Microsoft Windows XP Professional Logo
Posted on Jul 09, 2010
Answered by a Fixya Expert

Trustworthy Expert Solutions

At Fixya.com, our trusted experts are meticulously vetted and possess extensive experience in their respective fields. Backed by a community of knowledgeable professionals, our platform ensures that the solutions provided are thoroughly researched and validated.

View Our Top Experts

Redirct and error at 0x00000 when closeing IE or FireFox

I had Sysinternals Antivirus download and Malwarebytes found and removed it. However a lingering problem exists about redirect. Even with my browser closed Malwarebytes still shows that it is blocking attempts to contact my computer. Is is about 4 or 5 websites that seem to be blocked.

There also appears to be a false proxy being installed in the registry which after being removed from the registry is brought back on reboot.

Any suggestions please!

Answer This Question

2 Answers

Anonymous

Level 3:

An expert who has achieved level 3 by getting 1000 points
All-Star:

An expert that got 10 achievements.
MVP:

An expert that got 5 achievements.
President:

An expert whose answer got voted for 500 times.

  • Master 2,291 Answers
  • Posted on Aug 20, 2010
Anonymous
Master
Level 3:

An expert who has achieved level 3 by getting 1000 points
All-Star:

An expert that got 10 achievements.
MVP:

An expert that got 5 achievements.
President:

An expert whose answer got voted for 500 times.

Joined: Aug 13, 2010
Answers
2291
Questions
0
Helped
424856
Points
4304

U have to clean up ur registry, becuase registry is the main part of windows, windows crashes when there are errors in reigtry , u can use software tolls to clean up ur registry , reginout is a gud choice

Anonymous

Level 3:

An expert who has achieved level 3 by getting 1000 points
All-Star:

An expert that got 10 achievements.
MVP:

An expert that got 5 achievements.
Vice President:

An expert whose answer got voted for 100 times.

  • Master 428 Answers
  • Posted on Jul 10, 2010
Anonymous
Master
Level 3:

An expert who has achieved level 3 by getting 1000 points
All-Star:

An expert that got 10 achievements.
MVP:

An expert that got 5 achievements.
Vice President:

An expert whose answer got voted for 100 times.

Joined: Jun 13, 2009
Answers
428
Questions
1
Helped
189491
Points
1253

Well it is quite obvious however. I ll include manual removal instructions. Please follow the steps carefully.
There will be 2 executable files which are Sysinternals Antivirus.exe and svchost.exe. Svchost is invoked by the other executable. There may be another one named alggui.exe
You have to kill these two processes. First of all you have to do this:

  1. Start the Task manager by right clicking on the Taskbar.
  2. Go to Processes.
  3. Observe the processes.
  4. Right Click on processes and select End process for Sysinternals Antivirus.exe and alggui.exe. You will not be able to kill the svchost.exe however since there will be more than one and each represents a Valid system process. To find the exact process run by the file which resides in the "Program Files", I recommend you to use the Security Task manager for Windows.Here is the Link
  5. Use the tool and kill the exact process.
Locating malicious files. The list of files I have already mentioned. But there are more.
  • C:Program Filesskynet.dat
  • C:Program Filessvchost.exe
  • C:Program Filesalggui.exe
  • %UserProfile%DesktopSysinternals Antivirus.lnk
  • %UserProfile%Start MenuProgramsSysinternals AntivirusSysinternals Antivirus.lnk
  • C:Program Filesadc_w32.dll. You must unregister this. Otherwise it will run again.
  • C:Program FilesSysinternals AntivirusSysinternals Antivirus.exe
  • %UserProfile%Start MenuProgramsSysinternals Antivirus
  • C:Program FilesSysinternals Antivirus
  • In variants there will be additional files (Sysinternals Antivirus.exe adc_w32.dll alggui.exe extra1.dat extra2.dat nuar.old skynet.dat svchost.exe wp3.dat wp4.dat dbsinit.exe wispex.html ccsmn.exe ccsmn151.acf csmn151.ltd ccsmn151.lti ccsmn151_0.acb ccsmn151_0.aci ccsmn151_0.mt ccsrr.exe wmharun.log wmrun.log Sysinternals Antivirus.lnk)
You have to search and delete each and every file.
We have to set some additional things in order to see the Hidden and System files which are protected.
  1. Open My Computer.
  2. Go to Tools and then Folder Options.
  3. Click on View tab.
  4. Under the Option "Hidden Files and Folders", set it to "Show ..."
  5. Untick the "Hide Protected Operating System Files (Recommended)" as well.
  6. Now go to C partition and check whether you can see .sys and other hidden files including the System Volume Information folder. If so the procedure was successful. Otherwise you have to edit the registry or have to use the DOS command window to locate and delete these files.
  7. Use Windows search tool to search the files. Before searching set the More Advanced Options. Check for "All files and Folders". Drop down "More advanced options" and tick the Search System Folders, Search Hidden files and folders, Search Sub-folders options. Then do the search. If you find any file or folder you have to delete it. Before deleting, there is one more thing to do.
  • You have to stop the Startup Processes.
  • Click on the Start menu and hit on Run. Or type in Run if you have Vista.
  • Type in the Run box this. msconfig
  • Hit Enter.
  • Go to "Startup" tab. Examine the processes and remove the unwanted ones. You can browse for the valid ones.Specially note the Autorun.inf files. You must remove them if exist.Remember the path to each malicious file. Then uncheck the boxes. Hit Apply button. Then OK button.
  • Do not Restart the System when you have been asked.
Stopping the System Restore services
  1. Go to Properties of My Computer.
  2. Go to System Restore.
  3. Turn off.
Now you are ready to delete the files. Click on each file and Click SHIFT+DEL. Do not Right Click and Delete.
Alternative way if Hidden files and folders are now shown
  • Get the Run box again and type in cmd and press Enter.
  • Type cd and hit Enter.
  • Now you will be in the System drive (C: most probably)
  • You have to use: cd foldername to move within folders.
  • Example: Type cd program files and hit Enter to go in to Program Files.CD denotes Change Directory.
  • To change the Partition you have to type Partition: and hit enter.
  • Example: D:
  • Locate each file and delete Except the adc_w32.dll because we have to Unregister it.
  • Go to each location which I have included here as well as shown in the msconfig tool.
  • Then use DIR /a /q to get the list of files.
  • Type DIR /a /q and hit enter.
  • Note: Note the spaces.
  • Now if you see the files type this and hit enter.
  • attrib -s -h -a -r
  • Then type Del with the file name.
  • Example: Del alggui.exe
  • What the attribute command does is changing the File attributes to normal ( - is used to remove the attributes. S is for System, H is for Hidden, A is for Archive, R is for Read Only).
  • Make sure you go to Root of each partition and check for Autorun.inf files (There may be batch files as well - .bat files, exe files etc. Check whether they are valid executables using the browser)
  • Now that part is done!
Unregistering the DLL file before Deleting:
  • Get the Command Windows again using cmd.
  • Type in Regsvr32 /? and hit enter. If you get a Dialog Box that means its functioning.
  • If you do not have it obtain from here. Place the file in Windows/System32.
  • Type in Regsrv32 /u C:Pathadc_w32.dll and hit enter.
  • Path is the path to the file. It may be in the Program Files or Windows or WindowsSystem32. Use Search or Command Windows to find it. (Might be in the Startup in msconfig as well).
  • You can run this command without the Command Windows as well. Just enter it in the Run box and hit Enter. If you do properly it will show you a dialog box containing the Success message.
Contd...

  • Anonymous Jul 10, 2010

    Contd...

    Removing Registry Values:
    You have to delete these Keys:
    Delete registry values:
    HKEY_CURRENT_USERSoftwareSysinternals Antivirus
    HKEY_CLASSES_ROOTCLSID{149256D5-E103-4523-BB43-2CFB066839D6}
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{149256D5-E103-4523-BB43-2CFB066839D6}
    HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesAdbUpd
    HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun "novavapp"
    HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun "novavappr"

    There is a good tutorial of how to do that: Browse here. Hope you will be able to navigate to this site.
    Backup the Registry: Tutorial
    Remove each Value and Key (Delete).

    Now you can Delete the .dll file safely

    I Recommend you to perform this Operation in Safemode. Because then you do not have to Kill processes since Safemode does not invoke each and every Service and Program. It runs specific and limited number of Services

  • Anonymous Jul 10, 2010

    Please rate th answer if it helped you to solve the issue (with a testimonial).
    Feel free to ask anything related to this problem.
    Thanks for using Fixya!

×

Ad

3 Related Answers

Anonymous

  • 73 Answers
  • Posted on Feb 06, 2009

SOURCE: How i can block proxy on my mozilla firefox that mean i can hide

You didn't mention the version, but these links should help you do what you need:

http://ilias.ca/blog/2005/03/locking-mozilla-firefox-settings/

http://forums.mozillazine.org/viewtopic.php?p=2195752#2195752

Ad
efs_perpends

efs_perpends

  • 1997 Answers
  • Posted on Aug 20, 2009

SOURCE: All Browser URL's redirect to Tazinga.com

There is only one application I would recommend in a situation like this: Malwarebytes Anti-Malware, available here. (The installer is 3.7 MB, if you can send that great.) It has been proven over and over, and is one of the standard tools in use at many of the malware removal forums. I recommend your friend attempt to follow at least the first four steps of these malware removal protocols.
The preliminary steps will help to safeguard his system, and speed the scan. If he can't install MBAM for some reason, he can rename the installer and/or the mbam.exe file to get it to run.
Other good forums for help with malware are here, here, and here.
If the preliminary cleaning does not remove the malware, I suggest he open a thread at one of those forums and request guided expert assistance. With supervision, there are other tools that can work to remove insidious rootkits, etc. It sounds like he has some kind of browser hijacker, but it's hard to say what else. In any event, Erunt & MBAM is a good place to start. Tell him also to set a system restore point, but to use Erunt to do a full registry backup before he starts changing things, just in case he needs to revert back for some reason...
Good luck!

I hope this information allows you to resolve this issue. If you need further assistance, please post back with a comment to this thread.
If I've managed to answer your question or solve a problem, please take just a moment to rate this post....thanks!

Testimonial: "Perfect answer. Thank you!"

Anonymous

  • 10 Answers
  • Posted on Feb 18, 2010

SOURCE: Security Certificate Error: Not Trusted

It's because your system doesn't have the right time and date. Make sure that you have the right time zone and the automatic daylight change option activated as well, also check if your computer is on sync with an internet server, to do that just double click on the clock and a window will pop there you can do all those changes.

Add Your Answer

×

Uploading: 0%

my-video-file.mp4

Complete. Click "Add" to insert your video. Add

×

Loading...
Loading...

Related Questions:

0helpful
3answers

How can I delete Rocket?
First I will assume that you do not have a "Anti virus" or "internet security" program installed. Big mistake ! Search for "malwarebytes", You might be able to do this on your current systems IE. You will get a number of choices, select the free version. ( Cnet is one source). If you can download the program using IE , install on your desktop, install/run. If not then go to another computer (not infected) enter "malwarebytes" in a search engine. Download to a Flash drive ,insert the flash drive in your "infected system, download the program to the desktop, have internet access on , install/run Malwarebytes, it will go online for updates, then run a scan. Hopefully this will clean your "hijack Virus" . You can then set your home page to whatever is your choice. While on the other system, you can search for "Rocket Search", there are many sources of information, even a You Tube video. You should also download a very handy (free) removal program "Revo Uninstaller", excellent ! While repairing your system, get a FREE antivirus program installed. "Avast (AVG)", "Avira Free Antivirus 2014" are all highly recomended and will protect you in the future. If you get a popup in your future internet roaming, that promotes a free virus scan and repair download, GET AWAY from that ! They frequently are actually a virus of some kind.
Read full answer
Jul 06, 2014 • Mozilla Firefox
0helpful
2answers

How to remove/delete 'conduit.search.com'?
conduit.search.com is a adware.

I recommend that you install a good anti - Virus application and scan your computer.

For the time being you can use Malwarebytes. It works good for these Trojans. Please install it and then scan the computer. It would be better if you scan the computer in safe mode.

You can download Malwarebytes from:
http://downloads.malwarebytes.org/mbam-download.php

Additionally also scan the computer with Eset Online Scanner.
Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish
When the scan is complete
  • If no threats were found
    • put a checkmark in "Uninstall application on close"
    • close program
    • report to me that nothing was found
  • If threats were found
    • click on "list of threats found"
    • click on "export to text file" and save it as ESET SCAN and save to the desktop
    • Click on back
    • put a checkmark in "Uninstall application on close"
    • click on finish
    • close program
Read full answer
Jan 27, 2014 • Microsoft Windows 7 Ultimate 32 & 64 BIT
1helpful
1answer

Http 404 error, cannot get on line once shut down unless i restore
You can start by downloading MALWAREBYTES and running a Full scan: http://www.filehippo.com/download_malwarebytes_anti_malware/ If you haven't already also run a antivirus full scan with a good program that is up to date. If you have toolbars on your broswer, delete or disable them. Can you get online with Google Chrome? firefox? Opera? Pale Moon? Is the problem only with IE?
Read full answer
Nov 12, 2012 • IBM ThinkPad T43 Notebook
0helpful
1answer

Hp desktop keeps getting slower
It's probably got a virus. run a virus scan. Open your internet browser and go to google and type "download cnet malwarebytes" (without the quotes) in the google search. Look for the site download.cnet.com in the results and download and install MalwareBytes from there. be careful and watch what you click on because there will be some other junk that has a download button on cnet's site. Make sure you click the MalwareBytes download button. Once you download and install it, run a Quick Scan. If it finds infections the number of infections will be shown in red. When it finishes scanning click Show Results and a notepad will pop up showing you a text document of the results. You can close the notepad document. Now look at the malwarebytes interface and you should see an option to Remove Selected Results (they will already be checked for you). Click Remove Selected Results and when it finishes you will be instructed to click ok to reboot the machine. If you have Norton Antivirus or McAfee Antivirus remove them especially if you see the number of infections malwarebytes found. They are core hogs that will slow you to a crawl and not good at preventing viruses. Try one of the free antivirus programs such as AVG or AVAST. Download and install one of them after you ditch Norton or McAfee if you have them. Get this done and your system should perform much better.
Read full answer
Mar 20, 2012 • HP Computers & Internet
0helpful
1answer

Firefox error for a week (msg is below). IE works but how can I firefox? Unable to connect Firefox can't establish a connection...
Hi

You don't say which operating system you are using.

It sounds as if something has affected, changed or corrupted your Firefox Browser settings.

Uninstall firefox and all its components from add or remove programs > restart computer > use IE to log on and download and install the latest version of Firefox, watching out for any firewall permission boxes > test firefox and set it as the Default Browser, if you want to.

start > Control Panel > (Add or Remove) Programs > (uninstall a program) > highlight Firefox > Remove all its components > restart computer.

Remeber to regularly downlad and install upgrades, updates andsecurity patches for both browsers to protect from malware.

Download and install good Spyware and Browser protection software such as, for added protection:

Malwarebytes (www.malwarebytes.org)

SuperAntispyware (www.superantispyware.com)

I hope this helps.
Read full answer
Aug 26, 2011 • Yahoo Mail
0helpful
1answer

When i enter my use and pass,show this msg; web address couldent be found! what do i have to do?
Try to perform below steps:-
1. Check your internet connection and try to browse other websites like gmail, yahoo and see what is happening.

2. Update your antivirus and do a full scan of the system for any malware. You can download and install, update and scan with below antivirus if you don't have one:-
http://www.avira.com/en/avira-free-antivirus

3. Download, install, update and perform a quick scan using the Malwarebytes' Anti-Malware:-
http://www.malwarebytes.org/

4. Install latest flash player in your system by using below URL:-
http://get.adobe.com/flashplayer/

5. Try using some other browser if still not solved:-
http://www.mozilla.com/en-US/firefox/ie.html
Read full answer
Nov 27, 2010 • Facebook Social Network
0helpful
1answer

Why i can't connect in facebook using any browser?? in google chrome it says "Error 101 (net::ERR_CONNECTION_RESET): Unknown error"
Some sites attempted include: google.com, msn.com, engadget.com

I am confident the sites are up and running as I can open the same url within Firefox seconds later. Disabling the Web Filter on my Anti-Virus made no difference. I am Running ESet as my Antivirus.

Out of curiosity, I looked at the "LAN settings" under the Internet Properties / Connections tab and noticed that the proxy setting was enabled. I do not use a proxy from home. It was configured to point to the local host (127.0.0.1) on port 5555. I disabled the proxy setting and was able to browse without issue. Proxy setting is unique to Firefox and not shared with IE which would explain IE having issues as well.

Digging further I found that the "fake antivirus" application had created those settings along with some registry settings and dropping an executable on my system.

I found removal steps here: (3 sites)
http://www.2-viruses.com/remove-antivirus-live
http://home.mcafee.com/VirusInfo/VirusProfile.aspx?key=162747#none
http://www.threatexpert.com/report.aspx?md5=00d019a2de253f598105c86ca6d8aedb
Read full answer
Oct 26, 2010 • Lenovo IdeaPad S10 - 42312BU Notebook
0helpful
2answers

I have antivirus7 on my computor please help its blocking everything and not allowing me to do anything. The pop ups are driving me crazy please help
http://www.bleepingcomputer.com/virus-removal/remove-antivirus7

Go here to remove the virus, it works, my friend had a similiar virus in his comp last weekend and we used the same procedure and it worked, he was very happy, good luck!
Read full answer
May 27, 2010 • Sony VAIO PCG-K35 Notebook
6helpful
4answers

I have the 2009 antivirus virus which causes problems connecting to the internet
There is 2 option for you.
1 is download malwarebytes. just use the free version.

http://www.malwarebytes.org/mbam.php

2 is manually removing it. Dont try unless you know what regedit is

  1. Press Ctrl + Alt + Del then find and End the following processes:
    • av2009.exe
    • AV2009Install.exe
    • Antivirus2009.exe
  2. Delete the following files from your PC:
    • %UserProfile%DesktopAntivirus 2009.lnk
    • %UserProfile%Application DataMicrosoftInternet ExplorerQuick LaunchAntivirus 2009.lnk
    • %UserProfile%Local SettingsTemporary Internet FilesContent.IE5S96PZM7Vwinsrc[1].dll
    • %UserProfile%Start MenuAntivirus 2009
    • %UserProfile%Start MenuAntivirus 2009Antivirus 2009.lnk
    • %UserProfile%Start MenuAntivirus 2009Uninstall Antivirus 2009.lnk
    • c:Program FilesAntivirus 2009
    • c:Program FilesAntivirus 2009av2009.exe
    • c:WINDOWSsystem32ieupdates.exe
    • c:WINDOWSsystem32scui.cpl
    • c:WINDOWSsystem32winsrc.dll
  3. Click Start > Run, type regedit, Find and delete the following registry entries:
    • HKEY_CURRENT_USERSoftware
      75319611769193918898704537500611
    • HKEY_CLASSES_ROOTCLSID
      {037C7B8A-151A-49E6-BAED-CC05FCB50328}
    • HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows
      CurrentVersionExplorerBrowser Helper Objects
      {037C7B8A-151A-49E6-BAED-CC05FCB50328}
    • HKEY_CURRENT_USERSoftwareMicrosoftWindows
      CurrentVersionRun "75319611769193918898704537500611"
    • HKEY_CURRENT_USERSoftwareMicrosoftWindows
      CurrentVersionRun "ieupdate"

Read full answer
May 12, 2009 • Gateway 510 X (10272197) PC Desktop
0helpful
1answer

Internet explorer won't open
Sounds to me like a possible browser hijack. Do you only have Internet explorer? any chance you have installed the Firefox browser or Google Chrome? if you have a way to open up your internet

1) i would recommend downloading MalwareBytes and do a scan of your system, which you can get it from here: http://www.malwarebytes.org/mbam.php Click on the "Download" if you successfully download the application continue with the installation, after is done upgrading select 'perform full scan' and click scan, select any Hard drives that you have (do not select DVD/CD drives)

2) After the scan is done it will tell you if you have any malicious malware running in your system. Select the option to remove/fix the malicious files listed, it might ask you to do a restart to continue with the removal malicious content.

**
If you do not have firefox installed or any other browser besides IE please go to Task Manager (CTRL + ALT + DELETE) and please post a reply with all the processes running.
Read full answer
Dec 16, 2008 • Dell Dimension 8400 PC Desktop
Not finding what you are looking for?

View Most Popular

Windows XP Professional

  • Computers & Internet

Related Question

How can I delete Rocket?

  • Mozilla Firefox

Related Topics

140 views

Ask a Question

Usually answered in minutes!

Popular Questions

Dell Drivers XP drivers for vostro 1400 ..

Microsoft Windows XP Professional...

D:\ application can not run in Win32 mode

Microsoft Windows XP Professional...

Want to remove you may be a victim of software counterfeiting

Microsoft Windows XP Professional...

AVG Free install fails

Microsoft Windows XP Home Edition

How i can make xp proff service pack 2 bootable pendrive, cd,sdcard

Microsoft Windows XP Professional...

Check Out the Mobile Browsers Report
Check Out the Mobile Browsers Report

View all Fixya Reports

Top Microsoft Computers & Internet Experts

Grand Canyon Tech
Grand Canyon Tech

Level 3 Expert

3867 Answers

k24674

Level 3 Expert

8093 Answers

Brad Brown

Level 3 Expert

19187 Answers

Are you a Microsoft Computer and Internet Expert? Answer questions, earn points and help others

Answer questions

Manuals & User Guides

Loading...