• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
shamp10

"New Win32" Any Info?

9 posts in this topic

I am lost...I suppose if I can get help here, I'll have to go to the removal forum, but I'll start here...

 

McAfee tells me I have a virus named New Win32. I can find no information on this. The McAfee site just says it was added in 2002, but nothing else. What it does, where it came from, nada...

 

Anyone have any info on this? Thanks a lot.

 

Dee

Share this post


Link to post
Share on other sites

Hi

 

You could run mcafee programme stinger, link below, Please note that it states when you use this programme the following

 

Stinger is a stand-alone utility used to detect and remove specific viruses and worms, including Lovsan. Note: It is not a substitute for full anti-virus protection,

 

 

am suggesting this as you say it was added in 2002.

 

http://us.mcafee.com/virusInfo/default.asp...val/Stinger.asp

Share this post


Link to post
Share on other sites

From the McAfee virus database:

 

New Win32.

This is a heuristic detection which indicates that a file is possibly a Win32 virus. Win32 stands for 32-bit Windows and includes Windows 95, 98, NT, 2000, XP, ME, etc. Ensure that you are using the latest engine and DATs and send a copy of the file to AVERT if it is still detected as "New Win32"

 

And for orders sake, here is the Avert url:

https://www.webimmune.net/default.asp

Share this post


Link to post
Share on other sites

Stinger didn't pick up anything. I ran PandaSoftware's Activescan and it found 5 additional infected files:

 

Virus:Trj/ClassLoader.B No disinfected C:\Documents and Settings\john\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1f5b6b54-63b1779e.zip[GetAccess.class]

Virus:Exploit/ByteVerify No disinfected C:\Documents and Settings\john\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1f5b6b54-63b1779e.zip[insecureClassLoader.class]

Virus:Exploit/ByteVerify No disinfected C:\Documents and Settings\john\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1f5b6b54-63b1779e.zip[Dummy.class]

Virus:Trj/Downloader.CL No disinfected C:\Documents and Settings\john\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1f5b6b54-63b1779e.zip[installer.class]

Virus:Exploit/ByteVerify No disinfected C:\Documents and Settings\john\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\counter.jar-315a6baf-7629134f.zip[Dummy.class]

 

Am I in trouble here?

Any advice is appreciated.

Thanks!

Share this post


Link to post
Share on other sites

This is the HJT log...its greek to me...does it show anything?

 

 

Logfile of HijackThis v1.97.7

Scan saved at 9:29:28 PM, on 6/23/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Dell\Media Experience\PCMService.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Microsoft Money\System\mnyexpr.exe

C:\Program Files\EarthLink TotalAccess\TaskPanl.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\AWS\WeatherBug\Weather.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\deanna\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [VirusScan Online] c:\program files\mcafee.com\vso\mcvsshld.exe

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"

O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: Related (HKLM)

O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O9 - Extra button: WeatherBug (HKCU)

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...ol_v1-0-3-9.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8034.9368055556

O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab

O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab

O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab

O16 - DPF: {EDFCDAF5-95D9-40E9-BBE6-10C33190C3EF} (cGameControl Class) - http://zone.msn.com/bingame/rmcb/default/RumbleCube.cab

Share this post


Link to post
Share on other sites

Hi shampo 10

 

be patient & your log will get looked at, time difference sometimes affects response.

 

You have hi-jack this saved to a temporary folder you need to save this programme in to a permanent folder, this is because it will run backups to enable you to restore any changes you make by mistake etc.

 

Whilst you wait for your log to be looked at you could do the following:

 

run spybot search & destroy, check for updates first, download all updates,

and scan.When finished, make sure ALL RED items have been ticked, and click the "Fix Selected Problems" Button.

 

here is link for spybot search & destroy

 

http://www.safer-networking.org/index.php?page=download

 

also you could run CWShredder

 

here is link to download from

 

http://www.spywareinfo.com/~merijn/

 

Download CWShredder Click on update, then close all browsers, and then click on Fix, not scan.

 

next

 

Make sure you can view all hidden files and folders, link below explains how

 

http://www.xtra.co.nz/help/0,,4155-1916458,00.html

 

when you have done this post back a fresh hi jack this log and you should soon get a response.

 

here is a freeware trojan programe you could also run

 

http://www.a-2.org/en/software/free/

 

a² is a complementary product to antivirus software which is specialized in protection against harmful software. Antivirus software often features an inadequate protection against Trojans, Dialers and Spyware. a² fills this gap.
Edited by thyme

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0