Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Two files

Dec 19, 2005 7:24AM PST

My daughter-in-law called and had problems with her keyboard typing weird stuff...I had her (XP Home system) disable system restore and get the free java scan from trendmicro. It found many things, but two items it said it couldn't remove and clicking details/instructions for removal said that there weren't any available.

The two file names are adw_se.72688 and the other is worm_spybot.b-7

Doing a google search for the first turned up nothing, but it seems strange that the name would be so close to AdAware SE and wondering if it's a spoofed name. The other comes up with Trendmicro's page for older worms/viruses and a dcp file that can supposed remove it but only as a new definition to their own virus program.

Why wouldn't ETrust be able to detect either of these items if it's current and running in real time? Why would no other virus program list it in google?

How do I tell her to get rid of these two items before enabling her system restore again? I'm planning to tell her to run AdAware and the MS Anti-spyware program next while I wait for an answer here.

TONI

Discussion is locked

- Collapse -
Toni, Where Were Those Files Found ?...And...
Dec 19, 2005 7:56AM PST

..were those the file names or the names of the malware detected?

Running the scans you've mentioned in Safe Mode would help. In addition, while in Safe Mode, I would download and run the Stinger removal tool from the link below. It removes many of the Spybot/Sdbot variants.

http://vil.nai.com/vil/stinger/

Hope this helps.

Grif

- Collapse -
adw_se72688
Dec 19, 2005 9:35AM PST

adw = adware, and I am sure that se72688 is a reference number in the Trend Micro database for that infection.

Housecall provides you with very little information for such detections. On my computer, it found adw_se70084, but gives no information about it, or where it was located. After I let Housecall clean it, I found out that it had erased the language configuration for my Maxthon browser.

- Collapse -
(NT) (NT) Ouch!!! Condolences, Brent ! Another Poster Found Same#
Dec 19, 2005 3:20PM PST
- Collapse -
Not a big problem, really...
Dec 19, 2005 3:46PM PST

It just brings up the language option screen the next time you open the browser. Reselect and you're good to go again.