Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

WS_Files

Started by c02 , Nov 14 2005 05:00 PM

  • This topic is locked This topic is locked
3 replies to this topic

#1 c02

c02

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 14 November 2005 - 05:00 PM

I had been having a number of problems that may or may not be gone. I posted a log on the appropriate thread a couple of days ago but there was no response. In the meantime I was still having ugly issues with my machine. I awoke this morning to a blue-screen but what separated this one from the others....anytime I tried to log back on I blue-screened again, and again, and again.... I restarted under Safe Mode and ran MWTI's eScan and many issues that weren't found before, were now being deleted. Some of those issues are stated my hijack log thread so I won't repeat them here. Then I ran sysinternals rootkit revealer and found a ton of stuff under a file named WS_Files. The directory so happend to be created around the time I became infected (or noticed the problems). Attempting to open the files inside the directory generated an error stating the file could not be found. I copied the file and pasted it onto my desktop. Now, I am able to view the files. Two files in particular lead me to belive this directory was running a lot of the payload for the various problems. One file was named "dns" and another named "index." When opened in wordpad, both files showed a listing for a TON of ad-servers and links. My assumption is this is where the pop-ups were getting their info but I don't want to jump the gun. Does anyone have any experience with this?

    Advertisements

Register to Remove

#2 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 15 November 2005 - 12:28 PM

Did you install this C:\Program Files\Messenger Plus! 3\MsgPlus1.exe

Also you have windows XP you can try system restore.

info on webstart
http://pandonia.canb...a/webstart.html

Edited by little eagle, 15 November 2005 - 12:36 PM.

Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

#3 c02

c02

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 15 November 2005 - 03:26 PM

Thanks for the reply. Yes, I do have msngr plus on my system and I recently downloaded an upgrade for it. I went the System Restore route to no avail. Not a single restore point I selected worked and I went back about as far as I could. I'm not sure what the deal is there as the only advice the sys. restore gives you is to try a different restore point.

#4 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 15 November 2005 - 03:30 PM

Let me look at your log. I'll check for it and post there.
Posted Image
My Website
ATF Cleaner for removing temporary files
HijackThis download
Donations to this site

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·