Jump to content


Photo

CWS NS3


  • Please log in to reply
6 replies to this topic

#1 shanej308

shanej308

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 29 June 2004 - 01:10 PM

hi ive used spysweeper and found 4000 traces of this cws after removing it tells me the rest can be removed after rebooting but when i reboot it still there some times the exe is appkz.exe and others it kbdb32.exe and the .dll for the homepage will be changed ive used CWShredder and Hijackthis both i downloaded from the site today so im confident there current ill insert the log from hijackthis now CWS is also closing browsers, notepad, and Aol Instant Messager along with taking up massive amounts of my bandwidth thanks for you help

Logfile of HijackThis v1.97.7
Scan saved at 2:03:54 PM, on 6/29/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\addij32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Documents and Settings\erica\Desktop\CWShredder.exe
C:\Program Files\NetZero\exec.exe
C:\WINDOWS\appkz.exe
C:\Documents and Settings\erica\Desktop\HijackThis.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\qsacc\x1exec.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.ne...ch?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\dqdoh.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://dqdoh.dll/index.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://dqdoh.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\dqdoh.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://dqdoh.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\dqdoh.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.ne...ch?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.ne...ch?r=minisearch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:7900
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 64.136.29.30;64.136.21.30;64.136.29.34;searchap.untd.com;127.0.0.1;localhost;*wi
ndowsupdate.microsoft.com;*windowsupdate.com;*wustat.windows.com;*profiles.yahoo.
com;*.pogo.com;*test-speed.com;<local>
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {6E088D4B-521B-1676-CDD6-EC121DD3C210} - C:\WINDOWS\addys32.dll
O2 - BHO: (no name) - {941DD013-675D-CD4D-9C3A-C8AA77DA9AAD} - C:\WINDOWS\mfckx.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [addij32.exe] C:\WINDOWS\addij32.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\hcm.exe" -w
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKLM\..\RunOnce: [javama32.exe] C:\WINDOWS\javama32.exe
O4 - HKLM\..\RunOnce: [SpySweeper_BT01] "C:\Program Files\Webroot\Spy Sweeper\Bt01.exe" /SpySweeper_BT01
O4 - HKCU\..\RunOnce: [untd_recovery] C:\Program Files\NetZero\qsacc\x1exec.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8167.3537037037
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B9E6687-A620-4BA7-B8B1-824E2BBDF02C}: NameServer = 64.136.20.121 64.136.20.133

#2 shanej308

shanej308

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 29 June 2004 - 02:10 PM

please help me i cant get rid of this thing im new to this spyware stuff

#3 shanej308

shanej308

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 29 June 2004 - 06:42 PM

could someone help me with this at least tell me which are bad i have some clues but not sure on all the bad ones

#4 shanej308

shanej308

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 29 June 2004 - 10:40 PM

thanks everyone for you post they really helped i got rid of it on my own ill tell the people who dont know how to get rid of it or at least the way i did it

First: I ran hijackthis and got all running apps up cleared all of them
Second i ran Spy Sweeper and let it run all the way thru and cleaned it out
Then Ran Hijack this again cleared out all apps again
rebooted
ran to find anything left over with spy sweeper cleared the last bit
ran hijack this cleared all apps again
rebooted and it has been gone for 3 hours now hope this helps

#5 shanej308

shanej308

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 29 June 2004 - 10:41 PM

freeware of spy sweeper is good enough to do this

#6 shanej308

shanej308

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 29 June 2004 - 10:43 PM

also got rid of ms java vm with the help of cwshredder all programs used are up to date

#7 shanej308

shanej308

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 29 June 2004 - 10:49 PM

oh yea on last note if you stop all appz in hijackthis you will have to reload them they wont start up norm at start up i guess this may help in ridding yourself of the thing




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button