Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

HIDDENDLL


  • Please log in to reply

#1
Derick13

Derick13

    Member

  • Member
  • PipPip
  • 14 posts
Every time I run CWS Shredder, I always get the report that it has removed HIDDENDLL and cws.jksearch.

Is there any way to get these two trojans off my computer for good?
  • 0

Advertisements


#2
Gregec

Gregec

    Member

  • Member
  • PipPip
  • 87 posts
Hello,Derick 13

I know that CWShreedler doesn't fixed these problems

Spybot Search & Destroy Download and install. Start Spybot S&D using the "Spybot-S&D (easy mode)" link from your Start menu . Click the Search for updates button, if any are found then click the Download Updates button. After all updates are downloaded, click the Check for problems button. When the scan is complete, place a check next to anything marked in red, then click the Fix selected problems button. You may need to run Spybot S&D multiple times to remove all infections.

then use CWS Shredder and tell me do you have any cws on your PC
  • 0

#3
Derick13

Derick13

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Greg,
I have run Ad-Aware Se....clean
I have run Spybot.............Clean
I have run CWS Shredder, and I still get the meesage that HIDDENDLL and CWS.jksearch have been fixed.

I also ran Highjack this and will post the log if I can figure out how.

If this is a false positive, I can live with that, but paranoia over viruses and trojans being what it is, I just need to be sure
  • 0

#4
Gregec

Gregec

    Member

  • Member
  • PipPip
  • 87 posts
ok.

please paste the log from hijack this.....

-Gregec- <_<
  • 0

#5
Derick13

Derick13

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
This is the log as printed



Logfile of HijackThis v1.98.2
Scan saved at 4:03:02 PM, on 18/11/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\ABBYY FineReader 5.0 Sprint\CAgent.exe
C:\WINDOWS\system32\PDesk\PDesk.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SysShield Tools\Internet Eraser\cseraser.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\system32\mgabg.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\Program Files\Speed Disk\nopdb.exe
C:\WINDOWS\System32\svchost.exe
E:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Microsoft Office\Office10\MSACCESS.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\unzipped\hijackthis[1]\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.sympatico.ca
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: SysShield IE Popup Blocker - {9A23B8A4-C6C9-4A68-8FA6-5F905DC8FF80} - C:\Program Files\SysShield Tools\Internet Eraser\pkext.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: AbsoluteShield - {EE9DD090-902D-4623-9360-FB7D8666202B} - C:\Program Files\SysShield Tools\Internet Eraser\AbsoluteBar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ABBYY Community Agent] C:\Program Files\ABBYY FineReader 5.0 Sprint\CAgent.exe
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\system32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [LMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] E:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: AbsoluteShield Internet Eraser.lnk = C:\Program Files\SysShield Tools\Internet Eraser\cseraser.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Program Files\ICQLite\ICQLite.exe
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} -
O16 - DPF: {42F2D240-B23C-11D6-8C73-70A05DC10000} -
O16 - DPF: {ABD45F35-2E4C-44C0-A075-6EF1DE75398E} -
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab32651.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} -
O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} -
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} -
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{729CACBF-EA0A-4127-BFB5-B88CA0E8AAE7}: NameServer = 198.235.216.110 209.226.175.224
  • 0

#6
Derick13

Derick13

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I never heard back if this log is okay
  • 0

#7
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Run Hijack This and put a check mark next to this item.

O16 - DPF: {ABD45F35-2E4C-44C0-A075-6EF1DE75398E} -

Clean out your temp. files and reboot.

You have Grisoft and Norton in your log. Make sure you're only running one anti-virus program.

About the message you were receiving, read this post. The person who posted it knows what he is talking about.

http://reviews.cnet....essageID=491756

CWShredder Hidden_DLL Poll

I have been receiving reports that CWShredder 2.0 may be saying that it is finding the Hidden_DLL on your computer when that actually does not exist.

Haroldo over at Calendar of Updates has created a poll here:

http://www.dozleng.c...?showtopic=2331

on those who are finding the hidden_dll when it actually does not exist.

If you run into situations like this and can vote at the poll it would be a good way to determine if this new cwshredder is issuing false positives

Thanks

Posted by: Grinler
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP