Solved

Win32.PSW.Sendkey, Win32.PSW.Widget, TR.PSW.SendKey

Posted on 2001-06-14
6
281 Views
Last Modified: 2007-12-19
Hi!
I recently installed ETrust EZ Antivirus (from Computer Associates). This isn't an excellent program, but it is inexpensive and it does the job.

Since I installed it, it keeps discovering the following infected files / trojans when I boot my computer:

c:\recycled\DC70.EXE : Win32.PWS.Sendkey trojan
c:\windows\system\coolx.dll : Win32.PWS.Widget trojan
c:\windows\system\tasksvr32.exe : Win32.PWS.Widget.058 trojan

These files are discovered and deleted once a day! This is INSANE! Now I cannot find the source of the infection, and I worry about my system.

Anyone has an idea?
I can't find any information about these trojans in any virus database. This is just plain weird.
0
Comment
Question by:dufort
  • 3
  • 3
6 Comments
 
LVL 8

Expert Comment

by:tskelly082598
ID: 6195601
I have never seen it, but there is a regedit procedure to follow:

http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SENDKEY
0
 
LVL 1

Author Comment

by:dufort
ID: 6195863
Thanks for your comment. I am still trying to figure out why this anti-virus reports a PWS (password steal) trojan flavor that I can't find in any virus database. This is what is worrying me.

Also, I started getting these viruses right after downloading DirectX 8.0a from Microsoft. The fact that one of the virus files is named "coolx.dll", and that the trojan is called "Widget" leaves me puzzled.

Anyone has heard about that "PWS.Widget" trojan???
0
 
LVL 8

Accepted Solution

by:
tskelly082598 earned 300 total points
ID: 6195961
Might be the funlove virus.

It was reported below that several Microsoft files provided by Microsoft directly were infected by it.

http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=PE_FUNLOVE.4099

I also saw a reference from an IBM anti-virus site that associated DC70.EXE with FUNLOVE.

http://www.google.com/search?q=cache:GP2Jmh6WdQg:www.davidchess.com/forum/messages/59.html+DC70.EXE+&hl=en
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Author Comment

by:dufort
ID: 6197323
tskelly, please make your comment an answer! I would like to give you my 300 points.
The two links you mentioned were useful to me.
My system is now clean  :o)
0
 
LVL 1

Author Comment

by:dufort
ID: 6197326
Hehehe. Oops.
0
 
LVL 8

Expert Comment

by:tskelly082598
ID: 6197890
Glad you fixed it. Was it the "funlove" trojan or something similar? If so, it reportedly may return repeatedly from shared network use, infected files on other PC's, etc.
0

Featured Post

Secure Your Active Directory - April 20, 2017

Active Directory plays a critical role in your company’s IT infrastructure and keeping it secure in today’s hacker-infested world is a must.
Microsoft published 300+ pages of guidance, but who has the time, money, and resources to implement? Register now to find an easier way.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Have you ever tried to find someone you know on Facebook and searched to find more than one result with the same picture? Perhaps someone you know has told you that they have a 'facebook stalker' or someone who is 'posing as them' online and ta…
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question