Windows Legacy OS forum

General discussion

C:/Websiteviewer

by bilirubin / November 5, 2004 5:58 AM PST

This is spyware, however, I manually delete it from the C: window and it keeps coming back! My ad aware programs don't even pick it up!

I think the actual program file is called 125020.exe, or something, and it just keeps coming back! Help me!

Discussion is locked
You are posting a reply to: C:/Websiteviewer
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: C:/Websiteviewer
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Re: C:/Websiteviewer
by roddy32 / November 5, 2004 6:10 AM PST
In reply to: C:/Websiteviewer
Collapse -
Re: C:/Websiteviewer
by bilirubin / November 8, 2004 11:28 AM PST
In reply to: Re: C:/Websiteviewer

Whenever I sign on to AOL (establish an internet connection), it pops up. A little window says "preparing to load plug-in" or something, and I have to open task manager and shut down three files: dstart.exe, iexplore.exe and s.exe. I have used both spybot and Adaware and neither of them find it.

Collapse -
Re: C:/Websiteviewer
by Merl Priester / November 8, 2004 3:11 PM PST
In reply to: C:/Websiteviewer

Not jsut spyware it is a trojan. search for s.exe on google

http://housecall.trendmicro.com
http://www.pandasoftware.com/activescan/com/activescan_principal.htm

I recommend before cleanup, turn off system restore, delete all your IE temp files.

If you are on broadband, reboot in safe mode with networking and scan from there.

You antivirus should have caught this.
Try http://www.avast.com free home version
set it to do a boot time scan. I find the windows swap file is infected occaisonally and nothing will touch it after windows loads.

Collapse -
Better approach perhaps is the infected file.
by Cursorcowboy / November 8, 2004 10:20 PM PST
In reply to: Re: C:/Websiteviewer
Note: Invasive software that is identified as having infected a System Volume Information file, example:

C:\System Volume Information\_restore{52D05BD2-2A50-4E9A-889A-194443DC4131}\RP86\A0033063.DLL

1. When System Restore is turned off manually or if you use Control Panel to stop monitoring one or more drives, Windows deletes all saved restore points on the selected drive and they are not recoverable. It is know that by turning System Restore off and then on, it can cause other software to break since the system volume information folder that is "newly" created may not allow access without resetting folder options by changing simple file sharing and adding yourself to the list of users for full access -- even if logged as admin! -- because Windows sets this folder up allowing only "the system" itself access by default.

2. The article [Q309531] describes how to gain access to the System Volume Information folder (a hidden system folder which the System Restore tool uses to store information and restore points and that exists for each hard-disk partition) and contains one or more _restore {GUID} folders such as _restore{87BD3667-3246-476B-923F-F86E30B3E7F8}. There may be one or more folders starting with RPx under the folder which are the actual restore points. Search for the file identified as being infected inside the folder and when found, delete that folder only and check your system again.
Collapse -
Re: C:/Websiteviewer
by Edward ODaniel / November 9, 2004 6:59 AM PST
In reply to: Re: C:/Websiteviewer

Hello Merle,

If you have found an infected swap file why not clear it on shutdown? It is also a security feature that is often overlooked. Here is how:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Memory Management

Set the ClearPageFileAtShutdown DWORD to 1. This will make shutdowns take longer, because it overwrites everything in the swap file with zeroes.

(NOTE that you will see Session Manager and SessionManager in the hive--it is the one with the space between the two words.)

Collapse -
''Another''
by Cursorcowboy / November 9, 2004 9:27 PM PST
In reply to: Re: C:/Websiteviewer

Please note that when the "by design" Security Policy Setting "Clear virtual memory pagefile" (click to see an example screenshot) is enabled, the computer may take longer to shut down than normal (ensure that memory data fragments will not be paged to disk in clear text form at shutdown). This behavior occurs because the computer must physically write to each page in the pagefile to clear each page and the period of time it will take varies according to the pagefile size and the disk hardware involved.

Note: Enabling this security option also causes the hibernation file (hiberfil.sys) to be zeroed out when hibernation is disabled on a laptop system.

Popular Forums
icon
Computer Help 51,912 discussions
icon
Computer Newbies 10,498 discussions
icon
Laptops 20,411 discussions
icon
Security 30,882 discussions
icon
TVs & Home Theaters 21,253 discussions
icon
Windows 10 1,672 discussions
icon
Phones 16,494 discussions
icon
Windows 7 7,855 discussions
icon
Networking & Wireless 15,504 discussions

REVIEW

Meet the drop-resistant Moto Z2 Force

The Moto Z2 Force is really thin, with a fast processor and great battery life. It can survive drops without shattering.