dwwin.exe error referenced memory

Status
Not open for further replies.
Shiriu

Shiriu

Posts: 8   +0
Hi there,

I've done a bit of research on the net about some trouble I have with dwwin.exe and bumped into this post : https://www.techspot.com/vb/all/windows/t-63582-referenced-memory-error.html
made by Jacobb.
And since I'm not supposed to post on his thread, I do it here. I have exactly the same problem as the one as he described, so I'll keep this short.
I've gone over the whole process of cleansing against viruses, malewares and other stuff, as recommended on this forum. I hereby enclose two scan reports.

I send this post just like a message in a bottle, wrecked as I am, on hostile shores...

Best regards. And many thanks.
 
Hi,

Very Important: Malware infections can possibly lead to identity theft, loss of funds from bank accounts, misuse of credit card information etc. Therefore I strongly encourage you to please read this thread HERE before deciding what course of action to take regarding your infection.

Should you decide to clean your computer, please read the following.

You have not posted the required logs. Please go ahead to Viruses/Spyware/Malware, preliminary removal instructions and follow the steps given. Do follow all the instructions exactly. They will provide logs for analysis of your system so I will know how to instruct you to proceed.

I noticed that your AVG log displays 'Ignored' for all the files detected.
I require you to run AVG again and quarantine the files. Pictorial instructions HERE.


Thereafter, please post fresh HijackThis, AVG Antispyware and Combofix logs as attachments into this thread. Do not copy and paste your logs if not it will be ignored and/or removed.

Also, please let me know the results of the AVG Antirootkit scan


Regards,
Your friendly momok =)

This thread is for the use of Shiriu only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
OK. I've printed and reread all the 15 steps to be followed before I can send you a log. I'll be working on these and repost as soon as I'm done with them. Thanks for the support!
 
Here are my AVG, HJT and Combofix reports.
AVG Antirootkit, AdAware, Virtumundobegone, Smitfraud, Kaspersky and Vundo did not find anything.

The symptoms are as follows:
- memory "can't be written", as stated by a dwwin.exe message box
- all applications have allegedly to be ended, as popup message boxes state it, but they still run if I don't click on these boxes
- all applications from the quicklaunch bar have disappeared
- incidently, I've recently found that I'm automatically redirected to a webpage when surfing on Techspot
- more often than not, system would not shut down/restart

Thanks again (I'm one step away from formatting the damn all thing...)
 
Hello and welcome to TechSpot.

Please follow these instructions.

  1. Run HijackThis and place a check in the box next to the following entries (if there):

    O2 - BHO: (no name) - {0D4D1121-B7E0-4DBA-A3E7-BB9F5ACA16E1} - (no file)

    O3 - Toolbar: (no name) - -{47833539-D0C5-4125-9FA8-0819E2EAAC93} - (no file)
    O3 - Toolbar: (no name) - -{C4069E3A-68F1-403E-B40E-20066696354B} - (no file)
    O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll

    O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/

    O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab

    O20 - Winlogon Notify: mllmn - C:\WINDOWS\

    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    Close all open programs except HijackThis. Click the Fix Checked button. Once it's done fixing, close HJT.

  2. Go into Add or Remove Programs in your Control Panel and uninstall anything having to do with Viewpoint. It is considered spyware.

  3. Navigate to www.virustotal.com.

    Click the Choose... button.

    Navigate to the following file:

    C:\Program Files\Common Files\FDEUnInstaller.exe

    Click Open. Then click Send File.

    Wait until it's done scanning, then copy and paste the results into a Notepad file and save it on your computer. Attach the file in your next reply.

  4. Please download the file CFScript.txt attached to my post and save it to the same folder as ComboFix.

    Referring to the image below, drag the CFScript.txt that you just downloaded over onto ComboFix.exe and release.

    CFScript.gif


    This will ask ComboFix to execute the instructions within my file. Let ComboFix run normally and do its job. Attach the resultant log in your next reply, along with a fresh HijackThis log.

Regards :)

This thread is for the use of Shiriu only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.
 

Attachments

  • CFScript.txt
    93 bytes · Views: 5
Hi there,
Here are the reports you asked for. Please note that I have solved the symptoms of my problem by removing a service from Logitech and applying a patch on Kaspersky 6. This does not rule out the possibility of a malware on my computer, so I keep on with your advise, though everything looks pretty normal by now.
Thanks for your support.
 
Hi,

You may wish to copy and paste these instructions on notepad for easier reference later.

Boot into safe mode under your normal user name. See how HERE
Next turn on "Show all files and folders, including hidden and system". See how HERE

  1. Please run HijackThis and fix the following entries, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked"):

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: (no name) - -{47833539-D0C5-4125-9FA8-0819E2EAAC93} - (no file)
    O3 - Toolbar: (no name) - -{C4069E3A-68F1-403E-B40E-20066696354B} - (no file)

    Close HJT.

  2. Download the attached "CFScript.txt" (from my attachment) and save it to the same folder as Combofix.

    Referring to the image below, drag the CFScript.txt that you downloaded earlier over on to Combofix.exe and release.

    CFScript.gif


    This will ask Combofix to execute the instructions within my file. Let Combofix run normally and do its job.

    [*]Reboot into normal mode and rehide your protected OS files.


[*]Attach the resultant log in your reply.


Regards,
Your friendly momok =)

This thread is for the use of Shiriu only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Boot into safe mode, under your normal user name (not the administrator account). See how HERE.

In Windows Explorer, turn on "show all files and folders, including hidden and system." See how HERE.

Search your system for the filename adober.exe

Make note of where it was found on your system.

Then reboot into normal mode and rehide your protected files, by doing the reverse of the above instructions.

Post here all locations where that file was found.

Regards :)

This thread is for the use of Shiriu only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.
 
Hi there,
There is no such file as "adober.exe" on my system, even with setting the search parameters to look into hidden files and folders.
Hope this is not incapacitating...
 
I wasn't sure about one thing in your ComboFix log.

Please navigate to www.virustotal.com.

Click the Choose... button.

Navigate to the following file:

C:\WINDOWS\system32\DRIVERS\fbxusb32.sys

Click Open. Then click Send File.

Wait until it's done scanning, then copy and paste the results into a Notepad file and save it on your computer. Attach the file in your next reply, along with a fresh HijackThis log from normal mode.

Regards :)

This thread is for the use of Shiriu only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.
 
Ok... I'm doing the scan now. I found adober.exe on my USB key this morning and deleted with Kaspersky... Hope it won't infect my new pristine system though! :S
 
You're welcome.

Run HijackThis and do a system scan. Place a check in the box next to the following entries (if there):

O3 - Toolbar: (no name) - -{47833539-D0C5-4125-9FA8-0819E2EAAC93} - (no file)
O3 - Toolbar: (no name) - -{C4069E3A-68F1-403E-B40E-20066696354B} - (no file)

Close all open programs except HijackThis. Click the Fix Checked button. Once it's done fixing, close HijackThis.

Then post one more ComboFix log, please.

Regards :)

This thread is for the use of Shiriu only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.
 
Status
Not open for further replies.

Similar threads

D
Nvidia RTX 50 series Blackwell GPUs tipped to use 28Gbps GDDR7 memory with 512-bit interface
2
Replies
28
Views
682
mbk34
M
midian182
Valve restricted almost 2,500 Steam accounts for liking a review
2
Replies
26
Views
1K
LimyG
LimyG
Cal Jeffrey
The MyHouse Doom 2 mod is a masterpiece of creepy map editing
Replies
4
Views
778
loki1944
L

Latest posts

Back