Aces High Bulletin Board
General Forums => The O' Club => Topic started by: Wolfala on January 28, 2005, 07:09:59 PM
-
OK check this out. Somehow this little ****ing piece got on my machine and I can't get rid of it. Not even with Hijack this. It deletes it, but must copy itself to another folder and get restored after its deleted.
HOW THE **** do I nuke this bug.
Wolfala
-
First pour gasoline over your computer...then set it on fire!
-
ry disabling "system restore", disconnect from the internet, reboot in "safe", and run "Hijack this", CW Shredder, etc.
Then reboot, and do it again. Sometimes these progs run as a windows shell.
Tom
-
And if that doesn't kill it, call SOB for tech support.
:D
-
I'm here to help. :p
-
No luck with safe mode - did hijackthis and spysweeper. Any idea's?
The file in question is netia.exe - real persister ****. Skuzzy help!!!!!!!!!!
-
You did disable "system restore", right? It might be using it to keep itself alive.
In XP, right click on "My Computer", choose the System Restore tab, and uncheck the box, and try it again.
I'm not saying it'll work, but it might. Otherwise, do a Google for "removing netia.exe".
-
First thing I found googling it:
Close all Internet Explorer windows and goto "Start"--> "Run" and type in :
taskmgr ,then click " OK".
Then highlight each file below and then click "End Process":
netia.exe
apiqw32.exe
Next
Goto "Start" --> "Run" and type in:
Services.msc ,then click " OK".
Scroll down and find the service called "Network Security Service".
Double-click on it.
In the next window that opens, click the Stop button, then change the Startup Type to Disabled.Click "Apply" and then "OK".
Let us know if "Network Security Service" is listed.
3.
Close ALL Internet Explorer Windows, only have HijackThis running.
In HiJackThis Check the boxes beside the below entries, then click on "Fix checked" .
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\kbaqk.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://kbaqk.dll/index.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://kbaqk.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\kbaqk.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://kbaqk.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\kbaqk.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {96DF800A-C660-BD6C-1D33-EC8F6FA48462} - C:\WINDOWS\mssd.dll
O4 - HKLM\..\Run: [netia.exe] C:\WINDOWS\system32\netia.exe
O4 - HKLM\..\RunOnce: [apiqw32.exe] C:\WINDOWS\apiqw32.exe
Reboot into Safe Mode.....( tap F8 key during reboot, until the boot menu appears...use the arrow keys to choose "Safe Mode" from the menu......,then press the "Enter" key)
Make sure you can see Hidden files and Folders, so you can remove them:
http://www.xtra.co.nz/help/0,,4155-1916458,00.html
Then delete the below files and Folders:
C:\WINDOWS\system32\netia.exe <<C:\WINDOWS\apiqw32.exe <<
Reboot computer and post back a new HJT log to this thread, plea
-
I know, been doing that. Tried hijackthis, spysweeper and now trying the latest version of adaware. I wanna kill this mother ****er - maybe thats the marine comming out but what a waste of time.
-
deleate all your temp files and temp installed junk ... it my be hiding in there too ,,,, i would also clear out the cookies and rec bin..
-
If it were that easy, I wouldn't have posted up. Window Washer cleans all that crap out on a daily basis - so no temp IE files, etc. Naw, its a persistant little ****er.
-
If you would have your harddrive partitioned like I always do, you would now be able to run files and settings transfer to another partition, reformat the c: and install a clean operating system.
90% of the people have only one partition, c:, which renders them helpless on any problems that a quick format would solve.
-
Sik, if your idea of fun is spending 8 hours restoring your system - then by all means. However my desire to slit the wrists of the little **** that wrote this 32k size packet of poke you raw dog in the bellybutton - hasn't abated any. That does not solve the problem - esp considering how much crap you need to reinstall b/c of missing INF files and lord knows what other stuff.
-
Close all Internet Explorer windows and goto "Start"--> "Run" and type in :
taskmgr ,then click " OK".
Then highlight each file below and then click "End Process":
netia.exe
apiqw32.exe
Next
Goto "Start" --> "Run" and type in:
Services.msc ,then click " OK".
Scroll down and find the service called "Network Security Service".
Double-click on it.
In the next window that opens, click the Stop button, then change the Startup Type to Disabled.Click "Apply" and then "OK".
Let me know if "Network Security Service" is listed.
3.
Close ALL Internet Explorer Windows, only have HijackThis running.
In HiJackThis Check the boxes beside the below entries, then click on "Fix checked" .
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\kbaqk.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://kbaqk.dll/index.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://kbaqk.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\kbaqk.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://kbaqk.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\kbaqk.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {96DF800A-C660-BD6C-1D33-EC8F6FA48462} - C:\WINDOWS\mssd.dll
O4 - HKLM\..\Run: [netia.exe] C:\WINDOWS\system32\netia.exe
O4 - HKLM\..\RunOnce: [apiqw32.exe] C:\WINDOWS\apiqw32.exe
Reboot into Safe Mode.....( tap F8 key during reboot, until the boot menu appears...use the arrow keys to choose "Safe Mode" from the menu......,then press the "Enter" key)
Make sure you can see Hidden files and Folders, so you can remove them:
http://www.xtra.co.nz/help/0,,4155-1916458,00.html
Then delete the below files and Folders:
C:\WINDOWS\system32\netia.exe <<C:\WINDOWS\apiqw32.exe <<
-
Wolfala it takes only about 2 hours.
I prefer that instead of having my system compromised for months. :cool:
Not that I ever had this kind of problems anyway.
-
Another good reason for partitioning like mad is tailor make each sector size.
(maybe thats less of an consideration on less archaic OS's than mine)
Having a single huge partition wastes space when writing lots of small files.