Infected computer popup and CoolWeb
Started by
Feverpitch
, Jun 01 2005 06:38 AM
#16
Posted 14 June 2005 - 12:18 PM
#17
Posted 14 June 2005 - 12:25 PM
No problem. I'll be around. They have me chained to the wall here.
Regards,
Regards,
#18
Posted 14 June 2005 - 05:59 PM
I copied and pasted the two lines of data as you asked 2x, and each time the Notepad file that was opened (document called "files") was blank.
#19
Posted 15 June 2005 - 12:51 AM
Did you wait until the command prompt closed?
If so, do a Find Files for: wininet.dll
Let me know where it is found. There should be at least a few.
Regards,
If so, do a Find Files for: wininet.dll
Let me know where it is found. There should be at least a few.
Regards,
#20
Posted 16 June 2005 - 06:05 AM
According to Find, wininet.dll is located at C:\WINDOWS\SYSTEM. I did another post-Internet-usage Ad-Aware SE search last night and, for the first time in 6 months, it found no Coolwwwsearch virus residue.
#21
Posted 16 June 2005 - 06:26 AM
Sounds good, but I'd like to make sure you are clean.
Please surf to: http://virusscan.jotti.org/ and upload C:\WINDOWS\SYSTEM\wininet.dll there
Let me know the results
Regards,
Please surf to: http://virusscan.jotti.org/ and upload C:\WINDOWS\SYSTEM\wininet.dll there
Let me know the results
Regards,
#22
Posted 17 June 2005 - 04:49 PM
Pieter. would you believe I can't find wininet.dll manually? I do a Find and the computer finds it under C:/WINDOWS/SYSTEM but when I browse there to upload it, there's no wininet.dll anywhere.
#23
Posted 18 June 2005 - 04:31 AM
Well. The system folder is pretty big.
You can copy & paste the full path in the box at jotti's
C:\WINDOWS\SYSTEM\wininet.dll
And then click only the Submit button.
Regards,
You can copy & paste the full path in the box at jotti's
C:\WINDOWS\SYSTEM\wininet.dll
And then click only the Submit button.
Regards,
#24
Posted 19 June 2005 - 08:28 AM
OK. That method of downloading worked. Here's the result:
File: wininet.dll
Status: INFECTED/MALWARE
MD5 7fe9320eae5d318ac419fb33dfecf992
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found Trojan.DownLoader.2636
F-Prot Antivirus
Found nothing
Fortinet
Found Nsag.A
Kaspersky Anti-Virus
Found Virus.Win32.Nsag.a
NOD32
Found Win32/Oleloa.A
Norman Virus Control
Found nothing
VBA32
Found nothing
File: wininet.dll
Status: INFECTED/MALWARE
MD5 7fe9320eae5d318ac419fb33dfecf992
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found Trojan.DownLoader.2636
F-Prot Antivirus
Found nothing
Fortinet
Found Nsag.A
Kaspersky Anti-Virus
Found Virus.Win32.Nsag.a
NOD32
Found Win32/Oleloa.A
Norman Virus Control
Found nothing
VBA32
Found nothing
#25
Posted 19 June 2005 - 12:09 PM
Ok, so that is indeed infected.
In any case see if you can get this update:
http://www.microsoft...n/MS05-020.mspx
Installing that will replace your infected file with the latest available version of wininet.dll
Regards,
In any case see if you can get this update:
http://www.microsoft...n/MS05-020.mspx
Installing that will replace your infected file with the latest available version of wininet.dll
Regards,
#26
Posted 21 June 2005 - 05:47 PM
Thanks for the info. But I don't understand how to get the update for Windows 98. Wwhat should I be looking for on this page? The page does not have a direct download for Windows 98. It directs me to the FAQs and this Q&A:
Are Windows 98, Windows 98 Second Edition, or Windows Millennium Edition critically affected by one or more of the vulnerabilities that are addressed in this security bulletin?
Yes. Windows 98, Windows 98 Second Edition, and Windows Millennium Edition are critically affected by the vulnerabilities that are addressed in this security bulletin. Critical security updates for these platforms are available, are provided as part of this security bulletin, and can be downloaded only from the Windows Update Web site. For more information about severity ratings, visit the following Web site.
When I click either Windows Update Web site or Web site (links missing here), I'm taken to yet another site. When I click "Download the latest version of Internet Explorer," I'm taken to a page where I guess I should click, "Install Critical Updates ..." When I click that, it takes me back to the previous page. Argh!
So what am I supposed to be downloading from the original page? All of the downloads appear available only for other versions of Windows. I don't want Internet Explorer 6.0 unless it's absolutely necessary. It's too easily affected (of course, the caveat is that I can no longer play online games now that I'm using Mozilla).
Are Windows 98, Windows 98 Second Edition, or Windows Millennium Edition critically affected by one or more of the vulnerabilities that are addressed in this security bulletin?
Yes. Windows 98, Windows 98 Second Edition, and Windows Millennium Edition are critically affected by the vulnerabilities that are addressed in this security bulletin. Critical security updates for these platforms are available, are provided as part of this security bulletin, and can be downloaded only from the Windows Update Web site. For more information about severity ratings, visit the following Web site.
When I click either Windows Update Web site or Web site (links missing here), I'm taken to yet another site. When I click "Download the latest version of Internet Explorer," I'm taken to a page where I guess I should click, "Install Critical Updates ..." When I click that, it takes me back to the previous page. Argh!
So what am I supposed to be downloading from the original page? All of the downloads appear available only for other versions of Windows. I don't want Internet Explorer 6.0 unless it's absolutely necessary. It's too easily affected (of course, the caveat is that I can no longer play online games now that I'm using Mozilla).
#27
Posted 22 June 2005 - 12:42 AM
You don't have to use IE, but you will have to get the updates for it.
The files, like wininet.dll are also used in explorer, so you use them every moment your computer is on, regardless of which browser you use on the internet.
Regards,
The files, like wininet.dll are also used in explorer, so you use them every moment your computer is on, regardless of which browser you use on the internet.
Regards,
#28
Posted 25 June 2005 - 10:12 AM
Well, I downloaded IE6 again (apparently I had already downloaded it a while ago) and also IE6-2. Then I reran the wininet.dll file at the virus scan site you mentioned earlier. It told that the scan was performed before and listed the same infections. Should I be doing something different this time?
Here's my latest Hijack This log:
Logfile of HijackThis v1.99.1
Scan saved at 12:22:06 PM, on 6/25/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\CARPSERV.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\NETSCAPE INTERNET SERVICE\DIALER.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\PROGRAM FILES\NETSCAPE INTERNET SERVICE\CSS.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O16 - DPF: {6BE6BDA4-394F-11D3-B6AF-00105AA51E4C} - http://www.dash.com/DashInst.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct2_x.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
Here's my latest Hijack This log:
Logfile of HijackThis v1.99.1
Scan saved at 12:22:06 PM, on 6/25/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\CARPSERV.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\NETSCAPE INTERNET SERVICE\DIALER.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\PROGRAM FILES\NETSCAPE INTERNET SERVICE\CSS.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O16 - DPF: {6BE6BDA4-394F-11D3-B6AF-00105AA51E4C} - http://www.dash.com/DashInst.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct2_x.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
#29
Posted 25 June 2005 - 10:41 AM
Copy everything in the code box below and paste it into notepad. Go up to "File > Save As..." and click the drop-down box to change the "Save As Type" to "All Files". Save it as wininet.bat on your desktop.
Double click wininet.bat and when it is ready it will open files.txt
Copy the content of files.txt and paste it here.
Regards,
dir %Systemdrive%\wininet.dll /a h /s > files.txt start notepad files.txt
Double click wininet.bat and when it is ready it will open files.txt
Copy the content of files.txt and paste it here.
Regards,
#30
Posted 25 June 2005 - 11:36 AM
Hi, Pieter. Well, I followed those directions precisely as before and the files.txt file came up blank - I waited approximately 5 minutes and did it twice. On the original file where I pasted the two line items, the words too many parameters - h" appear on the line after this first command.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users