Webrebates0.exe/CONSCORR.exe

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by sighlentex, Oct 26, 2004.

  1. sighlentex

    sighlentex Private E-2

    i'm positive that this computer is infected...and i thought i got rid of everything, but i was apparently wrong.

    i've found and deleted the following files:

    Webrebates0.exe
    Webrebates1.exe
    SVCMM32.exe
    CONSCORR.exe
    djtopr1150.exe

    i'm questionable as to the following files:

    Desbyhdw.exe
    STIMON.exe
    MSNIASVC.exe

    i've got HJT, but i'm a little nervous to use it in this case. I also tried to run Spybot S&D but got some German-Language popup and it wouldn't load.

    help!
     
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You should follow ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal
    If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

    NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.

    You should have uninstalled WebRebates using Add/Remove programs.

    STIMON.EXE is a valid process leave it be.
    MSNIASVC.EXE is a process installed alongside MSN version 9 which is responsible for first time configurations of this product. This is a non-essential process. Disabling or enabling this is up to user preference
     
  3. sighlentex

    sighlentex Private E-2

    well...it only took me 3 hours but i think i've got everything.

    of note:

    after steps 1 through 4 i ran HJT and noticed that there were still a couple of lines that had web_rebates on them, also several lines mentioning SearchAssistant. i used HJT to clean them, and so far so good. SVCMM32 has been the biggest pita so far...used HJT to dump it, too.

    the worst part about this is that now i've got to go do all this to my own computer, it's sick with the same thing. (the whole lying with dogs thing...)

    thanks for your help
     
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Good job!

    If you still have any remaining problems. Make sure you have HJT version 1.98.2 and you follow the guidelines in this Sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

    Now post a HijackThis as a .txt file attachment to your message. All running programs should be closed, including your web browser, e-mail. Close before running Hijack This!

    Do NOT run Hijack This from the Desktop, a temp folder, or from a sub-folder of C:\Documents and Settings, or choose run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT
     
  5. sighlentex

    sighlentex Private E-2

    thanks for all your help.

    [edited: i just realized that it says i'm running HJT from the desktop, but it's in it's own folder so i don't know what i did wrong.]
     

    Attached Files:

  6. sighlentex

    sighlentex Private E-2

    ok...i figured out what i had done wrong...here's the right txt file.
     

    Attached Files:

  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Your log looks okay! I only have one question on the below item. Do you know what this is? Is it really a Microsoft Help program?

    O4 - HKLM\..\RunServices: [WinUpdate] C:\Program Files\MsHelp\Help.exe
     
  8. sighlentex

    sighlentex Private E-2

    i honestly do not know...is there a way i can find out?

    [i have a hjt log from April and it's not there, but i did see it on a log from another program (from an April scan)...so it's been on here a while.]

    thanks
     
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Use Windows Explorer to right click on the file and get Properties info. See if there is a version tab where you can get more info about the company and internal file names...etc.
     
  10. sighlentex

    sighlentex Private E-2

    interestingly i can't seem to find the file. i've used Windows Explorer (and yes i enabled "see hidden files") and i didn't find it. i tried the Search feature and it didn't turn up that way either. the only way i see it is on HJT. ...any suggestions?
     
  11. Kodo

    Kodo SNATCHSQUATCH

  12. sighlentex

    sighlentex Private E-2

    when i did the "search" for help.exe i searched the whole computer...and all i found were WINHELP.EXE, DDHELP.EXE, DPVHELP.EXE, dpvhelp.exe and MSOHELP.EXE so there isn't a "HELP.exe" anywhere on the machine (that i can see.)
     
  13. Kodo

    Kodo SNATCHSQUATCH

  14. sighlentex

    sighlentex Private E-2

    i followed all the directions i was given...and i believe my spyware issue is currently under control. however...when i followed directions here:

    Sticky: READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

    specifically:
    2:Remove Microsoft Java; Microsofts no longer supported version of Java is often a source of installed spyware and hijacks so it is a good idea to remove Microsoft Java Virtual Machine and Install Sun Java. To remove it follow these steps.

    i downloaded Sun Java...and now i'm having java issues. if i could go back to the lousy MS Java Virtual Machine i'd be happy...Sun Java is not working for me. (i can't CHAT! omg!) :eek: i've gone to their FAQ for help...and the solution listed didn't fix my issue. i know this isn't a Spyware issue...so could someone please direct me to the proper forum or website i'd be REALLY grateful.

    thanks. ;)
     
  15. Kodo

    Kodo SNATCHSQUATCH

    Sighlentex,
    head to the software forum and post your question regarding the java vm issue.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds