How to Remove Universa Application and other Malware

Hi,
Browsing the net I just found you guys and to me it looks like you could likely be of much help to me. I have already seen a message posted concerning the same issue as I'm about to ask, but I'm not a novice on this so I really need assitance more or less directly.

Specifications:
I'm running a Dell laptop, Win XP Pro, service pack 2
Intel Pentium M, processor 2 Ghz,
1.32 Ghz, 1.00 RAM
80 MB

I use Norton Internet Security 2005
Spy Sweeper
Spyware Nuker XT
StartUP Manger
Registry Mechanic
Window Washer
XoftSpy

Lately Spyware Nuker XT is the only one that has picked up the critical issues.

Whenever I start up my computer the first thing is says is the following:
DLBTserv.exe (programe error) Instruction at "0x0012e790" refered to the memory by "0x00000000". The memory could not read."

The major problem I've got is that when the computer is connected to the net, suddendly to windows shows on in the Start-menu,
ULWindowSeek
ULWindowUrl (I have realized that it has to do with Universa Application)

Norton warns about high risk: win5.tmp.exe and others. in my Windows\temp folder.

I have erased them several times manually and used spyware software to do it aswell. How do I solve this annoying problem.

I have attached a Detection report from Spyware Nuker about previous errors I have gotten today. Maybe it has to do with it?

Hope to hear from you very soon cause I'm soon gonna burn myself.

 

Welcome to MajorGeeks.com!

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

- Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

• Make sure you check version numbers and get all updates.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis:

Downloading, Installing, and Running HijackThis

When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)

• Bitdefender
• Panda Scan
• HijackThis

That log shows a couple of things that are cause for concern. Spyware Nuker has had a less than sterling reputation, but in this case it found something everything else missed.

 

Universa Application and other trojan files

Hi,
I have followed your description and ran the Ccleaner,
Ad-aware
Spybot
Microsoft Defender
Bitdefender
PandaActive
and HijackThis

I hereby attach the log-files for
BitDefender
PandaActive
and HijackThis

I'm constantly being attached while connected to the internet. I have tried several eraser-programs.

Please take a look at the attachment. Help would be highly appreciated.

THANKS

PS. For your notification, I'm the one who posted: "How to Remove Universa Application and other Malware"
Computer specs. are located there.

THANKS AGAIN

 

Download
- Pocket Killbox

HijackThis is not properly installed. Install HijackThis to C:\Programmer\HJT.

Follow the directions for Running Hoster.

Empty your XoftSpy Quaratine Folder.

The version of Java installed on your computer is out dated. Install the latest version from Sun. Make sure you uninstall the old version after updating.

Scan with HijackTHis and fix the following lines:

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click the RED X.

Run Killbox.exe. Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note many of the file list below may not exist but we need to check for them anyway.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open Windows Explorer navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

Post a fresh HijackThis log.

 

Hi,
I have completed the agenda, and am ready to post a new hijack-log file

To me is seems like I'm no longer having these Universa APplication pop-ups.
However I believe new problems have occured due to the removal.

Each time I start up my computer I get the first notification: DLBTserv.exe - programerror (in Danish)
"The instruction at "0x0012e790" refered the memory by "0x00000000". The Memory could not read.
Then the following options: OK -to end this program
Cancel: to run error-finder, which does not give any useful result.

At shutdown this problem occours: dwwin.dll could not be initialized, du to shutdown. Press ok.

Just a second ago Windows Defender came up saying:

Category:
Configuration Change

Description:
This program has potentially unwanted behavior.

Advice:
Allow this configuration change only if you trust its origin. It is recommended that you run a quick scan if you choose to block this change.

Resources:
file:
C:\WINDOWS\system32\drivers\etc\hosts

Summary:
System Configuration change occurred.

This agent monitors security related configuration changes made to Windows.

Which I removed.

Norton Internet Security 05 seems to be running normally, however The Windows Security Center informs me all the time that the computer might be in danger, cause it couldnt find any virus-protection... strange !!!????

I have attached a new hijack logfile, and hope you can tell what to do next.

Also if you could go through it and look for other unwanted files please let me know.
I want to delete everything that doesnt belong in my computer.

THANKS AGAIN FOR YOUR COLLABORATION... and expertice

 

Scan with HijackThis and fix the following lines:

"DLBTserv.exe" is related to a Dell Product, most likely a printer. You may have to uninstall the drivers and reinstall them.

"dwwin.dll" is a part of Dr Watson.

This means that there is a program you are running that is crashing during system shutdown. When the crash occurs the OS launches Dr Watson to report the error, however the window station is shutting down and so the application can't launch.

Your problem isn't with Dr Watson, we need to figure out what application is actually crashing at shutdown.

To do so, you need to view the event log

Do the following:
Start -> Run
type eventvwr.msc
Click 'OK'

Click System, scroll down the page, and look for an error around the time you shutdown the system.

Right-click on the error and select 'Properties'. I need to know exactly what is in the Description Field. Word for Word.

 

Hi again,
Thanks for your response.
I hereby post a new hijack-logfile and a list of running applications (edited: I'm not able to paste this log due to the size. of 400kb. How do I show you the running apps. then???) that I would appreciate if you could take a look at. Is everything in order? Or do I have some programs running that is harmful?

I haven't tried to reinstall my printer driver but will do so tomorrow.
The problem at shutdown has suddenly not appeared so that will be on standby for now.

Still I have this icon in my taskbar, from Windows Security Center notifying about lack of virus-program. Though Norton has started and is running in the background. How do I solve that?

Anything else I should pay attention to?

THX

 

OK, your log looks fine.

As far as Norton and the WSC warning. Are you sure your Anvtivirus is running?

Do this:

Start -> Run
type services.msc
Click 'OK'

Now scroll down the page and for every Norton and Symantec entry you find make sure they are set to 'Automatic' and 'Started'. If not change the 'Start-up Type' to 'Automatic' and Press 'Start Service'. When every service is set to 'Automatic' and is 'Started', click 'OK'

 

Hi,
I followed your instructions only to realize that every Norton applications is allready running and set to autmatic launching.
I still get the notification in my task bar from Win Secuirty Center about lack of antivirus program...????

Secondly I also get a few virus-attempts shown now and then. Attached is a Ad-aware report that verifies that.

What do I need to do, to make my computer completely bug-free and clean from all kinds of stuff.

For instance I dont know if I have a lot on my computer that acutally should not be there.

In some way could you go through my archievs (i dont know how) and tell me what to clean out.

Thanks in advance.

 

The possible Bowser Hijack entries belong to SpywareNuker. This really isn't a very good application and once was considered a rouge application. The other entries are tracking cookies. None of these are viruses. Ad-Aware SE is an Anti-Spyware application not an Anti-Virus.

As to Norton and WSC, you have 2 options.

1. Uninstall Norton then reinstall it.
2. If you are absolutely certain that Norton AV is workin gproperly, then you can tell WSC that you have a AV application and will monitor it yourself.

You can produce a list of running processes with HijackThis and I can take a look at it.

 

Hi again,

Now I have uninstalled and reinstalled Norton Internet Security 05, but must note that Win Security Center is still notifying about missing Anti-virus program.

I have reinstalled the drivers for my Dell printer and have for the time being none dlbtserv.exe errors anymore. THAT CASE SEEMS TO BE CLOSED!

Windows Defender keeps telling me about a configuartion change caused in this entry: C:\Windows\system32\drivers\etc\hots
It happens every time I start up. I clean the file using Win Defender each time.. how shall I solve this permanently?

Attached is the text that Win Defender writes.
And a start-up list from HijackThis, that I'll hope you could glanze at and tell me what to do with it!!!???

I still have all the software installed that you guided me through when deleting all the other Universa Apps and other malware
like:
Win Defender
CCleaner
Spybot etc.
Should I delete any of that?

I feel like my computer is running slower and slower, could I do something to speed it up?

Please adwise me on how to make my computer a safer and better workspace .

THANKS

I appreciate all the time that you have used on me and helped me solve my comp-problems.

 

I see that you have SpySweeper installed. Update teh definitions, do a full system scan and post the log.

I'm not seeing anything in the logs. We'll figure this out yet, even if we have to start over at the beggining.

 

My computer is acting really strange. IT is getting slower and slower, and I cant figure out why.

However shutingdown SpySweeper everything went back to normal pace. I'm not sure whether or not something is wrong in that program.

Just recently I ran a test on Window Washer that informed me to copy the repport and send it to knowledgeable people. Something is wrong.
I hereby send you the log-file.

 

The more you have running in the background the slower your sytem is going to get.

You have an Anti-virus, firewall, privacy software, and 3 anti-spyware applications running in the background.

You have too much protection. You only need 1 resident Anit-Spyware application. Spyware Nuker is the least accurate of the three you are running, Spy Sweeper is very good, Windows Defender is free. Only use 1, remove the rest.

There is nothing unusual in the Windows Washer log. I still need a log from Spy Sweeper.

 

Hi again,

I hereby post a log for Spy Sweeper as requested. (and HijackThis and a Symantec log)
My computer is worse than every before.
Now Norton is setting out, having this little red cross in the taskbar constantly with the auto-protection deactivated.
Whenever I hit Activate, I get an error message saying Norton AntiVirus internal programerror. (4002,517)

I have tried to go to the Symantec KnowledgeBase
http://service1.symantec.com/suppor...e=danish&module=4002&error=517&build=STANDARD

I have run some analysis -but without any luck. I even reinstalled the program.
When it was back and running it happend again.

Now I'm updating LiveUpdate (virus-defs)
Please help me out here. ASAP
THX

 

I want you to uninstall Norton using the following procedure:

[FONT=ARIAL,MS SANS SERIF,UNIVERS,HELVETICA]Using the Norton uninstall tool - this is an Automated process


Reinstall Norton

[/FONT]