I tried to d/l a fake video codec earlier and stupidly clicked OK to some ActiveX scripts. Now, in IE 7 only, there is [was] something going on, sort of like my homepage has been hijacked even though it still opens with Yahoo Mail, which I want. I get a "Spyware Found" type of window and when I try to close it I am redirected to here [DANGER - MALWARE]

http ://sc.videofreeMALWARE!foronline.com/id/4912933/4/1/

Aside from IE everything seems to be working fine and Firefox is unaffected. Here is a screenshot of one of the "SpywareFound" windows (which opened with Firefox even though it originated with IE):



I remembered allowing a few (possibly 3) ActiveX script installs and Spybot-S&D asked me if I wanted to allow them (I did each time). I posted an HJT log at the Spyware Warrior forum but there is no reply at this time.

I found this article on How To Delete Internet Explorer 7 ActiveX Controls and decided to investigate. I must have mis-read the article b/c I chose "Add-ons currently loaded in IE" instead of "Downloaded ActiveX Controls" from the Show: drop-down box. I noticed 3 odd-sounding controls:

  • Diagnose Connection Problems - Browser Extension (one of the phony IE windows)

  • Research - Browser Extension

  • "Soplygui" - Browser Helper Object (rgf.dll)


I am able to Disable these items but for some (suspicious) reason the "Delete" button in the "Delete ActiveX" box is greyed out:



IE seems to be working fine now but I would feel better if those ActiveX controls were completely off of my XP SP3 system.