Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

more than just se.dll


  • Please log in to reply
2 replies to this topic

#1 ~overkill~

~overkill~

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:01:46 PM

Posted 14 July 2005 - 10:22 AM

:thumbsup: ok, guys i have been reading all topics even close to this thing on here and went back and tried some things. Running the antispy beta i blocked and removed a few key elements from my registries:

my&websearchbar---when you run grinlers deal on the se.dll, you may as well go ahead and tear out anything you have on that one. Its bad news. permanently remve the one in the toolbars tab and it will turn into the ietoolbar (which is the correct one, and reinstall itself immediately just above it. after that neither blocking or removing will have any effect on the sob

of course we all know that the se.dll comes back.

I also suspected a problem with the auto update world icon on the taskbar.

I permanently removed that as well, from the remove programs, from msie files (hidden) and also from the antispy beta...upon reboot, i had 4 auto update icon in start tray...I was thinking last night that hotbar was where my problem was but after all this, i now believe that the microsoft auto update has been the problem all along. Reason: I have ALWAYS had the settings set to never download anything without permission. I have a lot of downloaded bleep in my folders this morning. things that i know that i deleted 4 months ago and reset my registry with nortons. I wasnt even online then. I hooked back up to the net last frickin week!

SO, if anyone knows of a reason that my calculations are incorrect, or maybe has an easier way of deleting this bleep please respond quickly because Im waiting until tomorrow when i get paid to go get another version of xp...id rather not do that because i currently have a library of music which ive been collecting for a year(all from cds) which would rival any two radio stations in colorado springs. Given to me by friends of mine who dont even live here anymore, and some of this stuff is very rare. If i take this action im not sure if i even dare to try to keep the stuff. Maybe the trojans buried themselves into programs for the music? At any rate, let me see if someone also has this information:

I have this:
File name: gcasServ.exe

Description: Microsoft AntiSpyware Service
Publisher: Microsoft Corporation
File path: C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
File version: 1.0.0.614
Copyright: Copyright 2004-2005 Microsoft Corporation. All rights reserved.

This is a known process.

and i have this:
File name: gcasDtServ.exe

Description: Microsoft AntiSpyware Data Service
Publisher: Microsoft Corporation
File path: C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
File version: 1.0.0.614
Copyright: Copyright 2004-2005 Microsoft Corporation. All rights reserved

both in my running processes bar. Note that the second one doesnt say that this is a known process....peculiar? Does anyone know offhand, or can get get for me the source code of the beta, that i may figure out if they are both supposed to be there?

well, i hope that i have shed more light than darkness on this issue...i believe i shallgo stomp the bleep out of something for a while before i do something stupid to the electronics.

if anyone could show me an easy out on this i would probly kiss ya right on the mouth.

gimme a buzz would ya?



BTW, this was thefile name in the box that i blocked

Description: My Web Search Bar
Publisher: MyWebSearch.com
File path: c:\program files\mywebsearch\bar\1.bin\mwsbar.dll
File version: 2.0.0.3

it turned into this upon blocking it:

Internet Explorer Toolbar My &Web Search {07B18EA9-A523-4961-B6BB-170DE4475CCA}

then proceeded to reinstall itself immediately above the blocked one

:flowers: :trumpet: :inlove: :) :woot:

BC AdBot (Login to Remove)

 


#2 buttoni

buttoni

  • Members
  • 267 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Temple, Texas
  • Local time:01:46 PM

Posted 27 July 2005 - 09:06 AM

I'm pretty certain that MSAS beta does put both of those files in the running processes list. They are both also on my HJT log as MS Anti-Spyware files. I assume they are the files necessary for the real-time protection provided by the Security Agents in MSAS that loads up at Windows boot up, because I didn't have these two files in my HJT log before I installed MSAS beta. This is an observation/deduction on my part only, as I'm certainly no MS expert.
HP Pavilion desktop p6270z; 8 GB ram; Win7 Home Premium x64 bit; FX 4.0; DSL 2Wire modem/router; MVPS Hosts; Comodo FW 5.3(D+ & Sandbox enabled); MSSE; MBAM on demand.

#3 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:12:46 PM

Posted 27 July 2005 - 09:14 AM

Both of those files belong, and are indeed part of MSAS.

of course we all know that the se.dll comes back.


Not if removed properly. There are several different variants of the se.dll (which in turn is a part of the CWS family), and generally what works for one version does not work for the other.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users