cancel
Showing results for 
Search instead for 
Did you mean: 
bear5
Level 7
Report Inappropriate Content
Message 51 of 54

Re: 113577url.cptgt.com

Jump to solution

I would try Super AntiSpyware the free edition. I am preety sure it took care of the problem. Make sure you get to the correct site, it took me several times to get there because of the hijacked issue.  Try  "ask search" that is how I got there.  After you download make sure you update before you run a scan. I wish you the best of luck. I will check back please update your results.

Re: 113577url.cptgt.com

Jump to solution

Just try these steps, I think if, these are working we can managed to use epo to remove them automatically.

Some  new malware/spyware program invaded one of my computers  today.  I say  new because it wasn’t detected by McAfee.  It took a bit  of time but I  managed to finally remove it.

One of the symptoms is on Google  searches it will redirect to  unrelated sites.  Sometimes it will popup  with audio or visual  advertising.  I noticed one of the redirected  searches went to  113577url.cptgt.com.

I’m sure all the  virus/spyware data files will eventually update to  remove this.  If it  doesn’t get removed for you on a scan then read on.   I will describe  how to remove this malware/spyware manually.  It will  take some  technical knowledge.  Also, proceed at your own risk.

  1. Go to a command prompt and cd into windows\system32.  There are 2 hidden DLL files which you need to remove: dot3wiz40.dll and rpcprov32.dll.    At least those were the filenames on my computer.  However, you won’t   know the files exists yet until you unhide them.  That’s the next step.
  2. Unhide  the first file with ”attrib -h -s dot3wiz40.dll”.  If you get  file not  found then either this is a different infection or the  filename is  something else (skip to step 4).  Otherwise, enter “del  dot3wiz40.dll”  to delete.  If it doesn’t let you delete, you should be  able to rename  the file by entering “ren dot3wiz40.dll dot3wiz40.tmp”.   That will at  least prevent it from loading again on a restart.
  3. Unhide the second file with “attrib -h -s rpcprov32.dll”.  Delete or rename as in step 2.
  4. If  the files were not found, go to Start > Run and enter  “regedit”.   Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows   NT\CurrentVersion\Windows.  Next, look for the name   AppInit_DLLs in the right pane.  The data associated with that should   have the 2 DLLs you need to remove.  Don’t bother deleting this data  yet  until you reboot as it will just get recreated.
  5. Once the files are deleted or renamed, restart your computer.
  6. You  can now delete the files if you renamed and also delete the  registry  entry if you want.  The main thing is to remove the files from  being  loaded again.  Open a web browser and click on some search  results to  verify they go to the right web sites.

Although the dll's name is not crucial, I think that the registry reference may be taken in high consideration ..

http://timback.com/

Message was edited by: Valeinrete on 21/12/10 06:32:22 CST

Re: 113577url.cptgt.com

Jump to solution

hi SinkingWaterBug... i have the same virus as you... it began just a couple days ago.  i use Symmantic Endpoint rather than McAffee, and my virus scans also come up clean.  using Windows Process Explorer (a more detailed task manager), i was able to see that a rundll32.exe process was spawning all my popups, and when i killed the process, i no longer had the popups.  i don't understand this well, and i'm not at the same computer right now to copy and paste things exactly, but the rundll32.exe process that was causing the problem was associated with the following...

c:\users\<myprofile>\appdata\local\temp\accutil10.dll

...something like the above.  when i browse to the temp folder, it's very difficult to delete the accutil10 folder (don't think i ever saw a .dll in Windows Explorer), but i managed to delete it eventually by booting in safe mode.  however, when i reboot, the folder is back, and i always need to kill the process upon boot up or i'll get those popups.  i don't know how i got this virus or how yet to get rid of it, or what accutil10.dll is as it could maybe be something that the virus is just using and not the virus itself.  thank you for starting this thread and if you figure out a fix, please let me know.

Highlighted
Fella1
Level 7
Report Inappropriate Content
Message 54 of 54

Re: 113577url.cptgt.com

Jump to solution

We are having the same problem at our house and started Friday or Saturday (Dec. 10 or 11).  I believe it came from Facebook, but it is on the computer my kids use, so I am not posative.  It did have AVG free on it for virus protection.  The virus seems to have killed AVG as it would not respond and could not be removed from the system through Control Panel.  I did finally remove it with a software tool from AVG to install McAfee.  Even after running the AVG removal tool and the system appearing to be clean, McAfee reported AVG still present on the install program.  I directed it to install anyway.  I ran a full scan with McAfee yesterday (12/13/10) after the install completed and it found some things but did not solve the IE popup problem.  Still working on a solution.  I see that I am not alone.

Message was edited by: Fella1 on 12/14/10 10:38:07 AM CST

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community