Malware hell: WebSiteViewer
-
I've got some nasty spyware that keeps installing itself on my system, and Ad-Aware and SpyBot seem to be utterly incapable of dealing with it. If anyone has a clue as to what this is or how to get rid of it, I'd really appreciate a tip. The symptoms are this: - I click a link in IE, and a DOS window briefly opens, indicating that inst.exe has been run. - My Program files directory now contains a folder named WebSiteViewer, whihc contains several malware files. - Also, my root directory now contains inst.exe, 124782.exe, and hooks.DLL. The DLL seems to be attached to IE. - When I open TaskManager, there are several copies of IEXPLORE.EXE running, even if I only have a single window open. This piece of spyware seems to open the gate for other spyware.. all sorts of crap starts to happen if I let that run long enough. Most annoying is that it sets my default Web page to a porn site. Anyone have a clue on this? I've been beating on this for days now with no luck.
-
I've got some nasty spyware that keeps installing itself on my system, and Ad-Aware and SpyBot seem to be utterly incapable of dealing with it. If anyone has a clue as to what this is or how to get rid of it, I'd really appreciate a tip. The symptoms are this: - I click a link in IE, and a DOS window briefly opens, indicating that inst.exe has been run. - My Program files directory now contains a folder named WebSiteViewer, whihc contains several malware files. - Also, my root directory now contains inst.exe, 124782.exe, and hooks.DLL. The DLL seems to be attached to IE. - When I open TaskManager, there are several copies of IEXPLORE.EXE running, even if I only have a single window open. This piece of spyware seems to open the gate for other spyware.. all sorts of crap starts to happen if I let that run long enough. Most annoying is that it sets my default Web page to a porn site. Anyone have a clue on this? I've been beating on this for days now with no luck.
Go through the internet explorer entries in the registry and see what it's loading when it starts up. Nuke the lot. Set up explorer to maximum security. Use something like get right as often it will catch things that explorer is trying to download in the background. Nuke all temp folders. If it still gives problems and you can't get help on the exe's by googling get firefox. pseudonym67 My Articles[^] "They say there are strangers who threaten us, In our immigrants and infidels. They say there is strangeness too dangerous In our theaters and bookstore shelves. That those who know what's best for us Must rise and save us from ourselves." Rush
-
I've got some nasty spyware that keeps installing itself on my system, and Ad-Aware and SpyBot seem to be utterly incapable of dealing with it. If anyone has a clue as to what this is or how to get rid of it, I'd really appreciate a tip. The symptoms are this: - I click a link in IE, and a DOS window briefly opens, indicating that inst.exe has been run. - My Program files directory now contains a folder named WebSiteViewer, whihc contains several malware files. - Also, my root directory now contains inst.exe, 124782.exe, and hooks.DLL. The DLL seems to be attached to IE. - When I open TaskManager, there are several copies of IEXPLORE.EXE running, even if I only have a single window open. This piece of spyware seems to open the gate for other spyware.. all sorts of crap starts to happen if I let that run long enough. Most annoying is that it sets my default Web page to a porn site. Anyone have a clue on this? I've been beating on this for days now with no luck.
Get Firefox :-D
Quantum materiae materietur marmota monax si marmota monax materiam possit materiari?
-
Go through the internet explorer entries in the registry and see what it's loading when it starts up. Nuke the lot. Set up explorer to maximum security. Use something like get right as often it will catch things that explorer is trying to download in the background. Nuke all temp folders. If it still gives problems and you can't get help on the exe's by googling get firefox. pseudonym67 My Articles[^] "They say there are strangers who threaten us, In our immigrants and infidels. They say there is strangeness too dangerous In our theaters and bookstore shelves. That those who know what's best for us Must rise and save us from ourselves." Rush
Thanks for the tips. I think I solved it: digging into Windows\System32, I discovered a nasty bunch of strangely named exe's, some of which were set to run on startup, all of which were created the day this problem started. So I starte ddeleting them, and killing them in Task manager when they spawned new copies. Seems to have fixed it, so far.
-
I've got some nasty spyware that keeps installing itself on my system, and Ad-Aware and SpyBot seem to be utterly incapable of dealing with it. If anyone has a clue as to what this is or how to get rid of it, I'd really appreciate a tip. The symptoms are this: - I click a link in IE, and a DOS window briefly opens, indicating that inst.exe has been run. - My Program files directory now contains a folder named WebSiteViewer, whihc contains several malware files. - Also, my root directory now contains inst.exe, 124782.exe, and hooks.DLL. The DLL seems to be attached to IE. - When I open TaskManager, there are several copies of IEXPLORE.EXE running, even if I only have a single window open. This piece of spyware seems to open the gate for other spyware.. all sorts of crap starts to happen if I let that run long enough. Most annoying is that it sets my default Web page to a porn site. Anyone have a clue on this? I've been beating on this for days now with no luck.
I've used bho cop. to remove IE browser objects, which it sounds like you have. I also googled for inst.exe and hooks.dll and got this thread "inst.exe", "124430.exe" and "hooks.dll"
I can imagine the sinking feeling one would have after ordering my book, only to find a laughably ridiculous theory with demented logic once the book arrives - Mark McCutcheon
-
I've got some nasty spyware that keeps installing itself on my system, and Ad-Aware and SpyBot seem to be utterly incapable of dealing with it. If anyone has a clue as to what this is or how to get rid of it, I'd really appreciate a tip. The symptoms are this: - I click a link in IE, and a DOS window briefly opens, indicating that inst.exe has been run. - My Program files directory now contains a folder named WebSiteViewer, whihc contains several malware files. - Also, my root directory now contains inst.exe, 124782.exe, and hooks.DLL. The DLL seems to be attached to IE. - When I open TaskManager, there are several copies of IEXPLORE.EXE running, even if I only have a single window open. This piece of spyware seems to open the gate for other spyware.. all sorts of crap starts to happen if I let that run long enough. Most annoying is that it sets my default Web page to a porn site. Anyone have a clue on this? I've been beating on this for days now with no luck.
-
I've got some nasty spyware that keeps installing itself on my system, and Ad-Aware and SpyBot seem to be utterly incapable of dealing with it. If anyone has a clue as to what this is or how to get rid of it, I'd really appreciate a tip. The symptoms are this: - I click a link in IE, and a DOS window briefly opens, indicating that inst.exe has been run. - My Program files directory now contains a folder named WebSiteViewer, whihc contains several malware files. - Also, my root directory now contains inst.exe, 124782.exe, and hooks.DLL. The DLL seems to be attached to IE. - When I open TaskManager, there are several copies of IEXPLORE.EXE running, even if I only have a single window open. This piece of spyware seems to open the gate for other spyware.. all sorts of crap starts to happen if I let that run long enough. Most annoying is that it sets my default Web page to a porn site. Anyone have a clue on this? I've been beating on this for days now with no luck.
try Autoruns freeware from sysinternals, to check what is loaded on startup, a superb bit of software.
"Nothing is impossible for the man who doesn't have to do it himself." - A. H. Weiler
-
try Autoruns freeware from sysinternals, to check what is loaded on startup, a superb bit of software.
"Nothing is impossible for the man who doesn't have to do it himself." - A. H. Weiler
Spyware Sweeper has always removed everything I have dealt with (mostly on other peoples computers) check it out... http://www.webroot.com/[^] ------ I am the sole owner of all comments/statements made by myself, and they do not represent those of my company in any way. Furthermore, it’s a shame it has come to the point where we have to make statements like this. Cheers! ====================== Matthew R. Miller www.computersmarts.net[^]
-
I've got some nasty spyware that keeps installing itself on my system, and Ad-Aware and SpyBot seem to be utterly incapable of dealing with it. If anyone has a clue as to what this is or how to get rid of it, I'd really appreciate a tip. The symptoms are this: - I click a link in IE, and a DOS window briefly opens, indicating that inst.exe has been run. - My Program files directory now contains a folder named WebSiteViewer, whihc contains several malware files. - Also, my root directory now contains inst.exe, 124782.exe, and hooks.DLL. The DLL seems to be attached to IE. - When I open TaskManager, there are several copies of IEXPLORE.EXE running, even if I only have a single window open. This piece of spyware seems to open the gate for other spyware.. all sorts of crap starts to happen if I let that run long enough. Most annoying is that it sets my default Web page to a porn site. Anyone have a clue on this? I've been beating on this for days now with no luck.
This was the main reason I moved my wife's machine to FireFox. I was tired of cleaning up her system. Once I got FireFox installed for her and noticed all the useful extentions for it, I finally switched to it for my main browser also. The extentions are what gives it value. Rocky <>< www.HintsAndTips.com - Now with "Recommendation" postings www.MyQuickPoll.com - Now with Recent Poll List
-
This was the main reason I moved my wife's machine to FireFox. I was tired of cleaning up her system. Once I got FireFox installed for her and noticed all the useful extentions for it, I finally switched to it for my main browser also. The extentions are what gives it value. Rocky <>< www.HintsAndTips.com - Now with "Recommendation" postings www.MyQuickPoll.com - Now with Recent Poll List
this might form the basis of a good codeproject article, that is, a general overview of the techniques and entry points in windows where software is able to install itself etc. I myself recently spent a few hours getting rid of "CoolWebSearch" on a friends computer, Adaware wouldn't get rid of it, infact CWS actively deleted adaware everytime I downloaded it!! It turned out that CWS used both a BHO (browser helper object) and the registry key Appinit_Dlls to load itself into every running process, and reestablish its keys everytime you deleted them, each process seemed to guard the other, even in safe mode command prompt only it still loaded... A brilliant business model though, it kept setting a home page to a search site popping up a popup saying computer infected and offering to sell a spyware removal tool. Very clever... Interesting business strategy... I used a combination of autoruns from sysinternals.com and adaware and then overwrote the randomly named files containing the virus code with garbage to (finally) regain control. Firefox is a good choice for avoiding all this at present.
-
this might form the basis of a good codeproject article, that is, a general overview of the techniques and entry points in windows where software is able to install itself etc. I myself recently spent a few hours getting rid of "CoolWebSearch" on a friends computer, Adaware wouldn't get rid of it, infact CWS actively deleted adaware everytime I downloaded it!! It turned out that CWS used both a BHO (browser helper object) and the registry key Appinit_Dlls to load itself into every running process, and reestablish its keys everytime you deleted them, each process seemed to guard the other, even in safe mode command prompt only it still loaded... A brilliant business model though, it kept setting a home page to a search site popping up a popup saying computer infected and offering to sell a spyware removal tool. Very clever... Interesting business strategy... I used a combination of autoruns from sysinternals.com and adaware and then overwrote the randomly named files containing the virus code with garbage to (finally) regain control. Firefox is a good choice for avoiding all this at present.
Yeah, my wife first found programs installed (about ten of them) that she did not install. She uninstalled them but they kept coming back. Many of them simply set and autorun to reinstall on their uninstall so that after reboot, they always came back. Those were easy enough for someone who knows, but novices are just stuck. The others though, (like you referred) like to path themselves into objects inside explorer so that they keep installing things over everytime the are blocked. The last onces, adaware could not find, but still kept coming back. Hours of hunting registry keys and class objects trying to locate something that does not look just right is not worth it. Now, there does not seem to be a problem :) As long as FireFox does not get any hacks that is.. Rocky <>< www.HintsAndTips.com - Now with "Recommendation" postings www.MyQuickPoll.com - Now with Recent Poll List