Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

coolweb search browser [CLOSED]


  • This topic is locked This topic is locked

#1
texanman

texanman

    New Member

  • Member
  • Pip
  • 5 posts
Hi to all.
Im having problems with cool web.Ive used cwshredder v15.Spybot.spyware nucker ect and keeps comming back.
It says to reboot and all files will be deleted.But windows cannot delete the file se.dll and rundll32.exe seems to be giving trouble.Used ms dos to try and delete but access is denined.
Help !!!!!!!!1

MANY THANKS
texanman
  • 0

Advertisements


#2
kool808

kool808

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,690 posts
Hello and welcome to Geeks to Go! :tazz: I'm kool808 and I will be helping you today.

We'll need you to use a free diagnostic tool [ HiJackThis ], read the short tutorial [ HERE ]

Then post the results of the scan here.

Most of what it lists will be harmless or even essential, DO NOT delete or modify anything yet! I will be along to tell you what steps to take after you post the contents of the scan results.

In the event you cannot download it then you have to use another computer then transfer it to your PC.  If you are not able to run it through desktop or C:\HJT then you have to use the Task Manager, available through CTRL+ALT+DELETE then choose New Task.


  • 0

#3
texanman

texanman

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
i was told that my version was out of date,this is the log file with new version.thanks for this


Logfile of HijackThis v1.99.1
Scan saved at 08:57:28, on 24-07-05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\STARTER.EXE
C:\PROGRAM FILES\SPYWARE NUKER 2004\SWN2.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\SONY CORPORATION\IMAGE TRANSFER\SONYTRAY.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\DESKTOP\PAT'S STUFF\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {F4A0F9B1-FBD0-11D9-9753-4445D78590BD} - C:\WINDOWS\SYSTEM\HDONNG.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [Spyware Nuker] C:\PROGRAM FILES\SPYWARE NUKER 2004\SWN2.EXE /h
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [bpcpost.exe] C:\WINDOWS\SYSTEM\bpcpost.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [System Tray] C:\WINDOWS\msccn32.exe
O4 - Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://jcs.chat.dcn....v45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O18 - Filter: text/html - {F4A0F9B0-FBD0-11D9-9753-4445B8C93526} - C:\WINDOWS\SYSTEM\HDONNG.DLL
O18 - Filter: text/plain - {F4A0F9B0-FBD0-11D9-9753-4445B8C93526} - C:\WINDOWS\SYSTEM\HDONNG.DLL
O21 - SSODL: QivhIZxf - {26691BE8-8CC3-B142-D660-B4505CCA90C6} - C:\WINDOWS\SYSTEM\PFUOS.DLL
  • 0

#4
kool808

kool808

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,690 posts
I am working on your log. As soon as I made a good fix for this, I will post a reply. Thank you for your patience.
  • 0

#5
kool808

kool808

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,690 posts
Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

This will likely be a few step process in removing the malware that has infected your system. I encourage you to stick with it and follow my directions as closely as possible so as to avoid complicating the problem further.

You have a nasty CoolWebSearch infection. First we will need to download a few tools that will help us in the removal of your problem.

Please read the instructions for About:Buster then download it to a safe location where you can easily remember it.
Please Download the stand-alone version of CoolWebShredder
Download SpSeHjfix HERE
Download Cleanup.

Save all of these files somewhere you will remember like to the Desktop.

Unzip SpSeHjfix to its own folder (ie c:\SpSeHjfix)

Run the CleanUp! installer. You dont need to do anything with it right now.

Update About:Buster
  • Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created.
  • Navigate to the AboutBuster directory and double-click on AboutBuster.exe.
  • Click "OK" at the prompt with instructions.
  • Click "Update" and then "Check For Update" to begin the update process.
  • If any updates exist please download them by clicking "Download Update" then click the X to close that window.
  • Now close About:Buster
Update CWShredder
  • Open CWShredder and click I AGREE
  • Click Check For Update
  • Close CWShredder
Reboot in SAFE MODE. (How to boot in Safe Mode...)

Please run about:buster by RubbeRDuckY:
  • Click Begin Removal.
  • Click Yes to allow it to shutdown explorer.exe.
  • It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
  • When it has finished, click Save Log. Make sure you save it as I may need a copy of it later.
  • Reboot your computer into safe mode again
Run about:buster again following the same instructions as above, this time without the restart at the end

Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.

Now run SpSeHjfix. A log will be saved in the same folder that you put the exe into. Please post the results of that log in your next reply.

Now run CleanUp!. Click CleanUp and allow it to delete all the temporary files. Reboot your computer into normal windows.

Please run an on-line virus scan at Kaspersky Online Scan or if that doesnt work, you can have an On-line scan at this sites:
Trend Micro or Panda Scan or BitDefender.
(Please post the results of the scan(s) in your next reply)

After all that, please post back with how things went as well as the logs requested and a new HiJackThis log.

Good Luck!
  • 0

#6
texanman

texanman

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Thanks so much for your help

(7-24-05 14:07:53) SPSeHjFix started v1.1.2
(7-24-05 14:07:53) OS: Win98SE A (4.10.2222)
(7-24-05 14:07:53) Language: english
(7-24-05 14:07:53) Win-Path: C:\WINDOWS
(7-24-05 14:07:53) System-Path: C:\WINDOWS\SYSTEM
(7-24-05 14:07:53) Temp-Path: C:\WINDOWS\TEMP\
(7-24-05 14:08:43) Disinfection started
(7-24-05 14:08:43) Bad-Dll(IEP): c:\windows\temp\se.dll
(7-24-05 14:08:43) Searchassistant Uninstaller found: regsvr32 /s /u C:\WINDOWS\SYSTEM\HDONNG.DLL
(7-24-05 14:08:43) Searchassistant Uninstaller - Keys Deleted
(7-24-05 14:08:43) UBF: 6 - UBB: 3 - UBR: 12
(7-24-05 14:08:43) FilterKey: HKCR\text/html (deleted)
(7-24-05 14:08:43) FilterKey: HKCR\CLSID\{7175BC32-FC1E-11D9-9753-95CDA018E749} (deleted)
(7-24-05 14:08:43) FilterKey: HKLM\SOFTWARE\Classes\text/html (error while deleting)
(7-24-05 14:08:43) FilterKey: HKCR\text/plain (deleted)
(7-24-05 14:08:43) FilterKey: HKCR\CLSID\{7175BC32-FC1E-11D9-9753-95CDA018E749} (error while deleting)
(7-24-05 14:08:43) FilterKey: HKLM\SOFTWARE\Classes\text/plain (error while deleting)
(7-24-05 14:08:43) BHO-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7175BC33-FC1E-11D9-9753-95CDCF5442D2} (deleted)
(7-24-05 14:08:43) BHO-Key: HKCR\CLSID\{7175BC33-FC1E-11D9-9753-95CDCF5442D2} (deleted)
(7-24-05 14:08:43) Run-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\sp=rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall (deleted)
(7-24-05 14:08:43) UBF: 4 - UBB: 2 - UBR: 11
(7-24-05 14:08:43) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\windows\temp\se.dll/sp.html



BitDefender Online Scanner - Real Time Virus Report



Generated at: Sun, Jul 24, 2005 - 17:25:28


--------------------------------------------------------------------------------





Scan Info



Scanned Files
119350

Infected Files
18








Virus Detected



Trojan.Downloader.Xoad.A
1

Trojan.Clicker.Small.FD
1

Trojan.Clicker.Small.BR
3

BehavesLike:Trojan.HangUp
1

Exploit.ADODB.StreamDrop.Gen
1

Exploit.Html.MhtRedir.Gen
2

HTML.MediaTickets.A
1

Trojan.Downloader.Agent.HZ
1

Exploit.ADODB.Stream.Gen
1

BehavesLike:Trojan.Downloader
1

Dropped:Trojan.Spy.Dumarin.S
1

Trojan.Downloader.Agent.DK
4










--------------------------------------------------------------------------------



This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.





AboutBuster 5.0 reference file 31
Scan started on [24-07-05] at [14:34:08]
------------------------------------------------
Streams(ADS) not scanned: System not NTFS
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 14:34:10


AboutBuster 5.0 reference file 31
Scan started on [24-07-05] at [14:38:25]
------------------------------------------------
Streams(ADS) not scanned: System not NTFS
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 14:38:26


Is this all the logs requested.
Again thanks again
Where are you from ? Im Pat from Ireland. [Email Address removed]
Id like to send you something for your help.Thanks again

Edited by kool808, 24 July 2005 - 04:32 PM.

  • 0

#7
kool808

kool808

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,690 posts
Gee thanks that is very kind of you. :tazz: ;)

To make sure it is perfectly clean let us have the final check.
  • Close all windows and disconnect from the internet, open HijackThis then SCAN.
  • Post a NEW HijackThis Log.
  • Also post the log results from the Online Antivirus scans.
  • Please tell me how your system is working now.

  • 0

#8
texanman

texanman

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
I wont be at my pc till next friday.will post all results then,thanks for your help.
Pat.On a different pc till friday
  • 0

#9
kool808

kool808

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,690 posts
Okay I will just be here. :tazz: Have a great time.
  • 0

#10
kool808

kool808

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,690 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP