What happened to the Messenger Plus! forums on msghelp.net?
Shoutbox » MsgHelp Archive » Skype & Technology » Tech Talk » Block-Checker

Pages: (7): « First « 1 2 [ 3 ] 4 5 6 7 » Last »
Block-Checker
Author: Message:
Joa
The dodgiest member
****

Avatar

Posts: 799
Reputation: 102
116 / Female / Flag
Joined: Feb 2005
Status: Away
RE: Block-Checker
quote:
Originally posted by mwe99
I would appreciate you not yelling at me or public discrediting me, believe it or not i know what to tool does, but thought of this? Who is gonna keep you on their list after they have blocked you.

you have a good point, though cookie is right too. the person who blocks you will not always delete you from their list...

check out this thread. i know it is not the best way to detect blocking, but considering that there is no other way, it is not SO bad ..though it is rather limited.
http://shoutbox.menthix.net/showthread.php?tid=46...d=476747#pid476747

This post was edited on 08-17-2005 at 06:52 PM by Joa.
:bow: gif :bow: <3   

spam.


08-17-2005 06:51 PM
Profile PM Find Quote Report
Fergy
Full Member
***

Avatar

Posts: 164
Reputation: 7
35 / Male / Flag
Joined: Nov 2004
RE: Block-Checker
I got this message from one of my friends earlier today, good thing I trusted my instincts. I'm probably gonna go to his house tonight and fix it up.

I think you should:
Delete the folder from the program files and the .INI files from the system folder, and then use MSCONFIG to remove it from startup. After that, open Add/Remove Programs, then click remove on the block checker, this would most likely detect the absence of the program and remove it from the list. Then virus and adware/spyware scan.

Anyone agree/disagree?

This post was edited on 08-19-2005 at 06:03 AM by Fergy.
I should change my sig ay?
08-19-2005 05:50 AM
Profile E-Mail PM Find Quote Report
segosa
Community's Choice
*****


Posts: 1407
Reputation: 92
Joined: Feb 2003
RE: Block-Checker
I'd say

ctrl+alt+del, kill the extra csrss.exe first and then block-checker.exe (if you don't know which csrss.exe it is, use Process Explorer from sysinternals to see its path)

Then delete the contents of C:\Program Files\Block Checker and edit startup to stop block-checker.exe attempting to start.

Try find the ini files in the system directory, if you can't find them there then do a Windows search and see if they're located anywhere else for some reason.

It's probably not really needed, but I guess an adware/spyware scan can't hurt.
The previous sentence is false. The following sentence is true.
08-19-2005 09:40 AM
Profile PM Find Quote Report
CookieRevised
Elite Member
*****

Avatar

Posts: 15519
Reputation: 173
– / Male / Flag
Joined: Jul 2003
Status: Away
RE: RE: Block-Checker
quote:
Originally posted by Fergy
(...) and then use MSCONFIG to remove it from startup.
MSCONFIG does NOT remove it completely from the registry, it creates a backup of it when you "delete" it...

Go directly to your registry (regedit.exe) and delete it yourself or use a decent 3rd party program...

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

For more info on MSCONFIG and this issue, see:
CookieRevised's reply to Start-up Programs
.-= A 'frrrrrrrituurrr' for Wacky =-.
08-19-2005 12:06 PM
Profile PM Find Quote Report
Fergy
Full Member
***

Avatar

Posts: 164
Reputation: 7
35 / Male / Flag
Joined: Nov 2004
RE: Block-Checker
Thanks for the advice, unfortunatley i couldn't go to my friend's house today (I was sick) so i'd probably go there sometime this weekend.
I should change my sig ay?
08-19-2005 02:44 PM
Profile E-Mail PM Find Quote Report
kipper2258
Junior Member
**

Avatar

Posts: 96
Reputation: 6
Joined: Aug 2005
RE: RE: Block-Checker
quote:
Originally posted by CookieRevised
eg: you don't want to be disturbed for a while, yet you want to be able to answer that oh-so-important question from that special someone....


I know the feeling, do it all the time ;)
[Image: w2m/]
Yeah - Im a kipper - A salted fish...
The fish inside me's Blog.

World domination!
08-20-2005 03:31 PM
Profile E-Mail PM Find Quote Report
Val
Senior Member
****

Avatar

Posts: 698
Reputation: 45
30 / Other / Flag
Joined: Jun 2004
RE: Block-Checker
i knew that was a virus from the begging just the wired shit that they would alwasy say the same shit over and over again lol and the they started to give me winks lol
Menthix:
Anonymous doesn\'t have a leader.
Anonymous is the leader of ShawnZ.

Max:
True. But deep down, we all know.
ShawnZ is incharge.
he is /b/ in human form.
08-21-2005 04:11 AM
Profile PM Web Find Quote Report
Fergy
Full Member
***

Avatar

Posts: 164
Reputation: 7
35 / Male / Flag
Joined: Nov 2004
RE: Block-Checker
I've finally had time to remove one of these suckers from someones computer (over remote assistance too). The problem is that the CSRSS.EXE process can't be killed by windows task manager because it thinks it's a proper windows progress

Anyways i have written up how to remove the virus, i've tried to make it as simplistic as possible.

--------------------------------------------------------------------
Steps for removing the "Block Checker" Virus
  • Download a copy of Sysinternals Process Explorer Here
  • "Un-Install" the block checker from Add/Remove Programs
  • Open Process Explorer and kill the "csrss.exe" process that is not run by "SYSTEM" or "NT AUTHORITY" or similar (usually the fake is run by your username or computer name)
  • Once you have killed the process csrss.exe find the process "blockchecker.exe" and kill that one
  • Go into C:\Program Files and delete the folder labelled "Block checker" (where C:\ is the drive you installed Windows on)
  • Open The Registry Editor (Start > Run > regedit.exe) and navigate through to
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run and delete the value named "BlockChecker"
    (For help on this section, go to this site, for a wrong move in here could damage your computer)
  • Delete the "exclusion_AOL.ini", "exclusion_MSN.ini" and "exclusion_Yahoo.ini" located in the windows syetm folder (C:\Windows\System)
  • Enjoy your "Block Checker" Virus free system
thanks to segosa and CoookieRevised for their help
PS: Make sure you empty your Recycle Bin

This post was edited on 08-21-2005 at 04:51 PM by Fergy.
I should change my sig ay?
08-21-2005 04:06 PM
Profile E-Mail PM Find Quote Report
CookieRevised
Elite Member
*****

Avatar

Posts: 15519
Reputation: 173
– / Male / Flag
Joined: Jul 2003
Status: Away
RE: Block-Checker
quote:
Originally posted by Fergy
Open Process Explorer and kill the blockchecker.exe and csrss.exe processes that are next to each other
they aren't always "next to eachother" though...

To avoid killing the wrong csrss.exe process, look at the "user name" field which started the process.

If it is "SYSTEM" or "NT AUTHORITY" or the likes then it means it is the legit windows process.

If it is your username/computername then it means the csrss.exe has started up as a normal program and thus the process is not legit and a fake. This is the one you need to kill...

You could also check out the path of the csrss.exe in Process Explorer (right click on it and choose properties). If it is "c:\program files\block checker" or the likes, then you got the right one also...

---------------------------

Good compiled list though (y)...
Though I would also suggest to move the "uninstall blockchecker" step further down, after you've killed the processes.


This post was edited on 08-24-2005 at 03:48 PM by CookieRevised.
.-= A 'frrrrrrrituurrr' for Wacky =-.
08-21-2005 04:41 PM
Profile PM Find Quote Report
Fergy
Full Member
***

Avatar

Posts: 164
Reputation: 7
35 / Male / Flag
Joined: Nov 2004
RE: Block-Checker
thanks cookie. When i did it, blockchecker.exe was a branch of the fake csrss.exe, perhaps i killed the blockchecker.exe process first and the csrss process restarted it.

*added that in to the steps*
I should change my sig ay?
08-21-2005 04:54 PM
Profile E-Mail PM Find Quote Report
Pages: (7): « First « 1 2 [ 3 ] 4 5 6 7 » Last »
« Next Oldest Return to Top Next Newest »


Threaded Mode | Linear Mode
View a Printable Version
Send this Thread to a Friend
Subscribe | Add to Favorites
Rate This Thread:

Forum Jump:

Forum Rules:
You cannot post new threads
You cannot post replies
You cannot post attachments
You can edit your posts
HTML is Off
myCode is On
Smilies are On
[img] Code is On