WinWeb Security Infection

Discussion in 'Malware Help (A Specialist Will Reply)' started by clicovulture, Dec 21, 2008.

  1. clicovulture

    clicovulture Private E-2

    PHP:
    My daughter's laptop has been infected with WinWebSecurity. She thinks she picked it up a couple of days ago. I went through all the steps in 'READ & RUN ME FIRST' and 'Windows XP Cleaning Procedure'. I have attached the logs for the two programs that completed. The others crashed sending the pc to a blue screen. Those programs were, "SpyBot - Search & Destroy"
    "Malwarebytes Anti-Malware" and "MGtools.exe". I tried each twice.
     

    Attached Files:

    clicovulture, Dec 21, 2008
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Important Notice: A new version of SUPERAntiSpyware is out that should help with this problem from Vundo.
    • Please uninstall your current version (this is necessary).
    • Then download this SUPERAntiSpyware
    • Install this new version. It may tell you that you need to reboot to complete the installation. You must reboot at this time.
    • After the reboot, run SUPERAntiSpyware and immediately click the Check for Updates button to get more updates for the database.
    • Now run a new full scan of your system. And attach this first log later.
    • Since this infection has been reappearing after a reboot, you will have to reboot again and then run an additional scan to make sure it comes back clean. Attach this second log too.
    Now we need to use ComboFix
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Open Notepad and copy/paste the text in the below quote box into it:
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below
    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    Now try to run Malwarebytes again. If it runs, attach the log.

    Now try to rerun MGtools.exe. Download the new version and make sure you download it and save it to C:\Mgtools.exe. It you still get a crash when running it, it is probably not a malware issue but rather a problem within your OS. If you do get a BSOD, give us the exact word for word error message and error numbers.

    If MGtools runs, attach the C:\MGlogs.zip file.

    Also remember to attach the new C:\combofix.txt log.
     
    Last edited: Dec 24, 2008
    chaslang, Dec 24, 2008
    #2
  3. clicovulture

    clicovulture Private E-2

    Sorry for taking so long to post these logs. I have been really busy over the past month.

    While working through the cleanup steps for my previous post, I got tired of the winweb security popping up. I figured out how to kill the process. At the time I didnt know it, but it hasnt come back since.

    Despite winweb not coming back, I went ahead and followed your new steps. There is only one super anti-spyware log, since winweb wasnt running.

    Thanks again for all your help.
     
    clicovulture, Jan 20, 2009
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You did not attach anything.
     
    chaslang, Jan 21, 2009
    #4
  5. clicovulture

    clicovulture Private E-2

    OK, I had to go and dig the files out of my trash. It took a while.

    I think I got it right this time.:confused
     

    Attached Files:

    clicovulture, Feb 5, 2009
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You did not do what I requested with SUPERAntiSpyware and are thus still using an old version and also outdated databases too.

    I still need the Malwarebytes log and new log from MGtools as requested in message # 2
     
    chaslang, Feb 7, 2009
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds