Trojan Horse leading to "Explorer caused problem in GDI.EXE"

In case anyone reads this, I've started a new message
above since removing the Creative Labs file in safe mode
has bought the problem back.
Thanks,


-----Original Message-----
Glad to hear it - thanks for the feedback

Remember that All malware fighting tools need to be
updated every time you
use them - that way you stand some kind of chance of
keeping them under
control!

--
Noel Paton (MS-MVP 2002-2004, Win9x)

Nil Carborundum Illegitemi
http://www.btinternet.com/~winnoel/millsrpch.htm

Please read http://dts-l.org/goodpost.htm on how to post
messages to NG's
or
http://www.microsoft.com/presspass/f.../2001/Mar01/Ma
r27pmvp.asp

wrote in message
...
Yep, that's the webcam. I'll do as you say and that
should do the trick. I've updated my Adaware which
found
over 50 items which couldn't be found by the version I
had
installed.

Thanks a lot for your help, I think your tips have done
the trick. Much appreciated.

-----Original Message-----
I can find references for a CRTDRVINS.EXE file, which
appears to be
associated with Creative Labs video (webcam?) drivers.
Try rebooting to Safe Mode, and removing any
references
to such a device
from Device Manager there. (rebooting to Normal Mode
should reinstall any
required drivers)

HTH

--
Noel Paton (MS-MVP 2002-2004, Win9x)

Nil Carborundum Illegitemi
http://www.btinternet.com/~winnoel/millsrpch.htm

Please read http://dts-l.org/goodpost.htm on how to
post
messages to NG's
or

http://www.microsoft.com/presspass/f.../2001/Mar01/Ma
r
27pmvp.asp

wrote in message
...
Sorry, my fault it is actually CTDRVINS, and
appears to
be with the video driver which also links into
gdi.exe I
believe which was part of the error message. My
system
seems to be working OK now but I'll still do a
complete
check of my system, etc as you suggest.

Not sure what to do with the video driver thing
though.

Thanks again, Matthew
-----Original Message-----
CTDRVNS.EXE...
I cna find no references for it in Google or MS, so
suspect that it's
possibly part of your problem - reboot to Safe
Mode,
and
rename it to
CTDRVNS.JNK.
Then run CWShredder again while in Safe Mode

Reboot to Normal Mode - and run the Shredder again,
then
update your AV and
run a full system scan of all files

Then download Ad-Aware from www.lavasoftusa.com,
install, update, and run it
to remove spyware, adware, and other such nasties
from
your system.

See how your system copes with that.


--
Noel Paton (MS-MVP 2002-2004, Win9x)

Nil Carborundum Illegitemi
http://www.btinternet.com/~winnoel/millsrpch.htm

Please read http://dts-l.org/goodpost.htm on how to
post
messages to NG's
or


http://www.microsoft.com/presspass/f.../2001/Mar01/Ma
r27pmvp.asp

"Templeton Peck"

wrote in message
...
OK, by resting my penknife on the letter i I've
managed
to get onto Internet Explorer and downloaded and
run
CWShredder. It wasn't sure if it could delete the
following: C:\WINDOWS\CTDRVNS.EXE

It suggested saying no and checking with an
expert
if I
wasn't sure. I'm not sure so would you know?
Thanks.

Also, do I need to run it in safe mode as I
didn't.
Thanks again.
Matthew


-----Original Message-----
Your best bet is to get someone else to
download the
file for you (it'll fit
on a floppy), and then run it direct from the
floppy.


--
Noel Paton (MS-MVP 2002-2004, Win9x)

Nil Carborundum Illegitemi
http://www.btinternet.com/~winnoel/millsrpch.htm

Please read http://dts-l.org/goodpost.htm on
how to
post
messages to NG's
or



http://www.microsoft.com/presspass/f.../2001/Mar01/Ma
r27pmvp.asp

wrote in
message
...
Thanks, The problem is I can't get my
Internet
Explorer
to work and hence can't download CWShredder.
Going
into
anything in my desktop requires me to
continuously
preesing ignore on the white box. Some things
require
less clicks than others. I have not been
able to
get
into IE no matter how long I try.

I have seen reference to CoolWebSearch on my
PC so
certain that's the problem. How can I access
the
internet as don't seem to be able to do in
Safe
Mode?

Thanks for your help.
Matthew


-----Original Message-----
Reboot to Safe Mode and run CWShredder - to
remove
what
is almost certainly
a variant of the CoolWebSearch hijacker.
(probably
CWS:about:blank)
http://www.merijn.org/cwschronicles.html

Use CWShredder, the removal tool:
http://www.merijn.org/files/cwshredder.zip
http://www.merijn.org/files/CWShredder.exe




http://www.spywareinfo.com/downloads...CWShredder.exe

http://www.zerosrealm.com/downloads/CWShredder.zip

download the Stinger from here and run it to
make
sure
that A-V-disabling
viruses are not present on your PC
http://download.nai.com/products/mcafee-
avert/stinger.exe

- update your virus scanner and run a full
system
scan
of all files.

HTH.

--
Noel Paton (MS-MVP 2002-2004, Win9x)

Nil Carborundum Illegitemi

http://www.btinternet.com/~winnoel/millsrpch.htm

Please read http://dts-l.org/goodpost.htm on
how
to
post
messages to NG's
or




http://www.microsoft.com/presspass/f.../2001/Mar01/Ma
r27pmvp.asp

"Templeton Peck"

wrote in message
news:1f17301c4576e$bdd66520
...
Would really appreciate a solution to the
following
please:
1 - Went on website which brought up
message
from
Norton
about a trojan horse
2 - Norton Antivirus couldn;t repair so
quarantined
file
3 - Did a Norton Antivirus search thing
and no
problems
4 - Ran Ad Aware and removed a few data
miners
and a
data
registry which weren't there a couple of
hours
previously
5 - Deleted cookies and temporary internet
files
on "Internet Options" in the control panel
6 - noticed my home page had been altered
to
blank
7 - keep getting a message saying some
spyware
has
been
found on my computer and I need to download
something
to
clear it. Looks like a very dodgy message
to
me.
8 - Removed a couple of things I didn't
recognise on
Add/Remove Programs (Both had funny codes
with
one
relating to Outlook and the other to
Microsoft
Windows).
Doing this resulted in me being asked to
reboot
for
changes to take effect.

Anyway, the following has resulted from the
above:
1 - Explorer message appeared in a big
white
box
saying:
"An error has occurred in your program. TO
keep
working
anyway......Close or Ignore"(a common
message
so
you'll
know the rest).
2 - Clicking Ignore resulted in nothing
happening
so I
clicked Close
3 - Following message appears: "Explorer
caused
problem in
GDI.EXE". Closing this message results in
blue
screen.
4 - Turning PC off and then back on
results in
the
white
boxed Explorer message. If I continuously
click
on
ignore
then I can slowly get onto my desktop and
see
all
icons
but can't actually use it as anything I
click
on
results
on big white box with heading relating to
what
I
click
on
(i.e. instead of Explorer I've had MSNMGR
and
NMAIN).

Sorry for long message but trying to
include
everything
from memory. Can anyone help?




.



.



.



.



.