Win98banter - View Single Post - Trojan Horse leading to "Explorer caused problem in GDI.EXE"

#6 June 21st 04, 09:42 PM

CTDRVNS.EXE...
I cna find no references for it in Google or MS, so suspect that it's
possibly part of your problem - reboot to Safe Mode, and rename it to
CTDRVNS.JNK.
Then run CWShredder again while in Safe Mode

Reboot to Normal Mode - and run the Shredder again, then update your AV and
run a full system scan of all files

Then download Ad-Aware from www.lavasoftusa.com, install, update, and run it
to remove spyware, adware, and other such nasties from your system.

See how your system copes with that.

--
Noel Paton (MS-MVP 2002-2004, Win9x)

Nil Carborundum Illegitemi
http://www.btinternet.com/~winnoel/millsrpch.htm

Please read http://dts-l.org/goodpost.htm on how to post messages to NG's
or
http://www.microsoft.com/presspass/f.../Mar27pmvp.asp

"Templeton Peck" wrote in message
...
OK, by resting my penknife on the letter i I've managed
to get onto Internet Explorer and downloaded and run
CWShredder. It wasn't sure if it could delete the
following: C:\WINDOWS\CTDRVNS.EXE

It suggested saying no and checking with an expert if I
wasn't sure. I'm not sure so would you know? Thanks.

Also, do I need to run it in safe mode as I didn't.
Thanks again.
Matthew

-----Original Message-----
Your best bet is to get someone else to download the
file for you (it'll fit
on a floppy), and then run it direct from the floppy.

--
Noel Paton (MS-MVP 2002-2004, Win9x)

Nil Carborundum Illegitemi
http://www.btinternet.com/~winnoel/millsrpch.htm

Please read http://dts-l.org/goodpost.htm on how to post
messages to NG's
or
http://www.microsoft.com/presspass/f.../2001/Mar01/Ma
r27pmvp.asp

wrote in message
...
Thanks, The problem is I can't get my Internet
Explorer
to work and hence can't download CWShredder. Going
into
anything in my desktop requires me to continuously
preesing ignore on the white box. Some things require
less clicks than others. I have not been able to get
into IE no matter how long I try.

I have seen reference to CoolWebSearch on my PC so
certain that's the problem. How can I access the
internet as don't seem to be able to do in Safe Mode?

Thanks for your help.
Matthew

-----Original Message-----
Reboot to Safe Mode and run CWShredder - to remove
what
is almost certainly
a variant of the CoolWebSearch hijacker. (probably
CWS:about:blank)
http://www.merijn.org/cwschronicles.html

Use CWShredder, the removal tool:
http://www.merijn.org/files/cwshredder.zip
http://www.merijn.org/files/CWShredder.exe

http://www.spywareinfo.com/downloads...CWShredder.exe
http://www.zerosrealm.com/downloads/CWShredder.zip

download the Stinger from here and run it to make sure
that A-V-disabling
viruses are not present on your PC
http://download.nai.com/products/mcafee-
avert/stinger.exe

- update your virus scanner and run a full system scan
of all files.

HTH.

--
Noel Paton (MS-MVP 2002-2004, Win9x)

Nil Carborundum Illegitemi
http://www.btinternet.com/~winnoel/millsrpch.htm

Please read http://dts-l.org/goodpost.htm on how to
post
messages to NG's
or

http://www.microsoft.com/presspass/f.../2001/Mar01/Ma
r27pmvp.asp

"Templeton Peck"
wrote in message
...
Would really appreciate a solution to the following
please:
1 - Went on website which brought up message from
Norton
about a trojan horse
2 - Norton Antivirus couldn;t repair so quarantined
file
3 - Did a Norton Antivirus search thing and no
problems
4 - Ran Ad Aware and removed a few data miners and a
data
registry which weren't there a couple of hours
previously
5 - Deleted cookies and temporary internet files
on "Internet Options" in the control panel
6 - noticed my home page had been altered to blank
7 - keep getting a message saying some spyware has
been
found on my computer and I need to download
something
to
clear it. Looks like a very dodgy message to me.
8 - Removed a couple of things I didn't recognise on
Add/Remove Programs (Both had funny codes with one
relating to Outlook and the other to Microsoft
Windows).
Doing this resulted in me being asked to reboot for
changes to take effect.

Anyway, the following has resulted from the above:
1 - Explorer message appeared in a big white box
saying:
"An error has occurred in your program. TO keep
working
anyway......Close or Ignore"(a common message so
you'll
know the rest).
2 - Clicking Ignore resulted in nothing happening
so I
clicked Close
3 - Following message appears: "Explorer caused
problem in
GDI.EXE". Closing this message results in blue
screen.
4 - Turning PC off and then back on results in the
white
boxed Explorer message. If I continuously click on
ignore
then I can slowly get onto my desktop and see all
icons
but can't actually use it as anything I click on
results
on big white box with heading relating to what I
click
on
(i.e. instead of Explorer I've had MSNMGR and
NMAIN).

Sorry for long message but trying to include
everything
from memory. Can anyone help?

.

.