Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Ran Trendmicro

  • Please log in to reply
1 reply to this topic

#1 TexasAngel67


    Bleeping Helper

  • Members
  • 1,551 posts
  • Location:Fort Worth
  • Local time:09:03 AM

Posted 28 January 2006 - 06:25 PM

It all started when I downloaded a few picture tubes off the internet for my Jasc Paint Shop Pro 7 program. When I unzipped them and saved them in the appropriate folder, that's when the problems began. My program won't work now. When I click it to open it, I get a window that says "Windows Installer...Preparing to install..." then my A drive makes noise and I get a box that pops up saying "Paint Shop Pro 7 ESD.msi" and "The feature you are trying to use is on a network resource that is unavailable". And something about an 'alternate path' with the options of OK, Cancel, and Browse. Clicking Cancel just brings it back up again, over and over. Clicking Browse is fruitless. Clicking OK freezes it up.
I ran Spybot and Adaware, Spybot found nothing and Adaware found the basic cookies. I ran Avast Antivirus. It found a malware and a Trojan. I removed them both, I thought. But PSP was still showing no change and I decided to try TrendMicro. It found 14 infections and 33 HTTP cookies. I had it delete/remove everything it found. After several minutes though, it said it was unable to delete everything as instructed.
SPYW_WEBHANCER.B has 5 detections:
3 were in C: Restore\Archive - they were deleted/removed successfully.
2 are found in C: Restore\Temp - they can't be removed.

I don't know what else to do. Please help. And can you explain how my program name went from Paint Shop Pro 7 to Paint Shop Pro 7 ESD.msi and what that means?

BC AdBot (Login to Remove)


#2 -David-


  • Members
  • 10,603 posts
  • Gender:Male
  • Location:London
  • Local time:02:03 PM

Posted 29 January 2006 - 05:29 AM

Hi there, firstly we need to clear your previous restore dates.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a restore point:

Single-click Start and point to All Programs.
Mouse over Accessories, then System Tools, and select System Restore.
In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
Type a description for your new restore point. Something like "After trojan/spyware cleanup". Click Create and you're done.

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Please post that log here then we can decide how serious the infection is, and whether you need to post a HJT log for the experts to read.


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users