Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
I ran AVG Anti-Virus, and it came up with two Trojan Horses. They are as follows;
Trojan Horse Dropper. Small. 5. J
Trojan Horse Dropper. Small. 7. AVSince then, my AOL software freezes, and webpages won't load completely hence the freezing.
I have downloaded HiJackThis, CWShredder, and the other one for the CWShredder. And they won't open for me. It says that "A required DLL file, MSVBVM60.DLL, was not found."
I am currently trying to download an update for AVG, but unfortunately, its stuck at 63%.
Please help!
You need the Visual Basic Runtime Libraries to be able to run CWShredder. Most recent Windows have these installed by default, but if you don't have these files, they're available from Microsoft.com
Can't AVG quarantine, delete or repair the affected files?
Those other programs, while excellent, are mainly for the detection and removal of adware, spyware & browser redirects
I'm just looking for clues at the scene of the crime
0 
Thank you for the suggestions! I've seemed to have cleaned them from my system somehow. Yes, AVG put them in the Virus Vault because it said that it couldn't 'heal' it. So, I let the update finish - which it finally did after awhile, and everything seems to be working so far.
0
Okay, it did it again (freezing my AOL) I ran my anti virus, and it said that no virus was detected...I'm confused. I'd really like to get them off of my comp. :(
0
You may have other problems - sounds like the virus has been taken care of.
Recommended is to run Ad-aware and/or Spybot in case there are other kinds of pests on your machine.
Make sure both programs are updated - if you still experience problems after running them, post back.
0
Well, I've downloaded Spybot - and am in the process of downloading Adaware. I'm running spybot right now. And it found the following:
Spybot:
2 CoolWWWSearch
1 DSO Exploit
1 Alexa Related
2 SearchSquire
1 Blazefind.Bridge
2 DSO Exploit
1 DyFuCA. InternetOptimizer
1 FunWeb
1 HotbarIt "fixed" all of them except the first two listed. It crashes when it tries to.
Adaware found: (70 Objects)
IBIS Toolbar
IBIS Toolbar
IBIS Toolbar
48 Tracking Cookies
WinFavorites
IBIS Toolbar
IBIS Toolbar
IBIS Toolbar
8 Tracking Cookies
eUniverse
Possible Hijack Attempt
Possible Hijack Attempt
Possible Hijack Attempt
Possible Hijack Attempt
IBIS Toolbar
IBIS ToolbarI quarantined them, and adaware deleted them. I went in, and deleted the quaratine file.
Now, how do I get rid of the two that spybot found that it can get rid of?
0
To remove CoolWebSearch you would use the CWShredder program mentioned in your first post - hopefully that will fix the problem, however the author is no longer maintaining the program, and new variants keep appearing.
Probably shouldn't delete the quarantine files unless you are sure there will be no repercussions - sometimes 'false positives' are reported.
Also, occasionally removal of spyware can disrupt your internet connection - wouldn't hurt to have the 'fix' for that (just in case)
I'm not completely sure, but I think that the DSO Exploit is one of the false alarms.
Have you updated the Spybot detection rules?
0
Yes, I updated the rules for it before even running it. Hopefully, the CW Shredder will work for me this time...
0
Ok, that's good. CoolWebSearch is a nasty one, many variations on a theme.
If you have the VB Runtimes from M$ (linked earlier) CWS will at least run.
From a post here in the Security & Virus forum regarding the DSO Exploit detection by spybot:
"the spybot team says if all security updates are applied to IE, this is a false alarm.... I just ignore the DSO warnings as spybot team says to"
0
I downloaded the visual Runtime thing that I needed from the link in one of the previous posts, and I went to install it -- there were no words or anything, and there was no User Agreement text...and when I clicked 'I agree' - even though there were no words, I got the "A reqiured source cannot be located" - and in the blue bar - some very weird symbols.
Also, with the LSPFix - if I have to uninstall AOL for any reason, and reinstall it again - will it mess up anything?
0
I was able to download the VB Runtime successfully the third time, and I was able to run the CWShredder. However, It said that my system was clean. And so, I ran Spybot again - and the results came up wit CoolWWWSearch.
I ran HiJackThis; and here's the resulting log:
Logfile of HijackThis v1.98.2
Scan saved at 1:12:46 PM, on 8/18/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\WINDOWS\LOADQM.exe
C:\WINDOWS\SYSTEM\3CMLNKW.exe
C:\WINDOWS\STARTER.exe
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.exe
C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.exe
C:\PROGRAM FILES\AMERICA ONLINE 8.0\AMERICA ONLINE 8.0\AOLTRAY.exe
C:\WINDOWS\SYSTEM\SPOOL32.exe
C:\WINDOWS\SYSTEM\LEXBCES.exe
C:\WINDOWS\SYSTEM\RPCSS.exe
C:\WINDOWS\SYSTEM\LEXPPS.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\WINDOWS\SYSTEM\RNAAPP.exe
C:\WINDOWS\SYSTEM\TAPISRV.exe
C:\MY DOCUMENTS\HIJACKTHIS\HIJACKTHIS.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [3Cmlink] C:\WINDOWS\SYSTEM\3cmlnkW.exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe -quiet
O4 - Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\America Online 8.0\aoltray.exe
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {E04EAE82-14AD-41CB-BF5A-45556ABB8347} (WebCoachDownload Class) - http://esupport.aol.com/help/engine/aolcinst.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50099/QDow_AS2.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
What do I need to rid my computer of?
0
Hardly an expert, but I'll give it a go:
O16 - DPF: {87067F04-DE4C-4688-BC3C- 4FCF39D609E7} - http://download.websearch.com/Dnl/ T_50099/QDow_AS2.cab
seems quite suspicious
Not too about these:R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F- 29EA915965EC} - (no file)
Also
O8 - Extra context menu item: Shorten URL - http:// www.cjb.net/menuext.html
.. if you use CJB.NET - Free URL Redirection - Free Web Hosting then leave it, otherwise take it out.
If you experience any problems, you can restore removed entries using HJT, if necessary.
Lots of other things I wouldn't have on my computer (AOL, MSN, Real) but they're not malware (strictly speaking)
0
Yes, I realize that - plenty of startup applications that probably aren't necessary to be always loaded and likely bog down your machine somewhat. More of a personal preference, although a couple have been known to cause problems (loadqm, starter.exe)
[EnsoniqMixer] starter.exe
MsnMsgr.Exe
YAHOO!\MESSENGER\ypager.exe
aoltray.exe
loadqm.exe
With Win9x, the less running in the background, the better Windows will run - but, of course, you balance that out against what you need or want.
It also makes interpreting a HJT! log a little easier if there are fewer tasks running (shorter, anyways)
0
Okay, I think I've got the virus end of this thing done and over with. And almost all of the spyware taken care of. DSO Exploit, I have nothing to worry about. However, I cannot remove the CoolWWWSearch off of my computer. I have run the CWShredder, and it says that my system is clean. I ran the 'killer' for one of the variants of CoolWWW, and its said that I didn't have that particular one. My AOL still freezes up, and I've never had a problem like this. I did everything that AOL techs told me to do about the freezing, and it hasn't worked. So, I'm thinking that the CoolWWWSearch is causing the problem.
Any suggestions on how to get it off?
0
Logfile of HijackThis v1.98.2
Scan saved at 11:35:37 PM, on 8/19/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.exe
C:\WINDOWS\SYSTEM\MPREXE.exe
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.exe
C:\WINDOWS\SYSTEM\SYSTRAY.exe
C:\WINDOWS\LOADQM.exe
C:\WINDOWS\SYSTEM\3CMLNKW.exe
C:\WINDOWS\STARTER.exe
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.exe
C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.exe
C:\PROGRAM FILES\AMERICA ONLINE 8.0\AMERICA ONLINE 8.0\AOLTRAY.exe
C:\PROGRAM FILES\AMERICA ONLINE 8.0\AMERICA ONLINE 8.0\WAOL.exe
C:\PROGRAM FILES\AMERICA ONLINE 8.0\AMERICA ONLINE 8.0\SHELLMON.exe
C:\WINDOWS\SYSTEM\SPOOL32.exe
C:\WINDOWS\SYSTEM\LEXBCES.exe
C:\WINDOWS\SYSTEM\RPCSS.exe
C:\WINDOWS\SYSTEM\LEXPPS.exe
C:\WINDOWS\SYSTEM\DDHELP.exe
C:\PROGRAM FILES\AMERICA ONLINE 8.0\AMERICA ONLINE 8.0\AOLWBSPD.exe
C:\WINDOWS\SYSTEM\TAPISRV.exe
C:\WINDOWS\SYSTEM\RNAAPP.exe
C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [3Cmlink] C:\WINDOWS\SYSTEM\3cmlnkW.exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe -quiet
O4 - Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\America Online 8.0\aoltray.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {E04EAE82-14AD-41CB-BF5A-45556ABB8347} (WebCoachDownload Class) - http://esupport.aol.com/help/engine/aolcinst.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
0
Just about off to bed, but I'd suggest removing this:
O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F- 29EA915965EC} - (no file)
.. other than that, seems like a clean log.
I'd noticed your question concerning system resources - reducing the number of programs that start with Windows is what you do to increase resources. Best targets would be the ones mentioned previously.
A possible source of trouble and resource hog is loadqm:
This task loads the MSN Queue Manager and is installed when you install MSN Explorer or MSN Messenger. LOADQM gobbles up system resources and appears on most end-users’ Task Lists who come to us complaining of low System & User Resources or very slow, "crawling", PCs. In December 2003 this is still one of the worst behaved Microsoft programs !
0
Okay, I think I got the CoolWWWSearch off of my computer. Cause I ran Spybot, and its not showing up anymore. However, I have these, that I cannot remove:
Avenue A, Inc
Advertising.com
Doubleclick
0
I believe those are tracking cookies - not exactly dire threats in and of themselves.
Ad-aware or Spybot should be able to remove them with ease - they're just textfiles in your 'cookies' folder.
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
