suspected w3hph.eye malware
-
Recently, I've downloaded w3hph.exe (198K, prime suspect!), WC3 (directly transferred from my friend's laptop) and shadowfrench maphack (downloaded from original site) onto my lappy.
I suspect w3hph.eye is a malware and causing my laptop painful lag and even that error everything I boot up. I've ran spybot, antivirus countless times but it doesn't fix the problem!
What should I do?
Edit: I notice my explorer.exe is running at 65+k memory charge. And I got few instances of svchost running.
2nd Edit: New problems - now I've keep getting this popup that tells me my computer is infected with spywares and ask me if I want to install antispywaremaster to rectify the problem. Then IE will pop up showing the website.
.... Gosh...
-
can i have a bigger screenshot?
-
Edit: Picture's too small. It reads "To help protect your computer Windows has close this program (which is windows explorer)" - Data Execution Prevention
-
Kenneth, save me!
-
Dont suspect that malware first.
http://www.pcmag.com/article2/0,1759,1854559,00.asp
Follow the steps, turn it on for windows services only and see if you get the error messages and the lags
-
It's already on "turn on DEP for essential windows program and services"
And I still have the error when I boot up
-
can you remove your w3hph by anychance?
or
1. Click Start
2. Select Control Panel
3. Select System
4. Click the Advanced tab
5. In the Performance region select Settings
6. Click the Data Execute tab in the dialog box that opens
7. Select Turn on DEP for all programs and services except for those I select
8. Click Add. (Find that one that programme, Warcraft 3 in this case)
9. The open dialog box will open. Browse and select your application.
10. Click Open
11. Click Apply
12. Click Ok
13. Reboot -
dp
-
From Jotti:POSSIBLY INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) (Note: this file was only classified as malware by scanners known to generate more false positives than the average scanner. Do not consider these results definately accurate. Also, because of this, results of this scan will not be recorded in the database.)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found Trojan-Spy.Win32.Banker.NG
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing -
Originally posted by kenn3th:
can you remove your w3hph by anychance?
or
1. Click Start
2. Select Control Panel
3. Select System
4. Click the Advanced tab
5. In the Performance region select Settings
6. Click the Data Execute tab in the dialog box that opens
7. Select Turn on DEP for all programs and services except for those I select
8. Click Add. (Find that one that programme, Warcraft 3 in this case)
9. The open dialog box will open. Browse and select your application.
10. Click Open
11. Click Apply
12. Click Ok
13. RebootI'll try that asap, can't reboot now - doing work
Hope it will work, I wouldn't want to go down to acer. -
Originally posted by manyu882:From Jotti:POSSIBLY INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) (Note: this file was only classified as malware by scanners known to generate more false positives than the average scanner. Do not consider these results definately accurate. Also, because of this, results of this scan will not be recorded in the database.)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found Trojan-Spy.Win32.Banker.NG
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothingErm what's that? And what should I do?!
-
bump due to new updates
-
Originally posted by kenn3th:
can you remove your w3hph by anychance?
or
1. Click Start
2. Select Control Panel
3. Select System
4. Click the Advanced tab
5. In the Performance region select Settings
6. Click the Data Execute tab in the dialog box that opens
7. Select Turn on DEP for all programs and services except for those I select
8. Click Add. (Find that one that programme, Warcraft 3 in this case)
9. The open dialog box will open. Browse and select your application.
10. Click Open
11. Click Apply
12. Click Ok
13. Reboot
I believe I've already deleted WC3 and w3hph.exe but the problem still persists... Help! -
bump due to edit
-
Good!
2nd Edit: New problems - now I've keep getting this popup that tells me my computer is infected with spywares and ask me if I want to install antispywaremaster to rectify the problem. Then IE will pop up showing the website.
now we know the root of the problem.
-
Originally posted by kenn3th:
The software needs to pay for license :(The manual solution's too hard
-
bump for mayi.
-
Please read stickies.
-
Originally posted by ndmmxiaomayi:
Please read stickies.
http://www.mediafire.com/?2bjcjw9ztwjHere is the copy of my Hijackthis logfile, mayi please advise!
-
a simple way is to reformat ur PC
-
Did you install Kazza P2P program? If so, uninstall it.
Disable Symantec Antivirus.
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.
The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
Once Recovery Console is installed, you should see a blue screen prompt like the one below:
Click Yes to allow Combofix to continue scanning for malware.
When done, a log will be produced. Please post that log and a new HijackThis log in your next reply.
Do not mouse click on Combofix while it is running. That may cause it to stall.
-
Originally posted by ndmmxiaomayi:
Did you install Kazza P2P program? If so, uninstall it.
Disable Symantec Antivirus.
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.
The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
Once Recovery Console is installed, you should see a blue screen prompt like the one below:
Click Yes to allow Combofix to continue scanning for malware.
When done, a log will be produced. Please post that log and a new HijackThis log in your next reply.
Do not mouse click on Combofix while it is running. That may cause it to stall.
Kazza, I did install in the past and have deleted it since months ago. There weren't any problems till I downloaded some w3hph.exe.
Now, DEP would automatically close windows explorer and I'd have to manually start explorer.exe from taskmanager. And the process charge for explorer.exe's like 70k+ and for IE 100k++, it's really killing my com.
I'll stuck at work now till tomorrow evening, I'll get the combofix and hijackthis done by tomorrow evening (hopefullly)
Thanks mayi, your help is greatly appreciated.
-
Mayi, how do I disable the anti-virus? As you know, RP's configuration... kinda disallow us to 'easily' disable it..
-
I can't disable the antivirus...