Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CWS_NS3


  • Please log in to reply
11 replies to this topic

#1 TexasAngel67

TexasAngel67

    Bleeping Helper


  • Members
  • 1,551 posts
  • OFFLINE
  •  
  • Location:Fort Worth
  • Local time:03:34 PM

Posted 08 October 2004 - 04:16 PM

Almost every single time I run Spysweeper, it finds CWS_NS3. I tried to read up on it last night but it was exhausting. I don't know if it is the reason I can't get those same 4 items in my cache to delete or not, but it's a continuing problem nonetheless. If there is a tutorial posted within BC, please ignore this thread. I've just been inundated with this thing and it's always finding its way back.
If there isn't a tutorial here, please do one, lol. If there is, point me in the right direction. I'm so tired and it's been a very long week for me.
Thanks everyone!
~67~

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:34 PM

Posted 09 October 2004 - 03:34 PM

Try this:

http://www.bleepingcomputer.com/forums/ind...wtopic=3341&hl=

Let me know if its confusing or not or if you need help understanding it. If you do not ahve any visible signs you can still run about:buster, adaware, or some of the online scans to see if there any remnants still around

#3 TexasAngel67

TexasAngel67

    Bleeping Helper

  • Topic Starter

  • Members
  • 1,551 posts
  • OFFLINE
  •  
  • Location:Fort Worth
  • Local time:03:34 PM

Posted 09 October 2004 - 08:33 PM

Thank you hon, but that came up clean as far as I can see. The HJT log I just ran looks the same as the one you said was clean a couple of weeks ago. I read the tutorial twice and compared it (the ME sections) to the log. I have to wonder if CWS_NS3 can be in the system without being picked up by HJT. Otherwise, I guess it's not CWS_NS3 causing those same 4 files in my Temp folder which won't delete unless it's in Safe Mode. I just always see Spysweeper finding at least 5 traces of it. Leave it to me to have a problem that is probably unsolveable, lol. It's not the end of the world. It would just be nice to not have CWS_NS3 showing up all the time and/or always having those files remain in Temp.
Thanks for all your help. I think our work here is done, lol.

~67~


P.S. Which online scan do you recommend should I try that out?

#4 Scarlett

Scarlett

    Bleeping Diva


  • Members
  • 7,479 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:As always I'm beside myself ;)
  • Local time:02:34 PM

Posted 09 October 2004 - 09:16 PM

~67~ TrendMicro Online and Panda Online come highly recommended. :thumbsup:

Edited by scarlett, 09 October 2004 - 09:17 PM.

Posted Image

#5 TexasAngel67

TexasAngel67

    Bleeping Helper

  • Topic Starter

  • Members
  • 1,551 posts
  • OFFLINE
  •  
  • Location:Fort Worth
  • Local time:03:34 PM

Posted 09 October 2004 - 09:25 PM

Thanks Scarlett - BTW did ya get my message reply?

#6 Scarlett

Scarlett

    Bleeping Diva


  • Members
  • 7,479 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:As always I'm beside myself ;)
  • Local time:02:34 PM

Posted 09 October 2004 - 10:11 PM

Your welcome ~67~ And yes, and I have replied.
Posted Image

#7 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:34 PM

Posted 09 October 2004 - 10:23 PM

Hi Tex,
You might want to give this a try.

System Security Suite

Will clean out temp folders and recycle bin along with some other junk on reboot--that usually gets rid of everything. If SpySweeper still finds stuff in there after you run this let me know.

The thing about people

is they change

when they walk away.--Mipso


#8 TexasAngel67

TexasAngel67

    Bleeping Helper

  • Topic Starter

  • Members
  • 1,551 posts
  • OFFLINE
  •  
  • Location:Fort Worth
  • Local time:03:34 PM

Posted 09 October 2004 - 10:33 PM

OMG - My system is a mess!
I ran MicroTrend as you recommended. It found 31 infected files, most with TROJ in the names. I'm a bit worried. I had it clean them but it said it couldn't clean 3 of them because they are currently in use. Here's my list below:

These were all found in C:\_RESTORE\ARCHIVE\FS...

TROJ SMALL.KQ
TROJ DYFUCA.M
TROJ EMT.A
TROJ EMT.A
TROJ AGENT.EL
TROJ AGENT.EL
HTML WINSHOW.A
TROJ AGENT.EL

These were all found in C:\WINDOWS\TEMP INTERNET FILES...

CHM DWNLOAD.C (2 found)
CHM PSYME.G (10 found)
JS IESTART.PS (5 found)

Also found were:
TROJ AGENT.EL in C:\WINDOWS\mjhpyp.dat
TROJ AGENT.EL in C:\WINDOWS\qiycqf.dat
TROJ VB.DX in C:\WINDOWS\rico.exe
TROJ QDOWN.L in C:\NULL

The 3 they couldn't clean - and since it only named these three - I'm assuming the others were cleaned but I don't know since it didn't confirm it to me - were found in C:\_RESTORE\ARCHIVE\FS116.CAB
C:\_RESTORE\ARCHIVE\FS109.CAB
C:\_RESTORE\ARCHIVE\FS393.CAB

Under Scan Result, they were ALL listed as Non Cleanable.

Can someone help me here and tell me how bad off I am and what to do from here? I'm kind of speechless to have all this found and worried about the TROJ's especially.
Please define, advise, and otherwise help me.

~67~

Edited by TexasAngel67, 09 October 2004 - 10:36 PM.


#9 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:34 PM

Posted 09 October 2004 - 11:48 PM

Windows ME right?

Disable and Enable System Restore

You can find instructions on how to enable and reenable system restore here:

Managing Windows Millenium System Restore

Just disable it from the instructions above, and then reenable it. It will wipe out the infected files.

#10 TexasAngel67

TexasAngel67

    Bleeping Helper

  • Topic Starter

  • Members
  • 1,551 posts
  • OFFLINE
  •  
  • Location:Fort Worth
  • Local time:03:34 PM

Posted 10 October 2004 - 01:39 AM

Thanks Grinler, I did as you said and I'll run the program in the morning to see if anything crawled up on me again. How often should I run that? Were those 31 infections Trojan viruses?
Also, does this 'disable system restore, then enable it' work for any viruses and threats on any computer or is it primarily for WinME?
Thanks in advance....
~67~

#11 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:34 PM

Posted 10 October 2004 - 11:39 AM

The system restore part only clears out infections trapped in :

C:\_RESTORE\

As antivirus software cant normally access those directories.

As for online vireus scans, I would run them once a week while you are out of the house or doing something else. And yes its very possible those were bad files.

#12 TexasAngel67

TexasAngel67

    Bleeping Helper

  • Topic Starter

  • Members
  • 1,551 posts
  • OFFLINE
  •  
  • Location:Fort Worth
  • Local time:03:34 PM

Posted 10 October 2004 - 12:05 PM

Thanks so much Grinler! I'll definitely do as you say. Thanks for the input as well. I love learning this stuff!

~67~




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users