• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 333
  • Last Modified:

Pushow22.dll

I upgraded my antivirus definitions and received an alert that a trojan "Generic Adclicker.o" was present and attached to a file in \%systemroot%\ called pushow22.dll.  I ran searches on three different engines and all three searches came up with no results.I ran a search on Generic Adclicker.o and McAfee has it listed as a trojan.   I also ran a search in Process Explorer (Winternals) and it showed this file was attached to both Mozilla (PID 848) and IE (PID 2724) I tried to unregister the dll and failed.  Then I tried to delete the file and failed.  Then I tried to delete the file from a command line which also failed.  Anyone know how to get rid of it?
0
jeppolit
Asked:
jeppolit
  • 5
  • 4
  • 2
2 Solutions
 
r-kCommented:
Here is what you can do:

First locate the file named pushow22.dll (look in c:\windows or c:\windows\system32)

Then:

(0) If running XP Home, boot in safe mode, if XP Pro, then start with step (1)

(1) Right click on the file in Windows Explorer or My Computer, select Properties

(2) Click on the Security tab.

(3) Click on the Advanced button.

(4) Uncheck the box labeled "Inherit from Parent...", then click "Remove"

(5) Close all windows.

(6) Reboot.

After reboot the file will be unable to run (because no one can access them any more). The symptoms should be gone.

At this point you can clean up with a standard anti-spyware program. I suggest Ewido, but you can try others that you already have.
0
 
rpggamergirlCommented:
"pushow22.dll" should be in your system32 folder it also appears in your Hijackthis log in the 020 line which you can fix in order for hijackthis to delete the registry entry.

then delete the file "pushow22.dll" inside system32 folder using Killbox's "delete on reboot" option.(you need to type in the full pathname)
http://www.atribune.org/downloads/KillBox.exe

Or use what r-k suggested to disable that file, there's also tool that removes a persistent file if Killbox won't remove it.
0
 
jeppolitAuthor Commented:
After McAfee detected it as a virus the file appended itself and mutated to pushow35.dll.  I used the solution r-k gave but found that I had another file to deal with.  I then used the solution from rpggamergirl which also worked.  Thanks to both of you for your responses.  I am not sure how to award points for two different answers but hopefully you'll both get them since I used both solutions to resolve the issue.  
                                                                                    stormcrow
0
Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

 
r-kCommented:
I think what happened is that I got all the points. If you like you can post a 0-point question in the Support area (link at upper right of this page), include a link to this question, and ask them to re-open the question. When that is done, you can choose the "split points" option at the bottom to re-assign the points, splitting them between the comments. This is explained at this link: http://www.experts-exchange.com/help.jsp#hi69

Glad to hear the offending files are taken care of!
0
 
rpggamergirlCommented:
It was okay for me but if you wish to split points then thanks! :)
0
 
r-kCommented:
Thanks rpgg.. I think that was clearly jeppolit's intent, and certainly your post was valuable as usual.
0
 
jeppolitAuthor Commented:
Thanks to bth of you for your help; BTW I really like that killbox program
0
 
rpggamergirlCommented:
Glad you like Killbox jeppolit.

r-k, I may sounded like a "point-hungry" person, lol.
0
 
r-kCommented:
Yes, I can see why you signed on as page editor :)

Seriously, I don't think there is anyone more unselfish on this board than you, rpggamergirl. Wish you all the best.
0
 
rpggamergirlCommented:
Now my hidden intension for signing is known, lol...

>>I don't think there is anyone more unselfish on this board than you, <<
thanks r-k you're so kind, but you're the one who's unselfish and very considerate to other members I've noticed, I think you'd make the best PE :)
0
 
r-kCommented:
Thanks, rpgg...

And now back to our regularly scheduled virus...
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

  • 5
  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now