Ole32ws.dll"the devil"please help me!!

Discussion in 'adware, spyware & hijack cleaning' started by gucegu, Jul 10, 2004.

Thread Status:
Not open for further replies.
  1. gucegu

    gucegu Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    3
    I have this terrible SecurityRisk.Downldr(symantec def..),Norton can't remove that .
    Norton idividue it at this address:

    c\docomentandset..\myname\...\Temporaney internet files
    but the files aren't here..

    but when I serch the folder of Ole32ws(Content.IE5),I find another 2 address:

    c\documandsett\alluser\..\temporaneyInternetfiles
    I've delete it one time and all is Ok

    c\windows\system32\config\systemprofile\..\temporaneyinternetfiles.

    Ok when I try to delete it, every time that i start up my computer the file is here!I can't delete it!
    Please Help me.
    Sorry for my terrible English!
    Guido(italy)


    Logfile of HijackThis v1.98.0
    Scan saved at 22.44.45, on 10/07/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
    E:\programmi 2\nero\InCD\InCD.exe
    C:\Programmi\File comuni\Symantec Shared\ccApp.exe
    C:\WINDOWS\System32\rmctrl.exe
    C:\Programmi\File comuni\Real\Update_OB\evntsvc.exe
    C:\Programmi\Messenger Plus! 3\MsgPlus.exe
    C:\WINDOWS\System32\ctfmon.exe
    E:\programmi 2\adobe\Distillr\AcroTray.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
    E:\programmi 2\nero\InCD\InCDsrv.exe
    E:\programmi 2\Norton SystemWorks\Norton Antivirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    E:\programmi 2\Norton SystemWorks\Norton Antivirus\SAVScan.exe
    C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
    C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programmi\File comuni\Symantec Shared\ccLgView.exe
    C:\Programmi\Internet Explorer\iexplore.exe
    C:\Programmi\MSN Messenger\msnmsgr.exe
    C:\Documents and Settings\Guido\Desktop\HJK\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 62.101.126.216:8088
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - e:\programmi 2\adobe\Acrobat\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\programmi 2\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\programmi 2\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] E:\programmi 2\nero\InCD\InCD.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [CloneCDElbyCDFL] "E:\programmi 2\CloneCD\ElbyCheck.exe" /L ElbyCDFL
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\System32\rmctrl.exe
    O4 - HKLM\..\Run: [TkBellExe] C:\Programmi\File comuni\Real\Update_OB\evntsvc.exe -osboot
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKCU\..\Run: [PicoZip] E:\PROGRA~1\PicoZip\PicoZipTray.exe
    O4 - Startup: C'è Posta.lnk = ?
    O4 - Startup: Webshots.lnk = E:\programmi 2\Webshots\Launcher.exe
    O4 - Global Startup: Acrobat Assistant.lnk = E:\programmi 2\adobe\Distillr\AcroTray.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
     
  2. IMM

    IMM Spyware Fighter

    Joined:
    May 6, 2004
    Posts:
    351
    It's likely LOP trying to install as a result of installing
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\Messenger Plus! 3\MsgPlus.exe"

    In terms of being able to see it
    Set your Explorer up using the info in this link so that hidden and System files are visible
    Also Uncheck the "Hide extensions for known file types" box

    Empty the TIF (Temporary Internet Files)
    To do so use Control Panel > Internet Options(or right click the IE icon on the desktop and choose Properties)
    Click Delete Files on the General Tab - place a check in the Delete all offline content box and then press OK

    Delete all the files in (and any subfolders of) the C:\Windows\Temp\ folder

    -----------
    Download the latest version of Ad-Aware at http://www.lavasoftusa.com/support/download/
    After installing AAW, and before running the program, you NEED to FIRST update the reference file following these instructions.
    Now do the following:
    - Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Scanning Engine:
    check: "Unload recognized processes during scanning."
    - Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Cleaning Engine:
    Check: "Let Windows remove files in use after reboot."

    Press "Scan Now"
    - Check option "Use Custom scanning options"
    - Check option "Activate In-Depth Scan"
    - Press "Select drives\folders to scan"
    - Select the active partition which is usually C:

    Now press "Next" to let Ad-aware scan your drives...
    It will find a number of "bad" files and registry keys.
    Right-click in that pane and choose "select all"

    Now press "Next" again.
    It will ask you whether you'd like to remove all checked items. Click OK.

    Finally, close Ad-Aware, and reboot.
     
  3. gucegu

    gucegu Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    3
    I try to do it but evry time i reeboot my computer the folder Contenents.IE5 are in the same place!!
     
  4. IMM

    IMM Spyware Fighter

    Joined:
    May 6, 2004
    Posts:
    351
    The folder should be there - it's part of IE - but it shoudl have 4 (mostly) empty subfolders
     
  5. gucegu

    gucegu Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    3
    Thanks a lot for your attention!
    God bless you :D
     
Thread Status:
Not open for further replies.