Removing ADW_MYWEBSEARBV

[RogerRampant]

Hello again

This is not a major problem, in the sense that it is only listed by the Trend Micro free online scan as malware, but when I run the scan it tells me it is there, I tell it to delete it but apparently it doesn't, and when I do a windows search of my PC that file name doesn't show up. My windows search has including hidden files and system files selected by default. It presumably is still there, as Trend Micro keeps highlighting it.

Does anyone have any more info about this malware? I tried a Google search but found nothing useful about it.

Thanks!

 

[Bobbye]

Please follow the Steps here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/

Some of the malware will be removed. Attach the three logs and we will help remove any entries that remain.

 

[RogerRampant]

OK my broadband usage has increased dramatically, had an email from my ISP to say that I am almost at my 15gb limit for this month (which has never happened before), and a lot of HD activity occurring that I don't usually have, so things don't look too promising.

Here is the first log:

Moderator Edit:
Pasted logs removed

 

[Bobbye]

Logs should be attached, not pasted./ The moderator will remove the log.

Attach the requested logs- all three please.
1) Malwarebytes Anti Malware log
2) SuperAntiSpyware log
3) Hijackthis log

Attachment Instructions

* ONLY attach .txt or .log files; we will NOT read other files (such as .doc) due to the risk of viruses etc.
* We strongly discourage you from copying and pasting the logs in your posts, unless if you have trouble with attaching them.
* To attach a log click on New Thread (or use Post Reply in your existing thread).
* Scroll down until you see a button Manage Attachments. Click on that and a popup-window opens.
* Click on the Browse button, find the requested log file, and doubleclick on it.
* Now click on the Upload button in the popup. When done, click on the Close this window button.
* Please Note: you can attach more than one file to a post by repeating the above steps.

 

[RogerRampant]

Sorry / thanks. Here they are. Really appreciate the fact that you guys give this advice out for nothing.

 

[Bobbye]

RR, I am reviewing your logs and listing entries to be removed. I will be back a bit later and will EDIT this post with the information.

 

[RogerRampant]

The first time I ran ComboFix it deleted four things, including a FireFox extension called NPMYGISH.dll

Unfortunately I ran ComboFix again in order to have it install the Windows Recovery Console for me, but I think that it has saved the new log over the top of the previous one. So here are the two logs (ComboFix and HJT), but the ComboFix log might not be so much use as the previous one would have been. Is there a way to recover it?

 

[kimsland]

File Sharing Programs found in logs: Limewire

Info on using P2P Programs => https://www.techspot.com/vb/topic124748.html

Quote from 8-Step Removal Guide:

Uninstall File Sharing/P2P Programs

During the cleaning process all File Sharing Programs should be uninstalled
This is to avoid any possible reinfection of any malwares through file sharing

We reserve the right to withdraw our support:

• If such programs are found in your logs
• Should you not agree to their removal.

As they are normally set to bypass your Firewall and Anti-Virus software
Filesharing/P2P Programs serves as a constant threat to your computer

Edit:

You may have not realized but your Firefox has also allowed bittorrent as a pluggin too

FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll

 

[RogerRampant]

OK Limewre has been uninstalled, and that bit torrent plugin. Also found another plugin that I didn't know was there, something about printing coupons, so I deleted that as well. Do I need to run anything again after deleting these things out?

 

[kimsland]

Yes go through Add\Remove programs and remove all P2P programs (just in case we find another ; 2 is bad enough )
Then restart to confirm they are gone from subsequent logs
Then run another ComboFix and supply the log, hopefully it then shows the missing entries

 

[Bobbye]

Please include a rescan with HijackThis after updating and running Combofix again. Attach log and report.

 

[RogerRampant]

OK let's try again.

 

[RogerRampant]

After I have sorted out my PC, presumably I need to turn my attention to my teenage daughter's laptop.

 

[Bobbye]

THE most important thing to do right now if to get an antivirus program running!

that it is only listed by the Trend Micro free online scan as malware, but when I run the scan it tells me it is there, I tell it to delete it but apparently it doesn't, It presumably is still there, as Trend Micro keeps highlighting it.

Online scans are AFTER the fact>> they find viruses, Worms, Trojans AFTER they have gotten on the system.They do not offer any ongoing protectionYou must run an antivirus program ALL the time to prevent the malware from getting you the system!

HijackThis log 1: no AV running>> 4/21/09
Combofix report: 4/22/09>> Comodo firewall only: NO AV entries
HJ log 4/22/09: No AV running, Comodo Firewall

Per Step 1 in the Virus and Malware Removal:

Step 1
Antivirus scanning

If you're NOT running any antivirus or firewall software, you should install one ASAP If you already have an Anti-virus program - please be sure to check for updates and run a full scan of your system - Please note anything that it finds in your thread.

Recommended Free Anti Virus:
Avira Free HERE
OR
Avast Free HERE

Everyone of the poker entries you have-and there are many- is a potential for malware. Games sites frequently load adware or spyware. For instance, this is current or ongoing activity:

2007-12-21 23:45 -------- d-----w c:\program files\Full Tilt Poker
2008-02-01 19:28 -------- d-----w c:\program files\PokerStars
2007-06-13 22:04 -------- d-----w c:\program files\PartyGaming
2008-11-28 16:35 -------- d-----w c:\program files\BrucePoker.com
2008-04-15 22:21 -------- d-----w c:\program files\EurobetPoker
2008-04-06 02:29 -------- d-----w c:\program files\Poker Royale
2009-04-20 15:38 -------- d-----w c:\program files\CarbonPoker
2009-04-07 00:26 -------- d-----w c:\documents and settings\R\Application Data\LittlewoodsPoker
2009-04-07 00:26 -------- d-----w c:\program files\LittlewoodsPoker
2009-04-04 03:59 -------- d-----w c:\program files\PokerStove
2009-04-03 23:18 -------- d-----w c:\program files\PokerHost
2009-04-20 15:29 -------- d-----w c:\program files\PDCPoker

The Combofix log also still shows:
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll

So it time to come to terms with yourself for the security of your system:
1. P2P file sharing? Don't even bother removing malware because this allows a steady stream of it!
2. Multiple, frequent gaming activities in poker? Keep them all but take a few hours each week to remove the trash they bring!

I will help in whatever you decide- unless you want to keep the P2P programs plugin.

 

[RogerRampant]

I have Comodo firewall, but I removed my antivirus checker because it slowed my PC down too much. I'll try to find one that doesn't slow the PC down too much, Avast slowed it down substantially...

Firefox told me that it had deleted the bittorrent thing, but I'll have another go at removing that. I assume the bittorrent arrived because I play a game called Age of Wonders Shadow Magic, and an enormous mod for the game was available on Pando. Maybe Pando installed the bittorrent plug-in, and when I uninstalled Pando it wasn't removed?

Most of the poker sites run some stuff called IESnare or MPSnare, which is there to check that you aren't opening multiple accounts, and presumably some sites will have their own proprietary systems to do the same thing. It is very hard to know what they are doing, because they don't run in my browser and they use stuff like flash cookies. Anyway, some poker sites need to stay, but I will delete the non-core ones...

My daughter installed Limewire when I was at work and her laptop was out of action, but that has gone now from my PC - I would guess that it will still be on her laptop, though.

Thanks for the advice, I'll post some more logs once I have made a few changes.

EDIT: FireFox shows that the bittorrent plugin is disabled, but it doesn't give the option to remove it, only disable it or enable it. So I'll have to do a bit more research on that. OK I went to C:\Program Files\Mozilla Firefox\plugins and deleted it, so that bit's sorted (hopefully)

 

[Bobbye]

Maybe Pando installed the bittorrent plug-in, and when I uninstalled Pando it wasn't removed?

Did you download Pando from a torrent site?

Step 1
Antivirus scanning

If you're NOT running any antivirus or firewall software, you should install one ASAP If you already have an Anti-virus program - please be sure to check for updates and run a full scan of your system - Please note anything that it finds in your thread.

Recommended Free Anti Virus:
Avira Free HERE
OR
Avast Free HERE

To the best of my knowledge, even high resource users like the Norton/Symantec programs don't use so much of the resources that a user would remove them. Something else is going on with your system You NEED a current, updated, active antivirus program. It might be that you are setting the program to do a virus scan every time you boot. That can be stopped.

Pando itself is peer-to-peer software. It is NOT BitTorrent . And the only was torrent is going to get on from Age of Wonders Shadow Magic is if it's pirated from a torrent site!

Advise you read comment here about the use of IPSnare/MPSnare:
http://www.codingthewheel.com/archives/online-gambling-privacy-iesnare