52 replies to this topic

[zheng.93]

Hi guys, been a while since I last posted

Anyways I've a funny problem with my Win7 laptop that's leaving me stumped!

Well here's how the story goes.....

I bought myself an iPad, which I loved until I decided to try to connected to this laptop. Unfortunately I got this error that "Apple Mobile Device" couldn't start, so I followed instructions on how I should remove this program called "Megakey" that was interfering with the service.

I HAD megakey installed, but obviously it wasn't uninstalled properly as a normal search popped up this file:

C:\Programdata\Megamedia\Megakey\msadm.dll

I couldn't delete it as it was being used by a whole load of other programs (As Unlocker told me so).

What I did next was to extract the megakey.exe file from their website using 7zip, transferred the uninstall.exe from megakey.exe into that folder containing msadm.dll and executed uninstall.

After rebooting, msadm.dll was removed, like finally

However!!

Once msadm.dll was removed, for some strange reason my browsers such as Firefox and IE couldn't work. When typing any address (google.com, facebook.com, neowin.net) into the web browser, FF would just leave me stuck in the empty tab while IE just says there's a connection problem (where conducting any diagnostics doesn't work, as usual).

After much thought I realised that it could be the msadm.dll that's affecting it, so I created the same folder in program data and transferred msadm.dll from my previously extracted megakey.exe back into the SAME folder.

Strangely, after putting that .dll file back, I could use firefox and IE all over again!

Does anyone know why this is occuring? I'm stumped, and so are my friends. Could it be that msadm.dll is actually supporting my computer and has become an infectious, cancerous-like parasite? Is there a way for me to remove msadm.dll without losing connectivity and thus allowing me to connect the iPad?

Hope to hear from you guys!

Thanks

[Detection]

Remove the file, folder, and anything else that shouldn't be there

Reset IE, make sure FF and other browsers are not set to run through any proxy

Run Malwarebytes

Empty temp folders

Disable anything suspicious in msconfig

[Hum]

The virus has corrupted your browsers, to force you to go to other sites.

I would try System Restore first, if you use it.

Next you could uninstall Megakey, and delete msadm.dll, then run the Registry cleaner, such as the one with CCleaner (free download).

That can get rid of the useless registry entry that is causing a problem, that you 'need' the msadm.dll file.

You could run a good anti-virus scan as well.

Lastly I would save your bookmarks, and remove Firefox, then Reinstall.

good luck ....

[Gaara sama]

Oh Boy just restart your pc in save mode and run Malewarebyte save mode with network .

[zheng.93]

Thanks for your reply

I did try to do a system restore but megakey was uninstalled like months ago, and I only realised there's remnants of it lying around today. So restoring my system back to when I did not have megakey installed is...impossible? Not sure about that =/

I can't delete msadm.dll as it's being 'used' by many other programs such as services.exe, firefox.exe, svchost.exe and some norton process. The only way I could delete it was using the uninstaller, and also by using my old dual boot of iATKos to delete it.

I tried deleting it, running CCleaner AND a virus scan using Norton Internet Security, but I still cannot use the browser.

@gaara sama you're suggesting SAFE mode, then running malwarebytes?

[zheng.93]

Detection, on 25 November 2011 - 15:18, said:

Remove the file, folder, and anything else that shouldn't be there

Reset IE, make sure FF and other browsers are not set to run through any proxy

Run Malwarebytes

Empty temp folders

Disable anything suspicious in msconfig

Everything in msconfig that I don't need/not sure what they are, are already disabled. Temp folders are clean. Running malwarebytes now

[Guolung]

Try Kaspersky labs TDSS killer too, just to be sure.

[Joey S]

Sounds like a rootkit or something of that ilk. Take a look at your browser's connection settings and confirm it isn't using a proxy of some kind.

[zheng.93]

Joey S, on 25 November 2011 - 15:46, said:

Sounds like a rootkit or something of that ilk. Take a look at your browser's connection settings and confirm it isn't using a proxy of some kind.

Firefox says no proxy is being used!

Guolung, on 25 November 2011 - 15:45, said:

Try Kaspersky labs TDSS killer too, just to be sure.

Thanks! Trying out now....

Kaspersky TDSS Killer detected "sptd" as suspicious, from C:\Windows\system32\Drivers\sptd.sys

It will remove after reboot...gonna reboot now

Anyway so far Malwarebytes hasn't churned up anything yet.

[StrikedOut]

Yeap, Safe mode but either download all the updates before rebooting into safe mode of go safe mode with networking. Safe mode only sarts with services that are required to run, this usualy leaves most 'locked' files and folders open to be deleted. I would also clear out all your restore points too (turn off system restore then turn it back on).

Have you removed Firefox and reinstalled to see if it works then?

[Bad Boy Nibbler]

zheng.93, on 25 November 2011 - 15:54, said:

Firefox says no proxy is being used!



Thanks! Trying out now....

Kaspersky TDSS Killer detected "sptd" as suspicious, from C:\Windows\system32\Drivers\sptd.sys

It will remove after reboot...gonna reboot now

Anyway so far Malwarebytes hasn't churned up anything yet.

sptd is not something to worry of as it used by dameon tools and probley other programs though not sure which if i remember rightly sptd also have there own uninstaller website wise

[zheng.93]

StrikedOut, on 25 November 2011 - 16:01, said:

Yeap, Safe mode but either download all the updates before rebooting into safe mode of go safe mode with networking. Safe mode only sarts with services that are required to run, this usualy leaves most 'locked' files and folders open to be deleted. I would also clear out all your restore points too (turn off system restore then turn it back on).

Have you removed Firefox and reinstalled to see if it works then?

At that point when I deleted the .dll file, reinstalling didn't work o.o

I will go into safe mode tomorrow morning as it's already 12.13am now =/ Sorry but thanks soo much for all your generous help thus far!

littleb2005, on 25 November 2011 - 16:10, said:

sptd is not something to worry of as it used by dameon tools and probley other programs though not sure which if i remember rightly sptd also have there own uninstaller website wise

So I shouldn't remove it?

[Bad Boy Nibbler]

zheng.93, on 25 November 2011 - 16:14, said:

At that point when I deleted the .dll file, reinstalling didn't work o.o

I will go into safe mode tomorrow morning as it's already 12.13am now =/ Sorry but thanks soo much for all your generous help thus far!



So I shouldn't remove it?

that really depends the only time i seen sptd get installed is for virutal cd - dvd emulation software like alchol 120 dameon tools if you don't used such tools it not needed if you do your gonna need it

[zheng.93]

Hi,

I'm currently on safe mode with networking. Tried to delete but it still says it cannot be deleted as it is being used by another program. Unlocker doesn't seem to be working in safe mode and hence I cannot find out which program is using the .dll file in safe mode. My guess is svchost.exe? =/

[zheng.93]

Update: I used megakey's uninstall.exe to remove the .dll file. When restarted back to safe mode with networking, I got the message "windows help and support cannot start". Thereafter, any attempts to use firefox and ie yields no results, I'm just stuck on an empty tab.

Kaspersky tdss and malwarebytes scans yield no results as well, they say my computer has no malware or rootkits.

Tried reinstalling firefox as well, but once again I still can't connect to the Internet.

The only way I can connect to the Internet again is to put back the megakey .dll file into program data.

Ahhhhh! Any ideas?