winwebsecurity????

Airwolf1

The site does say the following, which may help:-

Symptoms in a HijackThis Log.

O2 - BHO: BHOws Object - {D5DF7C9D-6069-4552-8B0C-D02A912FC889} - ws.dll (file missing)
O4 - HKLM\..\Run: [WinwebSecurity] “C:\Documents and Settings\All Users\Application Data\WinwebSecurity\WinwebSecurity.exe"

Browntoa

gt the feeling the OP, who is scared of running combifix, would be most insecure editing the Registry

Airwolf1

There is some advice on the yahoo site here, it may help. It depends if the op feels confident enough as you say Bt.

Airwolf1

Off to bed soon, but this site appears to give an automatic remover of the problem.

Browntoa

not sure about that last sites integrity....never heard of it , would not download personally

fedupnow

Good day everybody

First off thank you all so much for your patience. Browntoa you are absolutely right I have not the confidence with the registry changes and I was secretly hoping that the malware etc would catch up eventually and I would get an easy way out.

Marty... sorry I should have said sooner, I tried the safe mode thing yesterday and it didn't work.

This morning I updated Malwarebytes and ran it again and it found something YAY!!!

It was still there though...

I restarted in safe mode and tried to delete it using the shift and delete key. I only learned about this yesterday and it bypasses the recycle bin apparently. It still said nope.

Logged back on and despite everything I searched for them again and they have gone. HUGE YAY!!!

So I am unsure whether it was the malware udate and I just needed to log off a couple of times or the safe mode delete without the recycle bin or whatever. But they have gone.

I have the mal log -

Malwarebytes' Anti-Malware 1.30
Database version: 1424
Windows 5.1.2600 Service Pack 3


26/11/2008 12:34:20
mbam-log-2008-11-26 (12-34-20).txt


Scan type: Full Scan (C:\|D:\|)
Objects scanned: 244604
Time elapsed: 1 hour(s), 4 minute(s), 34 second(s)


Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0


Memory Processes Infected:
(No malicious items detected)


Memory Modules Infected:
(No malicious items detected)


Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.


Registry Values Infected:
(No malicious items detected)

yippee yay.

I have also since run the hijack log - Browntoa??? Should I post that here???

I hope you are nearby as I have it open on my desktop and am awaiting instructions.

Thanks again and so sorry for being such a cowardly wooos.:o

Browntoa

yes , post that here

is the icon still there ?

fedupnow

No icon.......... I got rid of the icon almost immediately and never actually had the full screen thing.......... it was just the folders in the c drive that wouldn't go.

I feel like I am baring my pc soul.

I hope I don't have a lot of embarrassing things to fix..:o

Browntoa

frst bit of the log is missing ?? says Xp , internet explorer etc

everything up to the first 04 entry above

fedupnow

took this one away as a new modern version is posted later