1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

New tool from Symantec to remove sp.html about:navigationfailure CWS hijack

Discussion in 'Virus & Other Malware Removal' started by Flrman1, Oct 15, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. Flrman1

    Flrman1 Thread Starter

    Joined:
    Jul 26, 2002
    Messages:
    46,322
    Symantec has released a new tool that reportedly removes the tough CWS hijacks that we have been using FindNFix to remove. I have not used it yet, but it is supposed to remove the hidden .dll file an clear the Appinit_DLL value leaving all permissions intact:

    http://securityresponse.symantec.com/avcenter/venc/data/backdoor.agent.b.removal.tool.html

    It is supposed to work on 9x boxes also.

    My understanding is that we should simply have them run the tool, save the log. Reboot and run cwshredder then post a new HJT log.

    Whoever may be the first to get a chance to use it please post the results here along with a link to the thread.
     
  2. LineOFire

    LineOFire

    Joined:
    Jan 28, 2004
    Messages:
    322
  3. Flrman1

    Flrman1 Thread Starter

    Joined:
    Jul 26, 2002
    Messages:
    46,322
    Well that sucks! :eek: I was hoping it would work, but from the looks of that thread it doesn't.
     
  4. LineOFire

    LineOFire

    Joined:
    Jan 28, 2004
    Messages:
    322
    Well, some of Norton's removal procedures haven't very reliable in the past in my opinion.

    Though it would make this a lot easier that's for sure. I'm still waiting for a case where I can try it myself. Hopefully, there's still some hope for it. :)
     
  5. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,692
    I just started one this evening. I had just posted the FINDnFIX instructions and then saw flrman1's post about this so I edited it to try the tool first.

    Here's the thread:

    http://forums.techguy.org/t284871.html
     
  6. LineOFire

    LineOFire

    Joined:
    Jan 28, 2004
    Messages:
    322
    Let's hope it works!
     
  7. Flrman1

    Flrman1 Thread Starter

    Joined:
    Jul 26, 2002
    Messages:
    46,322
    Thanks Karen. I've subscribed to the thread.
     
  8. Flrman1

    Flrman1 Thread Starter

    Joined:
    Jul 26, 2002
    Messages:
    46,322
    I may try to infect a machine here later this weekend and check it out if I have time.
     
  9. LineOFire

    LineOFire

    Joined:
    Jan 28, 2004
    Messages:
    322
    That would be awesome. I'd love to know how exactly Symantec's tool removes it.
     
  10. LineOFire

    LineOFire

    Joined:
    Jan 28, 2004
    Messages:
    322
  11. Flrman1

    Flrman1 Thread Starter

    Joined:
    Jul 26, 2002
    Messages:
    46,322
    I've subscribed to that one too! (y)
     
  12. LineOFire

    LineOFire

    Joined:
    Jan 28, 2004
    Messages:
    322
  13. Flrman1

    Flrman1 Thread Starter

    Joined:
    Jul 26, 2002
    Messages:
    46,322
    It looks like it worked on that one.
     
  14. LineOFire

    LineOFire

    Joined:
    Jan 28, 2004
    Messages:
    322
    Yep, we have success!
     
  15. LineOFire

    LineOFire

    Joined:
    Jan 28, 2004
    Messages:
    322
    I've developed a canned speech:
    • Prepare CWShredder:
      • Download CWShredder v1.59.1.
      • Save it to your desktop.
      • Do not run it yet. We will run it later.
    • Run Symantec's BackDoor Removal Tool:
      • Download the Backdoor.Agent.B Removal Tool from Symantec.
      • Follow Symantec's instructions for how to run it.
      • Be sure to save the log file. I will need to see it later.
      • Restart your computer.
    • Run CWShredder. Be sure to click Fix as opposed to Scan Only. It should find some things and remove them.
    • Restart your computer once more.
    • Post a new HijackThis log and the log Symantec's tool gave you.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/285184