Jump to content

MSG118.dll


NurFACE

Recommended Posts

Trying to get rid of this pest. I started to go to backup but rather just fix this bug spyware. Norton got this message popup also apropos_client_loader.exe and WebInstall.exe both are download trojan. I'm starting to think no one is using my computer but since I put my son on restriction I believe he is culprit. Password to log on for users on my machine for now on. My better half always complains about why I have to use password to log on to my account, well since she doesn't have to fix this computer I will ask her to quietly place lips together when it comes to my pc. I tried running spybot and lava soft guess what no fix. google stated that on first page I went to so now I have to team up with GRNet so I don't lose any sleep. I would load ghost image but I have our taxes on computer and believe state was done after my last backup silly me. I may cut my lost and just go with image, but I believe with a few good men problem can be resolve here. PM or reply I will be checking here plus doing search for fix. "By the way; I do have Ad Adware and Spybot, they just detect the Look2Me and VX2 but they dont delete them" quote from Google search result. Look2me is the new home page that is hijack her account and vx2 is what spybot and lava find but don't delete. :wall:

Link to comment
Share on other sites

I found a fix for vx2.dll:

1. Transponder is a DLL file called IEHelper.dll (Blackstone variant), VX2.dll (VX2 variant), TPS108.dll (TPS108 variant) or MSView.dll (MSView variant). This can be found in the Windows folder. You need first deregister the DLL file. Open a DOS command prompt window (from Start->Programs->Accessories) and enter the following commands:

cd "%WinDir%\System" 
regsvr32 /u ..\IEHelper.dll ( for the Blackstone variant:)
regsvr32 /u ..\VX2.dll ( for the VX2 variant)
regsvr32 /u ..\TPS108.dll ( for the TPS108 variant)
regsvr32 /u ..\MSView.dll ( for the MSView variant)
regsvr32 /u ..\host.dll ( for the Host variant)
regsvr32 /u ..\BI.dll ( for the BI variant)
regsvr32 /u ..\SiteHlpr.dll (for the SiteHlpr variant) [/code]

2. Restart the computer.

3. Delete the DLL file as mentioned above from the Windows folder. In the MSView variant you can also delete MSView.ini in the same place; in the Blackstone variant domlst.cch can be deleted. The Host variant may leave 'hostprep.exe'. In the TPS108 variant there may be a tps108.html file in the root of the C:\ drive; in the SiteHlpr variant it may be called bc777.html. These can be deleted to clean up.

4. You can also clean up the registry (Start->Run->regedit) by deleting the 'Transponder' (Blackstone variant), 'RespondMiter' (VX2 variant), 'TPS108' (TPS108 variant), 'HostDll' (Host variant), 'MSView' (MSView variant) or 'SiteHlpr' (SiteHlpr variant) subkey of HKEY_LOCAL_MACHINE\Software.

Here's a couple of other methods, that may be simpler.

Link to comment
Share on other sites

Manual removal options for Look2Me.

I just want to take this opportunity to encourage folks who are having browser-based troubles like these kinds of spyware, try an alternate browser, such as Opera or Mozilla and Firefox.

They aren't entirely secure either, but certainly suffer less vulnerabilities than IE seems to.

Link to comment
Share on other sites

I appreciate your help Dannik. I removed msg118.dll by going to boot with command prompt then going to c:\windows\system32 edit msg118.dll taking information in document and cut not paste nor copy the contents, just to clear the dll then save blank msg118.dll file voila delete file no problem then. removed look2me and zesty, but now I have to remove 2020search. I cleared all temp internet files in all users documents so no user has in stored temp internet. I then ran adaware and spybot results no spyware. I shutdown computer each time as some sites suggested. Now, I have to deal with 2020search spyware that spybot and adaware are finding that has attach to c:\windows\svchost.exe. I will have to check to see if that is a real file for windows. :sheep:

Link to comment
Share on other sites

I believe with your last bit of information I was able to remove 2020 about the same way. :thumbsup: I just boot xp pro up to command prompt then edit file removing information. c:\cd windows then edit svchost.exe actually i changed name/extension to txt then cut out that written program typed hey in document then saved, then delete it c:\delete svchost.txt, you can boot normally and delete file after removing contents of file but command prompt will do the job as well. :D Thanks Dannik No more spyware now going to password protect machine so no user can log on without me giving them an account. :rolleyes:

Link to comment
Share on other sites

I changed the way spybot scans but now I can't get back to settings. I choose to launch spybot and it starts scanning without any interface, so I placed one to many check marks without understanding scan on launch :whistle: then exit. :oops: Is there a way to change settings in spybot folder on hard drive? :support:

Link to comment
Share on other sites

Open the Deafult Configuration.ini file and look for the

[Automation\ProgramStart]

AutoCheck=0

AutoFix=0

RerunAfterFix=0

DontAsk=0

This is right from my setup and it only runs when I click on the button after Spybot is open. Compare yours with mine and see if it's different.

To help keep things clean, click the Immunize button and run that. It will automatically help keep things from hijacking stuff on your PC.

Link to comment
Share on other sites

here is my default configuration setting file.

[installation]

DesktopIcon=1

StartmenuItem=1

[Main]

Legals=0

ShowDetails=1

AutoSave=1

CreateBackups=1

CreateTrackBackups=1

CreateSystemBackups=1

IgnoreIncludeFileError=1

Priority=Normal

RecoveryAged=1

[Main\WaveAlert]

WaveAlertFile=0

[Automation\ProgramStart]

AutoCheck=0

AutoFix=0

RerunAfterFix=0

DontAsk=0

[Automation\SystemStart]

AutoRun=0

RunOnce=0

WaitStart=0

WaitPrograms=0

WaitMore=0

AutoClose=0

[Automation\WebUpdate]

AutoCheck=1

AutoDownload=1

RemindUpdate=1

CheckBetas=0

CheckAllLanguages=0

CheckSignatures=0

[Automation\WebUpdate\Proxy]

ProxyAddress=0

[Logfile]

WriteCheckLog=1

WriteFixLog=1

IncludeLogDetails=1

OverwriteLog=0

[Look]

Menu=MainMenu

DisplayHeader=1

FloatInfo=1

BlindUser=1

[bugReport]

UseDefaultMailer=1

IncludeSysInfo=1

IncludeResults=1

IncludeActiveX=1

IncludeBHO=1

IncludeBrowserPages=1

IncludeProcessList=1

IncludeStartup=1

IncludeClipboardText=0

IncludeClipboardImage=0

IncludeSpyFiles=0

CarbonCopy=1

IncludeWinsockLSPs=1

[Expert]

ShredTracks=1

ShowResultsButtons=1

ShowRecoveryButtons=1

[Filesets]

Spybot - Search & Destroy=1

Cookies.sbi=1

Dialer.sbi=1

Hijackers.sbi=1

Keyloggers.sbi=1

Malware.sbi=1

Security.sbi=1

Spybots.sbi=1

Trojans.sbi=1

System Internals=0

Usage Tracking=1

Tracks.uti=1

[Durations]

Spybot - Search & Destroy=1

Cookies.sbi=1

Dialer.sbi=1

Hijackers.sbi=1

Keyloggers.sbi=1

Malware.sbi=1

Security.sbi=1

Spybots.sbi=1

Trojans.sbi=1

System Internals=1

Usage Tracking=1

Tracks.uti=1

Link to comment
Share on other sites

I can't see the cause of your issue in the settings, but the author of Spybot has a page with some small files to help solve small problems.

One of the files, Spybot S&D Full Settings Removal, appears to remove the configuration info from your registry, which I assume would make Spybot do it's first-run dialog the next time you start it.

As usual, edit your registry at your own risk, and always back it up, etc.

Link to comment
Share on other sites

Here is my Config.ini file

[installation]

DesktopIcon=1

StartmenuItem=1

[Main]

Legals=0

ShowDetails=1

AutoSave=1

CreateBackups=1

CreateTrackBackups=1

CreateSystemBackups=1

IgnoreIncludeFileError=1

Priority=Normal

RecoveryAged=1

[Main\WaveAlert]

WaveAlertFile=0

[Automation\ProgramStart]

AutoCheck=0

AutoFix=0

RerunAfterFix=0

DontAsk=0

[Automation\SystemStart]

AutoRun=0

RunOnce=0

WaitStart=0

WaitPrograms=0

WaitMore=0

AutoClose=0

[Automation\WebUpdate]

AutoCheck=0

AutoDownload=0

RemindUpdate=0

CheckBetas=0

CheckAllLanguages=0

CheckSignatures=0

[Automation\WebUpdate\Proxy]

ProxyAddress=0

[Logfile]

WriteCheckLog=1

WriteFixLog=1

IncludeLogDetails=1

OverwriteLog=0

[Look]

Menu=MainMenu

DisplayHeader=1

FloatInfo=1

BlindUser=0

[bugReport]

UseDefaultMailer=1

IncludeSysInfo=1

IncludeResults=1

IncludeActiveX=1

IncludeBHO=1

IncludeBrowserPages=1

IncludeProcessList=1

IncludeStartup=1

IncludeClipboardText=0

IncludeClipboardImage=0

IncludeSpyFiles=0

CarbonCopy=1

IncludeWinsockLSPs=1

[Expert]

ShredTracks=1

ShowResultsButtons=0

ShowRecoveryButtons=0

[Filesets]

Spybot - Search & Destroy=1

Cookies.sbi=1

Dialer.sbi=1

Hijackers.sbi=1

Keyloggers.sbi=1

Malware.sbi=1

Security.sbi=1

Spybots.sbi=1

Trojans.sbi=1

System Internals=0

Usage Tracking=1

Tracks.uti=1

[Durations]

Spybot - Search & Destroy=1

Cookies.sbi=1

Dialer.sbi=1

Hijackers.sbi=1

Keyloggers.sbi=1

Malware.sbi=1

Security.sbi=1

Spybots.sbi=1

Trojans.sbi=1

System Internals=1

Usage Tracking=1

Tracks.uti=1

Maybe we can see if anything is different now.

Link to comment
Share on other sites

1. Make sure the program is fully updated.

2. Hit the 'Immunize' tab.

3. Under 'Permanent Internet Explorer immunity', ensure it has scanned, and apply the immunization recommended. Do this every time you update Spybot.

4. Under 'Permanently running bad download blocker for Internet Explorer' set it to your preference (I recommend silently, otherwise you'll get popups regularly) and 'Install' it. This will stop most of the bad stuff ever hitting your hard drive.

5. Under 'Recommended miscellaneous protections' I recommend you check all three, but at the minimum, lock your 'hosts' file.

6. Now, in the main toolbar, choose 'Tools' -> 'Hosts file', and click 'Add Spybot S&D hosts list' at the top of the window. This will likely take a minute or two.

Now, malware will have a harder time getting to your system, and doing anything nasty even if it does get there. Also, the hosts file addition will block a large number of tracking advertising, so you'll likely see a lot of places where banners used to be, now empty.

Them's the basics at least.

Link to comment
Share on other sites

I took two steps back. I started this thread because I lost sleep trying to fix this problem with spam and virus. Spybot was one of the tools I had to use make sure spyware was gone. Now, I want to set it up so I can approach spyware fast and quickly. cheers to the multiple support. :yes:

thanks Dannik for configuration help. :thumbsup:

Link to comment
Share on other sites

  • 2 weeks later...

I am climbing the walls with the MSG118.dll. I tried all the suggestions above, including Safe w/Command and editing the msg118.dll file, but after it opens I get "Cannot Edit a Read-Only File". I rebooted (for the umpteenth time) and changed the properties on the msg118 (it wasn't "read only" but it was "archive" so I cleared the archive check-box) and tried again. STILL no luck. Any suggestions?

Link to comment
Share on other sites

You have xp pro or 2000 you don't change file or edit in graphic user interface. You have to choose F8 when booting so start hitting F8 after post screen then choose start with command prompt. You will need to remember or write down the path of MSG118.dll. Once your in the path. example c:\windwos> if MSG118.DLL is in your root of windows then you will go c:\windows>edit msg118.dll a window will open and you can highlight text and choose cut from list of options at top of menu window for notepad. I hope you are following me and know how to change directories in command prompt window. c:\documents and settings>cd.. will change directory to c:\> then you type the directory you would like to enter by c:\>cd windows will change to c:\windows>

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...