winwebsecurity????

fedupnow

Hi All

It's not the combifix itself that puts me off it's the other recovery thing. I have printed and read the instructions and if the combifix does damage something I honestly don't think I am competent enough to do the 'recovery' bit.

It's not popping up or anything.... it's only that I KNOW it is there.

I really wish I didn't.

I have to search for the two things that remain in c docs and settings\allusers\application data\winwebsecurity. When I try to delete it says access is denied - make sure the disk is not full or write-protectedand that the file is not currently in use.

I have ran spybot soooo many times - nothing.

I have tried ctl alt del to delete any winweb from the processes - but it just isn't there, the closest thing I can find is winlogon.exe - I daren't delete that.

Ahhh shucks

fedupnow

http://www.malwarebytes.org/forums/index.php?showtopic=7746&mode=threaded&pid=36415

opinions please

fedupnow

http://removal-tool.blogspot.com/

Marty_J

fedupnow wrote: »

I have to search for the two things that remain in c docs and settings\allusers\application data\winwebsecurity. When I try to delete it says access is denied - make sure the disk is not full or write-protectedand that the file is not currently in use.

I have ran spybot soooo many times - nothing.

I have tried ctl alt del to delete any winweb from the processes - but it just isn't there, the closest thing I can find is winlogon.exe - I daren't delete that.

Ahhh shucks

As I suggested previously, try restarting in safe mode and deleting it.

Reluctant_spender

fedupnow wrote: »

Hi All

It's not the combifix itself that puts me off it's the other recovery thing. I have printed and read the instructions and if the combifix does damage something I honestly don't think I am competent enough to do the 'recovery' bit.

I have tried ctl alt del to delete any winweb from the processes - but it just isn't there, the closest thing I can find is winlogon.exe - I daren't delete that.

Ahhh shucks

The recovery things a built in safety feature - it did not feature at one time - Loads of people have run it - the choice however is yours.

Do Not remove winlogon.exe.

Try deleting the files is safe mode as already suggested and also post a Hijack log.

Airwolf1

You could try this.

http://support.f-secure.com/enu/home/ols.shtml

Reluctant_spender

Here some instructions for the above;

Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!

• Follow the Instruction here for installation.
• Accept the License Agreement.
• Once the ActiveX installs, Click Full System Scan
• Once the download completes, the scan will begin automatically.
• The scan will take some time to finish, so please be patient.
• When the scan completes, click the Automatic cleaning (recommended) button.

Click the Show Report button and Copy & Paste the entire report in your next reply.

Browntoa

I suspect if you wait a few days then Malwarebytes will get rid of it , but in the meantime I would do NO secure transactions like banking , no entering usernames/passwords for web sites etc as thereis a VERY high chance that the whole security on the PC is compromised

personally I would run combifix now and be safe , nothing else is liable to touch it and it will show us what files have been recently added so we can remove the offending crap

Airwolf1

This site may help, instructions to remove it are about a third of the way down. As I've not got the problem, I can't try it.

Reluctant_spender

The use of Avenger would appear to be over kill to me, especially to kill a run key and a Browser Hijack, OTMoveIt3 will do the job.

Having said all that it would help to see a log of some format to establish the rogue files.

It also mentions using superantispyware.