• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
    • Budfred

      PLEASE READ - Reversing upgrade   02/23/2017

      We have found that this new upgrade is somewhat of a disaster.  We are finding lots of glitches in being able to post and administer the forum.  Additionally, there are new costs associated with the upgrade that we simply cannot afford.  As a result, we have decided to reverse course and go back to the previous version of our software.  Since this will involve restoring it from a backup, we will lose posts that have been added since January 30 or possibly even some before that.    If you started a topic during that time, we urge you to make backups of your posts and you will need to start the topics over again after the change.  You can simply paste the copies of your posts that you created at that point.    If you joined the forum this month, you will need to re-register since your membership will be lost along with the posts.  Since you have a concealed password, we cannot simply restore your membership for you.   We are going to backup as much as we can so that it will reduce inconvenience for our members.  Unfortunately we cannot back everything up since much will be incompatible with the old version of our software.  We apologize for the confusion and regret the need to do this even though it is not viable to continue with this version of the software.   We plan to begin the process tomorrow evening and, if it goes smoothly, we shouldn't be offline for very long.  However, since we have not done this before, we are not sure how smoothly it will go.  We ask your patience as we proceed.   EDIT: I have asked our hosting service to do the restore at 9 PM Central time and it looks like it will go forward at that time.  Please prepare whatever you need to prepare so that we can restore your topics when the forum is stable again.
Sign in to follow this  
Followers 0

Argument - moved from "Hijacked"

9 posts in this topic

Note - this discussion was disrupting http://forums.spywareinfo.com/index.php?showtopic=15595&hl= so I have moved these posts to here. cnm


Hello, newyork

I'm not sure what criteria this forum requires in order

to be considered a "qualified" expert. I'm a newbie to

this post but definitely not a newbie in the world of

spyware, in particularly CWS and Backdoor trojans.

I am in the process of developing a tool that I hope

will help in the fight against CWS and other known

culprits. I will not promote my product here. But,

I can give you what I consider to be an expert opinion in

that field!

I agree that you do show signs of a Backdoor variant. Your system may

even show clean results in a virus scan; however, a tool is

needed to go back and "pick up the trash" that is left behind

(DLL files etc.) [Hopefully, I will help in that task for future references.]

MyDoom virures run a backdoor component, which is dropped as the file SHIMGAPI.DLL. (This trojan component opens TCP ports 3127 thru 3198 to allow remote users to access and manipulate infected systems. The backdoor routine has the ability to download and execute arbitrary files.)

CTFMON.DLL is another known culprit in the W32 trash pile. And, yes, the previous

Post was correct in suggesting the Mcafee Stinger tool. These should be deleted!

I didn't see taskmon.exe in your log file, but if you find it ...it's trash!


Ctfmon.exe is a process that can either cause a bunch of headaches or not affect you! If it keeps appearing at start-up, disable it as the previous post said to do!

I would recommend following the advice you have gotten thus far! (Scanning in safe mode, etc.) If the afore mentioned steps don't work for you, you may have an unknown variant.

Also, follow HJT's lead and remove the NO Name browser helper.

Hope this helps, newyork!

Edited by cnm

Share this post

Link to post
Share on other sites

All right, NewYork, let me see if I got this:

1.)You scanned with all the recommended tools

{Norton, Spybot, Adaware, HJT, CWShredder, Stinger,

Panda, Housecall} all updated and results are clean?

2.)You used Norton and Adaware in safe mode...clean?

3.) You don't have CTFMON.DLL or SHIMGAPI.DLL?

4.)Notepad is o.k.

5.)No weird popups or error messages bombarding you? (except monwow)

6.)No computer freezes or slow OS problems?

7.)No more About Blank?

Well, if all this is correct, and you've followed the advice

here, then I'd say, your system is fine.

Don't be paranoid!


Now, about your services and task manager woes::::

You have nothing to worry about with the wowexec.exe (which

is started by NTVDM when you run a 16-bit program (a DOS program, a Windows 3.1 program, etc.) Do this to end the process,so it won't waste memory:

Right Click on the system tray to open task manager/Find wowexec.exe, right click it,

and end the process/Yes to confirm.

Msmsgs.exe --again, no threat. Its' reappearing like that, believe it or not,

is normal, but annoying. Did you go into the Tools/Options/Preferences menu option in Messenger and uncheck "Run when Windows starts"? Is it running on startup in

msconfig? If so, unclick it. There is a tweak you can use in the registry to remove it from startup. Monwow--Norton products can be somewhat "finicky" and there are known conflicts with them in the presence of some other software, like a firewall. Or, maybe it has been damaged by spyware. You may have to remove it and reinstall. Contact Symantec. http://www.symantec.com/techsupp


I'll give you some links to help you learn about the services, and

processes, so that if you happen to find another strange process, you can look it up and figure out what it does and if you need it. (Or if it's Spyware or Virus material!):-o

I disabled about 20 so-called "necessary" services when I installed XP and my

computer runs better than ever. BUT, the key is KNOWING which services and

processes are necessary and what other programs on your system depend on them.

You can't just go on a deleting spree, or you'll really be in a mess. BE CAREFUL!!!!!!

So, here are some useful research links to help you with services, task manager, registry, etc. (And, I know you may get some people that don't like these sites or whatever.

Big deal. Not everybody agrees.Yadda, yadda... It's my opinion---works for me! Hope it helps you too.Take care, NewYork!)

:p (CEO in Tennessee)



This one has registry startup info. too





Here's the Messenger Removal Link (Also on the eldergeek site.)



Before any registry edits are made, read here:



And, I noticed the link to http://www.answersthatwork.com in the post above, clicked on it and found it to be very helpful; Check out the Ultimate Troubleshooting


Edited by CEOn10ec

Share this post

Link to post
Share on other sites

(Post this wherever deemed appropriate)


Dear Budfred and Jedi,


As you can see, my "Official Title" is not "Helper",

it is simply "Member", which means that


I am NOT affiliated with the "staff" of this forum, so my

advice should be taken on an AT Your Own Risk basis.


I would like to point out that in the link provided by Budfred,



Cnm states that ALL "Member" advice should be taken skeptically.


As far as the information that I have offered to those in this forum,

you are welcome to research it yourself and see that I gave no

information that could damage an operating system. And, you know,

as a "Malware Hound" that when any operating system has more than one problem affecting it, problems should be dealt with

one at a time, analyzing each result (which is what I did) rather than trying to fix everything at once,


Unlike CEON10EC, I do not claim to be an expert, nor do I view anyone

here as an expert. I have worked For Dell for several years as a support technician and have found that sometimes the best fix comes

from trial and error, as each person's system has unique features.

I based my information on what I have given to countless others experiencing the same problems.

Over the last few weeks, I'm sure you've noticed a rise in the infections

of the CWS persuasion. I have dealt with over 800 calls of Dell customers having had their notepad destroyed by malware and then trying to repair it themselves.

I get on forums such as these to research for myself and provide information for those I help in my work.


As for your generous offer to help train me----no thank you. I've only had 17 years of experience, and just going to work is a training experience for me.

But, I will offer you some free advice. The messenger features that

you proposed "fixing" in your post to newyork are as CEO said,

perfectly normal. I recommend that you research this topic on the

microsoft support site before you go trying to fix it; or I suppose,

"if it ain't broke, you can fix it till it is."

I will not post any further advice in this forum and make a request that, if possible, all my forum threads be removed, as I certainly wouldn't want to plague the forum's future visitors with "unqualified advice."


Sincerely, TerryB

Edited by terryb

Share this post

Link to post
Share on other sites



It appears that you took the feedback personally and I am sorry you chose to do that... We ask all helpers here to get trained so that we and the users who post here can feel confident that they do know what they are doing... If you are working on this type of material on a daily basis, I would think that you would see the value in having the full resources of the malware fighting community at your disposal, but it appears that you do not...


As for fixing the Messenger problem... Just because it is normal does not mean that it does not need to be fixed... In my role as a Helper it is appropriate to help the user with whatever he/she perceives to be problem... That you do not choose to take that approach is your option...

Share this post

Link to post
Share on other sites



Did you even bother researching or verifying my post information,

before you automatically deemed it inappropriate?

Isn't that what you're supposed to do?


What's the deal, as Malware Hound, do you just go sniffing around

to find a post by a NON Qualified member, so you can be the first

to officially tell them they need to attend the prestigious Boot Camp,

before their advice is worthy of consideration?


With, all due respect, your comment,

"Just because it is normal does not mean that it does not need to be fixed... " is sub-par, and at the very least, absurd.


The product is not defective. It's settings can be changed, but there is no problem with its' internal functioning mechanisms just because it

is programmed to come on at startup. If you read the post, newyork was worried that spyware was operating from it. {He didn't have the problem he thought he had.}


Once again, did you research the microsoft Messenger link provided or another info. forum?

So, do you offer advice to the tune of terry's quote," if it ain't broke, fit it till it is."?


And, if you really support " the value in having the full resources of the malware fighting community at your disposal..." then you would realize

that the full fighting resource community includes members like myself

that have experienced the problems in these posts first-hand and have

resolved them. Didn't they teach you that in Boot Camp?


As, I said, research my information and advice if you choose. If it's faulty, call it faulty. If it's not, leave it alone.


*****Now why don't we get off the personal offenses and debates and let newyork resolve his issues?


(It is my opinion that he could take whatever helpful information he finds from a variety of posts, thought I realize some people, trying to be helpful can really screw a person up, here.)

By the way, how many hours a day, do you guys have to train in boot camp?

:mellow: Mellow out.........

Edited by CEOn10ec

Share this post

Link to post
Share on other sites



You obviously are misinterpreting what I am saying and seem to have an agenda... I gave you information about the Boot Camp and if you don't choose to take advantage of that opportunity, then at least respect the fact that this forum asks people to verify that they have skills prior to posting... It appears that you and terryb feel a need to resort to personal attacks and sarcasm when you think your unverified credibility is being questioned... If that is your choice, I am happy to let it go...

Share this post

Link to post
Share on other sites
Did you even bother researching or verifying my post information,

before you automatically deemed it inappropriate?

We control the help given here. Net-Integration and Computer Cops do the same thing; like us, they limit helpers to special credentialed groups. We would be delighted to have more trained helpers - all are welcome in the Boot Camp.


If you don't want to go along with the way this forum is run, then I suggest posting somewhere that you find more congenial. There are lots of antispyware forums.

Share this post

Link to post
Share on other sites

These are your words, as I have read the forum, too.


"We try to catch and fix anything dangerous, misleading, or inadequate, but can't always get there in time."


And, for you to have moved my first two posts in this topic that

were NOT part of the argument, I assume you either found something

"dangerous, misleading, or inadequate" or you have a personal issue with me.

Since there is nothing "dangerous, misleading, or inadequate" in my post, then I have the tendency to believe the latter.


If that's the case, you have moved information that newyork could use

to resolve his issue. That is not good forum policy, but then again,

I should have expected it in the type of forum that considers expertise

to be logging on to a rinky dink bootcamp or subscribing to a

spyware newsletter.


Since you have the power to delete, censor, and move posts, while you're at it remove my membership as well as all the posts and comments that I have submitted.

But, you may want to keep this little one as a remembrance of me.


Here me roar?


P.S. What kind of expertise do you have besides being the mother cat?

Don't bother to reply.


Share this post

Link to post
Share on other sites

Hehe. Very forceful expression of opinion.


Share this post

Link to post
Share on other sites
Sign in to follow this  
Followers 0