W32 spybot worm

kittee · Apr 17, 2006

Hi there,
having some problems with a Norton warning for the W32 spybot worm on my system.
It kept randomly opening a p2p application I had installed. Folks say that is how this worm gets in...
I uninstalled the application and tried going through all the "Do this beforeyou post a thread..." stuff.

Adaware found some tracking cookies, bitdefender found countless issues (attached report), Panda report also attached. I could not get access to the net in safe mode so these 2 scans were done in normal mode. Windows defender would not work because it said I had an invalid volume license product key (VLK).#CWS and kill2me turned up nothing. As did spybot and the malicious spyware remover.
I have also attached my HJT log.
My bdscan is too big by .4 kb to attach. Please advise.

If anyone could offer any advice on this annoyance I will shower them with gratitude.
Thanks.

Shadow_Puter_Dude · Apr 17, 2006

Delete the following file C:\WINDOWS\system32\auole4.dll

Your HijackThis log is clean.

What file is Norton Complaining about?

chaslang · Apr 17, 2006

kittee said:

My bdscan is too big by .4 kb to attach. Please advise.
Click to expand...

Did you follow the directions in step 0 of the READ ME and empty all quarantines etc?
Did you change any of the default options on Bitdefender's scan? Many people set it to show all files being scanned which is not the default and this can make logs huge.

You can compress the file into a ZIP and upload it that way.

You appear to have ignored step 3 of the READ ME. You have Bitdefender and Norton installed. Uninstall one of them. Do this now before continuing!

You have HijackThis install on your Desktop which is exactly where step 7 of the READ ME specifies not to install it. Please install it properly.

The only problem I see in your log is the below file which you need to delete:C:\WINDOWS\system32\auole4.dll

chaslang · Apr 17, 2006

Ooops! Did not see you in here SPD! Looks like you clicked Submit just before me!

kittee · Apr 18, 2006

Should have everything where it should be now.

I scanned with default settings using bitdefender. It reported that no viruses were present.
I then uninstalled it.
HJT is now in its own programs file.
I ran a scan after deleting the auole4.dll in system32 and have attached it.

Does everything look ok.? The Norton warnings have not reappeared.

chaslang · Apr 18, 2006

You're initial HJT log was already clean so I would not have expected anything to be in this one. And yes it is still clean. The file we both said you should delete only showed with Panda.

If you are not having any other malware problems, you should work thru the below link:

How to Protect yourself from malware!

kittee · Apr 19, 2006

Thanks very much for your advice

Take care and keep up the good work.

chaslang · Apr 19, 2006

You're welcome. Surf safely.

Log in or Sign up

W32 spybot worm

kittee Private E-2

Attached Files:

Activescan.txt

hijackthis.log

Shadow_Puter_Dude MG Authorized Malware Fighter

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

kittee Private E-2

Attached Files:

hijackthis.log

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

kittee Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member