Transponder Virus problem

O

Onnotangu

Flaccid Member
Oct 13, 2004
11,644
30
0
48
Detroit, MI USA
Marklar
₥0
I have a customer that apparently infected himself with a trojan called transponder. I've tried to clean it several times with both macfee and spybot and adaware (the only things that will work in the work environ.) I'm running out of ideas before I have to reformat his machine and reinstall the image. (goodbye precious data)


anyone else have any fixes or stand alone virus cleaners that might fix the issue?
 
Onnotangu said:
I have a customer that apparently infected himself with a trojan called transponder. I've tried to clean it several times with both macfee and spybot and adaware (the only things that will work in the work environ.) I'm running out of ideas before I have to reformat his machine and reinstall the image. (goodbye precious data)


anyone else have any fixes or stand alone virus cleaners that might fix the issue?
Click to expand...

Did you apply any of these "fixes" while in Safe Mode?

Edit: Search mothafucka! http://www.spyany.com/program/article_spy_rm_Transponder.html
Edit2: Ooooo... Ajax powered forums. Noice.
 
ceiling fly said:
There are TONS of new ajax things in vB's next release. Spiffy stuff.
Click to expand...

Too bad the front page's threads don't update their possition with ajax :)
 
ceiling fly said:
Doesn't ajax require the user to do something to start it all? Thread updates could be done by any poster...
Click to expand...

No I mean a thread listing done in Ajax, at a certain interval, JS could go and request some XML :), then update the thread listing. That'd be annoying on a big forum of course.
 
if you know where it's files reside, boot to ntfs dos and delete them manually if you can't get at them in safe mode
 
Onnotangu said:
not it's not moosoft. this is also known as VX2. I've spent about 5 hours trying to remove it.
Click to expand...
Follow these steps to remove Transponder from your machine,

Transponder is a DLL file called IEHelper.dll (Blackstone variant), VX2.dll (VX2 variant), TPS108.dll (TPS108 variant) or MSView.dll (MSView variant). This can be found in the Windows folder.You need first deregister the DLL file. Open a DOS command prompt window (from Start->Programs->Accessories) and enter the following commands:


cd "%WinDir%\System"
regsvr32 /u ..\IEHelper.dll ( for the Blackstone variant:)
regsvr32 /u ..\VX2.dll ( for the VX2 variant)
regsvr32 /u ..\TPS108.dll ( for the TPS108 variant)
regsvr32 /u ..\MSView.dll ( for the MSView variant)
regsvr32 /u ..\host.dll ( for the Host variant)
regsvr32 /u ..\BI.dll ( for the BI variant)
regsvr32 /u ..\SiteHlpr.dll (for the SiteHlpr variant)

Restart the computer.
Delete the DLL file as mentioned above from the Windows folder. In the MSView variant you can also delete MSView.ini in the same place; in the Blackstone variant domlst.cch can be deleted. The Host variant may leave 'hostprep.exe'. In the TPS108 variant there may be a tps108.html file in the root of the C:\ drive; in the SiteHlpr variant it may be called bc777.html. These can be deleted to clean up.
You can also clean up the registry (Start->Run->regedit) by deleting the 'Transponder' (Blackstone variant), 'RespondMiter' (VX2 variant), 'TPS108' (TPS108 variant), 'HostDll' (Host variant), 'MSView' (MSView variant) or 'SiteHlpr' (SiteHlpr variant) subkey of HKEY_LOCAL_MACHINE\Software.
 
Last edited:
danvuquoc said:
Did you apply any of these "fixes" while in Safe Mode?

Edit: Search mothafucka! http://www.spyany.com/program/article_spy_rm_Transponder.html
Edit2: Ooooo... Ajax powered forums. Noice.
Click to expand...
:rolleyes:
yes. it reinfects itself with in 10 minutes.
I've tried hijack this and a few others. which don't seem to see the virus. right now I'm attempting to back up some of his data so i can try to restage the damn thing.
 
elpmis said:
Follow these steps to remove Transponder from your machine,

Transponder is a DLL file called IEHelper.dll (Blackstone variant), VX2.dll (VX2 variant), TPS108.dll (TPS108 variant) or MSView.dll (MSView variant). This can be found in the Windows folder.You need first deregister the DLL file. Open a DOS command prompt window (from Start->Programs->Accessories) and enter the following commands:


cd "%WinDir%\System"
regsvr32 /u ..\IEHelper.dll ( for the Blackstone variant:)
regsvr32 /u ..\VX2.dll ( for the VX2 variant)
regsvr32 /u ..\TPS108.dll ( for the TPS108 variant)
regsvr32 /u ..\MSView.dll ( for the MSView variant)
regsvr32 /u ..\host.dll ( for the Host variant)
regsvr32 /u ..\BI.dll ( for the BI variant)
regsvr32 /u ..\SiteHlpr.dll (for the SiteHlpr variant)

Restart the computer.
Delete the DLL file as mentioned above from the Windows folder. In the MSView variant you can also delete MSView.ini in the same place; in the Blackstone variant domlst.cch can be deleted. The Host variant may leave 'hostprep.exe'. In the TPS108 variant there may be a tps108.html file in the root of the C:\ drive; in the SiteHlpr variant it may be called bc777.html. These can be deleted to clean up.
You can also clean up the registry (Start->Run->regedit) by deleting the 'Transponder' (Blackstone variant), 'RespondMiter' (VX2 variant), 'TPS108' (TPS108 variant), 'HostDll' (Host variant), 'MSView' (MSView variant) or 'SiteHlpr' (SiteHlpr variant) subkey of HKEY_LOCAL_MACHINE\Software.
Click to expand...
tried that around hour 2. still didn't work.
 
You must log in or register to reply here.
Top Bottom
Back