Possible Virus ?

Discussion in 'malware problems & news' started by larouse, Oct 12, 2004.

Thread Status:
Not open for further replies.
  1. larouse

    larouse Registered Member

    Joined:
    Sep 26, 2004
    Posts:
    157
    Hi,

    Yesterday I was checking some files and opened one that after open generated:

    CriticalUpdate
    Registry.pif ( MS-DOS )

    These files are in C:

    All times that turn on the laptop show:

    Wrong OS message

    I deleted the CritaclaUpdate and Registry , but when turn off and turn on the system reloaded again.

    SpySweeper detected 4 process to alterate the Registry:

    usbwin32.exe
    MSUpdate
    RegistryMonitor
    Microsoft Security Hot Fix Update

    I removed, but again after turn on.....Same History

    I ran Kaspersky, NOD, BitDefender, Norton and McAfee and same Histrory.
     
  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Hi there, can you please follow the steps located here, just use your Anti-virus instead of Nod32.

    From what I have read about this trojan the steps in this thread should remove it...

    Lets us know how you go...

    Cheers :D
     
  3. Sweetie(*)(*)

    Sweetie(*)(*) Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    419
    Location:
    Venus
    Hi,
    Usbwin32.exe is Troj/Adclick-X.

    adware/spyware software which overwrites the HOSTS file in order to deny access to selected sites.

    Troj/Adclick-X is typically installed/bundled alongside the installation for other third party software (typically shareware or freeware downloaded from the internet).

    MSUpdate is a BHO from "Coolwebsearch" [ nasty spyware ]
    There are dedicated removal tools for CWS products available free on the net.
     
  4. larouse

    larouse Registered Member

    Joined:
    Sep 26, 2004
    Posts:
    157
    Thank you and Sorry but Where can get this Tool ?

    I have SpySweeper and Giant Spyware would be work ? Or How can do ?

    Thank's again
     
  5. Meltdown

    Meltdown Registered Member

    Joined:
    Sep 17, 2004
    Posts:
    299
    Location:
    Babylon
  6. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    It is in one of the steps from the link I posted above...

    Cheers :D
     
  7. Sweetie(*)(*)

    Sweetie(*)(*) Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    419
    Location:
    Venus
    Hi,
    Because Usbwin32.exe/Troj/Adclick-X is installed with an EULA [end user license agreement] anti Spyware scanners may not remove it for legal reasons. It is primarily Spyware with a low risk; the EULA is also why most AV's won’t detect this problem.

    It would be a good idea to disable system restore while removing, as it may back itself up there. Be sure to turn it back on after u finish removal.


    Disabling the System Restore Utility

    1. Right click the My Computer icon on the Desktop and click on Properties.
    2. Click on the System Restore tab.
    3. put a check mark next to 'Turn off System Restore on All Drives'.



    More info on your pest can be found here : http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100528
     
  8. larouse

    larouse Registered Member

    Joined:
    Sep 26, 2004
    Posts:
    157
    Hi,

    I did everything step-by-step with out good Luck, run the same...Now I intented post my Hijackthis log, but the lik is not available...Where can post to review my System ?

    Thank you,
     
  9. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Hi Larouse, at the end of the steps where you were asked to download HJT, there is a link to Websites that you can post a HJT log file...

    Cheers :D
     
  10. larouse

    larouse Registered Member

    Joined:
    Sep 26, 2004
    Posts:
    157
    Hi,

    Thank you but the problem is that the link that you post:

    http://a-sap.org/

    Is not available......Do yoyu know other ?

    Thank you,
     
  11. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    In the same thread:

    Cheers :D
     
  12. larouse

    larouse Registered Member

    Joined:
    Sep 26, 2004
    Posts:
    157
    How can do if I won't rester in " Safe Mode ", ?

    After press F8, the system show: Invalid Key 44

    Thank you,
     
  13. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    65,924
    Location:
    Texas
    Another way to start in safe mode.

    Symantec
     
  14. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    There are update instruction here:

    https://www.wilderssecurity.com/showthread.php?t=50662

    You will see further information on safe mode as well...

    Let us know how you go...

    Cheers :D
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.