need help with unwanted "Earn" folders

Hello all

I found majorgeeks by doing a google search for help on a problem I had and found the information here to be helpful, informative, and trustworthy. I decided to post a thread because I searched the forums for specific help on getting rid of the Earn folders but did not find any. I followed all the steps in the spyware removal thread and got rid of a lot of crap that was on this comp but this particular folder is still there. I have not d/l HiJackThis as of yet but I will if instructed to do so. If anyone could help me I would be eternally greatful.

Thankyou for being here!!


Rose

 

Hi Rose,

Can you provide more details as to what this Earn is and what sort of problems it is causing? The name doesn't ring a bell for me.

Also, quickly list the tutorial steps that you were able to complete & give computer specs (OS, etc. . .)

Hopefully, we'll be able to help


*** Did a quick search and found a reference to it, but not much help. Off to dinner, but will check back.

Best,
PP

 

Hello PP

Thank you for the prompt reply.

I followed each step outlined under the heading DO NOT POST UNTIL YOU HAVE READ THIS: How to: Spyware, Trojan and Virus Removal very carefully except for the HSRemove because the computer I am trying to fix has win98 2nd edition installed. It is a genuineIntel x86 (if that helps).

After following each step carefully and removing a lot of crap, I found that in my program drop down menu there was a link to EARN. Under the EARN drop down menu was the following: About EARN and EARN website link. I checked the properties for the About EARN option and I found the target to be the following: "c:\program files\weboffer\wo.exe" /About EARN.

It has not caused a problem that I can see. As of yet but I am unwilling to wait until it does.

 

PP,

There is an EARN that is a peper trojan. It creates these two processes:

Spybot gets rid of it until a restart, using the PeperFix.exe tool seems to work.

If that is it I am sure you guy's will get it, just wanted to give you a heads-up on EARN.

Steve

 

Hi Rose,

I did a little research and came up with the same info as posted by Chaslang and Matacumbie. (Thanks Guys ) Up to date Spybot and Ad-Aware both detect it, but cannot remove it permanently.

If it is indeed a Peper Trojan, then the tool Matacumbie mentioned can be downloaded here: http://downloads.subratam.org/PeperFix.exe

Try the suggestions Chas posted. See how they work out. If problems remain, let us know and send us a HijackThis log.

First, read this:
http://forums.majorgeeks.com/showthread.php?t=38752

Note that you should save the log as a .txt file and attach it via the "Attachment Manager" tool.

And . . . We'll go from there

PP

 

Good morning

Well I tried both suggestions. The peper fix found nothing and there was nothing in my add/remove programs. I d/l HiJackThis and I will attach the log file as per your request PP. I followed the directions on the thread.

I ran a scan of ad-aware as soon as I booted up this morning and it found a lot of bad objects again. Anyway here is the log.

Rose

**I will check back later in the day

 

Hello Chas

Okay i did all you said to do but when I booted into safe mode and looked for the files I did not find the 180solutions. I am attaching the new log file as per your request. I did not delete the popcap as I have never found that to be a problem.

 

Sorry Chas

Things are running wonderfully!!!! A huge thank you and kudos to you and PP for helping me. I wish I could convince this person to go with a different OS but unfortunately they like what they know LOL.

Out of all the forums I have ever looked at or requested info from this one was by far the best I have found.

Thank you again for being here.


Rose

 

I'll second that! Happy to help (though Chas did all of the heavy lifting )

PP