 |  |  |  |  |  |  |  |
Problems Loading Software
 |
•
•
Join Date: Feb 2004
Posts: 10,048
Reputation: 
Solved Threads: 761
That file was infected. From Symantec;
Thanks for sending the file.
•
•
•
•
Backdoor.Coreflood is a Backdoor Trojan horse that is primarily designed to conduct Denial of Service (DoS) attacks. The Trojan connects to an IRC server and gives control of the infected computer to an attacker.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Indeed, I did need to update the virus definitions in Norton...they had appeared to have been updated but they had not been so I eventually got that to work and it did indeed identify the WOWFAWK.dll virus. Unfortunately, it is not doing anything about it. The message that appears is "access to the file was denied". And now the computer is acting very funky.
I have tried to remove the WOWFAWK.dll file in safe mode but this is the message that I receive: "Cannot delete ...WOWFAWK.dll. The specified file is being used by WINDOWS." I have deleted the other items in safe mode from TEMP folders, etc. as described. How can I get this file deleted from my system? Thanks for all your help!
tje
I have tried to remove the WOWFAWK.dll file in safe mode but this is the message that I receive: "Cannot delete ...WOWFAWK.dll. The specified file is being used by WINDOWS." I have deleted the other items in safe mode from TEMP folders, etc. as described. How can I get this file deleted from my system? Thanks for all your help!
tje
•
•
•
•
Originally Posted by crunchie
That file was infected. From Symantec;
Thanks for sending the file.
If it won't delete even in Safe Mode, try unregistering the dll before attempting to delete it:
1. Under your Start button in the Task Bar, choose the "Run..." option.
2. In the resulting "Run" window that opens, type the following command in the "Open:" box and hit the Enter key; this will open a DOS window:
cmd
3. At the DOS command prompt, type the following and then hit the Enter key:
regsvr32 /u C:\WINNT\System32\WOWFAWK.dll
4. If the above returned no errors, try deleting the file; you may need to reboot before you are allowed to delete it.
1. Under your Start button in the Task Bar, choose the "Run..." option.
2. In the resulting "Run" window that opens, type the following command in the "Open:" box and hit the Enter key; this will open a DOS window:
cmd
3. At the DOS command prompt, type the following and then hit the Enter key:
regsvr32 /u C:\WINNT\System32\WOWFAWK.dll
4. If the above returned no errors, try deleting the file; you may need to reboot before you are allowed to delete it.
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
please ignore - I missed the fact there was a second page, and now I can't delete this!
emdevelopments - accessible web design | HiJackThis
Portfolio: Fire Equipment, Conveyors, Tools | Whitworth Spanner | Alarm Installers Bath | Physical Security Solutions | Surveyor | Pine Range | Unique Air Charter | Apollo Tiling in Bridgend
Portfolio: Fire Equipment, Conveyors, Tools | Whitworth Spanner | Alarm Installers Bath | Physical Security Solutions | Surveyor | Pine Range | Unique Air Charter | Apollo Tiling in Bridgend
•
•
Join Date: Feb 2004
Posts: 10,048
Reputation:
Solved Threads: 761
You can also try and delete it using hijackthis by going to config/misc tools/delete a file on reboot, pasting in C:\WINNT\System32\WOWFAWK.dll then rebooting.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
•
•
•
•
Originally Posted by crunchie
You can also try and delete it using hijackthis by going to config/misc tools/delete a file on reboot, pasting in C:\WINNT\System32\WOWFAWK.dll then rebooting.
Logfile of HijackThis v1.99.0
Scan saved at 11:49:47 AM, on 2/2/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\Program Files\WMP54GS Wireless Network Monitor\WLService.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\WMP54GS Wireless Network Monitor\WMP54G.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SymTray.exe
C:\Program Files\Motive\motmon.exe
C:\Program Files\Dell\Resolution Assistant\Common\bin\RxUser.exe
C:\PROGRA~1\Adaptec\DirectCD\directcd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\QBUpdate.exe
C:\Program Files\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hvpackandpaddle.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: wowfawk - {5CE88842-FCF5-7575-9F91-520F80390773} - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [RxUser] C:\Program Files\Dell\Resolution Assistant\Common\bin\RxUser.exe
O4 - HKLM\..\Run: [madexe] C:\Program Files\DELL\RESOLUTION ASSISTANT\COMMON\BIN\LaunchRA.exe -boot
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\Adaptec\DirectCD\directcd.exe
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtray.exe SetReg
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtrdr.exe
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner\RegClean.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\QBUpdate.exe
O4 - Global Startup: Resolution Assistant.lnk = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\QBUpdate.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.25.152/code/PWActiveXImgCtl.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9BB641DB-045B-42B4-BAE2-CBAAD66B0CC4} (Spotlife Composer) - http://yahoo.spotlife.net/install/co...3/SLCmpser.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab27513.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O23 - Service: Ati HotKey Poller - Unknown - C:\WINNT\System32\Ati2evxx.exe (file missing)
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Service Request Monitor - Dell Computer Corporation - C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: WMP54GSVC - Unknown - C:\Program Files\WMP54GS Wireless Network Monitor\WLService.exe" "WMP54G.exe (file missing)
Good job, glad we could help you help you get it sorted out. 
Just to clean up the last leftover, have HJT fix:
O2 - BHO: wowfawk - {5CE88842-FCF5-7575-9F91-520F80390773} - (no file)
Just to clean up the last leftover, have HJT fix:
O2 - BHO: wowfawk - {5CE88842-FCF5-7575-9F91-520F80390773} - (no file)
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
|
Similar Threads
- Problems loading IE, and Windows Explorer (Viruses, Spyware and other Nasties)
- Problems loading websites (Web Browsers)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: very slow pc
- Next Thread: Virtual Bouncer/Ad-destroyer Trojan
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Latest Viruses, Spyware and other Nasties Posts
Related Forum Features
adware anti-malware anti-virussitesaccessissue antivirus apple attack audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email europe exam exploit facebook fake fancheckvirus gaming gtaiv gumblar hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile msn news obama paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus scareware school search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista warning windows worm zeroday
