Greetings,
I am running WinXP Pro SP3
I have something adding del.bat to my registry.
I ran Eusing Registry cleaner and then manually removed all entries, rebooted and it is be added again.
I ran a preboot Avast scan and nothing was reported.
I ran SpyBot and nothing was reported.
I have Avast and Spybot S&D running resident.
What is the purpose of the SpyWare and how do I get rid of it?
Thanks,
-Mike
www.EpicRoadTrips.us
hey! you can give MBAB and SAS a shot.
http://www.filehippo.com/download_superantispyware/
http://www.filehippo.com/download_malwarebytes_anti_malware/
good luck and write back if you get any more problem.
Greetings,
I ran Quick Scans in both MBAB abd SAS and the problem was not solved.
I started a full scan in SAS and after 6 hours and 37k plus files the machine locked up and I had to force a shut down.
Next I will try a full scan in MBAB.
Thanks,
-Mike
Could you post the logs of the quick scans
See attached.
Thanks,
-Mike
Why are you disabling the AntiVirus, firewall and Windows update notification in Security Center?
SUPERAntiSpyware is just notifying on tracking cookies and is nothing to worry about.
To stop most tracking cookies install a HOSTS file:
Blocking Unwanted Parasites with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm
Eusing Registry cleaner could be adding del.bat as its cleanup application.
This was suggested byMalwareBytes.
If these are disabled now, how can I fix this?
To stop most tracking cookies install a HOSTS file:
Blocking Unwanted Parasites with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm
I have been using Eusing for over a year and this problem has just occurred in the last week.
Even when I clean the registry manually, it appears on boot up with an error message saying the file del.bat cannot be found.
Thanks,
-Mike
You disabled them and you have to enable them.
How can I turn on or turn off the firewall in Windows XP Service Pack 2 or later versions?
http://support.microsoft.com/kb/283673
How to configure and use Automatic Updates in Windows XP
http://support.microsoft.com/kb/306525
Manage Your Computer’s Security Settings in One Place
http://www.microsoft.com/windowsxp/using/security/internet/sp2_wscintro.mspx
I have been using Eusing for over a year and this problem has just occurred in the last week. Even when I clean the registry manually, it appears on boot up with an error message saying the file del.bat cannot be found.Thanks,
-Mike
See attached.
It found the offending line in the registry.
“O4 - HKLM..\RunOnce: [Delete Me!] C:\DOCUME~1\MB\LOCALS~1\Temp\del.bat”
I chose “Fix” rebooted and the registry still calls for the file del.bat at Win Boot.
This is frustrating and I am close to formatting and starting over.
Can any tell me if this problems is actually doing anything other than being a nuisance.
Thanks,
-Mike
Go to Add/Remove Programs and un-install vulnerable Adobe Acrobat 5.0 and Browser Address Error Redirector.
If all you need is a pdf file reader then Foxit Reader is good but make sure you do not install the Ask.com toolbar:
http://download.cnet.com/Foxit-Reader/3000-10743_4-10313206.html?tag=mncol
Close all browser sessions then run HijackThis then select the following and click Fix checked:
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - (no file)
O3 - Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O3 - Toolbar: FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - (no file)
O4 - HKCU..\RunOnce: [Delete Me!] C:\DOCUME~1\MB\LOCALS~1\Temp\del.bat <== this has to be removed also
O4 - Startup: Adobe Gamma.lnk.disabled
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Acrobat Assistant.lnk.disabled
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O24 - Desktop Component 0: (no name) - (no file)
Install User Profile Hive Cleanup Service
Brief Description
A service to help with slow log off and unreconciled profile problems.
http://www.microsoft.com/downloads/details.aspx?familyid=1B286E6D-8912-4E18-B570-42470E2F3582&displaylang=en
Run Secunia Online Software Inspector to see what applications are vulnerable:
http://secunia.com/vulnerability_scanning/online
If I un-install Acro 5 I will have no way to edit PDF files. It is the full version not just a reader.
If all you need is a pdf file reader then Foxit Reader is good but make sure you do not install the Ask.com toolbar: http://download.cnet.com/Foxit-Reader/3000-10743_4-10313206.html?tag=mncolClose all browser sessions then run HijackThis then select the following and click Fix checked:
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - (no file)
O3 - Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O3 - Toolbar: FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - (no file)
O4 - HKCU..\RunOnce: [Delete Me!] C:\DOCUME~1\MB\LOCALS~1\Temp\del.bat <== this has to be removed also
O4 - Startup: Adobe Gamma.lnk.disabled
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Acrobat Assistant.lnk.disabled
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O24 - Desktop Component 0: (no name) - (no file)Install User Profile Hive Cleanup Service
Brief Description
A service to help with slow log off and unreconciled profile problems.
http://www.microsoft.com/downloads/details.aspx?familyid=1B286E6D-8912-4E18-B570-42470E2F3582&displaylang=enRun Secunia Online Software Inspector to see what applications are vulnerable:
http://secunia.com/vulnerability_scanning/online
Are any of the above items you list related or directly responsible for the del.bat problem I have been having?
Thanks,
-Mike
This one hast to be removed just like I commented:
O4 - HKCU..\RunOnce: [Delete Me!] C:\DOCUME~1\MB\LOCALS~1\Temp\del.bat <== this has to be removed also
Adobe Acrobat is now up to V9 but the update costs:
http://www.adobe.com/products/acrobat
Why not switch to:
PDFCreator
http://sourceforge.net/projects/pdfcreator
PrimoPDF
http://www.primopdf.com
How To Edit PDF Files For Free
http://www.tinkernut.com/archives/31
Run Secunia Online Software Inspector to see what applications are vulnerable:
http://secunia.com/vulnerability_scanning/online
This has been removed by me manually and by Eusing, and HiJack This.
See above messages.
Every time I reboot, the entry is again written to the the registry.
Adobe Acrobat is now up to V9 but the update costs: http://www.adobe.com/products/acrobatWhy not switch to:
PDFCreator
http://sourceforge.net/projects/pdfcreator
I have tried this. I cannot get it to Print to a PDF in the Printer dialog box.
PrimoPDF http://www.primopdf.comI will take a look at this.
[b]How To Edit PDF Files For Free[/b] http://www.tinkernut.com/archives/31
From Tinkernut:
"How To Edit PDF Files For Free
This tutorial will show you ways to read, edit, and create PDF files without spending any money.
It requires 3 different pieces of software:
Great- 3 apps to edit PDF files instead of 1. No thanks.
academhack » Blog Archive » A List of Interest says:Run Secunia Online Software Inspector to see what applications are vulnerable:
http://secunia.com/vulnerability_scanning/online
Thanks,
-Mike
I ran this service.
See the attached.
I cleaned up to the point where a scan showed the only update left was JRE.
I started the JRE updater and got a error message:
http://java.com/en/download/help/error_25099.xml
I tried every fix listed in the above link as well as downloading the off line updater.
Still get the same error when trying to update.
Now, when I launch Secunia is says the JRE is disabled and it cannot run a scan.
Seems like every “problem” which is “fixed” creates a new one.
Now, I have no working JRE.
-Mike
Did you attempt to uninstall it? (The old version)
And if so, did you try to remove it using the Windows installer cleanup utility? (as suggested by Java).
If not, do so now.
Another program good for managing/removing Java installations is Java Ra.
Yes.
And if so, did you try to remove it using the [url=http://support.microsoft.com/default.aspx?scid=kb;en-us;290301]Windows installer cleanup utility[/url]? (as suggested by Java). If not, do so now.
Been, there, done that. Same error message.
Another program good for managing/removing Java installations is [url=http://raproducts.org/]Java Ra.[/url]
Downloaded Java Ra.
Ran the uninstall utility. See attached.
Ran the JRE install. Same error message. Install aborted.
Thanks,
-Mike
From an old tip I found
Error: 25099 during Java installation
http://java.com/en/download/help/error_25099.xmlThe installer removes Java from Add/Remove Programs but does not remove C:\Program Files\Java jre6 Folder correctly.
The jre6 Folder should be removed manually with Windows Explorer then the Sun Java install works correctly.
Sorry if I’m stating the obvious.Did you remove both entries withHJT , as Yokenny suggested
O4 - HKLM..\RunOnce: [Delete Me!] C:\DOCUME~1\MB\LOCALS~1\Temp\del.bat
O4 - HKCU..\RunOnce: [Delete Me!] C:\DOCUME~1\MB\LOCALS~1\Temp\del.bat
I often miss the obvious so it is good to point it out.
I checked off everything YoKenny suggested, chose FIX and rebooted.
Three which were checked still remain:
The two instances of the del.bat and
“O24 - Desktop Component 0: (no name) - (no file)”
See attached logs.
Thanks,
-Mike
As it comes right after the RealPlayer|6.0 entry I would remove Real Player as it down level and Real Alternative is much better:
http://www.codecguide.com/download_real.htm
It could be Spybot S&D TeaTimer adding it.
As I have not used SpyBot S&D in over a year I’m not positive that’s it.
I find WinPatrol much better than TeaTimer.