1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

(Solved) Rapid Blaster and porno pop-ups

Discussion in 'Virus & Other Malware Removal' started by lillibunny, Feb 3, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. lillibunny

    lillibunny Thread Starter

    Joined:
    Feb 3, 2003
    Messages:
    2
    Hi,

    I looked at the question regarding this issue by a user named michelle and I tried to do what the tech support guy told her to do however, this did not work for me.

    I don't know how the rapid blaster got onto my computer, it is shared so it could have been one of my roommates, however I cannot remove it.

    I have tried the add/remove programs and it disappears but is still enabled some how. I tried to delete it but it tells me that another source is using it or that another program is running it and that I can't delete it. Or it tells me that the disk is full or something to that effect.

    I want to remove this as I am grealty offended by its presence and suibject matter!

    Please help me,
    lillibunny
     
  2. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    hello lillibunny,welcome to T.S.G
    so .........you have done the add/remove dance and rapidblaster still comes back.
    this is what to do.
    after you uninstall in add remove programs....go to the downloaded programs folder C:/windows/downloaded programs,and delete the folder "AInst"right click and delete.now
    re-start windows and delete the "rapidblaster" folder,should be in the windows folder(c:/windows).
    then........and this is a little tricky but trust me,you can make it:)
    hit start, run type "regedit"(without the quotes)
    double click the "HKEY_LOCAL_MACHINE"\Software\and right click and delete the Rapidblaster folder.
    that should be it.............post back and let us know if this works.
    take care
    ;)
     
  3. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    SpyBot S&D and Ad-Aware 6.0 will detect and remove RapidBlaster.

    For Manual removal, do this:

    Go to Start > Run, and type Msconfig.

    On the Startup tab locate this item:

    RapidBlaster = c:\program files\RapidBlaster\rb32.exe

    Click OK, close Msconfig, and reboot.

    Now delete the entire Program Files\RapidBlaster directory.

    Next, go to Internet Options, press "settings", then "show files", and delete the following ActiveX object, if it's there:

    [AInst Class]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\ACTIVE~1.DLL
    CODEBASE = htp://cnt.rapidblaster.com/install/activeinstaller.dll

    Finally, go to Internet Options > Programs, and hit "Reset Web Settings".

    Good luck,
     
  4. lillibunny

    lillibunny Thread Starter

    Joined:
    Feb 3, 2003
    Messages:
    2
    Hello all who sent me information on how to fix my Rapid Blaster problem!

    Thank you, this is the best service that I have found on line.

    I will definitely recommend this to all my friends who are having technical difficulties.

    For those who are interested, I actually didn't use the methods completely that were suggested. I kind of used bits and pieces from them.

    For those who are curious I went to start, run, typed Msconfig and couldn't find the Rapidblaster in the start up list, etc.
    So then somehow I got to the properties area of the rapid blaster folder, clicked everything that I could deny access to for the program and then somehow got to the delete option area of the program folder.

    If you can't tell, I no absolutely nothing about computers, hence the layperson language. I apologize and I hope I am providing some with a little laugh.

    Any how I was able to delete the program after I did all that clicking, so something worked.

    That's my story. Talk to you all soon.

    lillibunny :p
     
  5. ecu39

    ecu39

    Joined:
    Mar 28, 2003
    Messages:
    1
    unfortunately I've tried these and still am stuck at the part of trying to delete the [AInst Class] file. It still keeps telling me the file is being used by another program, blah blah blah...

    I've deleted the c:\program files\rapidblaster....

    Any more ideas? I'm running Win 2000 Pro.
     
  6. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    Please do this:

    Go to http://www.spywareinfo.com/downloads.php#det , and download 'Hijack This!'.
    Unzip, doubleclick HijackThis.exe, and hit "Scan".

    When the scan is finished, the "Scan" button will change into a "Save Log" button.
    Press that, save the log somewhere, and please show us its contents.
     
  7. stevemacke

    stevemacke

    Joined:
    Mar 29, 2003
    Messages:
    1
    I went into the add/remove program and did the removal process. However, when I went into the downloaded program files I was unable to remove the rb32 folder or the rapid blaster folder.

    I have attempted to get more detailed removal instructions from the vendor but have had very little luck.

    I am searching for the vendors address - as I wish to have my attonery demand full disclosure of how to remove this file -

    this program appeared on my computer without permission and my 10 year old daughter has been exposed to porn pop-ups. I would like to be able to make them understand that what they are doing is not only a breach of my privacy - and against the law = but that they may have concequences.

    If anyone can provide there address or give me a process to formally log a complaint against this organization - please forward me the information.

    All the Best - and Thanks for any assistance
     
  8. mViOkPe

    mViOkPe

    Joined:
    Oct 15, 2002
    Messages:
    101
     
  9. Paytond20

    Paytond20

    Joined:
    Apr 3, 2003
    Messages:
    12
    Here is my log from Hijack...
    Logfile of HijackThis v1.92.1
    Scan saved at 1:53:32 PM, on 4/3/2003
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://my.msn.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride=127.0.0.1
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrust\Antivirus\realmon.exe"
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [RapidBlaster] C:\Program Files\RapidBlaster\rb32.exe
    O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    O4 - Global Startup: officejet 6100.lnk = ?
    O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {1E89F686-B78D-4C85-9EFC-3474516E3FE2} - http://directplugin.com/plugin/110313.exe
    O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - http://www.cdkeybonus.com/cdkey/ITCDKey.cab
    O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37490.1647800926
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    Please help me get rid the this RapidBlaster folder!
     
  10. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    Well, there you are:

    Check, and have HT fix this one:

    O4 - HKLM\..\Run: [RapidBlaster] C:\Program Files\RapidBlaster\rb32.exe

    Next, reboot and delete the entire Program Files\RapidBlaster folder.

    Cheers,
     
  11. Paytond20

    Paytond20

    Joined:
    Apr 3, 2003
    Messages:
    12
    I'm 95% sure it worked. when I did a search of my hard drive afterwards the only file that came up was...

    RB32.EXE-1FE480B1.pf

    And it was in...

    C:\WINDOWS\Prefetch






    RapidBlaster, and rb32.exe are both gone though!

    :D
     
  12. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    That's good! :)

    Don't worry about the Prefetch folder. It's content gets refreshed on a regular basis, but if you'd like you can remove that file there as well.
     
  13. mjordan2001

    mjordan2001

    Joined:
    May 22, 2003
    Messages:
    3
    I too, have acquired the wonderful rapid blaster with no knowledge of whence it came.
    I cannot get rid of it. It does not show up in the Add/Remove Programs of the Control Panel and I cannot delete the Program File Folder as "access is denied because the file is in use".
    I followed one of the previous suggestions and downloaded the HIJACK THIS program and ran it. Here is the log it generated.
    Any help greatly appreciated!!

    Sys. Specs.
    AMD 500
    Win2k Pro

    Log:
    Logfile of HijackThis v1.94.0
    Scan saved at 11:45:49 PM, on 5/21/2003
    Platform: Windows 2000 SP3 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://www.comcast.net
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title=Microsoft Internet Explorer provided by Comcast
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\System32\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\SYSTEM\blank.htm
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: WebFerret - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - C:\Program Files\FerretSoft\WebFerret\FerretBand.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: (no name) - {69550BE2-9A78-11D2-BA91-00600827878D} - C:\WINDOWS\System32\shdocvw.dll
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [SAClient] "C:\Program Files\Comcast\BBClient\Programs\RegCon.exe" /admincheck
    O4 - HKLM\..\Run: [SAUpdate] "C:\Program Files\Comcast\BBClient\Programs\SAUpdate.exe"
    O4 - HKLM\..\Run: [ComcastSUPPORT] C:\Program Files\Support.com\bin\tgkill.exe /cleaneahtioga /start
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
    O4 - HKLM\..\Run: [rb32 lptt01] "C:\Program Files\rb32\rb32.exe"
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\Smc.exe -startgui
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [AutoUpdater] C:\WINDOWS\System32\aupdate.exe
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Help (HKCU)
    O9 - Extra button: ComcastHSI (HKCU)
    O9 - Extra button: Support (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
    O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Shared/ComCtl32/6,0,80,22/ComCtl32.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
    O16 - DPF: {3B240FE6-F3DC-4E56-954D-257471ABF8F8} (Artwork Player) - http://www.geecreations.com/cab/artworkplayer.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,64/mcinsctl.cab
    O16 - DPF: {69FD62B1-0216-4C31-8D55-840ED86B7C8F} (HbInstObj Class) - http://installs.hotbar.com/installs/hotbar/programs/hotbar.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37683.8331018519
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
     
  14. IMM

    IMM

    Joined:
    Feb 1, 2002
    Messages:
    3,257
    mjordan2001 - As TonyKlein indicates earlier in this post SpybotSD will remove it. Download from http://tomcoyote.com/SPYBOT/
    Install it - and update it online before you run it.
    It should handle this one. Post back with a new HJT log after SpyBot fixes what it can. For instance this one looks like a TinyBar clsid
    69550BE2-9A78-11D2-BA91-00600827878D
     
  15. Top Banana

    Top Banana

    Joined:
    Nov 10, 2002
    Messages:
    1,344
    Close IE. Scan with HT, tick and "Fix" all the following entries:

    O3 - Toolbar: (no name) - {69550BE2-9A78-11D2-BA91-00600827878D} - C:\WINDOWS\System32\shdocvw.dll
    O4 - HKLM\..\Run: [rb32 lptt01] "C:\Program Files\rb32\rb32.exe"
    O4 - HKCU\..\Run: [AutoUpdater] C:\WINDOWS\System32\aupdate.exe
    O16 - DPF: {69FD62B1-0216-4C31-8D55-840ED86B7C8F} (HbInstObj Class) - http://installs.hotbar.com/installs...rams/hotbar.cab

    Reboot and remove/delete:

    Program Files\rb32
    aupdate.exe
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/116740

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice