locked
force tech RRS feed

  • Question

  • I just received a customers laptop with this same problem.

    I think this may just be Mal-ware

    to take care of this I'm falling back on my trusted spy-bot s/d

    right off the bat spy-bot reported suspicious file activeity

    File name :  mwsoemon.exe

    this file is located in a hidden folder that is in the program files(x86) folder

    c:\program files(x86)\mywebsearch\bar\1.bin

     

    when spy-bot finishes its scan I'll post weather its successful or not at resolving this issue completely

    • Split by Darin Smith MS Tuesday, April 20, 2010 7:19 PM one issue per thread
    Thursday, April 15, 2010 1:33 AM

Answers

  • ok spybot removed the files but was unable to fix reg entries that blocked or modifed wga files

    what finally fixed it was a rollback in system restore

    side note i wasn't able to access system restore until spy-bot was done

    going to install decent malware software and hope it dose not come back

    Thursday, April 15, 2010 8:18 PM

All replies

  • after running spy-bot for only a half scan it found alot relating to mywebsearch

    there were 209 hits for  " mywebsearch "

    41 hits for "myweb.mywebsearch"

    and 90 for "funwebgames"

    it was unable to remove some proccesses until a scan at boot

    will post back with results

    Thursday, April 15, 2010 2:33 AM
  • ok spybot removed the files but was unable to fix reg entries that blocked or modifed wga files

    what finally fixed it was a rollback in system restore

    side note i wasn't able to access system restore until spy-bot was done

    going to install decent malware software and hope it dose not come back

    Thursday, April 15, 2010 8:18 PM
  • Hi force tech,

    Thank you for the telling us about the issue and what resolved it.

    However, I have split your posts off to thier own thread so as not to confuse the troubleshooting of the person that created the thread's issue.

    [Update: I will split off the posts once the Forum is stable enough to allow it]

    Thank you,


    Darin MS
    Friday, April 16, 2010 9:36 PM