dwwin.exe error referenced memory

By Shiriu
Jul 24, 2007
Topic Status:
Not open for further replies.
  1. Hi there,

    I've done a bit of research on the net about some trouble I have with dwwin.exe and bumped into this post : http://www.techspot.com/vb/all/windows/t-63582-referenced-memory-error.html
    made by Jacobb.
    And since I'm not supposed to post on his thread, I do it here. I have exactly the same problem as the one as he described, so I'll keep this short.
    I've gone over the whole process of cleansing against viruses, malewares and other stuff, as recommended on this forum. I hereby enclose two scan reports.

    I send this post just like a message in a bottle, wrecked as I am, on hostile shores...

    Best regards. And many thanks.
  2. momok

    momok Newcomer, in training Posts: 2,272

    Hi,

    Very Important: Malware infections can possibly lead to identity theft, loss of funds from bank accounts, misuse of credit card information etc. Therefore I strongly encourage you to please read this thread HERE before deciding what course of action to take regarding your infection.

    Should you decide to clean your computer, please read the following.

    You have not posted the required logs. Please go ahead to Viruses/Spyware/Malware, preliminary removal instructions and follow the steps given. Do follow all the instructions exactly. They will provide logs for analysis of your system so I will know how to instruct you to proceed.

    I noticed that your AVG log displays 'Ignored' for all the files detected.
    I require you to run AVG again and quarantine the files. Pictorial instructions HERE.


    Thereafter, please post fresh HijackThis, AVG Antispyware and Combofix logs as attachments into this thread. Do not copy and paste your logs if not it will be ignored and/or removed.

    Also, please let me know the results of the AVG Antirootkit scan


    Regards,
    Your friendly momok =)

    This thread is for the use of Shiriu only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  3. Shiriu

    Shiriu Newcomer, in training Topic Starter

    OK. I've printed and reread all the 15 steps to be followed before I can send you a log. I'll be working on these and repost as soon as I'm done with them. Thanks for the support!
  4. Shiriu

    Shiriu Newcomer, in training Topic Starter

    Here are my AVG, HJT and Combofix reports.
    AVG Antirootkit, AdAware, Virtumundobegone, Smitfraud, Kaspersky and Vundo did not find anything.

    The symptoms are as follows:
    - memory "can't be written", as stated by a dwwin.exe message box
    - all applications have allegedly to be ended, as popup message boxes state it, but they still run if I don't click on these boxes
    - all applications from the quicklaunch bar have disappeared
    - incidently, I've recently found that I'm automatically redirected to a webpage when surfing on Techspot
    - more often than not, system would not shut down/restart

    Thanks again (I'm one step away from formatting the damn all thing...)
  5. kitty500cat

    kitty500cat Newcomer, in training Posts: 2,407   +6

    Hello and welcome to TechSpot.

    Please follow these instructions.

    1. Run HijackThis and place a check in the box next to the following entries (if there):

      O2 - BHO: (no name) - {0D4D1121-B7E0-4DBA-A3E7-BB9F5ACA16E1} - (no file)

      O3 - Toolbar: (no name) - -{47833539-D0C5-4125-9FA8-0819E2EAAC93} - (no file)
      O3 - Toolbar: (no name) - -{C4069E3A-68F1-403E-B40E-20066696354B} - (no file)
      O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll

      O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/

      O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab

      O20 - Winlogon Notify: mllmn - C:\WINDOWS\

      O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

      Close all open programs except HijackThis. Click the Fix Checked button. Once it's done fixing, close HJT.

    2. Go into Add or Remove Programs in your Control Panel and uninstall anything having to do with Viewpoint. It is considered spyware.

    3. Navigate to www.virustotal.com.

      Click the Choose... button.

      Navigate to the following file:

      C:\Program Files\Common Files\FDEUnInstaller.exe

      Click Open. Then click Send File.

      Wait until it's done scanning, then copy and paste the results into a Notepad file and save it on your computer. Attach the file in your next reply.

    4. Please download the file CFScript.txt attached to my post and save it to the same folder as ComboFix.

      Referring to the image below, drag the CFScript.txt that you just downloaded over onto ComboFix.exe and release.

      [​IMG]

      This will ask ComboFix to execute the instructions within my file. Let ComboFix run normally and do its job. Attach the resultant log in your next reply, along with a fresh HijackThis log.

    Regards :)

    This thread is for the use of Shiriu only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.

    Attached Files:

  6. Shiriu

    Shiriu Newcomer, in training Topic Starter

    Hi there,
    Here are the reports you asked for. Please note that I have solved the symptoms of my problem by removing a service from Logitech and applying a patch on Kaspersky 6. This does not rule out the possibility of a malware on my computer, so I keep on with your advise, though everything looks pretty normal by now.
    Thanks for your support.
  7. momok

    momok Newcomer, in training Posts: 2,272

    Hi,

    You may wish to copy and paste these instructions on notepad for easier reference later.

    Boot into safe mode under your normal user name. See how HERE
    Next turn on "Show all files and folders, including hidden and system". See how HERE

    1. Please run HijackThis and fix the following entries, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked"):

      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O3 - Toolbar: (no name) - -{47833539-D0C5-4125-9FA8-0819E2EAAC93} - (no file)
      O3 - Toolbar: (no name) - -{C4069E3A-68F1-403E-B40E-20066696354B} - (no file)

      Close HJT.

    2. Download the attached "CFScript.txt" (from my attachment) and save it to the same folder as Combofix.

      Referring to the image below, drag the CFScript.txt that you downloaded earlier over on to Combofix.exe and release.

      [​IMG]

      This will ask Combofix to execute the instructions within my file. Let Combofix run normally and do its job.

      [*]Reboot into normal mode and rehide your protected OS files.


    [*]Attach the resultant log in your reply.



    Regards,
    Your friendly momok =)

    This thread is for the use of Shiriu only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  8. Shiriu

    Shiriu Newcomer, in training Topic Starter

    Hi Momok,

    Here is the log you've asked for.

    Thanks again.
  9. kitty500cat

    kitty500cat Newcomer, in training Posts: 2,407   +6

    Boot into safe mode, under your normal user name (not the administrator account). See how HERE.

    In Windows Explorer, turn on "show all files and folders, including hidden and system." See how HERE.

    Search your system for the filename adober.exe

    Make note of where it was found on your system.

    Then reboot into normal mode and rehide your protected files, by doing the reverse of the above instructions.

    Post here all locations where that file was found.

    Regards :)

    This thread is for the use of Shiriu only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.
  10. Shiriu

    Shiriu Newcomer, in training Topic Starter

    Hi there,
    There is no such file as "adober.exe" on my system, even with setting the search parameters to look into hidden files and folders.
    Hope this is not incapacitating...
  11. kitty500cat

    kitty500cat Newcomer, in training Posts: 2,407   +6

    I wasn't sure about one thing in your ComboFix log.

    Please navigate to www.virustotal.com.

    Click the Choose... button.

    Navigate to the following file:

    C:\WINDOWS\system32\DRIVERS\fbxusb32.sys

    Click Open. Then click Send File.

    Wait until it's done scanning, then copy and paste the results into a Notepad file and save it on your computer. Attach the file in your next reply, along with a fresh HijackThis log from normal mode.

    Regards :)

    This thread is for the use of Shiriu only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.
     
  12. Shiriu

    Shiriu Newcomer, in training Topic Starter

    Ok... I'm doing the scan now. I found adober.exe on my USB key this morning and deleted with Kaspersky... Hope it won't infect my new pristine system though! :S
  13. Shiriu

    Shiriu Newcomer, in training Topic Starter

    Here are the reports you asked for.
    Thanks again, you guys!
    You rule.
    :D
  14. kitty500cat

    kitty500cat Newcomer, in training Posts: 2,407   +6

    You're welcome.

    Run HijackThis and do a system scan. Place a check in the box next to the following entries (if there):

    O3 - Toolbar: (no name) - -{47833539-D0C5-4125-9FA8-0819E2EAAC93} - (no file)
    O3 - Toolbar: (no name) - -{C4069E3A-68F1-403E-B40E-20066696354B} - (no file)

    Close all open programs except HijackThis. Click the Fix Checked button. Once it's done fixing, close HijackThis.

    Then post one more ComboFix log, please.

    Regards :)

    This thread is for the use of Shiriu only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.