Possible Virus ?

Discussion in 'malware problems & news' started by larouse, Oct 12, 2004.

Thread Status:
Not open for further replies.
  1. larouse

    larouse Registered Member

    Joined:
    Sep 26, 2004
    Posts:
    157
    Hi,

    Yesterday I was checking some files and opened one that after open generated:

    CriticalUpdate
    Registry.pif ( MS-DOS )

    These files are in C:

    All times that turn on the laptop show:

    Wrong OS message

    I deleted the CritaclaUpdate and Registry , but when turn off and turn on the system reloaded again.

    SpySweeper detected 4 process to alterate the Registry:

    usbwin32.exe
    MSUpdate
    RegistryMonitor
    Microsoft Security Hot Fix Update

    I removed, but again after turn on.....Same History

    I ran Kaspersky, NOD, BitDefender, Norton and McAfee and same Histrory.
     
  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Hi there, can you please follow the steps located here, just use your Anti-virus instead of Nod32.

    From what I have read about this trojan the steps in this thread should remove it...

    Lets us know how you go...

    Cheers :D
     
  3. Sweetie(*)(*)

    Sweetie(*)(*) Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    419
    Location:
    Venus
    Hi,
    Usbwin32.exe is Troj/Adclick-X.

    adware/spyware software which overwrites the HOSTS file in order to deny access to selected sites.

    Troj/Adclick-X is typically installed/bundled alongside the installation for other third party software (typically shareware or freeware downloaded from the internet).

    MSUpdate is a BHO from "Coolwebsearch" [ nasty spyware ]
    There are dedicated removal tools for CWS products available free on the net.
     
  4. larouse

    larouse Registered Member

    Joined:
    Sep 26, 2004
    Posts:
    157
    Thank you and Sorry but Where can get this Tool ?

    I have SpySweeper and Giant Spyware would be work ? Or How can do ?

    Thank's again
     
  5. Meltdown

    Meltdown Registered Member

    Joined:
    Sep 17, 2004
    Posts:
    299
    Location:
    Babylon
  6. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    It is in one of the steps from the link I posted above...

    Cheers :D
     
  7. Sweetie(*)(*)

    Sweetie(*)(*) Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    419
    Location:
    Venus
    Hi,
    Because Usbwin32.exe/Troj/Adclick-X is installed with an EULA [end user license agreement] anti Spyware scanners may not remove it for legal reasons. It is primarily Spyware with a low risk; the EULA is also why most AV's won’t detect this problem.

    It would be a good idea to disable system restore while removing, as it may back itself up there. Be sure to turn it back on after u finish removal.


    Disabling the System Restore Utility

    1. Right click the My Computer icon on the Desktop and click on Properties.
    2. Click on the System Restore tab.
    3. put a check mark next to 'Turn off System Restore on All Drives'.



    More info on your pest can be found here : http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100528
     
  8. larouse

    larouse Registered Member

    Joined:
    Sep 26, 2004
    Posts:
    157
    Hi,

    I did everything step-by-step with out good Luck, run the same...Now I intented post my Hijackthis log, but the lik is not available...Where can post to review my System ?

    Thank you,
     
  9. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Hi Larouse, at the end of the steps where you were asked to download HJT, there is a link to Websites that you can post a HJT log file...

    Cheers :D
     
  10. larouse

    larouse Registered Member

    Joined:
    Sep 26, 2004
    Posts:
    157
    Hi,

    Thank you but the problem is that the link that you post:

    http://a-sap.org/

    Is not available......Do yoyu know other ?

    Thank you,
     
  11. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    In the same thread:

    Cheers :D
     
  12. larouse

    larouse Registered Member

    Joined:
    Sep 26, 2004
    Posts:
    157
    How can do if I won't rester in " Safe Mode ", ?

    After press F8, the system show: Invalid Key 44

    Thank you,
     
  13. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,727
    Location:
    Texas
    Another way to start in safe mode.

    Symantec
     
  14. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    There are update instruction here:

    https://www.wilderssecurity.com/showthread.php?t=50662

    You will see further information on safe mode as well...

    Let us know how you go...

    Cheers :D
     
Loading...
Thread Status:
Not open for further replies.