Aggressor Posted December 14, 2004 Share Posted December 14, 2004 hello all, been away for a while with school work and stuff. but i need you help once again. my roommate used my rig while i was away for two days and its been acting up ever since. i ran an avg virus scan and it showed a virus called i worm bofra..which i moved to the virus vault and deleted. but it keeps setting my home page to res://C:\WINDOWS\System32\shdoclc.dll/navcancl.htm and everytime i try to access any sites using my rig...the ie window says that it is blocked due to spyware and that i need to click on the links to d/l one, plus the spelling of the message isnt that great "futrue". i ran lavasoft adaware and deleted the stuff that came out on the scans...but i still cannot get the rig to work or use my original home page. please help. thanks, Aggressor Quote Link to comment Share on other sites More sharing options...
firefly2442 Posted December 14, 2004 Share Posted December 14, 2004 I wouldn't use IE anymore, too many security holes. Try Firefox. www.mozilla.org Anyway, as for the worm, here's some more information on it. http://securityresponse.symantec.com/avcen...bofra.e@mm.html Since it's not spyware I doubt AdAware will pick it up although it might. Your best bet is to run antivirus and try to get ride of it. Do you have Norton or just AVG? Quote Link to comment Share on other sites More sharing options...
GRT Posted December 14, 2004 Share Posted December 14, 2004 If you have xp you could try and system restore. Quote Link to comment Share on other sites More sharing options...
Dannik Posted December 14, 2004 Share Posted December 14, 2004 Sounds like an altered hosts file. Open C:\WINDOWS\system32\drivers\etc and look for a file called 'hosts' with no extension. Open it with a text editor, and see if it contains any lines other than: 127.0.0.1 localhost Excluding lines with a # sign preceding them. If you find any other entries, they may be signs of infection. Just one of many areas to check, but it's my gut telling me to look there first. Quote Link to comment Share on other sites More sharing options...
Aggressor Posted December 14, 2004 Author Share Posted December 14, 2004 (edited) hello all, thanks for the replies. symantec has a tool to remove the worm, which i tried, but it told me that i was not infected with the worm. did another scan using avg 7.0 with the latest files as well as adaware, but nothing came up. there were a few entries in adaware and one of em said something like a possible browser hijack attempt. Sounds like an altered hosts file. Open C:\WINDOWS\system32\drivers\etc and look for a file called 'hosts' with no extension. Open it with a text editor, and see if it contains any lines other than: 127.0.0.1 localhost Excluding lines with a # sign preceding them. If you find any other entries, they may be signs of infection. Just one of many areas to check, but it's my gut telling me to look there first. ← just checked that file Dannik, and there is nothing else in that file except for what you mentioned above. i have my homepage set to blank in ie but it still shows this address res://C:\WINDOWS\System32\shdoclc.dll/navcancl.htm i will try a system restore and d/l firefox from now on if anyone else has any ideas, keep em coming thanks again for the help Edited December 14, 2004 by Aggressor Quote Link to comment Share on other sites More sharing options...
larocket83 Posted December 15, 2004 Share Posted December 15, 2004 I wouldn't use IE anymore, too many security holes. Try Firefox. www.mozilla.org Anyway, as for the worm, here's some more information on it. http://securityresponse.symantec.com/avcen...bofra.e@mm.html Since it's not spyware I doubt AdAware will pick it up although it might. Your best bet is to run antivirus and try to get ride of it. Do you have Norton or just AVG? ← A friend of mine is at college, and all his buds told him to use it too. He thought, yeah, ie isnt that great, I'll try it. Within the first five minutes it crashed his computer. Quote Link to comment Share on other sites More sharing options...
Aggressor Posted December 16, 2004 Author Share Posted December 16, 2004 Update: All seems well after the system restore. i d/l'ed the latest avg and lavasoft stuff and did scans, nothing came up. firefox works great on my rig, loads pages faster than ie. the only little thing is that it does not work with the latest msn messenger (beta), ie opens up when you click the notification box regarding your emails. Thanks again everyone Quote Link to comment Share on other sites More sharing options...
Dan Posted December 16, 2004 Share Posted December 16, 2004 ie opens up when you click the notification box regarding your emails. Thanks again everyone ← im 99.99999999999999999% thats built into MSN, ive tried everything to fix it. Quote Link to comment Share on other sites More sharing options...
firefly2442 Posted December 16, 2004 Share Posted December 16, 2004 I wouldn't use IE anymore, too many security holes. Try Firefox. www.mozilla.org Anyway, as for the worm, here's some more information on it. http://securityresponse.symantec.com/avcen...bofra.e@mm.html Since it's not spyware I doubt AdAware will pick it up although it might. Your best bet is to run antivirus and try to get ride of it. Do you have Norton or just AVG? ← A friend of mine is at college, and all his buds told him to use it too. He thought, yeah, ie isnt that great, I'll try it. Within the first five minutes it crashed his computer. ← Wow, that sucks. That's the first time I've heard of someone having problems with it. Quote Link to comment Share on other sites More sharing options...
larocket83 Posted December 16, 2004 Share Posted December 16, 2004 Yeah, i know. I'm sure it was a fluke. I'm thinking about trying it sometime. Maybe after i format my hd tonight. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.