that uses IE is running (outlook, etc.). I convinced him to change browsers, and since he's been on Mozilla he gets it a lot less.

j0k3r · June 16, 2004, 11:01 AM

I found hijackthis... http://www.spychecker.com/download/download_hijackthis.html

Running it now, and posting on computer cops, thanks Hazard.

muert0 · June 16, 2004, 12:19 PM

You could also run your AV and spybot or adaware in safe mode. Or run trendmicro's housecall. http://www.trendmicro.com

Hazard · June 16, 2004, 03:08 PM

Quote from: iago on June 16, 2004, 10:02 AM
My friend had a problem with an IE hijack, and nothing would solve it. Every time he uses his computer, it comes back. He runs some protection programs now, so every time it reinstalls itself he's instantly alerted. Fortunately, the only time he gets it is when IE is running, or something that uses IE is running (outlook, etc.). I convinced him to change browsers, and since he's been on Mozilla he gets it a lot less.

I had the exact... same... problem. Something I did fixed it though, because it's gone now.

Hazard · June 16, 2004, 03:08 PM

Quote from: j0k3r on June 16, 2004, 11:01 AM
I found hijackthis... http://www.spychecker.com/download/download_hijackthis.html

Running it now, and posting on computer cops, thanks Hazard.

No problem, they'll help you out from here.

j0k3r · June 16, 2004, 08:34 PM

No reply after 7 hours... Decided I'd reformat. Checking out opera, maybe I'll try Mozilla too before I reformat.

l)ragon · June 16, 2004, 08:41 PM

Quote from: j0k3r on June 16, 2004, 08:34 PM
No reply after 7 hours... Decided I'd reformat. Checking out opera, maybe I'll try Mozilla too before I reformat.

Opera is great there's a few neat features in it, like the refresh timer among other things.

Stealth · June 17, 2004, 12:01 AM

Fox 0.9 is pretty slick.

j0k3r · June 17, 2004, 05:19 AM

There's a few things I'm not liking about it, like how there's an ad at the top, and the status bar at the bottom disappears when it's not in use, making the page look jumpy. It also looks a little bit different from IE, not sure what it is.

Edit: Ah, zoom was at 110%, and the advertisement at the top moves the page down a little bit, anyone know if it's possible to hack that out or get a keygen?

Edit2: I do like how it caches page in ram, so that the back button loads them isntantly.

iago · June 17, 2004, 07:38 AM

Quote from: j0k3r on June 17, 2004, 05:19 AM
and the status bar at the bottom disappears when it's not in use, making the page look jumpy

That's optional, I forget where the option is, though.

j0k3r · June 17, 2004, 12:04 PM

You can put it in the address bar, but I don't want it there.

Eli_1 · June 17, 2004, 01:02 PM

I just tryed Opera for the first time today. It's the first *non-EI* browser I've ever used and I love it.

Pros:
- It's very customizable.
- It's easy to install and use.
- I especially like how I can right click on just about any toolbar or button and choose to remove it.
- I also like this referrer logging feature iago told me about.
- Tabbed browsing is a god-send.
- I like how I can choose to have the browser load with no pages loaded.
- It's pretty.

Cons:
- I hate the god damn banner at the very top.
- I don't like how the page will load and then all the little pictures will start popping up everywhere. It reminds me too much of AOL. If the page isn't fully loaded I don't want to see it yet.

Infection (tagpa.dll)

Eli_1