Do you know fix for the "other steel site" bug?

David Mason · Post by **David Mason** » 16 Sep 2004 3:32 am

My computer has downloaded a bunch of crap as a result of me looking at the steel site in Nick Reed's post. Does anybody know a fix for this? I have to delete a file called C\WINDOWS\SYSTB.DLL which is now part of Windows, three files that begin C:\WINDOWS\TEMP\THI and the Begin2Search thing that has attached itself to my toolbar? How do you delete a file that is part of Windows?

Tom Diemer · Post by **Tom Diemer** » 16 Sep 2004 6:15 am

Here is a uninstall program for it.
http://www.begin2search.com/uninstall.exe

You will probably have to reset your home page after running it. If you haven't, download and run adaware and spybot.
http://www.download.com/3000-2144-10045910.html?part=69274&subj=dlpage&tag=button
http://www.download.com/3000-8022-10122137.html

Those should clean things up pretty well. Post again if this doesn't work.

Ray Minich · Post by **Ray Minich** » 16 Sep 2004 7:38 am

Thanks Tom, as you can see from my other thread I got nailed too.

Chris Schlotzhauer · Post by **Chris Schlotzhauer** » 16 Sep 2004 7:54 am

Wow Tom, thank you so much. Worked like a champ. Where do you find stuff like this?

Tom Diemer · Post by **Tom Diemer** » 16 Sep 2004 8:42 am

Glad that helped guys

Chris, I do stuff like this for a living. Technically I'm a network engineer, but you can hardly be in the computer business and not know quite a bit about spyware issues these days. It would like being a car mechanic and not knowing how to change oil. lol. A lot of the common problems I know off hand, those I don't I know where to look for info. That's about it.

Really glad I was able to help

David Mason · Post by **David Mason** » 16 Sep 2004 12:31 pm

Thanks Tom, looks like that uninstall and antivirus.com got rid of it. I run ad-aware and spybot anyway, but this was an insidious little bugger.[This message was edited by David Mason on 16 September 2004 at 01:35 PM.]

Jeff Agnew · Post by **Jeff Agnew** » 16 Sep 2004 1:24 pm

If you used the begin2search uninstaller (UNALL.EXE) you probably didn't actually remove all the components - instead, you likely removed only the ironically named Browser Helper Object (the DLL).

This trojan is part of the IEPlugIn BHO and upon installation it:

<ul>[*]Leaves three executables, two DLLs, and two .DAT fiels on your drive.
[*]Adds over twenty keys to your registry
[*]Puts two AutoStart items in the registry
[*]Uses the contents of the .DAT files to hijack your searches anytime they match the contained keywords.[/list]
TO be sure you've deleted everything, search your drive for the following two files: KW.DAT & SYSINFO.DAT. If they're still there, you have more work to do.

And I know I harp on this constantly, but - you wouldn't have gotten this if you hadn't used IE and enabled ActiveX.

Olli Haavisto · Post by **Olli Haavisto** » 16 Sep 2004 11:23 pm

What is IE ? Ignorant mind(s) want to know...

------------------
Olli Haavisto
Polar steeler
Finland

Olli Haavisto · Post by **Olli Haavisto** » 17 Sep 2004 1:07 am

Internet Explorer....Yeah, I feel stupid.

Ray Minich · Post by **Ray Minich** » 17 Sep 2004 6:56 am

hadn't used IE and enabled ActiveX.

I don't think people actively consciously and with malice intended, enable ActiveX. Isn't it automatically activated until someone "in the know" turns it off?

Looks like I just got "in the know" by brute force...[This message was edited by Ray Minich on 17 September 2004 at 07:56 AM.]