winfix and winantispy has taken over system

Discussion in 'Malware Help (A Specialist Will Reply)' started by winhou, Sep 5, 2005.

  1. winhou

    winhou Private E-2

    When any user logs in pop-ups appear for winfix 2005 and winantispy 2005.
    Icons are also put in the task bar. The two processes associated with these
    pop-ups are: UWFX5NetInstaller.exe
    UWAS5LP_001_0811NetInstaller.exe

    Terminating these processes kills the pop-ups, but the programs come back
    at the next log-in.

    I've gone through your entire cookbook: 'READ ME FIRST BEFORE ASKING
    FOR SUPPORT: Basic Spyware, Trojan and Virus Removal'. All the scans
    came up negative. The same check-list was run consecutively on each
    of the users. All were negative for any trojans, etc. Just to be safe,
    the about:Buster and HSRemove utilities were also run.

    FYI: the BitDefender and RavAntivirus links supplied don't work.
    The BitDefender 'scan' sits and churns but never does anything.
    The RavAntivirus link is broken.

    System restore has been turned off, so unless it isn't
    true that all previous restore points are deleted the malware shouldn't be
    restoring itself from one of the restore files.

    Attached is the logfile from Hijack This.

    Thanks in advance for your help.
     

    Attached Files:

    winhou, Sep 5, 2005
    #1
  2. winhou

    winhou Private E-2

    D3m3nt3d - thanks for your reply

    Downloaded, installed & up-dated Ewido

    unplugged cable modem

    windows wouldn't function in safe mode
    log-on screen comes up normally, but log-on attempt leads to
    a blank, black screen with the words 'safe mode' in the corners.
    system is unresponsive

    with cable unplugged, booted in safe mode with networking

    Ewido - Options - Scan every file
    Full System Scan
    (log file attached)

    restarted system and logged on in normal mode
    on log-in Ewido finds: c:\WINDOWS\Web\PRINTERS\javaps.dll
    selected REMOVE - OK
    (explorerXP still shows file in location shown above)

    Zone Alarm shows: Generic host processes for Win32 wants to accept
    net connections - denied

    The version of Vundofix that you suggested doesn't work on my machine
    It can't find c:\WINDOWS\Help\nutas.dll nor, c:\WINDOWS\Help\satun.*

    Tried a different version of VundoFix (vundofix.txt and HJT log attached)

    Still getting the Ewido notice about the javaps.dll file on log-on.

    I've also run fixvundo.exe and fixvundob.exe from Symantec.
    No relief.

    Thanks for your help and patience.

    W
     

    Attached Files:

    winhou, Sep 9, 2005
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds