Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Win32.PSW.Sendkey, Win32.PSW.Widget, TR.PSW.SendKey

Posted on 2001-06-14
6
Medium Priority
?
294 Views
Last Modified: 2007-12-19
Hi!
I recently installed ETrust EZ Antivirus (from Computer Associates). This isn't an excellent program, but it is inexpensive and it does the job.

Since I installed it, it keeps discovering the following infected files / trojans when I boot my computer:

c:\recycled\DC70.EXE : Win32.PWS.Sendkey trojan
c:\windows\system\coolx.dll : Win32.PWS.Widget trojan
c:\windows\system\tasksvr32.exe : Win32.PWS.Widget.058 trojan

These files are discovered and deleted once a day! This is INSANE! Now I cannot find the source of the infection, and I worry about my system.

Anyone has an idea?
I can't find any information about these trojans in any virus database. This is just plain weird.
0
Comment
Question by:dufort
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 8

Expert Comment

by:tskelly082598
ID: 6195601
I have never seen it, but there is a regedit procedure to follow:

http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SENDKEY
0
 
LVL 1

Author Comment

by:dufort
ID: 6195863
Thanks for your comment. I am still trying to figure out why this anti-virus reports a PWS (password steal) trojan flavor that I can't find in any virus database. This is what is worrying me.

Also, I started getting these viruses right after downloading DirectX 8.0a from Microsoft. The fact that one of the virus files is named "coolx.dll", and that the trojan is called "Widget" leaves me puzzled.

Anyone has heard about that "PWS.Widget" trojan???
0
 
LVL 8

Accepted Solution

by:
tskelly082598 earned 900 total points
ID: 6195961
Might be the funlove virus.

It was reported below that several Microsoft files provided by Microsoft directly were infected by it.

http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=PE_FUNLOVE.4099

I also saw a reference from an IBM anti-virus site that associated DC70.EXE with FUNLOVE.

http://www.google.com/search?q=cache:GP2Jmh6WdQg:www.davidchess.com/forum/messages/59.html+DC70.EXE+&hl=en
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 
LVL 1

Author Comment

by:dufort
ID: 6197323
tskelly, please make your comment an answer! I would like to give you my 300 points.
The two links you mentioned were useful to me.
My system is now clean  :o)
0
 
LVL 1

Author Comment

by:dufort
ID: 6197326
Hehehe. Oops.
0
 
LVL 8

Expert Comment

by:tskelly082598
ID: 6197890
Glad you fixed it. Was it the "funlove" trojan or something similar? If so, it reportedly may return repeatedly from shared network use, infected files on other PC's, etc.
0

Featured Post

Enroll in October's Free Course of the Month

Do you work with and analyze data? Enroll in October's Course of the Month for 7+ hours of SQL training, allowing you to quickly and efficiently store or retrieve data. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

These are on the increase and getting more common these days. Users who use the Google search engine may complain of having their search redirected to unwanted sites, regardless of what browser is used. This happens when the system is infected with…
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

597 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question