Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


freddie and drwatson virus

  • Please log in to reply
3 replies to this topic

#1 Ayedeal21


  • Members
  • 3 posts
  • Local time:02:05 AM

Posted 29 June 2009 - 03:51 PM

First of all this laptop that is infected is running XP, SP 3, and is a Gateway. It is not my computer but my boyfriends.
I am pretty computer literate but this time the infection has really thrown me for a loop.

In the processes window, drwtsn32.exe and freddie.exe are running. I can end the process but they both pop back up later.

When connecting to the internet I get a error message that says Generic Host Process for Win32 Services has encountered a problem and needs to close.
When I end the drwtsn process again, I can connect to the internet for a few moments but have not been able to download anything, or run Microsoft's online scan. Trend Micro's online scan did not remove these infections. I honestly think that the virus has eaten up so much memory that I am unable to do anything.

I CAN NOT do the following: (in safe mode or otherwise)

Uninstall any program over about 50MB
Uninstall MBAM, Ad-Aware, or HJT.
Open MBAM, Ad-Aware, or HJT.

I am generally pretty good at manually removing viruses but have yet to find any instructions to do so.

I have also tries reinstalling MBAM from a jump drive and was unable to do so.

What can I do? What other information can I provide?


BC AdBot (Login to Remove)


#2 Ayedeal21

  • Topic Starter

  • Members
  • 3 posts
  • Local time:02:05 AM

Posted 29 June 2009 - 05:19 PM

Just some new info with my problem.

I can boot in safe mode, however I still cannot run MBAM.
I have tried renaming MBAM to the suggestions I have seen posted and this also does not work.
I managed to remove two large programs (games) successfully. This freed up some space on my hard drive.
I installed firefox but it does not work. I get a message that the proxy is not configured properly and that firefox is unable to open the window.

#3 Ayedeal21

  • Topic Starter

  • Members
  • 3 posts
  • Local time:02:05 AM

Posted 29 June 2009 - 06:31 PM

Another update.

I downloaded Smitfraudfix and ran it through the jump drive on the laptop. This seemed to fix the issue with the virus coming up in the process window and thus I could get onto the internet, add/remove programs, but could not run MBAM or HJT.
I went to Microsoft online scanner and ran a scan. It removed several trojans, one of which was koobface ( after researching thats what I thought I had, but couldn't find manually)
The online scan seemed to remove everything. Computer is working normally so far, and I am reinstalling MBAM and running a scan as I write this. It just finished and found 29 infected items. I saved a logfile and removed them.
Is there anything else I can do? Maybe run a HJT and post the log to be sure?

#4 Zllio


  • Members
  • 1,107 posts
  • Local time:03:05 AM

Posted 02 July 2009 - 12:07 PM

Hi Ayedeal21,

Please post the MalwareBytes log here. You need to run a cleaner and I'll give you instructions for the one that's used here. Also, I recommend installing, updating and running Spybot S&D and then immunizing the machine. Also, Spyware Blaster. I'll give you the links for those. When you install Spybot, don't install Teatimer with it. Go through the customize installation and uncheck Teatimer.

It sounds like you've done a lot of things right!

Here are the instructions:

Step 1: ATF Cleaner

If you're running XP, please run ATF cleaner according to the following instructions. If you're using Vista, right-click on the icon and select "run as Administrator".

Please download ATF Cleaner by Atribune & save it to your desktop.

  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Step 2: Spybot S&D

There's a turtorial on this tool at Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

Be sure to update it, run it, and then use the Immunize feature.

Step 3: SpywareBlaster

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware

Step 4: Finally, please update your Java

The newest Java download and installation should remove old versions of Java. Check add/remove programs after we run the installation to see if this was the case. If you're not sure, ask.

Please go to Current Java Download and do the following:* Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 14.
* Click the "Download" button to the right.
* Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
* Click on Continue.
* Click on the link to download Windows Offline Installation (jre-6u14-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
* Close any programs you may have running - especially your web browser.
* Double-click on the Java installation program on your desktop and allow it to install the newest version.(Vista users, right click on the jre-6u14-windows-i586-p.exe and select "Run as an Administrator.")

Step 5: Please post the MalwareBytes log
(the log can be found under the reports tab)

Let me know how this went? Were you able to install everything?
Did Spybot find anything further?

p.s. thought you might enjoy this: http://www.siteadvisor.com/sites/celebrity...rs.com/summary/
( a little black humor here ) lol

Edited by Zllio, 02 July 2009 - 12:10 PM.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users