Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HT Log:


  • Please log in to reply
3 replies to this topic

#1 SG1-2

SG1-2

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:23 PM

Posted 14 August 2005 - 08:23 PM

HT (last night) on another PC suggested that (DRWEB's AV) drwebsp.dll had been possibly burned by New.net or Webhancer, tho' I somewhat doubt that - because of the many security apps I always run while on the 'net. I'd also read that poorly written apps., can also smoke a .dll file, to say the least.

We don't go to risky sites, and we don't willy-nilly open mail, until it's been run through MW Pro, & 97% of all mail has been deleted, and even then, the AV filters what we do get.

BUT, as I'm not a programmer and wouldn't doubt HT logs just for the sport of it; I wonder if anyone can comment on known facts about this possible problem, please?

Thanks, for any advice. (Pat)

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:23 PM

Posted 16 August 2005 - 01:59 PM

Hello SG1-2 and welcome to teh BC HijackThis forum. HijackThis in and of itself does not make any suggestions. It simply reports the information it finds in various locations of the registry.

If you would like someoneone to analyze a log then post the log in this forum. General questions should be directed to the appropriate operating system forum to be answered.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 SG1-2

SG1-2
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:23 PM

Posted 21 August 2005 - 02:21 PM

OldTimer;

Howdy, and thanks, for your note of greeting. Let me back up a bit and say that while it was "Info on item" in HT that mentioned 2-3 web nasties may've dallied with my winsock dll, it was perhaps at a site where they have a sock fix utility that I'd read how sometimes a poorly written app can also trash a dll file, among other things.

And, using info about AdAware setup/scan settings found on Spyware info site (I think it was) I had AA scan and it did find a WhenU.Desktop toolbar - oddly, in VoptXP defragger and in one backup DIR. No idea what it is, really, nor how it landed on our PC - I know, they all say that, right? ;-)

Logfile of HijackThis v1.99.1
Scan saved at 1:19:22 PM, on 8/21/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.3314.2100)

Running processes:
C:\WINDOWS.000\SYSTEM\KERNEL32.DLL
C:\WINDOWS.000\SYSTEM\MSGSRV32.EXE
C:\WINDOWS.000\SYSTEM\MPREXE.EXE
C:\WINDOWS.000\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\DRWEB\SPIDER.EXE
C:\WINDOWS.000\EXPLORER.EXE
C:\WINDOWS.000\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\TH 4.2\THGUARD.EXE
C:\PROGRAM FILES\WEBROOT\ACCELERATE\ACCELERATE2002.EXE
C:\PROGRAM FILES\DRWEB\SPIDERML.EXE
C:\PROGRAM FILES\WEBROOT\WASHER\WWDISP.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
C:\PROGRAM FILES\NAVISCOPE\NAVISCOPE.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\WINDOWS.000\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\WINDOWS.000\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS.000\SYSTEM\ZONELABS\MINILOG.EXE
C:\WINDOWS.000\SYSTEM\RNAAPP.EXE
C:\WINDOWS.000\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\MYNETWATCHMAN\NWCLIENT.EXE
C:\HT\HIJACKTHIS.EXE

O10 - Unknown file in Winsock LSP: c:\windows.000\system\drwebsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.000\system\drwebsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.000\system\drwebsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.000\system\drwebsp.dll

Spybot also makes similar mention to above listings. In short, though, I'm now having to use roundabout fashion to update DRWEB AV, for some reason, which is a bit annoying to say the least - and their dll seems to be involved in this, or at least I think it is per HT log. But, what to do, exactly?

Thanks, for any help.
(Pat)

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:02:23 PM

Posted 22 August 2005 - 10:40 AM

Hi SG1-2. This does not appear to be a complete log so I can't really comment on it. As far as the drwebsp.dll files they are valid and that application does place them in the LSP layer.

To post a complete log do the following:

Boot normally, start HijackThis and click the Do a system scan and save a log button to perform a scan and create a log file. When the scan is complete, Notepad will open up with the log file in it. While in Notepad, press Ctrl-A to select all text and then Ctrl-C to copy the text to the clipboard.

POST the log in this thread using the Add Reply button. Click in the data-entry window and press Ctrl-V to paste the log into the window. Add any other comments which you believe might be helpful in our analysis. and click the Add Reply button.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users