Page 1 of 1

Help with non-NeoBook related problem ...

PostPosted: Tue Apr 12, 2005 5:46 pm
by Gaev
Not a NeoBook problem ... but hoping some "Anti-Virus" types here can help.

Looks like a "Virus" or "PopUp Blocker" has taken control of my Browser ... I had downloaded a couple of programs to evaluate their usefulness in providing NeoBook developers with a Grid-PlugIn ... I think one of them brought the "infection" with them ... have uninstalled both of them but the problem persists.

Problem: I can no longer get IE to "Respond to links in documents that normally display the resulting content in a new Browser Window" ... upon clicking such links, a new Window is opened but nothing happens after that ... the rest of the system is ok ... I can switch windows/applications etc. ... just the newly opened window waits for ever.

I can create a new copy of the current Browser Window either through Ctrl+N or File>>New>>Window.

I found that if I "Stop" 'ed the hung Window, its Address box was populated with the URL of the document to be displayed ... enabling me to click on the "Refresh" button, giving me some kind of a work around for now.

I can also drag the link from the original document/window and drop it in the (otherwise) hung window and have it respond properly.

Leads me to believe that it is either some "PopUp Blocker" program that has installed itself (without my permission) ... or a (mild) variant of the "CoolWeb Virus" whose other variants are reported to cause a lot more damage ... found only one similar problem discussed on the net ... the solution was to re-install oleaut.dll from my (Win98/SE) CD ... unfortunately, there was no such file on my CD or c: drive.

Wonder if someone can throw some light on this problem.

P.S. I am running IE 6.0.2800.110615

P.P.S. I already ran Ad-Aware, Spybot Search & Destroy, CWShredder & McAfee ... cleaned out everything but problem persists.

PostPosted: Tue Apr 12, 2005 9:21 pm
by datadon
May not be of any value, and not exactly what you are talking about, but the problem we were having with webedit plugin and sp2 upgrade to windows xp, was somewhat similar. brower came up but blank as can be.
eventually an error message started showing, but not at first. very strange. Just passing on, no reply required. Was windows sp2 upgrade problem.


PostPosted: Tue Apr 12, 2005 9:29 pm
by Guest
I use Avast Anti-VIrus. Free from

Also do an online scan for free at Click on Security Alert and scroll down.

Also has an online scanner.


PostPosted: Wed Apr 13, 2005 9:28 am
by Neosoft Support
Try reinstalling IE. We had some unusual IE problems on one PC and reinstalling fixed them all. The installer may tell you that IE is already installed, but if you ignore that and install anyway, it will recopy all the files and rebuild IE's registry settings. Worth a try.

PostPosted: Wed Apr 13, 2005 7:15 pm
by Gaev
Thank you all who responded with suggestions/advice.

Unfortunately, no resolution so far ... but some progress.

Reinstalling IE did not help.

Avast Anti-Virus did not detect anything.

TrendMicro identified a TROJ_ESEPOR.Y infection (as a possible variant of TROJ_ESEPOR.U) ... moved & renamed the associated file (20041205trnksrvu.exe) ... but the xplugin.dll file (specified in TROJ_ESEPOR.U to be un-registered) does not exist on my disk ... since infection stats are still low (meaning recent release), perhaps more information will be upcoming.

Did not find "Security Alert" on Symantec's site.

Re: "Was windows sp2 upgrade problem" ... I am running Win98/SE.

BTW, also noticed that Edit>>Find on this Page no longer works ... pops up an error message "Error: 35 Incompatible version of RPC stub"


PostPosted: Wed Apr 13, 2005 10:05 pm
by dglojnar
Try with AdAware Personal 1.05 (free) and SpyBot&Destroy 1.3(also free).
I have a similar problem and I fixed it with both programs.

You need to run BOTH programs, but not in same time :D


PostPosted: Thu Apr 14, 2005 7:40 am
by Wrangler
The first thing to do is identify the virus. I can find no reference to TROJ_ESEPOR.Y or any variants on Symantec's site. Could be the virus is new, but it doesn't take long for Symantec to identify it and list it. Once the virus is identified, it can be treated, either manually, (instructions or program found on symantec) or new virus definitions can be downloaded and kill it that way. Without a virus identity, not much can be done, except format the drive and reinstall (ugh!).

I guess it should also be stressed how important it is to have a good firewall installed. DO NOT DEPEND ON THE FIREWALL THAT SHIPS WITH WINDOWS! Until XP SP1, this function did not even work, and I still don't trust it. Which firewall? Good question. I've tried them all, and I've gotten many virus's (my work takes me to some nasty sites). The absolute best I've tried is ZoneAlarm Security Suite.

It killed viruses that Norton said it couldn't delete. So far it has stopped 5740 attempts to enter my system. Also checks email. Note that I also have a DSL router, which contains a firewall of it's own. I've gone to sites that caused ZoneAlarm to pop up 9 windows, stating it caught a variety of beasties.

Gaev, if you can utilize every shareware or free tool to identify this critter, I can help you get rid of it. You have my email, let me know if you need help.

Notes on Windows firewall: If you still want to trust this worthless function, keep in mind the story that happened to my sister. She bought a new computer, signed up for dsl with sbc. They told her she didn't need a firewall, to use Windows version by checking the box. 15 minutes after she hooked to the Internet, she was hit over 14,000 times by a hacker who was scanning for open ports. Norton, which shipped with her new computer, detected them all, but said it couldn't delete most of them. Not much help. Anyway, it took me 6 hours on the phone with her to get her system back to where it would run. How do we know she got hit 14,000 times? Norton told her so, and had opened a dialog box for every one of them! I had told her to close the dialog, and she said it won't go away. That was because it had stacked them all on top of each other. Solved that by pulling the plug on the computer. I had her install ZoneAlarm, and she now has control over who accesses her system, whether it be by browser or an open port, and has had no problems.

Nowadays, you've got to defend yourself against these attacks. And yes, I hate virus writers, and make a pretty good living tracking them down and squishing them. So far I've managed to put 14 behind bars.

Don't let your guard down!

It is spyware

PostPosted: Thu Apr 14, 2005 2:33 pm
by dpayer
dglojnar wrote:Try with AdAware Personal 1.05 (free) and SpyBot&Destroy 1.3(also free).
I have a similar problem and I fixed it with both programs.

You need to run BOTH programs, but not in same time :D


I agree with this post.

Hijacking the browser is done with your permission believe it or not. I run an ISP and it happens all the time. All of a sudden people have their home page hijacked and can't go where they want.

These spyware will download other spyware until your system is so slow you can't stand it.

AdAware (
Spybot (look on

I hate these guys.

David P.

New Widow in IE

PostPosted: Thu Apr 28, 2005 2:19 am
by Gregory
I had the same problem and was able to fix the problem by doing the following:

Open Windows Explorer
Go to the Windows Folder (WIN2000 is WINNT Folder)
Go to System32 Folder
Go to Drivers Folder
Go to etc Folder

In the etc folder you should see a file named hosts with no extension. If the file hosts is not listed, then you should dis-regard this post.

Right click on the file hosts and open with notepad

Look for a string that has the http link that you trying to open, example: Your link or any link listed that referrs to and comment out that link by putting a # in front of the http link - #

Save and exit notepad then try your link in IE.

This also works for spyware and Trogans that have caused your links to redirect.

Found the fix at

Hope this works for you.

PostPosted: Thu Apr 28, 2005 4:12 am
by dglojnar
Good Point Charles.

Even better is to make or replace your hosts file with the following.
This will defeat alot of adware and viruses by remaping all outbound requests that contain the url listed. This also stops most adverts!
This is off my machine.... (remember the 'hosts' file has no extension, if using notepad to edit save using quotes around the name hosts)

# Copyright (c) 1993-1999 Microsoft Corp.
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
# For example:
# # source server
# # x client host localhost

# Kazaa related:
# Website related scams:
# Adservers adsubstract free.****.com ****.net www.****.net www.****.com

PostPosted: Thu Apr 28, 2005 6:38 am
by Gaev
Thank you to all who responded.

While my problem has not be resolved ... and updating to latest version of Win98/SE introduced another semi-universal problem (afflicting machines with AMD + VIA USB Controller) that caused the scanner in my hp all-in-one to stop functioning ... as you can see here ...

... I have tried almost everything under the sun.

The problem has been narrowed to "a faulty interface with Shell32.dll" ... I say this because ...

a) MS (in one of their bulletins) has acknowledged this scenario and provided a resolution
b) However, I was unable to register ("regsvr32 Shell32.dll") this file
b) Even after loading the copy from my original CD, the registeration failed

... although I don't discount the possibility of a virus, I think it is more of a case of one of the products I was evaluating (and later uninstalled from my machine) that messed up and made Shell32.dll incompatible with whatever is calling it.

The only other avenue to explore is to "start removing" some of the other entries reported by HijackThis ... they may be harmless but part of the messed up interface.

Charles: I have the dummy hosts file in c:\windows with just this one line localhost

... no etc folder either.

If anyone has any suggestions re: getting around registration failures, I am all ears ... thanks again to all.

Correction to comment out http link

PostPosted: Thu Apr 28, 2005 3:32 pm
by Gregory

Left out the IP from the previous post.

Look in the hosts file for a string that has the http link that you trying to open, example: Your link or any link listed that referrs to and comment out that link by putting a # sign in front of the http link - #

Hope I did not confuse anyone by leaving out the IP from the previous post.

Thanks Dave J for your post, made me remember the IP

PostPosted: Sun May 01, 2005 10:36 am
by Gaev
Good news ... the latest suggestion from the guys at swiforums resolved all 3 problems ... IE opening a new window, being able to do an Edit>>>Find ... and being able to scan documents again.

Although the notes associated with the prescribed mcrepair.exe download from MicroSoft only loosely described one of my symptoms, one of the files it replaced (Asycfilt.dll, Oleaut32.dll, Olepro32.dll and Stdole2.tlb) seemed to be the culprit ... apparently, such corruption was attributed to an incorrect Wise UnInstallation ... while I did uninstall those spreadsheet programs I was evaluating, couldn't figure out why it would involve these Windows files.

Anyway, all's well that ends well ... thanks to those who made suggestions.