Hi, I’m having some HORRIBLE time dealing with these Malware processes and neither Ad-Aware nor Avast will catch it and kill it. Ad-aware finds it and I click delete and it SAYS that it’s been deleted but it’s not and it comes back every single time and brings up to 300 different spyware programs with it. I keep getting popups and my computer is downloading things without asking me and I have like 4 Rundll32 programs running at all times for some reason. I close them down but they open back up. My computer also keeps asking me if I want to try to connect again or work offline like, every 10 minutes. I tried doing everything in safe mode too and nothing works. I’ve used up all of my resources and I can’t think of anything else to do. I’m on windows 98 SE and I’m soooo frustrated right now. I need help. I even tried deleting them MANUALLY. I scanned and found all the malware files and deleted them. The only one that I couldn’t get rid of was “Mawsock.dll” I’m almost positive that this one is the culprit. I think Ad-aware can’t kill it but it kills everything else. So then Mawsock.dll jumps into action and reloads EVERYTHING I just deleted back into my computer. It’s so annoying! I keep getting random pop-ups too. This is by far, THE WORST Malware I’ve ever gotten. I think I’m gonna ban my brother from this computer because he’s the reason that it is on here. sigh anyway I need help!

Look for any post by Eddy and follow the links at the bottom of his messages.

Make sure to run CWShredder.

Here is one of my posts ;D

Click on the link in my signature and follow the instructions in the malware removal section.
For help with HijackThis, visit the HijackThis section.
Everything you need and need to know to deal with this little problem is there.

Ok, I’ll go there as soon as I get off of my school computer. Which ISN’T high on Malware crack. I’ll let you know how it turns out. Thanks a lot.

Well I downloaded all of the reccomended programs and I have 2 log files. I have my hijackthis log file because I know some things that I should fix but I don’t want to mess my computer up any more than it is. The other log file is an Ad-Aware log file. I have reason to beleive that Ad-aware is being attacked by the virus. There are numerous reasons. The first reason that I noticed was that everytime I run a scan and I get to the after scan screen I select all of the files and hit delete. It says Quarantine then it moves to delete and instantly the bar fills up but nothing else happens. The program doesn’t stop responding either. I left it go overnight once and when I got up the next day it was still deleting the files. After that I close it out and it says that the files are in teh quarantine folder and they are. Oh! As I type write now my computer is downloading two things on it’s own…Virtual Bouncer and Ad Destroyer. These are obviously FAKE. I canceled them. GRRRR I’m having trouble typing write now because the malware is attacking IE. So I’ll hurry up. The second reason I think that Ad-aware is being attacked is because I get different results every time I scan even when I don’t try to delete them. So this means that Ad-aware is giving me fake files. I attached the last scan log that I did. I also don’t think this is a Cool WEb Search Malware anymore because I used the CWSShredder on that site and it didn’t find the CoolWebSearch trojan anywhere. And the third reason. Some of the scan results showed me 8 of the same files on the list. PUZUU.dll. It’s not on the scan log I have here because it’s random. Anyway, I did everything that website told me to do and it’s starting to get uncontrollably worse. And Avast! isn’t even catching it! That means that this is something deeper and maybe new. I have no idea what to do now. This thing is incredible. Unstoppable it seems. Oh and one thing on the list I cannot do is get a firewall. Unless there is a free one, I can’t have one. I’m 14 and don’t have a credit card or anything. This is driving me crazy! Everytime I sign online it downloads tons of stuff and I have 6 new icons on my desktop. Isn’t there something else I can do that will take it out?! It’s so frustrating that I KNOW some files that I can kill that might stop this stuff but I can’t delete them because it says that windows is using them. EVEN IN SAFE MODE. Anyway please take a look at the log files. I really have no idea what to do.

Too me the hijack log seems short/incomplete, perhaps that is just because it is win98 (I’m on XP pro). At some point you are going to have to do something, you can leave things as they are.

Here is an on-line analysis of your hijack log http://hijackthis.de/logfiles/bcdba72a75ec3002b90e2905c835ea9a.html, there are lots there that need fixed or investigated.

I suggest that you bookmark the http://hijackthis.de website for future use.

This is what my HijackThis Log Analyzer says about it:

CHECKING HIJACKTHIS, INTERNET EXPLORER, WINDOWS AND SOFTWARE FIREWALL:

You are using the latest version of HijackThis.
Old version of Internet Explorer detected, please update.
No software firewall detected. If you are not using a
hardware firewall, it is highly recommended to install one.

THESE ARE EITHER HARMFULL OR A SECURITY RISK
WE STRONGLY RECOMMEND TO FIX THEM :

r1 - hkcu\software\microsoft\windows\currentversion\internet settings,proxyserver = http=adsubtract:4444
r3 - default urlsearchhook is missing
o4 - hklm..\run: [systemtray] systray.exe
o4 - hklm..\run: [ntechin] c:\windows\n20050308.exe
o4 - hklm..\run: [sesync] “c:\program files\sed\sed.exe”
o4 - hklm..\run: [a70f6a1d-0195-42a2-934c-d8ac0f7c08eb] rundll32.exe e6f1873b.dll,d9ebc318c
o4 - hklm..\run: [98d0ce0c16b1] rundll32.exe d0ce0c16b1,d0ce0c16b1
o4 - hklm..\run: [vbundleouterdl] c:\program files\vbouncer\bundleouter.exe
o4 - hkcu..\runonce: [web offer] c:\windows\ezstub.exe
o4 - startup: kgpypp.exe
o10 - broken internet access because of lsp provider ‘c:\program files\newdotnet\newdotnet6_38.dll’ missing
o16 - dpf: {41f17733-b041-4099-a042-b518bb6a408c} - http://a1540.g.akamai.net/7/1540/52/20020713/qtinstall.info.apple.com/samantha/us/win/quicktimeinstaller.exe
o16 - dpf: {56336bcb-3d8a-11d6-a00b-0050da18de71} (rdxie class) - http://207.188.7.150/03c1ffbc2515015aee00/netzip/rdxie601.cab
o16 - dpf: {7d1e9c49-bd6a-11d3-87a8-009027a35d73} - http://chat.yahoo.com/cab/yacsui.cab
o16 - dpf: {2b323cd9-50e3-11d3-9466-00a0c9700498} - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
o16 - dpf: {f58e1cef-a068-4c15-ba5e-587caf3ee8c6} (msn chat control 4.5) - http://chat.msn.com/bin/msnchat45.cab
o16 - dpf: {9a54032d-31f7-400d-b184-83b33bde65fa} (msn file upload control) - http://sc.groups.msn.com/controls/fileuc/msnupld.cab

THE FOLLOWING ITEMS ARE NOT NEEDED TO LOAD
AT BOOTIME FOR THE SYSTEM TO WORK PROPERLY:

o4 - hklm..\run: [loadqm] loadqm.exe
o4 - hkcu..\run: [msnmsgr] “c:\program files\msn messenger\msnmsgr.exe” /background

WE HAVE NO INFO ON THE FOLLOWING ITEMS. THEY CAN BE BAD OR GOOD.
YOU HAVE TO VERIFY THEM MANUALLY. PLEASE TELL US IF YOU HAVE INFO ON THEM :

o4 - hklm..\run: [bart station] c:\program files\isp50\bin\ppcolink -station
o4 - hklm..\run: [narrator] c:\windows\vuoyoo.exe

For the ‘010’ entry, use LSPFIX to correct the problem.

What is LSPFIX?

What is LSPFIX?

Yeah, I found the link after I posted and forgot to reply again. I ran LSPfix and everything and I performed 20 updates and I’m having trouble updating other things so I emailed them about it. All of the stuff that I’m doing right now does not seem to be doing any good. My computer still has the symptoms and everytime I scan with Spybot Search & Destroy the same problems appear over and over and over and over. I need to kill the root of the problem that keeps bringing everything right on back. I don’t know how though.

If you follow the instructions in the malware removal section on my website, that will take care of ALL malware.

Then it’s not malware. Everything I do, does absolutely nothing because it just keeps coming back. It’s invincible. I get rid of it and the next time I restart the computer, boom, it’s right back. I don’t know WHAT it is but Ad-Aware says that it’s malware. But it’s obviously attacking Ad-aware so it could be anything. Avast doesn’t even catch it. It only catches “sed” which I delete and then it comes back. It’s been back 4 times already. I don’t know what to do. The only thing I can think of now is restoring my computer. But I’d lose everything. I won’t be able to use my MP3 player because I lost the install disc. I don’t have a CD burner either. Maybe…I could take inventory and redownload everything. Perhaps I could find a driver for it online…oh…nevermind. The program is broken from the malware too. I guess I have no choice… But first, is there absolutely ANYTHING else I can do to fix this?

I can make some suggestions (hope they can help in anyway…):

1. Have you tried to delete the temporary Internet files? To do this go to Internet explorer >Tools > Internet options > Delete files > Click delete all offline content (just to be sure) > click ok. It might take some time to delete them.

2. Disable (and enable it after) System Restore: Start > Control Panel > System > System restore > Disable > Click Apply > Enable it again > Click Ok

3. Schedule a boot-time scanning: Start avast! > Right click the skin > Schedule a boot-time scanning > Select for scanning archives > Boot

Lets ignore AdAware for a moment; did you do the fixes in hijackthis, indicated in the web link I gave and Or those that Eddy posted here?

If you did, post another hijackthis log for further analysis.

If not, do it, if you don’t clear out the registry entries, it will be back.

If for some reason you don’t want to work with HJT then you could try this app which has more options.

http://www.neuber.com/taskmanager/index.html

PigDog

Neither of the application on the page PigDog mentioned are for removing malware.
They are (almost?) of no use to clean your system.

So SilverKiento, please answer David’s questions in his last post in this thread.