Webrebates0.exe/CONSCORR.exe

i'm positive that this computer is infected...and i thought i got rid of everything, but i was apparently wrong.

i've found and deleted the following files:

Webrebates0.exe
Webrebates1.exe
SVCMM32.exe
CONSCORR.exe
djtopr1150.exe

i'm questionable as to the following files:

Desbyhdw.exe
STIMON.exe
MSNIASVC.exe

i've got HJT, but i'm a little nervous to use it in this case. I also tried to run Spybot S&D but got some German-Language popup and it wouldn't load.

help!

 

well...it only took me 3 hours but i think i've got everything.

of note:

after steps 1 through 4 i ran HJT and noticed that there were still a couple of lines that had web_rebates on them, also several lines mentioning SearchAssistant. i used HJT to clean them, and so far so good. SVCMM32 has been the biggest pita so far...used HJT to dump it, too.

the worst part about this is that now i've got to go do all this to my own computer, it's sick with the same thing. (the whole lying with dogs thing...)

thanks for your help

 

thanks for all your help.

[edited: i just realized that it says i'm running HJT from the desktop, but it's in it's own folder so i don't know what i did wrong.]

 

ok...i figured out what i had done wrong...here's the right txt file.

 

i honestly do not know...is there a way i can find out?

[i have a hjt log from April and it's not there, but i did see it on a log from another program (from an April scan)...so it's been on here a while.]

thanks

 

interestingly i can't seem to find the file. i've used Windows Explorer (and yes i enabled "see hidden files") and i didn't find it. i tried the Search feature and it didn't turn up that way either. the only way i see it is on HJT. ...any suggestions?

 

there is a help.exe for windows but I'm pretty sure it's in the system32 folder.
This is what I've come up with. signlentex's file could be a variant

http://securityresponse.symantec.com/avcenter/venc/data/w32.wullik.b@mm.html

 

when i did the "search" for help.exe i searched the whole computer...and all i found were WINHELP.EXE, DDHELP.EXE, DPVHELP.EXE, dpvhelp.exe and MSOHELP.EXE so there isn't a "HELP.exe" anywhere on the machine (that i can see.)

 

info on conscorr.exe

http://www.giantcompany.com/antispyware/research/spyware/file-conscorr.exe.aspx

if you're still having an issue. Make sure you turn off System Restore for WinME and then run the tutorial again.

 

i followed all the directions i was given...and i believe my spyware issue is currently under control. however...when i followed directions here:

Sticky: READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

specifically:
2:Remove Microsoft Java; Microsofts no longer supported version of Java is often a source of installed spyware and hijacks so it is a good idea to remove Microsoft Java Virtual Machine and Install Sun Java. To remove it follow these steps.

i downloaded Sun Java...and now i'm having java issues. if i could go back to the lousy MS Java Virtual Machine i'd be happy...Sun Java is not working for me. (i can't CHAT! omg!) i've gone to their FAQ for help...and the solution listed didn't fix my issue. i know this isn't a Spyware issue...so could someone please direct me to the proper forum or website i'd be REALLY grateful.

thanks.

 

Sighlentex,
head to the software forum and post your question regarding the java vm issue.