(Solved) Rapid Blaster and porno pop-ups

[lillibunny]

Hi,

I looked at the question regarding this issue by a user named michelle and I tried to do what the tech support guy told her to do however, this did not work for me.

I don't know how the rapid blaster got onto my computer, it is shared so it could have been one of my roommates, however I cannot remove it.

I have tried the add/remove programs and it disappears but is still enabled some how. I tried to delete it but it tells me that another source is using it or that another program is running it and that I can't delete it. Or it tells me that the disk is full or something to that effect.

I want to remove this as I am grealty offended by its presence and suibject matter!

Please help me,
lillibunny

 

[$teve]

hello lillibunny,welcome to T.S.G
so .........you have done the add/remove dance and rapidblaster still comes back.
this is what to do.
after you uninstall in add remove programs....go to the downloaded programs folder C:/windows/downloaded programs,and delete the folder "AInst"right click and delete.now
re-start windows and delete the "rapidblaster" folder,should be in the windows folder(c:/windows).
then........and this is a little tricky but trust me,you can make it
hit start, run type "regedit"(without the quotes)
double click the "HKEY_LOCAL_MACHINE"\Software\and right click and delete the Rapidblaster folder.
that should be it.............post back and let us know if this works.
take care

 

[TonyKlein]

SpyBot S&D and Ad-Aware 6.0 will detect and remove RapidBlaster.

For Manual removal, do this:

Go to Start > Run, and type Msconfig.

On the Startup tab locate this item:

RapidBlaster = c:\program files\RapidBlaster\rb32.exe

Click OK, close Msconfig, and reboot.

Now delete the entire Program Files\RapidBlaster directory.

Next, go to Internet Options, press "settings", then "show files", and delete the following ActiveX object, if it's there:

[AInst Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\ACTIVE~1.DLL
CODEBASE = htp://cnt.rapidblaster.com/install/activeinstaller.dll

Finally, go to Internet Options > Programs, and hit "Reset Web Settings".

Good luck,

 

[lillibunny]

Hello all who sent me information on how to fix my Rapid Blaster problem!

Thank you, this is the best service that I have found on line.

I will definitely recommend this to all my friends who are having technical difficulties.

For those who are interested, I actually didn't use the methods completely that were suggested. I kind of used bits and pieces from them.

For those who are curious I went to start, run, typed Msconfig and couldn't find the Rapidblaster in the start up list, etc.
So then somehow I got to the properties area of the rapid blaster folder, clicked everything that I could deny access to for the program and then somehow got to the delete option area of the program folder.

If you can't tell, I no absolutely nothing about computers, hence the layperson language. I apologize and I hope I am providing some with a little laugh.

Any how I was able to delete the program after I did all that clicking, so something worked.

That's my story. Talk to you all soon.

lillibunny

 

[ecu39]

unfortunately I've tried these and still am stuck at the part of trying to delete the [AInst Class] file. It still keeps telling me the file is being used by another program, blah blah blah...

I've deleted the c:\program files\rapidblaster....

Any more ideas? I'm running Win 2000 Pro.

 

[TonyKlein]

Please do this:

Go to http://www.spywareinfo.com/downloads.php#det , and download 'Hijack This!'.
Unzip, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log somewhere, and please show us its contents.

 

[stevemacke]

I went into the add/remove program and did the removal process. However, when I went into the downloaded program files I was unable to remove the rb32 folder or the rapid blaster folder.

I have attempted to get more detailed removal instructions from the vendor but have had very little luck.

I am searching for the vendors address - as I wish to have my attonery demand full disclosure of how to remove this file -

this program appeared on my computer without permission and my 10 year old daughter has been exposed to porn pop-ups. I would like to be able to make them understand that what they are doing is not only a breach of my privacy - and against the law = but that they may have concequences.

If anyone can provide there address or give me a process to formally log a complaint against this organization - please forward me the information.

All the Best - and Thanks for any assistance

 

[mViOkPe]

Originally posted by TonyKlein:
SpyBot S&D and Ad-Aware 6.0 will detect and remove RapidBlaster.

Good luck,

 

[Paytond20]

Here is my log from Hijack...
Logfile of HijackThis v1.92.1
Scan saved at 1:53:32 PM, on 4/3/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://my.msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride=127.0.0.1
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrust\Antivirus\realmon.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [RapidBlaster] C:\Program Files\RapidBlaster\rb32.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1E89F686-B78D-4C85-9EFC-3474516E3FE2} - http://directplugin.com/plugin/110313.exe
O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - http://www.cdkeybonus.com/cdkey/ITCDKey.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37490.1647800926
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Please help me get rid the this RapidBlaster folder!

 

[TonyKlein]

Well, there you are:

Check, and have HT fix this one:

O4 - HKLM\..\Run: [RapidBlaster] C:\Program Files\RapidBlaster\rb32.exe

Next, reboot and delete the entire Program Files\RapidBlaster folder.

Cheers,

 

[Paytond20]

I'm 95% sure it worked. when I did a search of my hard drive afterwards the only file that came up was...

RB32.EXE-1FE480B1.pf

And it was in...

C:\WINDOWS\Prefetch






RapidBlaster, and rb32.exe are both gone though!

 

[TonyKlein]

That's good!

Don't worry about the Prefetch folder. It's content gets refreshed on a regular basis, but if you'd like you can remove that file there as well.

 

[mjordan2001]

I too, have acquired the wonderful rapid blaster with no knowledge of whence it came.
I cannot get rid of it. It does not show up in the Add/Remove Programs of the Control Panel and I cannot delete the Program File Folder as "access is denied because the file is in use".
I followed one of the previous suggestions and downloaded the HIJACK THIS program and ran it. Here is the log it generated.
Any help greatly appreciated!!

Sys. Specs.
AMD 500
Win2k Pro

Log:
Logfile of HijackThis v1.94.0
Scan saved at 11:45:49 PM, on 5/21/2003
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title=Microsoft Internet Explorer provided by Comcast
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\System32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\SYSTEM\blank.htm
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: WebFerret - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - C:\Program Files\FerretSoft\WebFerret\FerretBand.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {69550BE2-9A78-11D2-BA91-00600827878D} - C:\WINDOWS\System32\shdocvw.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SAClient] "C:\Program Files\Comcast\BBClient\Programs\RegCon.exe" /admincheck
O4 - HKLM\..\Run: [SAUpdate] "C:\Program Files\Comcast\BBClient\Programs\SAUpdate.exe"
O4 - HKLM\..\Run: [ComcastSUPPORT] C:\Program Files\Support.com\bin\tgkill.exe /cleaneahtioga /start
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKLM\..\Run: [rb32 lptt01] "C:\Program Files\rb32\rb32.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\Smc.exe -startgui
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [AutoUpdater] C:\WINDOWS\System32\aupdate.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Help (HKCU)
O9 - Extra button: ComcastHSI (HKCU)
O9 - Extra button: Support (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Shared/ComCtl32/6,0,80,22/ComCtl32.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {3B240FE6-F3DC-4E56-954D-257471ABF8F8} (Artwork Player) - http://www.geecreations.com/cab/artworkplayer.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,64/mcinsctl.cab
O16 - DPF: {69FD62B1-0216-4C31-8D55-840ED86B7C8F} (HbInstObj Class) - http://installs.hotbar.com/installs/hotbar/programs/hotbar.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37683.8331018519
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

 

[IMM]

mjordan2001 - As TonyKlein indicates earlier in this post SpybotSD will remove it. Download from http://tomcoyote.com/SPYBOT/
Install it - and update it online before you run it.
It should handle this one. Post back with a new HJT log after SpyBot fixes what it can. For instance this one looks like a TinyBar clsid
69550BE2-9A78-11D2-BA91-00600827878D

 

[Top Banana]

Close IE. Scan with HT, tick and "Fix" all the following entries:

O3 - Toolbar: (no name) - {69550BE2-9A78-11D2-BA91-00600827878D} - C:\WINDOWS\System32\shdocvw.dll
O4 - HKLM\..\Run: [rb32 lptt01] "C:\Program Files\rb32\rb32.exe"
O4 - HKCU\..\Run: [AutoUpdater] C:\WINDOWS\System32\aupdate.exe
O16 - DPF: {69FD62B1-0216-4C31-8D55-840ED86B7C8F} (HbInstObj Class) - http://installs.hotbar.com/installs...rams/hotbar.cab

Reboot and remove/delete:

Program Files\rb32
aupdate.exe