Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

New tool from Symantec to remove sp.html about:navigationfailure CWS hijack

(New)
(!)

Flrman1's Avatar
Flrman1   (Mark) Flrman1 is offline Flrman1 has a Profile Picture
Member with 46,322 posts.
THREAD STARTER
 
Join Date: Jul 2002
Location: Thomasville, NC
15-Oct-2004, 08:06 PM #1
New tool from Symantec to remove sp.html about:navigationfailure CWS hijack
Symantec has released a new tool that reportedly removes the tough CWS hijacks that we have been using FindNFix to remove. I have not used it yet, but it is supposed to remove the hidden .dll file an clear the Appinit_DLL value leaving all permissions intact:

http://securityresponse.symantec.com...oval.tool.html

It is supposed to work on 9x boxes also.

My understanding is that we should simply have them run the tool, save the log. Reboot and run cwshredder then post a new HJT log.

Whoever may be the first to get a chance to use it please post the results here along with a link to the thread.
__________________
If I have helped solve your problem, please Click Here and make a donation to help keep this great site running. 100% goes directly to this site.
LineOFire's Avatar
LineOFire LineOFire is offline
Member with 322 posts.
 
Join Date: Jan 2004
Location: San Antonio, Texas, United States
Experience: Malware Assassin
15-Oct-2004, 08:14 PM #2
http://forums.spywareinfo.com/index.php?showtopic=28934

In that topic, the Symantec tool didn't even detect it. I'll try it out for myself though and see if it works.
Flrman1's Avatar
Flrman1   (Mark) Flrman1 is offline Flrman1 has a Profile Picture
Member with 46,322 posts.
THREAD STARTER
 
Join Date: Jul 2002
Location: Thomasville, NC
15-Oct-2004, 08:37 PM #3
Well that sucks! I was hoping it would work, but from the looks of that thread it doesn't.
LineOFire's Avatar
LineOFire LineOFire is offline
Member with 322 posts.
 
Join Date: Jan 2004
Location: San Antonio, Texas, United States
Experience: Malware Assassin
15-Oct-2004, 08:44 PM #4
Well, some of Norton's removal procedures haven't very reliable in the past in my opinion.

Though it would make this a lot easier that's for sure. I'm still waiting for a case where I can try it myself. Hopefully, there's still some hope for it.
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,665 posts.
 
Join Date: Aug 2003
15-Oct-2004, 08:53 PM #5
I just started one this evening. I had just posted the FINDnFIX instructions and then saw flrman1's post about this so I edited it to try the tool first.

Here's the thread:

http://forums.techguy.org/t284871.html
LineOFire's Avatar
LineOFire LineOFire is offline
Member with 322 posts.
 
Join Date: Jan 2004
Location: San Antonio, Texas, United States
Experience: Malware Assassin
15-Oct-2004, 08:56 PM #6
Let's hope it works!
Flrman1's Avatar
Flrman1   (Mark) Flrman1 is offline Flrman1 has a Profile Picture
Member with 46,322 posts.
THREAD STARTER
 
Join Date: Jul 2002
Location: Thomasville, NC
15-Oct-2004, 09:06 PM #7
Thanks Karen. I've subscribed to the thread.
Flrman1's Avatar
Flrman1   (Mark) Flrman1 is offline Flrman1 has a Profile Picture
Member with 46,322 posts.
THREAD STARTER
 
Join Date: Jul 2002
Location: Thomasville, NC
15-Oct-2004, 09:07 PM #8
I may try to infect a machine here later this weekend and check it out if I have time.
LineOFire's Avatar
LineOFire LineOFire is offline
Member with 322 posts.
 
Join Date: Jan 2004
Location: San Antonio, Texas, United States
Experience: Malware Assassin
15-Oct-2004, 09:11 PM #9
That would be awesome. I'd love to know how exactly Symantec's tool removes it.
LineOFire's Avatar
LineOFire LineOFire is offline
Member with 322 posts.
 
Join Date: Jan 2004
Location: San Antonio, Texas, United States
Experience: Malware Assassin
15-Oct-2004, 10:21 PM #10
I just started working on a Windows 98 system now.

http://forums.spywareinfo.com/index.php?showtopic=31072
Flrman1's Avatar
Flrman1   (Mark) Flrman1 is offline Flrman1 has a Profile Picture
Member with 46,322 posts.
THREAD STARTER
 
Join Date: Jul 2002
Location: Thomasville, NC
15-Oct-2004, 10:46 PM #11
I've subscribed to that one too!
LineOFire's Avatar
LineOFire LineOFire is offline
Member with 322 posts.
 
Join Date: Jan 2004
Location: San Antonio, Texas, United States
Experience: Malware Assassin
16-Oct-2004, 12:00 AM #12
Flrman1's Avatar
Flrman1   (Mark) Flrman1 is offline Flrman1 has a Profile Picture
Member with 46,322 posts.
THREAD STARTER
 
Join Date: Jul 2002
Location: Thomasville, NC
16-Oct-2004, 12:24 AM #13
It looks like it worked on that one.
LineOFire's Avatar
LineOFire LineOFire is offline
Member with 322 posts.
 
Join Date: Jan 2004
Location: San Antonio, Texas, United States
Experience: Malware Assassin
16-Oct-2004, 12:30 AM #14
Yep, we have success!
LineOFire's Avatar
LineOFire LineOFire is offline
Member with 322 posts.
 
Join Date: Jan 2004
Location: San Antonio, Texas, United States
Experience: Malware Assassin
16-Oct-2004, 12:47 AM #15
I've developed a canned speech:
  • Prepare CWShredder:
    • Download CWShredder v1.59.1.
    • Save it to your desktop.
    • Do not run it yet. We will run it later.
  • Run Symantec's BackDoor Removal Tool:
    • Download the Backdoor.Agent.B Removal Tool from Symantec.
    • Follow Symantec's instructions for how to run it.
    • Be sure to save the log file. I will need to see it later.
    • Restart your computer.
  • Run CWShredder. Be sure to click Fix as opposed to Scan Only. It should find some things and remove them.
  • Restart your computer once more.
  • Post a new HijackThis log and the log Symantec's tool gave you.

Last edited by dvk01; 18-Oct-2004 at 12:59 PM.. Reason: correct cwshredder version number
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑