Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Infected computer popup and CoolWeb


  • Please log in to reply

#16
Feverpitch

Feverpitch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
OK. I'll get this information to you by tomorrow a.m. I'm not currently in the same location as the infected computer.
  • 0

Advertisements


#17
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
No problem. I'll be around. They have me chained to the wall here. :tazz:

Regards,
  • 0

#18
Feverpitch

Feverpitch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
I copied and pasted the two lines of data as you asked 2x, and each time the Notepad file that was opened (document called "files") was blank.
  • 0

#19
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
Did you wait until the command prompt closed?

If so, do a Find Files for: wininet.dll

Let me know where it is found. There should be at least a few.

Regards,
  • 0

#20
Feverpitch

Feverpitch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
According to Find, wininet.dll is located at C:\WINDOWS\SYSTEM. I did another post-Internet-usage Ad-Aware SE search last night and, for the first time in 6 months, it found no Coolwwwsearch virus residue.
  • 0

#21
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
Sounds good, but I'd like to make sure you are clean.

Please surf to: http://virusscan.jotti.org/ and upload C:\WINDOWS\SYSTEM\wininet.dll there

Let me know the results

Regards,
  • 0

#22
Feverpitch

Feverpitch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Pieter. would you believe I can't find wininet.dll manually? I do a Find and the computer finds it under C:/WINDOWS/SYSTEM but when I browse there to upload it, there's no wininet.dll anywhere.
  • 0

#23
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
Well. The system folder is pretty big.

You can copy & paste the full path in the box at jotti's
C:\WINDOWS\SYSTEM\wininet.dll

And then click only the Submit button.


Regards,
  • 0

#24
Feverpitch

Feverpitch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
OK. That method of downloading worked. Here's the result:

File: wininet.dll
Status: INFECTED/MALWARE
MD5 7fe9320eae5d318ac419fb33dfecf992

AntiVir
Found nothing

ArcaVir
Found nothing

Avast
Found nothing

AVG Antivirus
Found nothing

BitDefender
Found nothing

ClamAV
Found nothing

Dr.Web
Found Trojan.DownLoader.2636

F-Prot Antivirus
Found nothing

Fortinet
Found Nsag.A

Kaspersky Anti-Virus
Found Virus.Win32.Nsag.a

NOD32
Found Win32/Oleloa.A

Norman Virus Control
Found nothing

VBA32
Found nothing
  • 0

#25
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
Ok, so that is indeed infected.

In any case see if you can get this update:
http://www.microsoft...n/MS05-020.mspx

Installing that will replace your infected file with the latest available version of wininet.dll

Regards,
  • 0

Advertisements


#26
Feverpitch

Feverpitch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Thanks for the info. But I don't understand how to get the update for Windows 98. Wwhat should I be looking for on this page? The page does not have a direct download for Windows 98. It directs me to the FAQs and this Q&A:

Are Windows 98, Windows 98 Second Edition, or Windows Millennium Edition critically affected by one or more of the vulnerabilities that are addressed in this security bulletin?
Yes. Windows 98, Windows 98 Second Edition, and Windows Millennium Edition are critically affected by the vulnerabilities that are addressed in this security bulletin. Critical security updates for these platforms are available, are provided as part of this security bulletin, and can be downloaded only from the Windows Update Web site. For more information about severity ratings, visit the following Web site.


When I click either Windows Update Web site or Web site (links missing here), I'm taken to yet another site. When I click "Download the latest version of Internet Explorer," I'm taken to a page where I guess I should click, "Install Critical Updates ..." When I click that, it takes me back to the previous page. Argh!

So what am I supposed to be downloading from the original page? All of the downloads appear available only for other versions of Windows. I don't want Internet Explorer 6.0 unless it's absolutely necessary. It's too easily affected (of course, the caveat is that I can no longer play online games now that I'm using Mozilla).
  • 0

#27
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
You don't have to use IE, but you will have to get the updates for it.

The files, like wininet.dll are also used in explorer, so you use them every moment your computer is on, regardless of which browser you use on the internet.

Regards,
  • 0

#28
Feverpitch

Feverpitch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Well, I downloaded IE6 again (apparently I had already downloaded it a while ago) and also IE6-2. Then I reran the wininet.dll file at the virus scan site you mentioned earlier. It told that the scan was performed before and listed the same infections. Should I be doing something different this time?

Here's my latest Hijack This log:

Logfile of HijackThis v1.99.1
Scan saved at 12:22:06 PM, on 6/25/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\CARPSERV.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\NETSCAPE INTERNET SERVICE\DIALER.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\PROGRAM FILES\NETSCAPE INTERNET SERVICE\CSS.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O16 - DPF: {6BE6BDA4-394F-11D3-B6AF-00105AA51E4C} - http://www.dash.com/DashInst.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct2_x.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
  • 0

#29
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
Copy everything in the code box below and paste it into notepad. Go up to "File > Save As..." and click the drop-down box to change the "Save As Type" to "All Files". Save it as wininet.bat on your desktop.

dir %Systemdrive%\wininet.dll /a h /s > files.txt
start notepad files.txt

Double click wininet.bat and when it is ready it will open files.txt
Copy the content of files.txt and paste it here.

Regards,
  • 0

#30
Feverpitch

Feverpitch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Hi, Pieter. Well, I followed those directions precisely as before and the files.txt file came up blank - I waited approximately 5 minutes and did it twice. On the original file where I pasted the two line items, the words too many parameters - h" appear on the line after this first command.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP