Tom's Guide | Tom's Hardware | Tom's Games

Computing.Net > Forums > Security and Virus > tapicfg.exe I can't get rid of it!!

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

tapicfg.exe I can't get rid of it!!

Reply to Message Icon

Name: JasonS
Date: April 19, 2004 at 20:31:27 Pacific
OS: Windows 2003
CPU/Ram: 2.66Mhz 512
Comment:

This virus (part of the CoolWebSearch collection) has been ruining my life! It's inside my windows\system32 directory keeps changing my hompage to about:blank which directs me to some CWS website. Whenever I try to either manually delete it or use any anti-spy software (usually only Ad-aware and CWShredder can detect it) to get rid of it, it reappears as soon as i refresh the system32 folder.

I've also use Spybot and it never finds anything, however when I run hijackThis it always lists my default start page to about:this.

Here is a recent hijackThis log:

Logfile of HijackThis v1.97.7
Scan saved at 11:12:31 PM, on 4/19/2004
Platform: Unknown Windows (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 (6.00.3790.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Dfssvc.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\CTHELPER.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
F:\Spy Sweeper\SpySweeper.exe
C:\Program Files\SlimBrowser\sbrowser.exe
E:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sportingnews.com/home.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tsn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sportingnews.com/home.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.tsn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -off
O4 - HKLM\..\Run: [CTHelper] CTHELPER.exe
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.exe /run
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Ad-watch] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [SpySweeper] "f:\Spy Sweeper\SpySweeper.exe" /0
O4 - Startup: BHODemon.lnk = C:\Program Files\BHODemon\BHODemon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Does anyone know if their is some sort of other program that is causing tapicfg.exe to keep reappearing?

Thanks for any help you can provide


I've also use Spybot and it never finds anything, however when I run hijackThis it always lists my default start page to about:this. Does anyone know if their is some sort of other program that is causing tapicfg.exe to keep reappearing?

Thanks for any help you can provide



Sponsored Link
Ads by Google

Response Number 1
Name: merheo
Date: April 23, 2004 at 13:39:59 Pacific
Reply:

http://www.hijackfix.rheoit.com/ Try this site. It helped me.



0

Response Number 2
Name: Jfaden2
Date: May 7, 2004 at 06:46:49 Pacific
Reply:

Tried the recommended web page, it's been removed.


0

Sponsored Link
Ads by Google
Reply to Message Icon

Related Posts

See More



Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.


Go to Security and Virus Forum Home


Sponsored links
Ads by Google


Results for: tapicfg.exe I can't get rid of it!!
Win32/Renos.dz -- can't get rid of it! www.computing.net/answers/security/win32renosdz-cant-get-rid-of-it/26277.html

Can't get rid of winupgro.exe www.computing.net/answers/security/cant-get-rid-of-winupgroexe/24143.html

VIRUS that I can't get rid ofPLEASE help www.computing.net/answers/security/virus-that-i-cant-get-rid-ofplease-help/469.html