I did an online scan with kaspersky and found this
C:\WINDOWS\wavli.dll Infected: Trojan-Spy.Win32.Delf.jq
Do I just delete that file from windows?
And how in gods name do I get rid of MYWEBSEARCH?
C:\Program Files\Mozilla Firefox\plugins\NPMySrWB.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.i
C:\System Volume Information\_restore{F29EEB5C-B7AE-4043-9AF6-1CAD32FA487C}\RP161\A0058260.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.
C:\System Volume Information\_restore{F29EEB5C-B7AE-4043-9AF6-1CAD32FA487C}\RP161\A0058261.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.l
So far thats about all I have left of MYWEBSEARCH, its gone from registry but, thats all that looks like its left which kaspersky got, delete them as well?
0
Found Trojan-Spy.Win32.Delf.jq in WINDOWS
Started by chrism, Jun 24 2007 10:46 PM
3 replies to this topic
#2 OFFLINE
-
- Moderators
-
- 8,858 posts
I hate computers
- Gender:Male
Posted 24 June 2007 - 11:33 PM
Please post a hijackthis log.
My websearch appears to be apart of some firefox extension you installed. I can show you how to clear your restore points once its gone.
You can go ahead and delete this too:
C:\WINDOWS\wavli.dll
My websearch appears to be apart of some firefox extension you installed. I can show you how to clear your restore points once its gone.
You can go ahead and delete this too:
C:\WINDOWS\wavli.dll
#3 OFFLINE
-
- Members
-
- 34 posts
Member
- Location:Texas
Posted 25 June 2007 - 01:45 AM
rridgely, on Jun 24 2007, 07:33 PM, said:
Please post a hijackthis log.
My websearch appears to be apart of some firefox extension you installed. I can show you how to clear your restore points once its gone.
You can go ahead and delete this too:
C:\WINDOWS\wavli.dll
My websearch appears to be apart of some firefox extension you installed. I can show you how to clear your restore points once its gone.
You can go ahead and delete this too:
C:\WINDOWS\wavli.dll
yeh, actually someone who uses this computer "likes" weather bug, but i know its full of spyware. I deleted some registry entries of mywebsearch. it spreads among firefox which did not ever include my websearch ever on it(i'm the only one who uses firefoxx and its loaded with all my plugins, but yeh...). websearch seems to spread.
heres the hijack:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9:37:58 PM, on 6/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Documents and Settings\~\Desktop\HiJackThis_v2.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKUS\S-1-5-21-515967899-343818398-682003330-1003\..\Run: [Weather] "C:\PROGRA~1\AWS\WEATHE~1\Weather.exe" 1 (User 'chris')
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/contr...vex/TmHcmsX.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 3468 bytes
#4 OFFLINE
-
- Moderators
-
- 8,858 posts
I hate computers
- Gender:Male
Posted 25 June 2007 - 02:46 AM
Weatherbug is yucky. Ask them if they can manage with desktop weather found here:
http://www.weather.c...es/desktop.html
The log is fine but I noticed you don't have an antivirus installed. You can grab a completely free and good one from here:
http://forum.pirifor...?showtopic=7323
If you want to still clean those restore points here is how:
To Flush the infected restore points:
Click Start Menu > All Programs > Accessories > System Tools > SystemRestore
Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.
Next goto Start Menu > Run > type
cleanmgr
Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.
http://www.weather.c...es/desktop.html
The log is fine but I noticed you don't have an antivirus installed. You can grab a completely free and good one from here:
http://forum.pirifor...?showtopic=7323
If you want to still clean those restore points here is how:
To Flush the infected restore points:
Click Start Menu > All Programs > Accessories > System Tools > SystemRestore
Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.
Next goto Start Menu > Run > type
cleanmgr
Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.
