Solved: LEGACY_*008F__6Q*00d4*00f5*0013'*00AA*00b4*00c6*00D08 CWS variant

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Anon23

Thread Starter
Joined
Mar 17, 2005
Messages
74
I have gotten rid of most of it. I found it in most of my control sets in my registry.

Hkey_local_machine/system/controlset(1-4)*,Currentcontrolset/Enum/root/LEGACY_*008F__6Q*00d4*00f5*0013'*00AA*00b4*00c6*00D08

I first ran adaware and let it delete everything leaving behind only this(Adaware will only show that it is in your current controlset and not if it is in the others(1-4)). Which it can never delete on its own. I then start up (if i'm not already) in safe mode and find it in my registry. I give it permission to full access to my current admin account and delete. I found it in almost every control set. I deleted it from all of them but one. I am now stuck with one of it left in control set 4. I cannot access it. It seems to infect each control set it can in XP. If these are my different accounts im guessing its in everyaccount i have traces of left. How do i get rid of the last one. I cant so much as look at the permisions for it. I don't have a clue what to do from here.

It is only detected by adaware. I have everything from cws shredder, spybot, spysubtract, hijack this, and some other odds and end programs. Adaware is the only one to detect it. I don't remember if spybot, or something, also detected one or two of the other files affiliated with it but that would be about it. Nothing else detects the registry entry.
 

Anon23

Thread Starter
Joined
Mar 17, 2005
Messages
74
Nvm! I just didnt know the proper name to add a user to it again. It must be part of my normal user account. I went back into my normal account and could give back permmissions. I just had to used advanced to show the proper name so i could add myself and then give full permission. I dont know if i did something to it in the past of if it just reapeard without any users in its permmissions list. I guess i just had to find the right account to add the user back.

Solved!

Unless someone knows something else about this CWS variant that i dont. I dont know I did get rid of this exact one once and it came back. Its attached to a file named something like webmlog i think. Or else they were both in my system at the same time.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Top