| Forum Home | ||||
| PC World Chat | ||||
| Thread ID: 138197 | 2014-10-20 00:41:00 | dwm.exe problem | David57 (7859) | PC World Chat |
| Post ID | Timestamp | Content | User | ||
| 1386475 | 2014-10-20 00:41:00 | Hi, I am running windows 7, have trend Micro installed and have the following problem. Trend Micro constantly tells me that dwm.exe has stopped working and then allows me to close the program. Trend Micro is picking up the following trojan TROJ_SPNR 32H914. Trend Micro is also picking up a indexer.exe. The problem is having a slowing down affect on the opening of most things on pc. Can anyone advise what I need to do to get rid of this trojan and problem. I do have Malwarebytes on pc however it was not running and when I try to open it, it won't open. I would appreciate some help please. David |
David57 (7859) | ||
| 1386476 | 2014-10-20 01:22:00 | One site says it a browser hijacker. It may also be a password stealing trojan / rootkit See if tdsskiller picks it up if its a rootkit (media.kaspersky.com) Get adwcleaner. (www.bleepingcomputer.com) Click on scan. See if it appears in one of the tabs. If it does tick it then clean |
Speedy Gonzales (78) | ||
| 1386477 | 2014-10-20 03:43:00 | www.howtogeek.com Redownload & re-install Malwarebytes. Disable Trend AV while Mbytes is doing a scan You can upload suspicious files to .... https://www.virustotal.com/ It will scan those files with several AV poducts |
1101 (13337) | ||
| 1386478 | 2014-10-20 06:28:00 | Thank you Speedy and 1101. I installed tdsskiller and it found nothing, also installed adwcleaner and although it found errors in the registry tab nothing appeared to be what I was looking for (see below for list), therefore did not do a clean. I then disabled Trend Micro, downloaded Malwarebytes again, did a scan with Malwarebytes which picked up the Trojans and enabled me to quarantine. I have since run the Trend Micro full scan and malwarebytes scan (again) and it appears as though things have been fixed. Report from adwcleaner below, Speedy could you advise if I can/should delete anything from the list, thank you. ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Found : C:\Program Files (x86)\GreenTree Applications Folder Found : C:\Program Files (x86)\OApps Folder Found : C:\Program Files\Enigma Software Group Folder Found : C:\ProgramData\apn Folder Found : C:\Users\David\AppData\LocalLow\iac Folder Found : C:\Users\David\AppData\Roaming\PerformerSoft Folder Found : C:\Users\David\AppData\Roaming\Systweak ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\APN PIP Key Found : HKCU\Software\AVG Secure Search Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{04D2B915-19FF-41E9-994D-95DC898BEA43} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{A86782D8-7B41-452F-A217-1854F72DBA54} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKCU\Software\PIP Key Found : HKCU\Software\torch Key Found : [x64] HKCU\Software\APN PIP Key Found : [x64] HKCU\Software\AVG Secure Search Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3} Key Found : [x64] HKCU\Software\PIP Key Found : [x64] HKCU\Software\torch Key Found : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4} Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96} Key Found : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939} Key Found : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9} Key Found : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023} Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Found : HKLM\SOFTWARE\Classes\Interface\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4} Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bmiabdepfhh iieiipmeecdmeljggmfee Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D9083CE-8758-4704-BA57-3C891D7452BD} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3} Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProt ector_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProt ector_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs Key Found : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI3 2 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANC S Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\sl-dlc Key Found : HKLM\SOFTWARE\PIP Key Found : HKLM\SOFTWARE\systweak Key Found : HKLM\SOFTWARE\torch Key Found : [x64] HKLM\SOFTWARE\EnigmaSoftwareGroup Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3} Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17344 -\\ Mozilla Firefox v32.0.3 (x86 en-US) -\\ Google Chrome v34.0.1847.131 |
David57 (7859) | ||
| 1386479 | 2014-10-20 06:58:00 | I would just tick everything then click on clean. Then reboot after | Speedy Gonzales (78) | ||
| 1386480 | 2014-10-20 09:10:00 | If you still have Torch Browser installed, uninstall it. Its got plenty of bugs and infections. Nod32 wont even allow you to download it as its blocked as having infections. Also run Hitmanpro (www.surfright.nl) You may get a surprise at what it finds ( or not) Also remove avg-secure-search, its total crap. |
wainuitech (129) | ||
| 1386481 | 2014-10-21 10:01:00 | Scan with Hitmanpro or some bootable scanner CD\USB, scanning within an infected Windows is a waste of time usually (at least on first pass) Use offline methods to remove the files, scan in Windows afterwards to get rid of registry entries... |
Agent_24 (57) | ||
| 1386482 | 2014-10-27 08:31:00 | I forgot to say thanks Speedy and Wainui, I used your suggestions and all appears back to normal. Thank you. | David57 (7859) | ||
| 1386483 | 2014-10-27 19:44:00 | Excellent! | Speedy Gonzales (78) | ||
| 1 | |||||