A trojan or something , whse

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

it's there in msconfig if I RUN msconfig and I'm pretty sure it's a tro...
a vi... I mean I don't know what it is but can someone tell me how to
get rid of it please . I'm sure it's nowhere else and it may have come with
an older download archived search I had done for an older Motherboard which
had a Adobe type program to view it by .
but and but and um , ,,,,
the computer has crashed a few times and the latest Error message was :
BCCode: 19 BCP1: 00000020 BCP2: E2B00490 BCP3: E2B00590 BCP4: 0C200201
OS Ver: 5_1_2600 SP:2_0 Product:768_1
I saw a similar error number on the Microsoft website and that number
referred to a Trojan , I think .
I had downloaded 2 diagnostic programs too , one of which included
giveio.sys , which I have promptly removed because I didn't really need
them anyway , three , anyone at home tonight ?
it's getting coooooolder in Auckland NZ !
 
From: "Umwhat" <me.somewhere@somewhere else.com>

| it's there in msconfig if I RUN msconfig and I'm pretty sure it's a tro...
| a vi... I mean I don't know what it is but can someone tell me how to
| get rid of it please . I'm sure it's nowhere else and it may have come with
| an older download archived search I had done for an older Motherboard which
| had a Adobe type program to view it by .
| but and but and um , ,,,,
| the computer has crashed a few times and the latest Error message was :
| BCCode: 19 BCP1: 00000020 BCP2: E2B00490 BCP3: E2B00590 BCP4: 0C200201
| OS Ver: 5_1_2600 SP:2_0 Product:768_1
| I saw a similar error number on the Microsoft website and that number
| referred to a Trojan , I think .
| I had downloaded 2 diagnostic programs too , one of which included
| giveio.sys , which I have promptly removed because I didn't really need
| them anyway , three , anyone at home tonight ?
| it's getting coooooolder in Auckland NZ !
|
| --
| signature


Dump the contents of the IE Temporary Internet Folder cache (TIF)
Start --> Settings --> Control Panel --> Internet Options --> Delete Files

Dump the contents of the Mozilla FireFox Cache { if you use FireFox }
Tools --> Options --> Privacy --> Cache --> Clear


Download CLEAN.EXE from the URL --
http://www.ik-cs.com/programs/virtools/clean.exe

It is a self-extracting ZIP file that contains the Kixtart Script Interpreter
{ http://kixtart.org Kixtart is CareWare } three batch files, two Kixtart scripts, two Link
(.lnk) files and a PDF instruction file.

GETFILES.BAT -- For downloading (FTP) the files needed to run the McAfee Command Line
Scanner. If you are using Windows XP, you may have to disable the Windows XP FireWall to
allow the FTP utility to download the needed files

CLEAN.BAT -- For running within Windows after running c:\mcafee\GetFiles.BAT. If you choose
to scan again at a future date, run this batch file. It will automatically check the date
of the McAfee DAT files and if it is a couple of days old, it will download (FTP) the latest
signature files and install them before performing the scan.

DOSCLEAN.BAT -- For use on a Win9x/ME PC or on a Win2K/WinXP PC that is using FAT32 after
you have booted from an Emergency Boot Disk or DOS disk and have already executed;
c:\mcafee\GetFiles.BAT from within Windows. DOS disk boot images can be obtained from;
http://www.bootdisk.com/bootdisk.htm

I need you to perform the following...

Execute; CLEAN.EXE
Choose; Unzip
Choose; Close

Execute; c:\mcafee\GetFiles.BAT
{ or Double-click on 'GetFiles Link' in c:\mcafee }

Reboot the PC into Safe Mode [F8 key during boot]

Shutdown as many applications as possible !
It would also help for you to read - "How to perform a clean boot in Windows XP"
http://support.microsoft.com/kb/310353

Execute; c:\mcafee\CLEAN.BAT
{ or Double-click on 'Clean Link' in c:\mcafee }

A final report in HTML format called C:\mcafee\ScanReport.HTML will be generated. At the
end of the scan, it will be displayed in your browser (Opera, FireFox or Internet Explorer).
It is suggested that you move the report out of c:\mcafee before performing another scan.
It would be a good idea to scan in Safe Mode and in Normal Mode and save a copy of the HTML
report for each session.


* * * Please report back your results * * *
 
Thankyou for the free scan . The scan revealed no problems .
Whse appears in the msconfig - Startup page but I am keeping it from
loading , and I'm sure it's something I do not need .
The path to Whse is C:\ProgramFiles\WhenUSearch\whse.exe but a search
in Windows with the Show all Files option ticked in Folders Options does not
find anything . The folder does not show in Program Files but Windows tells
me it could be at another location which has me bothered .
I would like to remove the entry from the Startup Page .Can you tell me
how to remove it .


David H. Lipman said:
From: "Umwhat" <me.somewhere@somewhere else.com>

| it's there in msconfig if I RUN msconfig and I'm pretty sure it's a tro...
| a vi... I mean I don't know what it is but can someone tell me how to
| get rid of it please . I'm sure it's nowhere else and it may have come with
| an older download archived search I had done for an older Motherboard which
| had a Adobe type program to view it by .
| but and but and um , ,,,,
| the computer has crashed a few times and the latest Error message was :
| BCCode: 19 BCP1: 00000020 BCP2: E2B00490 BCP3: E2B00590 BCP4: 0C200201
| OS Ver: 5_1_2600 SP:2_0 Product:768_1
| I saw a similar error number on the Microsoft website and that number
| referred to a Trojan , I think .
| I had downloaded 2 diagnostic programs too , one of which included
| giveio.sys , which I have promptly removed because I didn't really need
| them anyway , three , anyone at home tonight ?
| it's getting coooooolder in Auckland NZ !
|
| --
| signature


Dump the contents of the IE Temporary Internet Folder cache (TIF)
Start --> Settings --> Control Panel --> Internet Options --> Delete Files

Dump the contents of the Mozilla FireFox Cache { if you use FireFox }
Tools --> Options --> Privacy --> Cache --> Clear


Download CLEAN.EXE from the URL --
http://www.ik-cs.com/programs/virtools/clean.exe

It is a self-extracting ZIP file that contains the Kixtart Script Interpreter
{ http://kixtart.org Kixtart is CareWare } three batch files, two Kixtart scripts, two Link
(.lnk) files and a PDF instruction file.

GETFILES.BAT -- For downloading (FTP) the files needed to run the McAfee Command Line
Scanner. If you are using Windows XP, you may have to disable the Windows XP FireWall to
allow the FTP utility to download the needed files

CLEAN.BAT -- For running within Windows after running c:\mcafee\GetFiles.BAT. If you choose
to scan again at a future date, run this batch file. It will automatically check the date
of the McAfee DAT files and if it is a couple of days old, it will download (FTP) the latest
signature files and install them before performing the scan.

DOSCLEAN.BAT -- For use on a Win9x/ME PC or on a Win2K/WinXP PC that is using FAT32 after
you have booted from an Emergency Boot Disk or DOS disk and have already executed;
c:\mcafee\GetFiles.BAT from within Windows. DOS disk boot images can be obtained from;
http://www.bootdisk.com/bootdisk.htm

I need you to perform the following...

Execute; CLEAN.EXE
Choose; Unzip
Choose; Close

Execute; c:\mcafee\GetFiles.BAT
{ or Double-click on 'GetFiles Link' in c:\mcafee }

Reboot the PC into Safe Mode [F8 key during boot]

Shutdown as many applications as possible !
It would also help for you to read - "How to perform a clean boot in Windows XP"
http://support.microsoft.com/kb/310353

Execute; c:\mcafee\CLEAN.BAT
{ or Double-click on 'Clean Link' in c:\mcafee }

A final report in HTML format called C:\mcafee\ScanReport.HTML will be generated. At the
end of the scan, it will be displayed in your browser (Opera, FireFox or Internet Explorer).
It is suggested that you move the report out of c:\mcafee before performing another scan.
It would be a good idea to scan in Safe Mode and in Normal Mode and save a copy of the HTML
report for each session.


* * * Please report back your results * * *
Click to expand...
 
....and I have just been to the Symantec website and looked up the removal
instructions for whse and I found no entries in any of the locations
indicated for removing all the entries which are indicated for removal .

Umwhat said:
Thankyou for the free scan . The scan revealed no problems .
Whse appears in the msconfig - Startup page but I am keeping it from
loading , and I'm sure it's something I do not need .
The path to Whse is C:\ProgramFiles\WhenUSearch\whse.exe but a search
in Windows with the Show all Files option ticked in Folders Options does not
find anything . The folder does not show in Program Files but Windows tells
me it could be at another location which has me bothered .
I would like to remove the entry from the Startup Page .Can you tell me
how to remove it .


David H. Lipman said:
From: "Umwhat" <me.somewhere@somewhere else.com>

| it's there in msconfig if I RUN msconfig and I'm pretty sure it's a tro...
| a vi... I mean I don't know what it is but can someone tell me how to
| get rid of it please . I'm sure it's nowhere else and it may have come with
| an older download archived search I had done for an older Motherboard which
| had a Adobe type program to view it by .
| but and but and um , ,,,,
| the computer has crashed a few times and the latest Error message was :
| BCCode: 19 BCP1: 00000020 BCP2: E2B00490 BCP3: E2B00590 BCP4: 0C200201
| OS Ver: 5_1_2600 SP:2_0 Product:768_1
| I saw a similar error number on the Microsoft website and that number
| referred to a Trojan , I think .
| I had downloaded 2 diagnostic programs too , one of which included
| giveio.sys , which I have promptly removed because I didn't really need
| them anyway , three , anyone at home tonight ?
| it's getting coooooolder in Auckland NZ !
|
| --
| signature


Dump the contents of the IE Temporary Internet Folder cache (TIF)
Start --> Settings --> Control Panel --> Internet Options --> Delete Files

Dump the contents of the Mozilla FireFox Cache { if you use FireFox }
Tools --> Options --> Privacy --> Cache --> Clear


Download CLEAN.EXE from the URL --
http://www.ik-cs.com/programs/virtools/clean.exe

It is a self-extracting ZIP file that contains the Kixtart Script Interpreter
{ http://kixtart.org Kixtart is CareWare } three batch files, two Kixtart scripts, two Link
(.lnk) files and a PDF instruction file.

GETFILES.BAT -- For downloading (FTP) the files needed to run the McAfee Command Line
Scanner. If you are using Windows XP, you may have to disable the Windows XP FireWall to
allow the FTP utility to download the needed files

CLEAN.BAT -- For running within Windows after running c:\mcafee\GetFiles.BAT. If you choose
to scan again at a future date, run this batch file. It will automatically check the date
of the McAfee DAT files and if it is a couple of days old, it will download (FTP) the latest
signature files and install them before performing the scan.

DOSCLEAN.BAT -- For use on a Win9x/ME PC or on a Win2K/WinXP PC that is using FAT32 after
you have booted from an Emergency Boot Disk or DOS disk and have already executed;
c:\mcafee\GetFiles.BAT from within Windows. DOS disk boot images can be obtained from;
http://www.bootdisk.com/bootdisk.htm

I need you to perform the following...

Execute; CLEAN.EXE
Choose; Unzip
Choose; Close

Execute; c:\mcafee\GetFiles.BAT
{ or Double-click on 'GetFiles Link' in c:\mcafee }

Reboot the PC into Safe Mode [F8 key during boot]

Shutdown as many applications as possible !
It would also help for you to read - "How to perform a clean boot in Windows XP"
http://support.microsoft.com/kb/310353

Execute; c:\mcafee\CLEAN.BAT
{ or Double-click on 'Clean Link' in c:\mcafee }

A final report in HTML format called C:\mcafee\ScanReport.HTML will be generated. At the
end of the scan, it will be displayed in your browser (Opera, FireFox or Internet Explorer).
It is suggested that you move the report out of c:\mcafee before performing another scan.
It would be a good idea to scan in Safe Mode and in Normal Mode and save a copy of the HTML
report for each session.


* * * Please report back your results * * *
Click to expand...
Click to expand...
 
You may like to read my 2 earlier posts to your reply which are the 2 posts
after this post before reading this post to make sense of where I am with the
removal of whse .
I ran the Mcfee scan and it found no problems .

The entry of whse remains in the msconfig Startup Programs and I have found
entries in the Registry :
HKEY_CURRENT USER_Software\Microsoft\SearchAssistant\ACMru\5603 and 6504 .
Now I am going back to the site I downloaded the Mcfee scan from to check
with the entries there that should be removed to remove whse .
Do you think after I have deleted those entries I could find any more
entries related to whse in any other registry locations because I had to
search manually to find the entries I've found to now .
thankyou for reading
and , it's a very cold winter's night in Auckland
but it's warm inside

David H. Lipman said:
From: "Umwhat" <me.somewhere@somewhere else.com>

| it's there in msconfig if I RUN msconfig and I'm pretty sure it's a tro...
| a vi... I mean I don't know what it is but can someone tell me how to
| get rid of it please . I'm sure it's nowhere else and it may have come with
| an older download archived search I had done for an older Motherboard which
| had a Adobe type program to view it by .
| but and but and um , ,,,,
| the computer has crashed a few times and the latest Error message was :
| BCCode: 19 BCP1: 00000020 BCP2: E2B00490 BCP3: E2B00590 BCP4: 0C200201
| OS Ver: 5_1_2600 SP:2_0 Product:768_1
| I saw a similar error number on the Microsoft website and that number
| referred to a Trojan , I think .
| I had downloaded 2 diagnostic programs too , one of which included
| giveio.sys , which I have promptly removed because I didn't really need
| them anyway , three , anyone at home tonight ?
| it's getting coooooolder in Auckland NZ !
|
| --
| signature


Dump the contents of the IE Temporary Internet Folder cache (TIF)
Start --> Settings --> Control Panel --> Internet Options --> Delete Files

Dump the contents of the Mozilla FireFox Cache { if you use FireFox }
Tools --> Options --> Privacy --> Cache --> Clear


Download CLEAN.EXE from the URL --
http://www.ik-cs.com/programs/virtools/clean.exe

It is a self-extracting ZIP file that contains the Kixtart Script Interpreter
{ http://kixtart.org Kixtart is CareWare } three batch files, two Kixtart scripts, two Link
(.lnk) files and a PDF instruction file.

GETFILES.BAT -- For downloading (FTP) the files needed to run the McAfee Command Line
Scanner. If you are using Windows XP, you may have to disable the Windows XP FireWall to
allow the FTP utility to download the needed files

CLEAN.BAT -- For running within Windows after running c:\mcafee\GetFiles.BAT. If you choose
to scan again at a future date, run this batch file. It will automatically check the date
of the McAfee DAT files and if it is a couple of days old, it will download (FTP) the latest
signature files and install them before performing the scan.

DOSCLEAN.BAT -- For use on a Win9x/ME PC or on a Win2K/WinXP PC that is using FAT32 after
you have booted from an Emergency Boot Disk or DOS disk and have already executed;
c:\mcafee\GetFiles.BAT from within Windows. DOS disk boot images can be obtained from;
http://www.bootdisk.com/bootdisk.htm

I need you to perform the following...

Execute; CLEAN.EXE
Choose; Unzip
Choose; Close

Execute; c:\mcafee\GetFiles.BAT
{ or Double-click on 'GetFiles Link' in c:\mcafee }

Reboot the PC into Safe Mode [F8 key during boot]

Shutdown as many applications as possible !
It would also help for you to read - "How to perform a clean boot in Windows XP"
http://support.microsoft.com/kb/310353

Execute; c:\mcafee\CLEAN.BAT
{ or Double-click on 'Clean Link' in c:\mcafee }

A final report in HTML format called C:\mcafee\ScanReport.HTML will be generated. At the
end of the scan, it will be displayed in your browser (Opera, FireFox or Internet Explorer).
It is suggested that you move the report out of c:\mcafee before performing another scan.
It would be a good idea to scan in Safe Mode and in Normal Mode and save a copy of the HTML
report for each session.


* * * Please report back your results * * *
Click to expand...
 
Umwhat said:
You may like to read my 2 earlier posts to your reply which are the 2
posts after this post before reading this post to make sense of where
I am with the removal of whse .
I ran the Mcfee scan and it found no problems .
Click to expand...

Everyone who answers questions in the Microsoft newsgroups is a
volunteer. If you want immediate action on a computer problem, you
should take the machine to a computer repair shop (not your local
equivalent of BigStoreUSA) and pay to have it fixed.

WhenU is non-viral malware, which is why McAfee does not remove it. Here
are malware removal steps. If you have already scanned with a
full-featured antivirus, then skip Step 1. It is crucial that all
scanning for malware be done with updated tools in Safe Mode.

First delete all Temporary and Temporary Internet Files. For IE's
Temporary Files, go to Control Panel>Internet Options>General tab.
You'll see where you can delete cookies and files. For Firefox, clear
its cache by going to Tools>Options>Privacy>Cache> Clear. For Windows
Temporary files, Start>Run cleanmgr [enter]. You can find all the links
to referenced programs and sites on my website here:

http://www.elephantboycomputers.com/page2.html#Removing_Malware

1) Scan in Safe Mode with current version (not earlier than 2004)
antivirus using updated definitions.

Before you remove malware, get LSPFix or WinSockFix for XP - see links
below.

2) Remove spyware with Spybot Search & Destroy and Ad-aware. These
programs are free, so use them both since they complement each other.
There is a new version of CWShredder from Intermute. I would not
install the other Intermute programs, however. Alternately, there are
CoolWebSearch malware removal steps at SilentRunners.

Be sure to update these programs before running, and it is a good idea
to do virus/spyware scans in Safe Mode. Make sure you are able to see
all hidden files and extensions (View tab in Folder Options).

If the malware remains even after you used Ad-aware and Spybot, you can
scan with HijackThis. HijackThis is an excellent tool to discover and
disable hijackers, but it requires expert skill. See the links on my
website for a HijackThis tutorial and places where you can post your
HJT log. Again, this is an expert tool and novices should get help
with it.

3) If you are running Windows ME or XP, you should disable/enable System
Restore after the system is clean because malware will be in the
Restore Points. With ME, you must disable System Restore completely.
With XP, you can delete all but the most recent (presumably clean)
System Restore point from the More Options section of Disk Cleanup
(Run>cleanmgr).

4) Make sure you've visited Windows Update and applied all security
patches. Do not install driver updates from Windows Update.

5) Run a firewall.

Malke
 
Back
Top