mctonale 0 Posted February 16, 2005 After my computer has been on for a couple of hours it tends to slow down. I had done a full system scan earlier using AVG, Ad-aware, Spybot and 3b software win reg repair pro. When the system slowed couple of hours later I ran them all again AVG found nothing Spybot found nothing but the usual dso exploits But 3b reg repair found entrys for intralaunch and removed them. my system was imdeiently running at full speed. I have never had this program installed and dont like what i have been able to find out about it. Anybody got any theories on how it got there, what it was doing and how I can stop it happening again. thanks [Edited by mctonale on 2005-02-16 18:41:43] Share this post Link to post
Sampson 0 Posted February 17, 2005 Actually, IntraLaunch employs an ActiveX control and allows you to launch applications like Excel from within IE or from a webpage. I wouldn't call it spyware since it is used fairly widely though generally over a LAN. Having said that, wouldn't put it past some script kiddie to incorporate it as part of an attack. You might look more closely at your firewall and write a rule that would exclude its use in the future. You may have removed values from your registry, who's to say they won't reappear after your next boot. As Alex suggested, you might consider a different browser in the meantime also. Share this post Link to post
mctonale 0 Posted February 17, 2005 have been using firefox for a couple of weeks. has reappered in registry pointing to a damaged active-x control. (intralaunch.main control) dependencys are: C:\windows\d...\intralaunch.ocx* damaged c:\windows\syst...\msvbvm50.dll* 1,355.776 c:\windows\syste...\asycfilt.dll* 63,536 version 3,3,0,2 shall i remove or update it? The only other person using this screen is 3 years old and....... i just realised he has admin status (i'm prety sure thats not how i set it up but changed it back to limited anyway) Just had a look at firewall but can't find how to block an active-x control. Share this post Link to post
Sampson 0 Posted February 17, 2005 This article from Microsoft tells you how to remove it: http://support.microsoft.com/kb/154850 To block an Active X control: 1. From IE, choose "Tools" then "Internet Options". 2. When the "Internet Options" multi-tabbed dialog box appears, select the "Security" tab. 3. Click "Internet". 4. Click the "Custom Level" button. 5. When the "Custom Level" dialog box appears, disable all options underneath the heading "ActiveX Controls and Plug-ins". 6. Click "OK" to close the dialog box. While disabling ActiveX Controls provides a higher level of security, doing so may disable Flash and the usage of Windows Update. You can, though, put valid sites in a "Trusted Sites" zone. 1. From IE, choose "Tools" then "Internet Options". 2. When the "Internet Options" multi-tabbed dialog box appears, select the "Security" tab. 3. Click "Trusted Sites". 4. Click the "Sites" button. 5. From here, enter websites as appropriate that you feel are trustworthy. Click the "Add" button after adding each site. 6. Click "OK" to close the dialog boxes. Since you are using Firefox, Active X controls do not affect it, unless you have installed an Active X plugin. Share this post Link to post
mctonale 0 Posted February 17, 2005 removed active x intralaunch.maincontrol but reg entrys still there, neither 3b reg repair or mcafee quickclean recognise these entrys as a problem? tryed disabling all active x controls but couldn't get windows update to run (even if it is set as a trusted site) should i go through the registry myself or not worry about it as the program itself is now gone? Share this post Link to post
mctonale 0 Posted February 17, 2005 you kind of lost me there alex. thanks anyway. i have had no proper training, everything i know i have found out for myself. removed entrys by hand. just looked into RegSvr32.exe fund this @ http://vil.nai.com/vil/content/v_99144.htm ref virus: DDoS-Apbot@MM A new variant of this threat was discovered on July 27, 2001 by Virus Patrol, a newsgroup scanning service by McAfee AVERT, using heuristic algorithms. This is an IRC bot and mass-mailing worm which attempts to delete certain security software. It may be received in an email message containing the following information: Subject: Virus Alert! Body: Businesses of all kinds have suffered today as a virus has been unleashed, please find the attatched cleaner and run it. You cannot tell if you have this virus until you run the cleaner. Attachment: Regsrv32.exe When run, it copies itself to the WINDOWS SYSTEM directory as REGSRV32.EXE (not to be confused with the valid REGSVR32.EXE) and creates a registry run key to load the worm at startup: Unfortunate typo. anything else you think i should check for? if they only used this as part of an attack, maybe there is other items on my computer that they have put there? Share this post Link to post
mctonale 0 Posted February 17, 2005 Lol thanks alex. Looking at what you said about IRC is it possible that i picked up this infection from someone i was talking to on MSN Messenger? Share this post Link to post