re: belgiandip.com - Yet another person who needs help...
Sunday, May 2, 2004 at 11:44 am
Windows XP Annoyances Discussion Forum
Posted by Bri
(1 messages posted)
**WARNING: This file is long...I'm having a lot of problems...**
Hi everyone. About 3 days ago, I got the belgiandip worm/virus/whatever-it-is on
my computer, and I don't know how to get rid of it. I think my problem is a little
different than most people's.
First off, I didn't go to any unusual websites. I went to the sites I usually go
to and I got the bug. (Makes me wonder if someone jacked Google for a day.) And I
get the "belgiandip.com/go.php?1=002" popup when I OPEN Explorer, not when I close
it. Also, I don't get the pop-up the first time I open IE, but I do get the pop-up
everyday (I open IE about 5-10 times a day). To make things even more specific, I
usually get the pop-up when I turn off my pop-up blocker (so IE won't be blocked
from opening) and then re-open IE.
I went to all the various forums online, and I'm glad to see I'm not the only one
with this problem. But it seems like I AM the only person when it comes to a few
areas: My "belgiandip" problem was caused by WeRule, not Totempole. The day I got
the bug, I saw these weird files in the Close Program box (via Ctrl-Alt-Del): 3i,
BDL94126, 0021-BDL94126. I also saw Winoldap and Mshta the same day I got hijacked,
but I'm pretty sure those were always on my computer and the "belgiandip" bug corrupted
them a little.
I ran Ad-Aware, and it didn't find anything. So I MANUALLY deleted these files (based
on what forums like this one said): pup.exe, 3i.dll, 3I.exe, BDL94126.exe, 0021-BDL94126,
0.bat, silent.exe, CS4P028.exe. I never saw files that started with the letter "o",
so "over.exe" is ruled out. I also deleted the following files because they were
created around the same time as the highjack, had the notorious "64kb" filesize,
and shared the same icon as "pup.exe":
*CFGWIZ32 (this is supposedly a trojan horse!!)
*ERWVDRVS
*fjbg12nl
*Hb
*MVCOREW
*RYPT32C
*TEM0409S
*TIDIAGA
*WUPDMGR
Lastly, I MANUALLY removed folders from "C:\Program Files" that looked like spyware.
Some of the folders have been on my computer for a while, but they might have triggered
the attack: topMoxie, NewDotNet, NewtonKnows, scbar, Sprynet, Surf Safari, Grokster,
TimeSink, and Shareaza (I couldn't uninstall Shareaza!! It kept freezing!)
Should I have not deleted these things manually? All of these files are still in
the Recycle Bin, so do I restore them or delete them all together (maybe the worm
can still contact them in the trash)? And what the heck is a program called "MP_MMV.exe"
-- I can't delete it at all!
I know that Tucows.com is responsible for this -- but they are somewhat reputable;
they're a download site. Sites like CNET (or some other legit places I went to) linked
to them so I had to go to their site to download some legit programs. When I went
to tucows.com, could they have planted something time-activated on my computer and
it just decided to act up now????
Lastly, in the Add/Remove Programs area, what are "SMB OS" and "Search OS"? Are they
related to spyware? If so, can I delete them?
Please tell me how to get rid of this stupid "belgiandip" worm!!
-Bri
PS, Tucows (the creator of this) must DIE!!!!!
- Written in response to:
- re: belgiandip.com (Korben: Friday, April 9, 2004 at 7:41 am)
There are presently no replies to this message.
|
|
All messages in this thread [show all]
 |  | | | |  | re: belgiandip.com - Yet another person who needs help... (Bri: Sun, May 2, 2004, 11:44 am) |
| |
| |
| |
Return to the Windows XP Discussion Forum
|
|
