I just got this link from a company that had sneaked it on my computer. I asked them how to remove it. He sent me this. http://www.billboardranking.com/download/uninstallplugin.bat I don't know if he is legit or if this is a further malware. Can anyone knowledgeable tell if it appears to be a legit uninstall? I prefer not to click on it until I hear from you. For which....thanks, Frank
The batch file doesn't appear to be obviously malicious. I have pasted the contents below: @echo off @regsvr32 /u %systemroot%\system32\httpobject.dll /s @del "%systemroot%\system32\httpobject.dll" /q @del "%programfiles%\httpobject\uninstall.exe" /q @rd "%programfiles%\httpobject" /q Code (markup): echo off simply means that it won't print the commands out in cmd.exe when you run them. regsvr32 /u is the system registry "unregister" command. It will be removing httpobject.dll from your registry. The two del commands delete the dll file and the uninstaller. I have no idea what the uninstaller does... The rd command removes the httpobject directory now that it's empty. If you wanted to avoid the batch script, you could use regedit to remove the registry entry and simply delete the files manually. On their site it says: (emphasis mine) I suspect you installed something that also installed this "browser plugin".
thanks, I ran the bat and all is well but I have a more serious security problem maybe you can help with. a website of mine www.GoodAccent.com is infected. I get the following feedbackfrom a friend: First, a small window advised: Click to run a windows ActiveX control on this webpage. After OK, McAFEE stepped in with a full page alarming X Code. impresionesweb.com/r/iwadbecpn,php may cause a breach of brouser security. Additionally, McAFEE stated: this site attempted to make unauthorized changes to our test PC by exploiting a browser security vulnerability. This is a seious threat which could lead to an infection of you pc. So, I stopped. It was an identical message to that received the other day re. the same site. bill any ideas where I should start? thanks, Frank
I didn't see anything malicious on that page but I did see a couple of tracking scripts and an ad script. These scripts come from third-party websites which means that if the third-party gets hacked and starts serving malicious content, it starts serving it from your site. Unless you have found and fixed the problem already, it seems likely that either your visitor tracking service or your ad serving service were the ones that got hacked. There has been quite a lot of hacking of ad serving networks in the news lately.