Interpreting mwav virus scan log



Susan
07-09-2005, 10:48 PM
Could someone explain what an offending folder is and what an invalid object
is? I understand what infected files are and have deleted them but what does
one do about offending folders and invalid objects? Is there a tool that can
be run to clean up the registry?

Sat May 21 19:21:13 2005 => ***** Scanning Registry and File system for
Adware/Spyware *****
Sat May 21 19:21:14 2005 => Offending Folder C:\PROGRA~1\maxspeed present...
Sat May 21 19:21:27 2005 => Object "MaxSpeed Spyware/Adware" found in File
System! Action Taken: No Action Taken.
Sat May 21 19:21:28 2005 => Offending value found in
HKLM\Software\microsoft\downloadmanager !!!
Sat May 21 19:21:28 2005 => Object "AltNet Spyware/Adware" found in File
System! Action Taken: No Action Taken.
Sat May 21 19:21:28 2005 => Offending value found in
HKLM\Software\PERFECTNAV !!!
Sat May 21 19:21:28 2005 => Object "PerfectNav Spyware/Adware" found in File
System! Action Taken: No Action Taken.
Sat May 21 19:21:28 2005 => Offending Folder
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\GAINPU~1 present...
Sat May 21 19:21:28 2005 => Object "Claria Spyware/Adware" found in File
System! Action Taken: No Action Taken.
Sat May 21 19:22:31 2005 => System found infected with cws.therealsearch
Spyware/Adware (waol.exe)! Action taken: No Action Taken.
Sat May 21 19:22:31 2005 => Object "cws.therealsearch Spyware/Adware" found
in File System! Action Taken: No Action Taken.
Sat May 21 19:22:35 2005 => Entry
"HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to
invalid object "C:\WINDOWS\System32\DIMM.DLL". Action Taken: No Action
Taken.
Sat May 21 19:22:35 2005 => Entry
"HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to
invalid object "C:\WINDOWS\System32\Default.rul". Action Taken: No Action
Taken.
Sat May 21 19:22:36 2005 => Entry
"HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to
invalid object "C:\Program Files\Common Files\Symantec
Shared\AdBlocking\NISShExt.dll". Action Taken: No Action Taken.
Sat May 21 19:22:36 2005 => Entry
"HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to
invalid object "C:\WINDOWS\Downloaded Program Files\axofupld.dll". Action
Taken: No Action Taken.
Sat May 21 19:22:36 2005 => Entry
"HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to
invalid object "C:\WINDOWS\System32\toolbar.dll". Action Taken: No Action
Taken.
Sat May 21 19:22:38 2005 => Entry
"HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to
invalid object "C:\WINDOWS\Downloaded Program Files\inst2.dll". Action
Taken: No Action Taken.
Sat May 21 19:22:39 2005 => Entry
"HKCR\CLSID\{030CD4FD-3EC2-4D16-BCCA-45186B8E7497}" refers to invalid object
"C:\PROGRA~1\AOLCOM~1\WEBSER~1.DLL". Action Taken: No Action Taken.
Sat May 21 19:22:40 2005 => Entry
"HKCR\CLSID\{0AD31460-EF0E-402B-93CB-D92615A5C2E1}" refers to invalid object
"C:\PROGRA~1\AOLCOM~1\AOLCON~1.DLL". Action Taken: No Action Taken.

David H. Lipman
07-09-2005, 10:48 PM
From: "Susan" <dsnsacree@msn.com>

| Could someone explain what an offending folder is and what an invalid object
| is? I understand what infected files are and have deleted them but what does
| one do about offending folders and invalid objects? Is there a tool that can
| be run to clean up the registry?
|

< log snipped >

Based upon the "Spyware/Adware" entries in the log...

Download install and update SpyBot Search and Destroy v1.3x and Ad-Aware SE v1.06.

You may also want to download install and update BHOdDemon 2.x

The above will remove the miscreat files and fix the Registry entries.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Susan
07-09-2005, 10:48 PM
Please explain what you mean by BHOdDemon 2.x. Where is the link to download
it?

Thanks,
Susan

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:%23JECg9xYFHA.584@TK2MSFTNGP15.phx.gbl...
> From: "Susan" <dsnsacree@msn.com>
>
> | Could someone explain what an offending folder is and what an invalid
> object
> | is? I understand what infected files are and have deleted them but what
> does
> | one do about offending folders and invalid objects? Is there a tool that
> can
> | be run to clean up the registry?
> |
>
> < log snipped >
>
> Based upon the "Spyware/Adware" entries in the log...
>
> Download install and update SpyBot Search and Destroy v1.3x and Ad-Aware
> SE v1.06.
>
> You may also want to download install and update BHOdDemon 2.x
>
> The above will remove the miscreat files and fix the Registry entries.
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>

David H. Lipman
07-09-2005, 10:48 PM
From: "Susan" <dsnsacree@msn.com>

| Please explain what you mean by BHOdDemon 2.x. Where is the link to download
| it?
|
| Thanks,
| Susan

Sorry Susan -- http://www.definitivesolutions.com/bhodemon.htm

BHODemon isn't a scanner. It is a program that allows you to identify and remove malware in
the form of Browser Helper Objects (BHO).

Spybot Search and Destroy: http://security.kolla.de/
Ad-Aware SE v1.06: http://www.lavasoftusa.com/

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Susan
07-09-2005, 10:48 PM
Thank you so much, You have supplied a wonderful resource!
Susan
"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:Ou61HtyYFHA.3356@TK2MSFTNGP15.phx.gbl...
> From: "Susan" <dsnsacree@msn.com>
>
> | Please explain what you mean by BHOdDemon 2.x. Where is the link to
> download
> | it?
> |
> | Thanks,
> | Susan
>
> Sorry Susan -- http://www.definitivesolutions.com/bhodemon.htm
>
> BHODemon isn't a scanner. It is a program that allows you to identify and
> remove malware in
> the form of Browser Helper Objects (BHO).
>
> Spybot Search and Destroy: http://security.kolla.de/
> Ad-Aware SE v1.06: http://www.lavasoftusa.com/
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>


Interpreting mwav virus scan log