Solved

Win32.PSW.Sendkey, Win32.PSW.Widget, TR.PSW.SendKey

Posted on 2001-06-14
6
272 Views
Last Modified: 2007-12-19
Hi!
I recently installed ETrust EZ Antivirus (from Computer Associates). This isn't an excellent program, but it is inexpensive and it does the job.

Since I installed it, it keeps discovering the following infected files / trojans when I boot my computer:

c:\recycled\DC70.EXE : Win32.PWS.Sendkey trojan
c:\windows\system\coolx.dll : Win32.PWS.Widget trojan
c:\windows\system\tasksvr32.exe : Win32.PWS.Widget.058 trojan

These files are discovered and deleted once a day! This is INSANE! Now I cannot find the source of the infection, and I worry about my system.

Anyone has an idea?
I can't find any information about these trojans in any virus database. This is just plain weird.
0
Comment
Question by:dufort
  • 3
  • 3
6 Comments
 
LVL 8

Expert Comment

by:tskelly082598
ID: 6195601
I have never seen it, but there is a regedit procedure to follow:

http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SENDKEY
0
 
LVL 1

Author Comment

by:dufort
ID: 6195863
Thanks for your comment. I am still trying to figure out why this anti-virus reports a PWS (password steal) trojan flavor that I can't find in any virus database. This is what is worrying me.

Also, I started getting these viruses right after downloading DirectX 8.0a from Microsoft. The fact that one of the virus files is named "coolx.dll", and that the trojan is called "Widget" leaves me puzzled.

Anyone has heard about that "PWS.Widget" trojan???
0
 
LVL 8

Accepted Solution

by:
tskelly082598 earned 300 total points
ID: 6195961
Might be the funlove virus.

It was reported below that several Microsoft files provided by Microsoft directly were infected by it.

http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=PE_FUNLOVE.4099

I also saw a reference from an IBM anti-virus site that associated DC70.EXE with FUNLOVE.

http://www.google.com/search?q=cache:GP2Jmh6WdQg:www.davidchess.com/forum/messages/59.html+DC70.EXE+&hl=en
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 1

Author Comment

by:dufort
ID: 6197323
tskelly, please make your comment an answer! I would like to give you my 300 points.
The two links you mentioned were useful to me.
My system is now clean  :o)
0
 
LVL 1

Author Comment

by:dufort
ID: 6197326
Hehehe. Oops.
0
 
LVL 8

Expert Comment

by:tskelly082598
ID: 6197890
Glad you fixed it. Was it the "funlove" trojan or something similar? If so, it reportedly may return repeatedly from shared network use, infected files on other PC's, etc.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

PREFACE The purpose of this guide is to provide information to successfully install the MS SQL client tools for the Symantec Endpoint Protection Manager (SEPM) to function properly when installed on Windows 2008. AUDIENCE Information Technology…
I recently had to create a utility which aim is to update McAfee's Virusscan and that had to be launched from a command line. I thought I’d share my experience with you. Why is it useful to be able to update an Antivirus from the command line?…
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now