Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91824 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Closed] Problems with drwtsn, dwwin & imapi


  • This topic is locked This topic is locked
4 replies to this topic

#1 puremystyc

puremystyc

    New Member

  • New Member
  • Pip
  • 2 posts

Posted 06 November 2009 - 09:40 PM

I did some Photoshop brush downloads on Wednesday (11/4/09)...I guess this may have started the problems I'm having - maybe one of the files was infected?? Thursday morning I uploaded some pictures from my camera & when I right-clicked in the picture folder to re-name several pictures at once, an error message came up saying that windows had some problem and had to close. I continued trying to re-name the pictures, but everytime I right-clicked or tried to move them to a new folder, the same thing happened & it closed. I have the task manager up a couple times a day just to check on processes running & never noticed drwtsn.exe before. I did some research and know that these programs are critical & so I haven't deleted them, though I see them as the problem. drwtsn.exe pops up first. I end that process tree. Then dwwin.exe pops up and after I end that one, imapi.exe sometimes pops up. Now why imapi.exe pops up since that has to do with CD burning, I don't know. I have run the Mcafee scan, the CCleaner, the SystemCare scan, the Malware Bytes, the Adaware...I think that's all of them. The only thing they've found are the pretty harmless missing file extensions & cookies, which were then deleted. None have found any virus or trojan or anything. I also ran HijackThis. I didn't do anything with that...I did send it to the main analyzing site though. I've been running these scans for the last two days & still having the drwtsn & right-clicking problems. I am out of ideas. Please help!

Attached Thumbnails

  • error_mssg.JPG

    Advertisements

Register to Remove


#2 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 07 November 2009 - 05:32 AM

Please do the following:

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.pif to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.


NEXT


Posted Image
Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

    Posted Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and post it in your next reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#3 puremystyc

puremystyc

    New Member

  • New Member
  • Pip
  • 2 posts

Posted 07 November 2009 - 10:56 AM

Thank you so much for your quick response!! After reading the following, please let me know if I should still do the scan that you suggested in your reply.

After trying a System Restore three times since Wednesday (they wouldn't work), I tried one more time last night and set the System Restore to Tuesday (the day before I downloaded the Photoshop Brushes) and it finally worked.

The System Restore seems to have fixed the problem I was having, as now I can right-click, move pictures, move items on my desktop and haven't had any issues from drwtsn/dwwin/imapi showing up.

It did, however, delete at the very least, half of the Photoshop Brushes I downloaded on Wednesday. I don't understand why it only got rid of about half of them and not all or none of them. That's not a big problem though, I will just go through and see which ones I'm missing & re-download them - but scan them with McAfee before I unzip them to make sure they are okay. Does it sound like it may have been one of the brushes I downloaded??

So, as I said, it seems like everything is back to normal now, but please let me know if I should still run the scan you suggested.

Thank you SO much for your time!!

~Melissa

#4 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 07 November 2009 - 11:03 AM

It it hard to say what may have infected you. Lets run the scans just to make certain there are no infections remaining.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#5 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 12 November 2009 - 05:16 PM

Due to inactivity this topic will be closed. If you need help please start a new thread.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users