Solved

Win32.PSW.Sendkey, Win32.PSW.Widget, TR.PSW.SendKey

Posted on 2001-06-14
6
284 Views
Last Modified: 2007-12-19
Hi!
I recently installed ETrust EZ Antivirus (from Computer Associates). This isn't an excellent program, but it is inexpensive and it does the job.

Since I installed it, it keeps discovering the following infected files / trojans when I boot my computer:

c:\recycled\DC70.EXE : Win32.PWS.Sendkey trojan
c:\windows\system\coolx.dll : Win32.PWS.Widget trojan
c:\windows\system\tasksvr32.exe : Win32.PWS.Widget.058 trojan

These files are discovered and deleted once a day! This is INSANE! Now I cannot find the source of the infection, and I worry about my system.

Anyone has an idea?
I can't find any information about these trojans in any virus database. This is just plain weird.
0
Comment
Question by:dufort
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 8

Expert Comment

by:tskelly082598
ID: 6195601
I have never seen it, but there is a regedit procedure to follow:

http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SENDKEY
0
 
LVL 1

Author Comment

by:dufort
ID: 6195863
Thanks for your comment. I am still trying to figure out why this anti-virus reports a PWS (password steal) trojan flavor that I can't find in any virus database. This is what is worrying me.

Also, I started getting these viruses right after downloading DirectX 8.0a from Microsoft. The fact that one of the virus files is named "coolx.dll", and that the trojan is called "Widget" leaves me puzzled.

Anyone has heard about that "PWS.Widget" trojan???
0
 
LVL 8

Accepted Solution

by:
tskelly082598 earned 300 total points
ID: 6195961
Might be the funlove virus.

It was reported below that several Microsoft files provided by Microsoft directly were infected by it.

http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=PE_FUNLOVE.4099

I also saw a reference from an IBM anti-virus site that associated DC70.EXE with FUNLOVE.

http://www.google.com/search?q=cache:GP2Jmh6WdQg:www.davidchess.com/forum/messages/59.html+DC70.EXE+&hl=en
0
MS Dynamics Made Instantly Simpler

Make Your Microsoft Dynamics Investment Count  & Drastically Decrease Training Time by Providing Intuitive Step-By-Step WalkThru Tutorials.

 
LVL 1

Author Comment

by:dufort
ID: 6197323
tskelly, please make your comment an answer! I would like to give you my 300 points.
The two links you mentioned were useful to me.
My system is now clean  :o)
0
 
LVL 1

Author Comment

by:dufort
ID: 6197326
Hehehe. Oops.
0
 
LVL 8

Expert Comment

by:tskelly082598
ID: 6197890
Glad you fixed it. Was it the "funlove" trojan or something similar? If so, it reportedly may return repeatedly from shared network use, infected files on other PC's, etc.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Change your password...do it now!. Probably the easiest point of access to your account is through guessing your password. If your password is guessable, do change it now. If not for your sake but for everyone else in your friends list. Remember …
This article investigates the question of whether a computer can really be cleaned once it has been infected, and what the best ways of cleaning a computer might be (in this author's opinion).
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question