PA - I got the SOB before reading your reply, but
at usual you were right.
It's a relatively new scumware based on XWREG32.DLL and
LIB.DLL. CA does NOT have it in their A/V database,
nor does Malwarebytes. I won't go into the specifics here,
you can get plenty info by googling those two .DLL's.
Hijack This saw it at a text/html filter hijack, but didn't
offer much info...
SuperAntiSpyware knows about it though, I hadn't updated
SAS for a while...shows how stupid I can be!
Upgrading in hopes of fixing an existing problem is seldom a wise idea.
I know, but the symptoms were such that they did not fit any
info I could find (was looking for the wrong thing then) and I know
I should have gone to IE7 several months ago...lazy. So, I get
a more secure browser as part of the bargain. Also, you guys here
tend to chastise people for using old browsers...
Couple weeks ago, I was having trouble with Cox email blacklisting
issues and I did a lot of searching for info. Probably got the
infection on one of the shady "answer" sites. Ugh.
There is a very good chance that you are seeing the effects of a
hijackware infection!
NB: If you had no anti-virus application installed or the subscription
had expired *when the machine first got infected* and/or your
subscription has since expired and/or the machine's not been kept
fully-patched at Windows Update, don't waste your time with any of the
below: Format & reinstall Windows. A Repair Install will NOT help!
1. See if you can download/run the MSRT manually:
http://www.microsoft.com/security/malwareremove/default.mspx
NB: Run the FULL scan, not the QUICK scan! You may need to download
the
MSRT on a non-infected machine, then transfer MRT.EXE to the infected
machine and rename it to SCAN.EXE before running it.
2. [WinXP ONLY!! =>] Run the Windows Live Safety Center's 'Protection'
scan (only!) in Safe Mode with Networking, if need be:
http://onecare.live.com/site/en-us/center/howsafe.htm
3. Run a /thorough/ check for hijackware, including posting the
requested
logs in an appropriate forum, not here.
Checking for/Help with Hijackware
http://aumha.net/viewtopic.php?f=30&t=4075
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://www.elephantboycomputers.com/page2.html#Removing_Malware
**Chances are you will need to seek expert assistance in
http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
http://www.spywarewarrior.com/viewforum.php?f=5,
http://www.dslreports.com/forum/cleanup,
http://www.bluetack.co.uk/forums/index.php,
http://aumha.net/viewforum.php?f=30 or other appropriate forums as
well.** If these procedures look too complex - and there is no shame in
admitting
this isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Client - since 2002
www.banthecheck.com
V Green wrote:
OK, installed IE7 and patched to most recent.
Now, doesn't crash 5 min after exiting, but still
keeps iexplore.exe open.
Thoughts?
Recent development - last 3 -4 days.
iexplore.exe process does not close after closing
window - crashes witn "...must close..." dialog about
five minutes after closing window. 0xC00000005
access vioation. If you leave window open, no crash.
Can kill with Task Manager, it's not the "iexplore" virus.
CA / Malwarebytes / etc. find nothing.
Stopping all BHO's etc. doesn't help.
Can't think of anything I did to cause this...
XP SP3, fully patched.
