winsp3.exe causing conflicts

Discussion in 'malware problems & news' started by Malus, Sep 17, 2005.

Thread Status:
Not open for further replies.
  1. Malus

    Malus Registered Member

    Joined:
    Sep 17, 2005
    Posts:
    3
    Hi,

    after reinstalling XP and all that, my sister went on MSN messneger, and after
    she had finished, I found winsp3.exe in my running processes. I know it is a worm or some malware, but I cannot dispose of it. I think she
    clicked on one of those links some teen friend of hers sent for some block checker or something ugh.....

    Antivirus sites will not load, my startup (msconfig) box opens but closes straight away, and my A/V and MS antispy will not start up.

    I have the following:

    WinXP with Sp2
    Bitdefender 8 Free version
    Spybot Search and Destroy
    MS Antispyware
     
  2. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    By the sound of it you do not have an on-access AV scanner (ie you do not have a realtime AV Guard) that is asking for trouble since malware cannot be intercepted as it is written to HD. And what about a FW, surely you are using Windows XP FW?

    What I suggest you do at the moment is try an online scan at the following sites:-

    http://www.ewido.net/en/onlinescan/run/

    http://www.pandasoftware.com/products/activescan.htm

    It may be that your Hosts file has been nobbled, in which case you may not get to those sites. You could try running Bitdefender in safe mode first:-

    http://www.bleepingcomputer.com/forums/tutorial61.html

    You really do need an AV with a Guard so, if you are able to, download and install AntiVir from here:-

    http://www.majorgeeks.com/AntiVir_Personal_Edition_d955.html

    Then install CCleaner from here:-

    http://www.ccleaner.com/

    Now do the following:-

    Run CCleaner (but first configure it by clicking Options/Advanced and uncheck the box for 'Only delete files older than 48 hours').

    Update AntiVir with the latest sigs, configure it to search 'all files' (do that by clicking 'scan settings' and select 'all files in the 'Search' section).

    Now boot into safe mode and do a full system scan. Delete whatever is found and if anything cannot be removed note its full filepath and name and post it here.

    Difficulty getting to a site may be cured (albeit temporarily) by resetting your Hosts file; D/L Hoster from here:- http://www.funkytoad.com/hoster.htm

    Then run it and click 'Restore original Hosts'
     
  3. Malus

    Malus Registered Member

    Joined:
    Sep 17, 2005
    Posts:
    3
    Thankyou for replying.

    Bitdefender doesn't seem to want to scan in safe mode. :( also I am use firefox which don't support the online scan, With IE I used to use Panda.

    I also have the stinger thing, willl that help?

    Oh and CCleane I know of, is very good :)

    And Yes I am using Windows F/w, although I think it's not good. Is Sygate ok?
     
  4. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
  5. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    Malus,

    If you can't make progress it might be better to proceed to a HighJackThis log and post it at an appropriate site.

    You can D/L HJT from the Download section here:-

    http://www.spywareinfoforum.com/~merijn/index.html

    If you can't reach that site, try the mirror site here:-

    http://www.richardthelionhearted.com/?url=merijn.richardthelionhearted.com

    If you install HJT and find it will not run, try changing its name and then run it.

    Once you have a log you can select one of the following sites to post it at:-

    http://gladiator-antivirus.com/forum/index.php?showforum=170

    http://forums.subratam.org/index.php?showforum=7

    http://castlecops.com/f67-Hijackthis_Spyware_Viruses_Worms_Trojans_Oh_My.html

    http://www.spywareinfoforum.com/index.php?showforum=18
     
  6. afawegAFD

    afawegAFD Guest

    Thankyou for your reply. I ran Stinger and Spybot in Safe mode and also the snowbound link, and it cleaned it off :)
     
Loading...
Thread Status:
Not open for further replies.