Results 1 to 7 of 7

Thread: Virus or Spy....

  1. #1
    randarac Guest

    Default Virus or Spy....

    I'm using ZA_AV updated. I got the virus or spy.. : Auto:blank. I haven't been able to remove it.

    Please any help!

    The problem:
    1. "When I try to read my Hotmail emails..." It appears a dialog "....is Trying to open something in your Trusted Zone" with the options: Yes / No
    2. It blocks my access my bank account, after I have posted my Password...........It Appear the same message.

    I had to use the Recovery CD's of my two months old laptop Toshiba.

    Operating System:Windows XP Pro
    Product Name:ZoneAlarm Antivirus
    Software Version:6.5

  2. #2

    Default Re: Virus or Spy....

    I see you don't mention you have anti-spyware products installed.Around this forum we throw around names of various anti-spyware products being used, try installing one of these and see if they pick up the Trojan. For example, spybot, ewido anti-spyware, Windows Defender, and Lavasoft Adaware are all free downloads.Cheers

  3. #3
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Virus or Spy....

    Sounds like a CWS- the recommended scanners may still miss it entirely. The best freeware for CWS removal is the Trend/Intermute scanner;

    http://www.intermute.com/products/cwshredder.html


    Oldsod
    Best regards.
    oldsod

  4. #4
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Virus or Spy....

    Found some info courtesy of Merijin:

    Variant 35: CWS.Aboutblank - It's just a fad
    Approx date first sighted: March 2, 2004
    Log reference: Reconstruction
    Symptoms: IE pages changed to about-blank.ws and 213.159.118.226 (1-se.com), hijack returning on system restart
    Cleverness: 5/10
    Manual removal difficulty: Involves some Registry editing and deleting a randomly named file
    Identifying lines in HijackThis log:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://about-blank.ws/page/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://about-blank.ws/page/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://about-blank.ws/page/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://about-blank.ws/
    O1 - Hosts: 213.159.118.226 1-se.com
    O1 - Hosts: 213.159.118.226 58q.com
    O1 - Hosts: 213.159.118.226 aifind.cc
    O1 - Hosts: 213.159.118.226 aifind.info
    O1 - Hosts: 213.159.118.226 allneedsearch.com
    O1 - Hosts: 213.159.118.226 approvedlinks.com
    [..]
    O1 - Hosts: 213.159.118.226 www.wazzupnet.com
    O1 - Hosts: 213.159.118.226 www.websearch.com
    O1 - Hosts: 213.159.118.226 www.windowws.cc
    O1 - Hosts: 213.159.118.226 www.xgmm.com
    O1 - Hosts: 213.159.118.226 xwebsearch.biz
    O1 - Hosts: 213.159.118.226 yourbookmarks.ws
    O4 - HKLM\..\Run: [Network Service] C:\WINNT\svchost.exe-sr -0
    O4 - HKCU\..\Run: [Network Service] C:\WINNT\svchost.exe-sr -0
    O19 - User stylesheet: C:\WINNT\system32\xea2108l.9zt

    This variant does everything in its powers to redirect you to a domain owned by 1-se.com. IE is hijacked to it, the hosts file is replaced to redirect about 100 porn and CWS domains to 1-se.com, and a randomly named stylesheet is dropped that redirects to 1-se.com when certain keywords appear in webpages.
    Restoring the IE pages by searching the Registry for about-blank.ws, removing the hosts file, the svchost.exe file in the Windows directory (the one in the System32 folder is legit) and the randomly named stylesheet (1079 or 1087 bytes in size) fixed this.


    Hope this helps.

    Oldsod
    Best regards.
    oldsod

  5. #5
    wire Guest

    Default Re: Virus or Spy....

    when i do a deep scan on za i keep getting this trojan win32.askyaya, i have deleted like 20 times now and i tried to delete it in my reg where za told me where it was RegistryKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A2B7A0F0-B697-4A71-8D91-43443F57D7BB} does anyone one know how to get rid of this and what is it really?? i have spybot, ad awear, spydr and did trend miro (online) and they never get it! is this a fase alarm?? thanks wire :-)











    ** E-mail address removed**

    Message Edited by Greb49er on 09-30-2006 07:57 AM

  6. #6
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Virus or Spy....

    Double posting just confuses me.

    Hijacking threads is never as good as starting your own thread.

    See your other post for my proper reply with details.

    Guru Greb49er edited your posts- including your email address will just make you a victim of the bots that collect emails posted in forums. You could be spammed to death, just by doing this. He did you a favor.

    Oldsod

    Message Edited by Oldsod on 09-30-2006 12:17 PM
    Best regards.
    oldsod

  7. #7
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Virus or Spy....

    Best regards.
    oldsod

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •