G
groovyjoker
Some of you may be infected with a transponder variant known as
Twaintec.dll. Associated files include mxtarget.dll, PreInsTT.exe,
alchem.exe, and a host of other files, which load toolbars, popups,
pornography links, and modify your browswer settings. You should also
know that personal information about your computer is being
transferred to an outside source through these files.
What is most important is the misleading removal information on two
notable websites: PCHell and PCPestControl. Both websites simply
followed the instructions posted on the spoof website created by the
Transponder Gang, who created the spyware in the first place. The
"uninstall" instructions on this spoof website (www.twain-tech.com)
are bogus and say:
To permanently disable the software click "Start" and then "Run" and
type the following command which unregisters the software: "regsvr32
c:\winnt\twaintec.dll "
To the untrained eye this makes sense, except for one thing - if you
want to UNREGISTER something, you must add a /u to the command line.
Otherwise you are REGISTERING the software again, and again, and
again.....
For reference, and the proper command line, see
http://www.fortinet.com/VirusEncycl...?method=viewVirusDetailsInfoDirectly&fid=1089
However, the main files that create (or spawn) the transponder files
which create all the spyware may not be removed by adaware, spybot,
norton, hijack this, cwshredder, or manual removal. They have been
configured so that they are either protected or "in use." These files
are C:WINDOWS/mxtarget.dll and C:/WINDOWS/twaintec.dll. Someone
suggested simply changing the extension of the the filename. I
attempted to do that last night and it did not work, because the file
is in use.
The last step in removal of these transponders is being able to remove
these two files from your system. I have found no one, anywhere, that
has suggested a successful way to do this. Lavasoft has nothing.
How about a Sindows XP System Restore? Any ideas?
Twaintec.dll. Associated files include mxtarget.dll, PreInsTT.exe,
alchem.exe, and a host of other files, which load toolbars, popups,
pornography links, and modify your browswer settings. You should also
know that personal information about your computer is being
transferred to an outside source through these files.
What is most important is the misleading removal information on two
notable websites: PCHell and PCPestControl. Both websites simply
followed the instructions posted on the spoof website created by the
Transponder Gang, who created the spyware in the first place. The
"uninstall" instructions on this spoof website (www.twain-tech.com)
are bogus and say:
To permanently disable the software click "Start" and then "Run" and
type the following command which unregisters the software: "regsvr32
c:\winnt\twaintec.dll "
To the untrained eye this makes sense, except for one thing - if you
want to UNREGISTER something, you must add a /u to the command line.
Otherwise you are REGISTERING the software again, and again, and
again.....
For reference, and the proper command line, see
http://www.fortinet.com/VirusEncycl...?method=viewVirusDetailsInfoDirectly&fid=1089
However, the main files that create (or spawn) the transponder files
which create all the spyware may not be removed by adaware, spybot,
norton, hijack this, cwshredder, or manual removal. They have been
configured so that they are either protected or "in use." These files
are C:WINDOWS/mxtarget.dll and C:/WINDOWS/twaintec.dll. Someone
suggested simply changing the extension of the the filename. I
attempted to do that last night and it did not work, because the file
is in use.
The last step in removal of these transponders is being able to remove
these two files from your system. I have found no one, anywhere, that
has suggested a successful way to do this. Lavasoft has nothing.
How about a Sindows XP System Restore? Any ideas?