awtsq.dll is the devil

[Guest]

I've run every spyware program under the sun, but can't get rid of something
that keeps making new browser windows open up.

The file awtsq.dll runs under explorer.exe making it almost impossible to
delete. Even when explorer.exe is shut down and I try deleting using
cmd.exe, it won't work. Windows defender doesn't recognize it as a bad file,
but every 2 minutes it tries to write something to the registry and it does
pick that up. But as soon as I block it, it tries again.

Can anyone help me out? Also, how do we notify microsoft of this file?

 

[Guest]

This is a AndyM (e-mail address removed)
or Ron Kinner (e-mail address removed) case.
Get HijackThis.exe from
http://tomcoyote.org/hjt/hjt199//HijackThis.exe
http://computercops.biz/HijackThis.html

Save it to C:\hjt (new folder) then Open it and select Scan and Save Log.
Note where you saved the log then send it to him as an attachment. Put
Hijack in the subject so he'll know it's not spªm.

Alternatively you can post it on the Dell Forum ªt:

http://forums.us.dell.com/supportforums/board?board.id=si_hijack

(if it wraps you can go tº:

http://tinyurl.com/ckuzq instead.)

Put Ron in the subject so he will see it. You do not need to have a Dell to
post but you will need to register.

Ron Kinner
Microsoft MVP 2004 & 2005
(e-mail address removed)

Еиçеl

 

[Mike Treit [Msft]]

Please submit the file using the instructions below.

(Briefly: put the file in a password protected ZIP file with a password of
"infected" and email it to (e-mail address removed) - see below for the more
detailed instructions.)

Thanks

-Mike

[from
http://www.microsoft.com/athome/security/spyware/software/support/reportspyware.mspx]
Report a possible spyware problem to Microsoft
Published: February 13, 2006
If you believe the files on your computer are spyware or other
potentially unwanted software that should be detected by Windows Defender
(Beta 2), but have not been detected, you can send these files to Microsoft.

Compress the files you want to submit in a password-protected archive
(see the following instructions) and e-mail the archive to
(e-mail address removed).

After you send these files to Microsoft, our Windows Defender (Beta 2)
response team will analyze the files and determine if we need to make a
change to Windows Defender (Beta 2).

To submit potential spyware to Microsoft
Compress the potential spyware files in an archive and then e-mail the
archive to (e-mail address removed):

1.
In Windows Explorer, right-click a blank area in an open folder
or on the desktop, point to New, and then click Compressed (zipped) Folder.

2.
Type the name fn-spyware.zip for the new compressed folder, and
then press the ENTER key.

3.
Drag the potential spyware files to the archive and drop them
into the archive the same way you would drop them into a typical Windows
folder.

4.
On the File menu, click Add a Password.

5.
In the Password box, type the password infected.

6.
In the Confirm Password box, type the password infected again.

7.
Compose a new e-mail message using any e-mail program that allows
you to attach files to the message.

8.
In the To field, type (e-mail address removed).

9.
In the Subject line, type False Negative: spyware.

10.
In the body of the message, include details about why you think
the file is spyware or other potentially unwanted software and include any
information about where you might have downloaded this program or what other
program might have installed it.

11.
Attach the password-protected archive that you created
(fn-spyware.zip) to the message.

12.
Send the message.


Microsoft will analyze the submitted files and update the detection
capabilities in Windows Defender (Beta 2) as appropriate, based on the
results of the file analysis.

Thank you for taking the time to help improve Windows Defender (Beta
2).

 

[Guest]

Thanks for the referral. He hasn't sent me the log yet but it's one of the
winfixer variations. Simple fix is to run the two programs recommended by
Dell-ChrisM at:

http://forums.us.dell.com/supportforums/board/message?board.id=si_hijack&message.id=18052

Ron

 

[Guest]

Hello Ron,

You are welcome.

Thank you for the link.

Take care.
Engel