Home > Solved Help > [Solved] Help With CWS "Another About:blank Variant"

[Solved] Help With CWS "Another About:blank Variant"

Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. I've googled the BCCodes (d1) but just get a very vague idea of what I'm looking for.I've included the relevant .dmp and my system details. Neither actually rids the trojan. Here's my HJT log, what should I remove?Logfile of HijackThis v1.97.7Scan saved at 9:25:27 AM, on 7/6/2004Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)Running processes:D:\WINNT\System32\smss.exeD:\WINNT\system32\winlogon.exeD:\WINNT\system32\services.exeD:\WINNT\system32\lsass.exeD:\WINNT\System32\ibmpmsvc.exeD:\WINNT\system32\svchost.exeD:\WINNT\System32\svchost.exeD:\WINNT\system32\spoolsv.exeD:\Program Files\Symantec AntiVirus 8\DefWatch.exeD:\Program have a peek here

User is a member of group \Everyone. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. I am using Windows XP (always updated). I have CA Anti-Virus and Anti-Spyware which seems to get rid of it each time I scan, but it always comes back. find this

Please try the request again. Mon 30 Aug 04 16:55:03 4:55pm up 0 days, 0:08 »»»»»»»»»»»»»»»»»»*** Note! ***»»»»»»»»»»»»»»»» The list will produce a small database of files that will match certain criteria. Scanning for file(s) in System32... »»»»»»» (1) »»»»»»» »»»»»»» (2) »»»»»»» »»»»»»» (3) »»»»»»» No matches found. I believe there's some trojan on my system somewhere that keeps reinstalling it.Here's my hijackthis log.

since I was told that different programs pick up different infections. Read more Answer:Adware.vundo Variant/resident And Trojan.vundo-variant/small-gen Hmm wondering if i posted this in the correct forum section also if wondering why it say steve i am posting here on my clean If an update is found, the program will automatically update itself. I also get some nasty things show up in Hijack This.

Pest Patrol finds two instances of AdShooter.SearchForIt and deletes them, only to have them return.The only effects I have noticed are slow Internet and an issue with Outlook Express. Hi all,I have this problem... Make sure the following settings are made and on -------ON=GREEN From main window :Click Start then Activate in-depth scan (recommended) Click Use custom scanning options then click Customize and have these If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.The tool will open and start scanning your system.Please be patient as this can take a

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. The screen that appears seems to be one of 6 to 10 different search-engine pages.It is my belief that these pages are stored on my computer, as this happened when I Click OK.4: Click Yes when you are prompted to restart the computer5: To re-enable System Restore, follow steps 1-3, but in step 3, click to clear the Disable System Restore check Read more Answer:Solved: VX2 Variant (and maybe others): Please Help!!!! 7 more replies Relevance 42.23% Question: Solved: Derbiz Variant My machine has recently seem to have been infected by a variant

SNiF 1.34 statistics Matching files : 0 Amount in bytes : 0 Directories searched : 1 Commands executed : 0 Masks sniffed for: *.DLL Power SNiF 1.34 - The Ultimate File http://winassist.org/thread/1292090/CWS-Variants-About-blank-variant-Hijack-This-Log.php Close ALL windows except HijackThis and click "Fix checked"O4 - HKLM\..\Run: [Link 64] C:\PROGRA~1\SLOWONE\SOFTWAREEXIT.exeO4 - HKLM\..\Run: [bows show bait flap] C:\WINDOWS\Application Data\DogNameBowsShow\binddumb.exeO9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/ (file As in ten seconds later, and I don't even have to reboot to get stuck with it again.I don't see an accurate description of this variant on the variant descriptions, however, How do i get rid of the last one.

mikedbh, Aug 1, 2004 #11 Flrman1 Joined: Jul 26, 2002 Messages: 46,329 Nevermind that part,. navigate here Below is an extract of the information contained in the NOD32 Log files: 02/08/2008 16:03:25 HTTP filter file http:// pastebin.on.nimp. Pages Reset... Here is my HJT result log.

Pages Reset... MY bad! 2k doesn't have system restore. Done! Check This Out keyback2.hi_ winkey2.re_ C:\FINDNFIX\ JUNKXXX Mon Aug 30 2004 4:40:26p .D...

1 item found: 0 files, 1 directory. »»Performing string scan.... 00001150: ? 00001190: 8 @ 000011D0: vk : AppInit_DLLs C

Under Scanning engine select Unload recognized processes during scanning and under Cleaning Engine select Let windows remove files in use at next reboot Click proceed to save your settings. If you still need help, or just want to be sure.... Copy and paste this in the forum later. 4.

It always reappears after a reboot.

Turn off System Restore: On the Desktop, right-click My Computer. http://cleanup.stevengould.org/ or http://www.greyknight17.com/spy/Cleanup.exe KillBox http://www.greyknight17.com/spy/KillBox.exe notify.bat http://www.greyknight17.com/spy/notify.bat Please follow the steps below: 1. Loading... Click Continue at the disclaimer screen.

So I clicked to go to it anyway and sure enough Eset's NOD32 popped up with 1 message of "JS/Exploit .Pdfka.NYV trojan", 2 of "a variant of Win32/Mebroot.DC trojan" and 1 The AppInitDLLs value exists and reports as 58 bytes, including the 2 for string termination. [AppInitDLLs] Ansi string : "C:\WINNT\system32\ctlblb.dll" 0000 43 00 3a 00 5c 00 57 00 49 00 In the Event Viewer, go to Windows Logs on the left and click on Application. this contact form Answer:Solved: LEGACY_*008F__6Q*00d4*00f5*0013'*00AA*00b4*00c6*00 D08 CWS variant Nvm!

I've run Ad-aware, CWS shredder, Microsoft Antispyware, SpywareBlaster, Spybot, PestPatrol, and nothing will kill this thing. Here is my Hijackthis log.