Tom's Hardware: Topic How can I remove REQ.DAT file from my WinXP?
Tom's Hardware > Forum > Windows XP > Windows XP General Discussion > How can I remove REQ.DAT file from my WinXP?
Tom's Hardware: Over 1.4 million members in 6 different countries available to answer all your high-tech questions.
Sign up now! Its free!
Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)
Hi Mark,
Well, I tried to find that "Key" but I dont have that one listed under the
Browser Helper Ebjects.
I only have:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{1C044AAD-7955-4cbd-8175-501A165C4E5D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}
Could it be then one of these?
Thanks,
Michael
"Mark L. Ferguson" <marfer_mvpREMOVE@hotmail.com> wrote in message
news
24lpxYTFHA.584@TK2MSFTNGP15.phx.gbl...
> Browser Helper Objects The Browser the Way You Want It:
> http://msdn.microsoft.com/library/ [...] ml/bho.asp
>
> HKLM {
> SOFTWARE {
> Microsoft {
> Windows {
> CurrentVersion {
> Explorer {
> 'Browser Helper Objects' {
> ForceRemove {1E1B2879-88FF-11D2-8D96-D7ACAC95951F}
> }}}}}}}
>
> --
>
> Mark L. Ferguson
> FAQ for MS Antispyware version 1.0.509
> http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm
> marfers notes for windows xp
> http://www.geocities.com/marfer_mvp/chatNotes.htm
> .
> "M. B." <REMOVETHESPAMmystic02@verizon.net> wrote in message
> news:JsLce.997$eC.343@trnddc07...
>>I have a nasty Ad-aware "BHO" ware sitting in my system with the filename
>>of REQ.DAT (in my C:\windows\system32 directory). Thankfully the program
>>"BHODemon" allows me to disable this pest at boot-up, but I can't figure
>>out how can I manually delete it completely from my system!
>>
>> I have tried Ad-Aware Pro, Spybot Search and Destroy and Norton's
>> Antivirus 2005. Only Norton flags it, and when I follow the
>> instructions to "reboot in Safe mode, scan again and then choose to
>> delete it", for some reason, Norton can't even find it!
>>
>> Anyone have any further ideas?
>>
>> Here is what Symantec folk's write about this REQ.DAT:
>>
>> http://securityresponse.symantec.c [...] ok2me.html
>>
>> and here is a link to BHO Demon (it's free!) for those who need help:
>>
>> http://www.definitivesolutions.com/bhodemon.htm
>>
>
>
Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)
You can chase those GUID numbers around at hkey_classes_root/CLSID/, but exporting a reg file to save them, then removing them might
be easier.
--
Mark L. Ferguson
FAQ for MS Antispyware version 1.0.509
http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm
marfers notes for windows xp http://www.geocities.com/marfer_mvp/chatNotes.htm
..
"M. B." <REMOVETHESPAMmystic02@verizon.net> wrote in message news:8aPce.1113$db7.390@trnddc01...
> Hi Mark,
>
> Well, I tried to find that "Key" but I dont have that one listed under the Browser Helper Ebjects.
>
> I only have:
>
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
> Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
>
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
> Objects\{1C044AAD-7955-4cbd-8175-501A165C4E5D}
>
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
> Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}
>
> Could it be then one of these?
>
> Thanks,
> Michael
>
> "Mark L. Ferguson" <marfer_mvpREMOVE@hotmail.com> wrote in message news24lpxYTFHA.584@TK2MSFTNGP15.phx.gbl...
>> Browser Helper Objects The Browser the Way You Want It:
>> http://msdn.microsoft.com/library/ [...] ml/bho.asp
>>
>> HKLM {
>> SOFTWARE {
>> Microsoft {
>> Windows {
>> CurrentVersion {
>> Explorer {
>> 'Browser Helper Objects' {
>> ForceRemove {1E1B2879-88FF-11D2-8D96-D7ACAC95951F}
>> }}}}}}}
>>
>> --
>>
>> Mark L. Ferguson
>> FAQ for MS Antispyware version 1.0.509
>> http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm
>> marfers notes for windows xp http://www.geocities.com/marfer_mvp/chatNotes.htm
>> .
>> "M. B." <REMOVETHESPAMmystic02@verizon.net> wrote in message news:JsLce.997$eC.343@trnddc07...
>>>I have a nasty Ad-aware "BHO" ware sitting in my system with the filename of REQ.DAT (in my C:\windows\system32 directory).
>>>Thankfully the program "BHODemon" allows me to disable this pest at boot-up, but I can't figure out how can I manually delete it
>>>completely from my system!
>>>
>>> I have tried Ad-Aware Pro, Spybot Search and Destroy and Norton's Antivirus 2005. Only Norton flags it, and when I follow the
>>> instructions to "reboot in Safe mode, scan again and then choose to delete it", for some reason, Norton can't even find it!
>>>
>>> Anyone have any further ideas?
>>>
>>> Here is what Symantec folk's write about this REQ.DAT:
>>>
>>> http://securityresponse.symantec.c [...] ok2me.html
>>>
>>> and here is a link to BHO Demon (it's free!) for those who need help:
>>>
>>> http://www.definitivesolutions.com/bhodemon.htm
>>>
>>
>>
>
>
Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)
Ricky!
THANK YOU! It worked like a charm!
I have now re-booted a few times (even with System Restore on), and its
really completely gone. I even ran HiJackThis and CWShredder and they say
that my system is now clean!
THANK YOU again!
- Michael
"Ricky" <rsjoiner@no_spambellsouth.net> wrote in message
newsLRce.141909$UW6.99949@bignews5.bellsouth.net...
> Here's a post I found that may help..
>
> Download pocket killbox from
> http://www.thespykiller.co.uk/files/killbox.exe & put it on the
> desktop where you can find it easily
> Now run killbox and paste this lines into the box, select delete on
> reboot then press the red X button, say yes to the prompt and let it
> reboot
>
> C:\WINDOWS\system32\req.dat
>
> then when it reboots run HJT & make sure these entries have gone
>
> O2 - BHO: (no name) - {1C044AAD-7955-4cbd-8175-501A165C4E5D} -
> C:\WINDOWS\system32\req.dat
> O20 - Winlogon Notify: req - C:\WINDOWS\system32\req.dat"
>
>
>
> "M. B." <REMOVETHESPAMmystic02@verizon.net> wrote in message
> news:EqQce.1850$k01.1428@trnddc03...
> | Mark,
> |
> | You are right, I am seeing this "req.dat" under Manage Add-ons under
> the
> | Disabled list. But there is no option to DELETE it, is there?
> |
> | Thanks again!
> | Michael
> |
> | "Mark L. Ferguson" <marfer_mvpREMOVE@hotmail.com> wrote in message
> | news:%23GoqvNbTFHA.3244@TK2MSFTNGP15.phx.gbl...
> | > With SP2, IE has a Tools menu item for "Manage Add-Ons" that
> should allow
> | > disabling it.
> | >
> | > --
> | >
> | > Mark L. Ferguson
> | > FAQ for MS Antispyware version 1.0.509
> | > http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm
> | > marfers notes for windows xp
> | > http://www.geocities.com/marfer_mvp/chatNotes.htm
> | > .
> | > "M. B." <REMOVETHESPAMmystic02@verizon.net> wrote in message
> | > news:48Qce.5470$xy.3129@trnddc08...
> | >> Well folks, thanks everyone for your help and suggestions but I
> have yet
> | >> still to successfully remove this damn "Spyware". But I do
> have some
> | >> more information!
> | >>
> | >>
> | >>
> | >> I have for sure indentified the "offending" file as:
> | >>
> | >> \WINDOWS\SYSTEM32\REQ.DAT
> | >>
> | >>
> | >>
> | >> And the REGISTRY entry is:
> | >>
> | >>
> | >>
> | >>
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
> | >> Helper Objects\{1C044AAD-7955-4cbd-8175-501A165C4E5D}
> | >>
> | >>
> | >>
> | >> If I try to MANUALLY delete the file, I get "Access Denied" and
> when I
> | >> delete the registry key, it just pops right back after exiting
> REGEDIT.
> | >>
> | >>
> | >>
> | >> Please remember, I have tried running the below suggested
> utilities with
> | >> System Restore On & Off, and also in Normal and in Safe Mode.
> | >> Unfortunately, no luck!
> | >>
> | >>
> | >>
> | >> -----------------------------------------------------------------
> | >>
> | >> CWShredder - it finds this as "VX2.Look2Me", tells me it has been
> removed
> | >> but when I reboot, it's still there.
> | >>
> | >>
> | >>
> | >> AdAware SE Pro - doesn't find it.
> | >>
> | >>
> | >>
> | >> Spybot Search and Destroy - doesn't find it.
> | >>
> | >>
> | >>
> | >> Microsoft's Antispyware beta - doesn't find it.
> | >>
> | >>
> | >>
> | >> Norton Antivirus 2005 - it find's it. Tells me to run it again
> in Safe
> | >> Mode to remove it. When I re-run Norton in Safe Mode, it
> doens't even
> | >> flag or find it.
> | >>
> | >>
> | >>
> | >> HiJack This - it finds it, and when I choose to Fix It, it
> supposedly
> | >> does but when I re-run Scan, it's again back there.
> | >>
> | >>
> | >>
> | >> BHODemo - it finds it and thankfully I have been able to DISABLE
> it with
> | >> this program. Here is the data that it reports on it:
> | >>
> | >>
> | >>
> | >> BHODemon 2.0.0.22 Report File:
> | >> Desc: * Investigating *
> | >> ReportsCount: 6
> | >> Clsid: {1C044AAD-7955-4cbd-8175-501A165C4E5D}
> | >> DLL Path: C:\WINDOWS\System32\req.dat
> | >> Last Load Time: 4/30/2005 6:02:51 PM
> | >> Blocked Load Attempts: 1,003
> | >> Modified Date: Monday, April 11, 2005 20:11:53
> | >> Created Date: Monday, April 11, 2005 20:11:53
> | >> Load Attempts: 1,166
> | >> Enabled?: No
> | >> Size (bytes): 22,016
> | >> EnabledCount: 4
> | >> MD5 Checksum: d7bcebc6ca7dca7326eebb92818d410d
> | >> Status: Investigating
> | >>
> | >> ------------------------------------------------------------
> | >>
> | >>
> | >>
> | >> So, if anyone has any other suggestions or ideas how to
> completely remove
> | >> it, PLEASE let me know. In my 20+ years around computers, I
> have never
> | >> seen such a nasty and vicious worm.
> | >>
> | >>
> | >
> | >
> |
> |
>
>
Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)
You're welcome..I'm glad it helped. :-)
"M. B." <REMOVETHESPAMmystic02@verizon.net> wrote in message
news:IOTce.1890$k01.1669@trnddc03...
| Ricky!
|
| THANK YOU! It worked like a charm!
|
| I have now re-booted a few times (even with System Restore on), and
its
| really completely gone. I even ran HiJackThis and CWShredder and
they say
| that my system is now clean!
|
| THANK YOU again!
|
| - Michael
|
| "Ricky" <rsjoiner@no_spambellsouth.net> wrote in message
| newsLRce.141909$UW6.99949@bignews5.bellsouth.net...
| > Here's a post I found that may help..
| >
| > Download pocket killbox from
| > http://www.thespykiller.co.uk/files/killbox.exe & put it on the
| > desktop where you can find it easily
| > Now run killbox and paste this lines into the box, select delete
on
| > reboot then press the red X button, say yes to the prompt and let
it
| > reboot
| >
| > C:\WINDOWS\system32\req.dat
| >
| > then when it reboots run HJT & make sure these entries have gone
| >
| > O2 - BHO: (no name) - {1C044AAD-7955-4cbd-8175-501A165C4E5D} -
| > C:\WINDOWS\system32\req.dat
| > O20 - Winlogon Notify: req - C:\WINDOWS\system32\req.dat"
| >
| >
| >
| > "M. B." <REMOVETHESPAMmystic02@verizon.net> wrote in message
| > news:EqQce.1850$k01.1428@trnddc03...
| > | Mark,
| > |
| > | You are right, I am seeing this "req.dat" under Manage Add-ons
under
| > the
| > | Disabled list. But there is no option to DELETE it, is there?
| > |
| > | Thanks again!
| > | Michael
| > |
| > | "Mark L. Ferguson" <marfer_mvpREMOVE@hotmail.com> wrote in
message
| > | news:%23GoqvNbTFHA.3244@TK2MSFTNGP15.phx.gbl...
| > | > With SP2, IE has a Tools menu item for "Manage Add-Ons" that
| > should allow
| > | > disabling it.
| > | >
| > | > --
| > | >
| > | > Mark L. Ferguson
| > | > FAQ for MS Antispyware version 1.0.509
| > | > http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm
| > | > marfers notes for windows xp
| > | > http://www.geocities.com/marfer_mvp/chatNotes.htm
| > | > .
| > | > "M. B." <REMOVETHESPAMmystic02@verizon.net> wrote in message
| > | > news:48Qce.5470$xy.3129@trnddc08...
| > | >> Well folks, thanks everyone for your help and suggestions but
I
| > have yet
| > | >> still to successfully remove this damn "Spyware". But I
do
| > have some
| > | >> more information!
| > | >>
| > | >>
| > | >>
| > | >> I have for sure indentified the "offending" file as:
| > | >>
| > | >> \WINDOWS\SYSTEM32\REQ.DAT
| > | >>
| > | >>
| > | >>
| > | >> And the REGISTRY entry is:
| > | >>
| > | >>
| > | >>
| > | >>
| >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
| > | >> Helper Objects\{1C044AAD-7955-4cbd-8175-501A165C4E5D}
| > | >>
| > | >>
| > | >>
| > | >> If I try to MANUALLY delete the file, I get "Access Denied"
and
| > when I
| > | >> delete the registry key, it just pops right back after
exiting
| > REGEDIT.
| > | >>
| > | >>
| > | >>
| > | >> Please remember, I have tried running the below suggested
| > utilities with
| > | >> System Restore On & Off, and also in Normal and in Safe Mode.
| > | >> Unfortunately, no luck!
| > | >>
| > | >>
| > | >>
| > |
>> -----------------------------------------------------------------
| > | >>
| > | >> CWShredder - it finds this as "VX2.Look2Me", tells me it has
been
| > removed
| > | >> but when I reboot, it's still there.
| > | >>
| > | >>
| > | >>
| > | >> AdAware SE Pro - doesn't find it.
| > | >>
| > | >>
| > | >>
| > | >> Spybot Search and Destroy - doesn't find it.
| > | >>
| > | >>
| > | >>
| > | >> Microsoft's Antispyware beta - doesn't find it.
| > | >>
| > | >>
| > | >>
| > | >> Norton Antivirus 2005 - it find's it. Tells me to run it
again
| > in Safe
| > | >> Mode to remove it. When I re-run Norton in Safe Mode, it
| > doens't even
| > | >> flag or find it.
| > | >>
| > | >>
| > | >>
| > | >> HiJack This - it finds it, and when I choose to Fix It, it
| > supposedly
| > | >> does but when I re-run Scan, it's again back there.
| > | >>
| > | >>
| > | >>
| > | >> BHODemo - it finds it and thankfully I have been able to
DISABLE
| > it with
| > | >> this program. Here is the data that it reports on it:
| > | >>
| > | >>
| > | >>
| > | >> BHODemon 2.0.0.22 Report File:
| > | >> Desc: * Investigating *
| > | >> ReportsCount: 6
| > | >> Clsid: {1C044AAD-7955-4cbd-8175-501A165C4E5D}
| > | >> DLL Path: C:\WINDOWS\System32\req.dat
| > | >> Last Load Time: 4/30/2005 6:02:51 PM
| > | >> Blocked Load Attempts: 1,003
| > | >> Modified Date: Monday, April 11, 2005 20:11:53
| > | >> Created Date: Monday, April 11, 2005 20:11:53
| > | >> Load Attempts: 1,166
| > | >> Enabled?: No
| > | >> Size (bytes): 22,016
| > | >> EnabledCount: 4
| > | >> MD5 Checksum: d7bcebc6ca7dca7326eebb92818d410d
| > | >> Status: Investigating
| > | >>
| > | >> ------------------------------------------------------------
| > | >>
| > | >>
| > | >>
| > | >> So, if anyone has any other suggestions or ideas how to
| > completely remove
| > | >> it, PLEASE let me know. In my 20+ years around computers,
I
| > have never
| > | >> seen such a nasty and vicious worm.
| > | >>
| > | >>
| > | >
| > | >
| > |
| > |
| >
| >
|
|
Please mind
You are about to answer a thread that has been inactive for more than 6 months.
If you still wish to proceed, please ensure that your posting is original and does not duplicate or overlap any prior responses to this thread.
Sponsored links
Ad
Related Topics
- How to read a Mini .dmp file
- WinXP Diagnostic Startup
- Repairing a program with Add/ Remove...
- add and remove
- Getting attachments from Outlook messages
- Internet conection sharing. Attaching file error.
- How Do I Update BIOS ???
- Cannot remove virus
- Can't edit or save bat file after running it - locked by e..
They won a badge
Join us in greeting them
- 12:51 tapnick won the Sophmore badge
- 01:00 ladler won the Freshman badge
- 10:28 johnny_5 won the Sophmore badge
- 10:18 wuzy won the Sophmore badge
- 01:00 zracko won the Freshman badge
- 01:00 depixcent won the Freshman badge
- 01:00 TheDane won the Freshman badge
- 01:00 nawat won the Freshman badge
- 07:57 Maziar won the Smartphones badge
- 01:00 srumelhart won the Freshman badge