?
Solved

Win32.PSW.Sendkey, Win32.PSW.Widget, TR.PSW.SendKey

Posted on 2001-06-14
6
Medium Priority
?
286 Views
Last Modified: 2007-12-19
Hi!
I recently installed ETrust EZ Antivirus (from Computer Associates). This isn't an excellent program, but it is inexpensive and it does the job.

Since I installed it, it keeps discovering the following infected files / trojans when I boot my computer:

c:\recycled\DC70.EXE : Win32.PWS.Sendkey trojan
c:\windows\system\coolx.dll : Win32.PWS.Widget trojan
c:\windows\system\tasksvr32.exe : Win32.PWS.Widget.058 trojan

These files are discovered and deleted once a day! This is INSANE! Now I cannot find the source of the infection, and I worry about my system.

Anyone has an idea?
I can't find any information about these trojans in any virus database. This is just plain weird.
0
Comment
Question by:dufort
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 8

Expert Comment

by:tskelly082598
ID: 6195601
I have never seen it, but there is a regedit procedure to follow:

http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SENDKEY
0
 
LVL 1

Author Comment

by:dufort
ID: 6195863
Thanks for your comment. I am still trying to figure out why this anti-virus reports a PWS (password steal) trojan flavor that I can't find in any virus database. This is what is worrying me.

Also, I started getting these viruses right after downloading DirectX 8.0a from Microsoft. The fact that one of the virus files is named "coolx.dll", and that the trojan is called "Widget" leaves me puzzled.

Anyone has heard about that "PWS.Widget" trojan???
0
 
LVL 8

Accepted Solution

by:
tskelly082598 earned 900 total points
ID: 6195961
Might be the funlove virus.

It was reported below that several Microsoft files provided by Microsoft directly were infected by it.

http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=PE_FUNLOVE.4099

I also saw a reference from an IBM anti-virus site that associated DC70.EXE with FUNLOVE.

http://www.google.com/search?q=cache:GP2Jmh6WdQg:www.davidchess.com/forum/messages/59.html+DC70.EXE+&hl=en
0
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

 
LVL 1

Author Comment

by:dufort
ID: 6197323
tskelly, please make your comment an answer! I would like to give you my 300 points.
The two links you mentioned were useful to me.
My system is now clean  :o)
0
 
LVL 1

Author Comment

by:dufort
ID: 6197326
Hehehe. Oops.
0
 
LVL 8

Expert Comment

by:tskelly082598
ID: 6197890
Glad you fixed it. Was it the "funlove" trojan or something similar? If so, it reportedly may return repeatedly from shared network use, infected files on other PC's, etc.
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The purpose of this Article is to provide information for a newly released variant of malware – with the assumption that many EE Members will have need of the information. According to “Computerworld”, well over one million web sites have been co…
Curious about the latest ransomware attack? Check out our timeline of events surrounding the spread of this new virus along with tips on how to mitigate the damage.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question