Edna said:
Searching Google to solve my white patch problem Booting into windows, it
appears I've got two undesirable files:
C:\Doc & Set\Owner\Application Data\Install.dat 1,388 KB 30Oct 2006
C:\Windows\HWS.exe 27KB dtd 25Oct 2004
Should these files be deleted and if so, can I just rt click and Delete or
is there a more desirable way to proceed perhaps in the registry?
I didn't get a suggested fix for my post 03Jan 2007 "White Square on Screen
when Booting into Windows" - maybe there's an association?
Running Zone Alarm, JV PwrTools, Ad-Aware Pro, Windows Repair Pro, Registry
Mechanic - all produce Nil.
Hopefully someone will advise. Thx
Hi Edna,
Your computer infected with Monspirit Virus/Trojan and spywares, I found
your old post on 3/01/07 with Pop`, the XPS2P~~.dll is a spyware which I
think lead to the infection with the virus.
Because the spyware worked as a backdoor/agent to harbour the virus and
prepare the plateform or you can say the banquet for the big guys to come and
dinne!.
You mentioned you scanned with ZA?? which it is a firewall unless you have
the commercial one I have no idea?.
Try to scan from another vendors online scanners from here:
- for Virus scanners:
http://www.pandasecurity.com
http:/sophos.com
http://www.avast.com you can get a free Anti-virus from there.
http://us.mcafee.com/virusInfo/default.asp?id=vrt
http://www.trendmicro.com
For malwares from here:
http://www.lavasoft.com/products/ad-aware_se_personal.php
http://www.safer-networking.org ; for Spybot S&D
Then try to Disable the Add-Ons on your Browser somehow your browser been
hooked by Add-ons or Plug-ins which act as an ear/spy for that site to direct
you to where they want you to go.
On how to disable the Add-ons follow this:
Click start >> Control Panel >> Double Click Network and Internet
Connections >> Double click Internet Options, on the IE Properties window
click on Programs Tab and then click the Manage Add-Ons Button there Disable
the Plug-ins/Add-ons for this Worm and click [OK] to confirm your Changes.
Reboot your machine.
Also look in the Hosts file for any entires for website which take you or
try to execute the worm and download from a website a file to be executed on
your machine.
On how to access the HOSTS file do the following:
Open the Windows Explorer and locate this path;
C:\Windows\System32\drivers\etc = look in the Right pane/window for the
hosts file but not the one with the extension *.SAM* leave this as is.
Open the HOSTS file in a Notepad and remove any entries for suspecious
websites there and save the hosts file.
2= If all fail download the Hijackthis and send the report to one of many
forums for analysis and troubleshooting:
When all else fails, HijackThis v1.99.1
(
http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware. Post
your log to
http://aumha.net/viewforum.php?f=30,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7, or other appropriate
forums for expert analysis, not here.
Please perform one step (1,2) at a time and see if that will help your
issue.
*******// Read the below is very important //******
More Info about the XPs2Pre~.dll here also scan from sophos website:
http://www.sophos.com/virusinfo/analyses/trojshuckbota.html
About the Whs.exe (Monspirit Virus):
http://www.sophos.com/virusinfo/analyses/trojstartpact.html
HTH.
Regards,
nass
