I think I have some sort of wierd virus. I've scanned more then twice and norten showed up with no virus. here's my problem:

About Every 30 mins my compter all of a sudden runs IE and goes to this web page http://www.da.ru/closed/ I've never been to that site before and don't know why the hell it does this! Please if anyone has any ideas please respond because i don't know if this is a virus or what.

Thanks,

Paul

also, sorry mods if this is out of place, not sure where to put it......

1st thing , clear out your web cache, and all your cookies by searching in your find box for both, check for hidden, i suspect you will find an .exe in your cache file
if the problem persists search through your entire system, including lastly your regestry for "da.ru"
did you perhaps load a program or any thing that could have altered your system to do this, what is the last thing u did before this started?
then reboot

Originally posted by turd
1st thing , clear out your web cache, and all your cookies by searching in your find box for both, check for hidden, i suspect you will find an .exe in your cache file
if the problem persists search through your entire system, including lastly your regestry for "da.ru"
did you perhaps load a program or any thing that could have altered your system to do this, what is the last thing u did before this started?
then reboot

tried all that you said, but still got another on of these things..

have u tried a IE repair install yet? checked your HKLM/....run and run once

also try setting all your security: activex, java to the security\prompt before run settings and see if it is making a call, again i would suspect something like that, some pretty spiffy programers out there could time you to jump after 100 sec after an xaccess, gif marker or something along that line?

I did find something suspenicious in HKLM...run, but i don't know what it is :

rundll32 D:\WINDOWS\NEWDOT~1.DLL,NewDotNetStartup

i also changed the activex and what not to "promt" also nothing in "run once"

I would say BINGO

but of course, you never know, so

i would guess that that is it. i would delete it , delete that .dll


find that .dll and click on it when IE is open see what happens, see what it says also you can

try this link http://www.tfi-technology.com/products.htm
its a program called start stop, once installed it lets you "run now" any programs in your run and run once, might id it ?

great program, but just disable the run at startup option in its config, so you wont get its prompting to load option at boot

someone introduced that to your system, got warez?

well deleting that file really screwed me up even more (dammit, i should of made a backup) any way i tried reinstalinng winxp and that didn't help so i installed it from a fresh install and to make a long story short for the last hour i've been trying to reinstall the the programs i had, the good news is everything is working well.

thanks turd for your help,

Paul

man didnt know we were talking xp, who knows with that thing

but i really suspect that that reg key was loading that .dll which was doing the damage

for future ref the reg key was to be deleted as well as the .dll

and i would guess that that was thrown into your reg and drive when something was unziped or installed so watch when you install

but u know that reg key and .dll could have been part of the XP hardware change monitor thing, would you post if that key is in your new install when u get stable?



good luck

I cant say for sure but I think you just deleted the file that asks you to signup for .NET when you install XP. If so that file would not be sending you to some hacker site (in all probability) in Russia, which BTW has been shutdown (as it says on the page you linked). If you reformatted and are doing a clean install you should not have that problem again unless you execute whatever program sent you there to start with. You may have picked up a trojan somewhere that the anti-virus companies just hadn't identified yet.

ok found this : http://www.cexx.org/newnet.htm

i would guess u got some of this and it went wild on XP, scrambled its brains or something,
or u got a hacked up version that was ment to gen .05 every day or so per client and they wanted every 20 min. or so

btw i think that stuff that gets run once during the install process would be in HKLM.....runonce

alright thanks, that clears some stuff up

Why can't you just set your system restore back a day,week or month until before you had the problem?