Rapid share not working

GENERAL CHAT
Author
jono281
I'm probably spamming
Added: May 25, 2007 10:27 pm
hey!!!
every time i click on a link to download a clip. and then type the code. it always comes up with mistyped URL. what do u need to do to be able to download these film?

thanx- realli grateful if u help out another newbie
Abraxas
Retired Legend
Added: May 25, 2007 10:44 pm
Please show me an example of one such link that you clicked and failed to obtain results from, by pasting it into your reply to this thread.

Or post a link to a specific thread the contents of which you could not download due to such a problem with Rapidshare.

Abraxas
jono281
I'm probably spamming
Added: May 26, 2007 2:26 pm
well it when u click download u reach this page

http://rs133.rapidshare.com/files/31947277/RebeccaFriberg_FionaRyan_TheTudors_1x06.avi

here. it says no premium user please enter code.....
after enetering the code.
and pressing enter.

im taken to this page..
--------------------
I am editing out the hijacker link in your post. See below for my reply. Your browser is corrupt due to a trojan or virus.
See here:
http://www.google.com/search?q=bscwrap&rls=com.microsoft:en-us&ie=UTF-8&oe=UTF-8&startIndex=&startPage=1

Abraxas
---------------------------

can u please help me.

thanx anyone
Abraxas
Retired Legend
Added: May 26, 2007 9:23 pm
jono281, the file link works fine. You should check your computer for browser hijacking software, trojans, or viruses since there is no good explanation for why your computer browser takes you to a different page than RS when you click that link.

By the way, it is a stupid 30 second or so clip at 3MB of one female clutching the other female`s nipple while a man watches.

edit
I`m fairly certain that your computer is infected with a virus, trojan or other form of foul software. Others who also have been sent to that very same link are listed in a Google search.

http://www.google.com/search?q=bscwrap&rls=com.microsoft:en-us&ie=UTF-8&oe=UTF-8&startIndex=&startPage=1

Here is one such example:

http://www.eggheadcafe.com/software/aspnet/29732091/cant-access-internet.aspx

Quote:
Can't access Internet! - EdDeGan
14-Apr-07 04:10:01

When using my lap top computer (connected to my main, desktop computer, via a
wireless router) and attempting to connect to the Internet, I am getting
either one of the following results:
1) A blank page with the address http:/// (yes. 3 slashes).
2) A 2 seconds flashing of my default site (Yahoo.com) which then switches
over (redirected?) to a long address which starts with(only portions are
provided here):
http://81.201.104.136/bscwrap.php.........=http:/ad.doulbleclick.net..........
That site contains reference to yet other sites.
3) The error message: "This page cannot be displayed"
Nothing I have done resolves this problem inclusing all of my ad-Aware SE Pro, Virus protections, Spyware Bluster and Virus Protections.
Other details: I run Windows XP, Home Edition SB2, IE6 (IE7 acted the same way!), I have connection to the Internet since I do receive my email using Outlook.

If anyone knows why and how to get rid of this malady, please, respond. As of now, I am out of the Internet on this machine.
Thank you,
Ed


Notice the reply refers to a browser hijacking:

Quote:
Re: Can't access Internet! - Charles W Davis
14-Apr-07 05:46:39

If you have another browser (Firefox, Opera, Netscape, etc.) can you access the Internet using one of those. If yes, then I would suggest that a browser hijack program has been installed on your machine.


AND

Quote:
Re: Can't access Internet! - Frank Saunders, MS-MVP OE/WM
14-Apr-07 09:30:55
Do a thorough check for malware, following all of the steps at one of these Web pages. Help with malware:
All MS-MVP Sites.
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://www.elephantboycomputers.com/page2.html#Removing_Malware
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/darnit.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm

Unexplained computer behavior may be caused by deceptive software.
http://support.microsoft.com/kb/827315

So How Did I Get Infected Anyway?
For quite a few people it's by installing Messenger Plus, whose ads for
malware don't identify the malware as such and try to convince you that you owe it to the author. See also:
http://www.wilderssecurity.com/showthread.php?t=27971
Don't ever do a "default" install of anything. Always choose Custom and see what else is being carried along. Don't install any extras you're not sure
of.

--
Frank Saunders, MS-MVP OE/WM
http://www.fjsmjs.com
Answer in newsgroup. Don't expect an answer to email


Finally, this is the apparent solution to his problem:

Quote:
Re: Can't access Internet! - Gistchecki
14-Apr-07 05:42:02
You might also try re-registering dll files associated with IE.
http://support.microsoft.com/kb/902932

--
Gistcheckin


Abraxas
jono281
I'm probably spamming
Added: May 26, 2007 9:30 pm
cheers mate i scan my computer straight away.
Abraxas
Retired Legend
Added: May 26, 2007 9:43 pm
You likely have an entry in your Registry that you did not put there, that is causing the browser to become hijacked or whatever the actual issue is. This is a post to a tech site by another person with that problem who actually found the Registry entry but cannot delete it as it keeps returning, which indicates a program of some sort on his puter. Notice he already has an aniti-hijacking app, called HijackThis, and he still has had his browser 'hijacked'.

Also, I highlighted in red the Registry key that is causing your problems:

Quote:
No matter how many times I delete this it keeps coming back.
The full line is R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://81.201.104.136/bscwrap.php?ma...0_0&q=/?url=%s
Any idea how to get rid of it?I think it is responsible for the virus I keep getting
every day and the added spyware.
Thanks buick
I'll add a HJT log to help.

Scan saved at 8:58:25 PM, on 11/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Pat Scott\My Documents\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://81.201.104.136/bscwrap.php?ma...0_0&q=/?url=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: WhgHelper Class - {00000000-0000-11D1-ABED-709549C10000} - C:\Program Files\WHG\Instant Help Application Update 1.2\IEHelper.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O3 - Toolbar: Green_Day_Authority toolbar - {3c435e8e-e8e4-4ec4-a387-a592ef34c050} - C:\Program Files\Green_Day_Authority\tbGre1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://buicksworld.spaces.live.com//...d/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {8FD68625-2346-418A-8899-67CB36B1917F} (McciSM Class) - http://nsprdnacw-vip.aliant.net/moti...ller_4-0-0.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab47946.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by17fd.bay17.hotmail.msn.com/...x/HMAtchmt.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe


Good luck and let us know how it eventuates.

Abraxas
Abraxas
Retired Legend
Added: May 26, 2007 11:01 pm
I have uploaded three apps that might be of use to you. One is a freebie from McAfee called McAfee Stinger. The other two are registered, portable copies of:

Portable Spybot - Search & Destroy 1.4
Portable CCleaner 1.39.502

Just place the folder with the app anywhere on your puter and run it, i.e. you do not have to install either Spybot or CCleaner in order to use them as they are 'portable' copies that do not require installation to use them. As well, they wont stop working after 30 days because they already are registered. I dont know if they will be of help to you but I uploaded them just in case.

http://file2upload.net/download/4042/3.rar.html


edit
I included McAfee Stinger but there is a newer version than the one I uploaded in that rar. If you want it you can get it here:

http://download.nai.com/products/mcafee-avert/stinger.exe

Abraxas
ramblin'man
Respected VIP club member
Added: May 27, 2007 4:14 am
Abraxas wrote:
You likely have an entry in your Registry that you did not put there, that is causing the browser to become hijacked or whatever the actual issue is. This is a post to a tech site by another person with that problem who actually found the Registry entry but cannot delete it as it keeps returning, which indicates a program of some sort on his puter. Notice he already has an aniti-hijacking app, called HijackThis, and he still has had his browser 'hijacked'.

Good luck and let us know how it eventuates.

Abraxas

Just a clarification...

HijackThis does not prevent any hijacking -- for that you need some sort of anti-malware and/or anti-virus and/or a good firewall. It is, however, a very potent little tool that is used to get rid of any nasty beasties, BHO's, hijacking progs, or other hard-to-delete misc pieces of software (like friggin' McAfee, for instance). You can get it for free from many many places (e.g. http//www.download.com), but be careful using it, as it can permantly fuck up your computer if used incorrectly. Anyway if you have trouble eliminating whatever pest you seem to have, give it a go, and maybe I or Abraxas or probably countless others here more knowledgeable than me could help. Very Happy

Abraxas, I applaud your going above and beyond to help this guy with the problem. And I'm not joking (for once). Good on ya. Good Karma comin' your way amigo ...

Now, back to my alcohol as I'm in the middle of tying a serious one on. Shocked

Imbibin'Man
Abraxas
Retired Legend
Added: May 27, 2007 5:31 am
Thanks, Imbibin` Man. And hey I see you`ve got another different avatar pic. Hell, its no wonder I get dizzy reading your posts, eh!?

Enjoy your hootch, RM. I dont even drink but I would tonight had I a bottle or three. It has been one long hot day/evening/night here on the east coast of the westside of South central Middleton.