Pofz.exe and neededware.com

Discussion in 'ProcessGuard' started by Trudi, Jun 5, 2005.

Thread Status:
Not open for further replies.
  1. Trudi

    Trudi Guest

    When I booted up this morning I got "IEXPLORE.EXE is not a valid win32 application".
    Hijack this log showed a pofz.exe about which I can find nothing on line and also reference to www neededware. com.
    I have used hijack this to delete the 2 files several times and they keep reappearing. The error message has stopped appearing but the 2 files are still showing in Hijack this.
    a scan by TDS3 and AVG and MicroTrend online found nothing.
    I would appreciate any help
     
    Last edited by a moderator: Jun 5, 2005
  2. FanJ

    FanJ Guest

    Hi,

    Please send those files to Gavin: submit(at)diamondcs.com.au
    If possible zipped.

    Thanks ;)
     
  3. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Trudi welcome, Please boot into safe mode and run TDS3 from there, AVG is probably getting in the way of TDS3's scan.
    To get into Safe mode reboot & press F8 frequently after your bios shows but before windows starts to load.
    In TDS3 got to the configuration window and enable all the scans then do a full scan of all physical drives.

    Also do as Fanj suggested re. submitting the files for analysis.

    If you still have problems then please go to this thread and follow the general cleaning instructions. https://www.wilderssecurity.com/showthread.php?t=50662

    HTH Pilli
     
  4. Trudi

    Trudi Guest

    Hey guys

    #1 September 10th, 2003, 06:10 AM
    Pieter_Arntz
    Spyware Veteran Join Date: Apr 2002
    Location: Netherlands
    Posts: 11,653

    CWShredder Links...

    --------------------------------------------------------------------------------

    Previous contents (links and downloads) have been removed from this post as control of CWShredder has been moved to InterMute.

    Please see the following site for program updates and information:

    http://www.intermute.com/spysubtrac...r_download.html


    This address to which I was directed gave me trojan PSW.Banker.44.A
    I am sure you did not mean it to do that!
     
  5. Trudi

    Trudi Guest

    How do I submit the files?
    When I do a search I cannot find them. But they show on the Hijack log.
     
  6. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Trudi,

    We certainly didn't send you to an address where you can get a trojan. I suspect you were hijacked there.

    If you are not on a corporate network or using your hosts file for anything useful, please go to: http://www.mvps.org/winhelp2002/hosts.htm
    Download and replace the hosts file you have now with the one you can download there, following the instructions at that site.

    Then try downloading CWShredder again. (Although neededware is not a CWS variant): http://securityresponse.symantec.com/avcenter/venc/data/adware.neededware.html

    Regards,
     
Thread Status:
Not open for further replies.