For those that use Smilie Central...

Oh, Dave, don't look up stuff on Photo Exposion! I deleted it from my machine! I never use it, anyway. Yes, Newton Knows was one of the files that Spy Doctor found in "Disk Scan." I cleaned it twice. It should be gone now that I deleted Photo Explosion. The "Virtumundo" sounds sorta familiar but I think it was "Advirtum" or something like that.

All the scanner if finding now are cookies, but those damned RUNDLL boxes keep popping up! The only thing left to do now, that I haven't done is to DL MyWebSearch (IE or MSN) again and then delete it from the control panel rather than with the Spy Doctor. In fact, "MyWebSearch" was very suspicious to me when it downloaded! That's exactly when "My MSN" (IE?) page changed. I get updates from Windows through IE and I'm sure that one wasn't legitimate! The only thing I can think of that caused all these problems is having dl'd Smilie Central and maybe even MSN Messenger.

Before you go do any more work on this and go searching the internet, let me do what you said using Start/Run and see what happens. Then, if MSN has answered me, I'll try dl'ing MyWebSearch and delete the whole damned thing, not just the adware in it.

When we went out shopping earlier in the day, I left the computer on and when we got back, about 5 hrs later, there weren't nearly as many error boxes as there has been. Maybe "my fire" is partially contained. Ya think?

{{{{{{{{{{{{{{{{{{{{{{{{Dave}}}}}}}}}}}}}}}}}}}}}}}}}}} Thank you so much for using up so much time and energy when you have so much to do for yourself! I posted on your Depression thread and told you to forget it. I might have known you wouldn't, you sweet thing!

Thanks again, luv!




<font color=blue>"Our doubts are traitors and make us lose the good we oft might win by fearing to attempt" --Shakespeare</font color=blue>

Thanks, Heather, but I don't think I need another spyware cleaner/finder. The one I've got is doing a bang-up job! All I need to do now is find out what programs had that spyware that infected so much of my hard drive. gggrrrrrrr!! The first run, it found 200+ infected files!!

Thanks for the suggestion anyway.




<font color=blue>"Our doubts are traitors and make us lose the good we oft might win by fearing to attempt" --Shakespeare</font color=blue>

If you can hold off on reinstalling/uninstalling. I don't think that will work, it looks like other people have tried it.

I did find out that one way it can come on your system in a package of "popular screensavers"

------------------------------------
--http://www.idexter.com

Virtumundo is the name of the company and I would bet a billion tomatoes-in-a-bag that Advirtim has something to do with one of their products.

Anyway... before continuing I do think you have at least two different problems here. The .dlls are one batch of spyware, I suspect they are being blocked right now so you are safe. (Other than the annoying error messages)

The other problem is the "MyWebSearch" thing and one of the things it does is change your homepage like you described.

A lot of people are saying that you can remove MyWebSearch from "add/remove" but a lot of people are also reporting that that isn't working, maybe intentionally (because they don't really want you to uninstall the software).

One of the reasons that Spybot and Adaware can't remove some of these things is because they are usually currently running when you start windows, and things that are running can't be deleted. When you ran SpyBot and Ad-Aware did at some point they tell you to reboot so they could remove the last of the files? (Although even that didn't work totally on the machine I was working on... but its a start).

I think trying "add/remove" again would be a good first thing to try... but you should do a few things first. I found a list of all the things you should add/remove but I want you to try disabling them first.

Open "msconfig" through the "run" dialog like I said before, go to the "startup" tab, and see if you can find "MyWebSearch as one of the startup programs. They are in order that they load, not alphabetical, so you'll have to look carefully. Take the check off anything that says "WebSearch" or "MyWebSearch" or anything similar.

Also uncheck anything that says "Speedbar" or "My Way Speedbar" or "Search Assistant" These are all related things (and one of the pages does say that this can come from SmilieCentral).

Restart your computer. Don't open any browser windows (if any are still opening up, close them) It won't uninstall if there are any browser windows open.

Then do the add/remove and uninstall any or all of these:
# My Web Search (Smiley Central or FWP product as applicable)
# My Way Speedbar (Smiley Central or other FWP as applicable)
# My Way Speedbar (AOL and Yahoo Messengers) (beta users only)
# My Way Speedbar (Outlook, Outlook Express, and IncrediMail)
# Search Assistant - My Way

When you finish that, search for a file named "MWSOEMON.EXE" and delete it. Then restart. See if things are any better.

<hr>

Also wanted to check... when you run Spybot or AdAware, do you do an "update" before you run to be sure they are looking for all the latest stuff? If not, try again, it may help... but there are people with uptodate defs that are still having trouble...

------------------------------------
--http://www.idexter.com
<div class="foot">(Edited by dexter on 08/26/04 11:45 PM.)</div>

"A lot of people are saying that you can remove MyWebSearch from "add/remove" but a lot of people are also reporting that that isn't working, maybe intentionally (because they don't really want you to uninstall the software)."

You know how when you delete a file in your directory and it doesn't delete completely because you didn't use the "remove software" utility? That's what happened to MyWebSearch. The Spy Doctor deleted the adware and now "RS" can't remove the program. That's why I thought I could reinstall/delete but I won't do it until I try what you suggest. Cross your fingers for me!





<font color=blue>"Our doubts are traitors and make us lose the good we oft might win by fearing to attempt" --Shakespeare</font color=blue>

Ok... I found this one twice: "MWSOEMON.EXE"

I also found one that had to do with MyWebSearch...

then the very first thing listed caught my eye! it is called MvCpl - Rundll32.exe.

What do I do with it? That one was under the infections listed! (it's doing it again! I got two rundll error boxes right in a row right now!) (again!) What I did was unclick the boxes, clicked "apply" and "ok." I couldn't find any of those files on "remove software." It told me to restart to allow the changes to take place. I did. I got a box saying "You have used the System Configuration Utility to make changes to the way Windows starts. The System Configuration is currently in Diagnostic or Selective startup mode...." AH! It went away... Anyway, it says to undo the changes or click the little box so that this message box doesn't appear again.

Anyway, unclicking those files is supposed to disable them, not delete them. Hmmmm....?

LisTen, Sweety... you best take care of YOUR things in the morning and please DO NOT give ANY TIME to this until you've taken care of YOUR business, ok? I'm leaving things just as they are for now. The computer is working so I'm not gonna worry.

{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{Dave}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}





<font color=blue>"Our doubts are traitors and make us lose the good we oft might win by fearing to attempt" --Shakespeare</font color=blue>

You are correct, unchecking doesn't delete them.

I started writing a message about the registry editor yesterday but changed my mind. Is it something you want to look at? You can't get into trouble just by looking, as long as you don't change anything there. Let me know and I'll post instructions.

Here is the deal with the startup tab, and it involved the registry. The registry is where Windows stores ALL of the data about your system and software. It contains the info about what hardware you have and what drivers have to be installed for them, all of your configuration settings for all software installed, all of your preferences. When you change the settings in Internet Explorer, those changes are stored in the registry, that's how it knows. When you use an application like Word and use the "recent files" list to open a document, that list of files is in the registry. There it is stored what you want your taskbar and start menu to look like, the desktop pattern you have chosen, etc.

When you install software it writes its own stuff to the registry, the stuff it has to load to run, some of the preferences for that application, etc.

Now with the stuff running... a file on your hard drive doesn't mean anything. It doesn't do anything but sit there and take up space. It can't effect your system. It only means something when you "start" that file (such as when you start an application... fire up your browser or start your word processor for example) OR when some application that is running accesses or calls that file.

Now when you turn on your system, there are some applications that should be running automatically, and running all the time. Your antivirus software, for example. You don't want to have to start windows, and then click on your antivirus software to start it before you begin to do anything. So windows keeps a list of software that you want to start up automatically... and of course this list is in the registry.

The "msconfig" dialog startup tab just displays a list of all the stuff in the registry list that is set to run automatically. When you uncheck something there, it just takes that entry off the list in the registry of things to start. Doesn't do anything to the file, just says not to start that file.

You'ld think it would be easy then to just uncheck the adware stuff and keep it from loading... but the problem is that the adware stuff doesn't run directly from a list, there is some other program somewhere that loads and that program tells the adware to begin. That adware file then may have instructions to load some other files, like those dlls, and if you don't have them (maybe you deleted them) to go on the net and copy them to your hard drive again! Or access them from some other hidden file and copy them back to the normal locations again. I've noticed that lots of adware creates files with random file names that change each time they reload themselves, so you can't just go looking for a list of filenames either. And the problem with the adware, is that even if you delete all the associated files and remove all the registry entries, if you've missed ONE PIECE anywhere it is designed to just load up everything else all over again, rewrite the entries in the system registry, and you are back to square one. So not only does EVERYTHING need to be deleted, but it all has to be deleted at the same time before you reboot. And some files won't delete because they are running at the time.

Now there will be a lot of stuff in that startup list that you don't recognize, don't worry, that's normal. You can uncheck things if you want, some are things that are harmless but you really don't need them loading all the time, they just slow down your system. Some if you uncheck won't seem to make any difference at all, but then at some point you run a piece of software and have a problem with it, that software needed that piece to load at start (no harm done, you just open up msconfig and check the box again and restart). DON'T uncheck anything related to your antivirus or anti-spyware because you don't want to leave your system vulnerable. Things like your antivirus may have several startup entries, if you can't recognize something by the name, look in the "command" column and see where the file is located... if the file is in the McAffe folder for example you should probably let it load.

For anything suspcious, you can just google it. There are a lot of things that are named to sound like legitimate parts of Windows but are actually spyware. If that's the case you'll get a million hits on google explaining what it is, whether you need it or not, etc.

I'm going to do a little searching and come back with more.

Oh one more thing, I should have warned you about the "system config utility" box, that is just to remind you that you have unchecked some of the things there. You do want to let it make the changes. It is probably best for now to let the box appear every time you start up just as a reminder, but if you already checked the "don't show again" box there is no harm. It is just a reminder, and if you choose to change things again all that will happen is that it opens up msconfig for you, but you know how to do that yourself already. If the warning box gets annoying it is ok to check "don't show again"

Sorry I forgot to mention that last night.

------------------------------------
--http://www.idexter.com

OK, first thing... you said you saw MvCpl, did you mean NvCpl? I can't find anything on Mv but NvCpl is supposed to be there, it is part of your nVideo video card. That needs to be there to initialize the card properly.

But you say McAffe is reporting it as a virus?

OK more long explanations (sorry ).

A virus is a bit of a different thing...

Those files that end in ".dll" the "dll" means "dynamic link library" and that's just a fancy name for a simple thing. DLLs are just files that have lots of program instructions, "routines", but rather than being in the file that is the program itself (the "exe" file, which is the file you actually click to run a program) these instructions are written to a separate file for convenience. Many of the instructions are usefull to more than one application, so this way many applications can share the dll instead of having those instructions written over and over again in each application. It also makes it easier to update applications... if all of the "routines" that perform related chores are organized in one dll, then a change or a bug fix involves just replacing that one dll file with a new one instead of changing the whole program file.

Think of applications, the "exe" files, as recipes... they contain the instructions of how to make "ie" appear and do all of its stuff, "word", etc. Suppose you had a box of recipies, pies, cakes, maybe a whole bunch of pasta dishes. Now you pull a recipe card for one of the pasta dishes, pasta alfredo or something. The first thing you have to do is cook the pasta... fill a pot with water, let it boil, add the pasta, let it boil a certain amount of time, test it, etc. Now if each recipe card for a pasta dish started out with "boil water, add pasta" etc each card would get pretty big pretty fast. Instead you write a separate card with the instructions to cook the pasta, starting with "boil water" (pretend these recipe cards are for your husband to do the cooking while you are out of town ). Then on your "alfredo" card the first thing it says is "find the 'cook pasta' card and do that. After you do that follow these directions..." The pasta card by itself isn't a recipe (unless you like eating plain pasta with no sauce or seasoning) but many of the recipe cards can now share that card.

Suppose you get home from the trip and discover your husband has been eating uncooked, crunchy pasta all week. You follow him to the kitchen and have him show you what he is doing, he follows the card, fills the pot with water, puts it on the stove, adds the pasta... and you realize you forgot to write "turn the fire on under the pot". You can either get a divorce for having such a helpless husband, or you can take out that "cook pasta" card and replace it with one that includes the "light stove" instruction, put that in the box, and now all of the pasta recipies in the box are fixed all in one fell swoop.

There are about a billion dlls that Windows uses and all of your other applications use, they all get accessed very often. One way for a virus to work is to take a known dll and replace it with another one... the new one will contain all of the same functions as the old one (so everything runs OK and no one is suspicious) but adds instructions that can do nasty things or screw up your system. Maybe take a DLL that your email program uses, that accesses the file for your address book, reads a name, creates a new email invisible to you, adds a "clever" message, and attaches an exe file that will install (change) the same dll file on their machine that was changed on yours. Your friend thinks you sent him a funny game, clicks on the attached file, and unwittingly puts the virus on his system.

If McAffe is reporting that your nvcpl file has a virus, it could either be a false positive, or it could really be that a virus changed that file. Does McAffe give the name of the virus? If so you can look it up at http://securityresponse.symantec.com/.

Remember the "nvcpl" file is not the virus, the virus is an alteration of that file, and McAffe should display the name of the virus it found.

If McAffe can't fix it you might want to see if the Symantec site has any info on a tool you can download to remove it. It might require you to uninstall and reinstall your video driver from a fresh copy though... not hard but could be tricky.

While you are on the Symantec site have a gander at all the new viruses that are discovered each day. Many of them are just "lab" viruses that aren't really spreading over networks but you never know. That it is why it is so important to always keep your antivirus definitions up to date.

------------------------------------
--http://www.idexter.com
<div class="foot">(Edited by dexter on 08/27/04 01:52 PM.)</div>

Ok... so far, so good. I understand everything you've said so far and pretty much assumed that the box I'm getting now is just information. I haven't checked the little white box but I know I can get back into msconfig whenever I want to.

I don't necessarily want to look at the resistry. I wouldn't change anything in there anyway because I'd be afraid to really screw things up, so why look at it?

Not to worry. I'm not disabling anything that has to do with McAfee or Spy Doctor. I also understand about the "pasta." LOL One .dll can make several games run, for instance, right?

Read on in next post...



<font color=blue>"Our doubts are traitors and make us lose the good we oft might win by fearing to attempt" --Shakespeare</font color=blue>

"NvCpl"

Correct! I was just trying too hard to get it right, I guess, because I remember Trying to be careful as I typed it. LOL Oh, well... That was very first on the list so I thought it might be an offending file because 2 error boxes pop up as soon as we start the computer. So, I'll click it on again.

I don't remember if McAfee reported it as a virus, but I'll run the scan again after I've clicked it back on and see if McAfee says anything. I'll be back when I finish the virus scan...





<font color=blue>"Our doubts are traitors and make us lose the good we oft might win by fearing to attempt" --Shakespeare</font color=blue>

Ok... ran the virus scan and found no viruses but one adware in "winhost32.exe." Again, it's that "Advirtum" that keeps reinstalling itself.

Having McAfee running all the time is keeping the viruses out darn good. It's the tracking cookies and that Advirtum that keeps installing itself that are pissing me off now, not to mention the .dll error boxes!

You suppose that if I disabled one file at a time in the msconfig, I'd find which one (or more) is missing that danged .dll??

BTW, I enabled the NvCpl again. It didn't seem to make much of a difference in the error boxes and McAfee didn't find any viruses in it. Didn't show up at all. To tell you the truth, the worst thing now is all the error boxes showing up.

Oh! And since I disabled MyWebSearch, the proper IE opening page is back! We're making progress, I think!

Please relax now and stop working so hard on my stuff. You don't know how much I appreciate it, though!

Wish I could come over so we could just sit and relax or talk about where you need help the most. I'm not phobic. I'd sit next to you, hold your hand and even give you a squeeze when I got ready to leave.

Can't do it in person but close your eyes and imagine a great big, fluffy pillow giving you this... {{{{{{{{{{{{{{{{{{{{{{{{{{{Dave}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}




<font color=blue>"Our doubts are traitors and make us lose the good we oft might win by fearing to attempt" --Shakespeare</font color=blue>

It is possible that you are close. winhost32.exe is indeed part of adware and it is a downloader, so it is responsible for reinstalling all the stupid stuff every time you delete it.

You might be home free if you delete this file. It should be located in your Windows folder, inside the "System32" folder if you are on XP or the "System" folder if you are in Windows95 or 98.

It might not let you delete the file, because it is a running process. If that is the case, open your task manager (control-alt-delete all at the same time) Make sure you press control-alt-delete only once or else it will reboot your computer. In the Task Manager, click on the tab that says "Processes". (gee there's a lot of crap that runs just to get Windows up and running, eh? ) Look for "winhost32" in the list (this list you can sort alphabetically by clicking on the header of the "name" column). From what I read there are supposed to be two showing as running. Don't worry if you see only one or more than two... we are going to stop them all.

Click once on any entry that says "winhost32" to select it, then hit the "end process" button. If there are more copies, end them all, one at a time. When you are done close the task manager.

Now go back to the file and try to delete it. (I like to give it a few seconds to make sure the process is really stopped). Hopefully it should delete.

One of the reports I found said that winhost32 is in two locations... so just to be safe, do a file search for "winhost", make sure "check system and hidden files" is checked in the options, and run the search. If it pulls up any copies of winhost3.exe or winhost.anything-else delete them (you can delete right from the results in the search box.)

Reboot and maybe everything will be ok.. I don't know if those dlls are called from winhost32, if so they should stop. If they still appear there may still be something else loading from the registry that we have to locate and stop.

------------------------------------
--http://www.idexter.com

Ok, I've got the task manager open and I've checked for winhost32.exe and it's not there. However, what IS there is RUNDLL32.exe !!!! I'm athin'in' THAT'S what I want to delete. What do you think??




<font color=blue>"Our doubts are traitors and make us lose the good we oft might win by fearing to attempt" --Shakespeare</font color=blue>

hold off with that... I think that is a real Windows file that is needed...

------------------------------------
--http://www.idexter.com

Ok... but go to bed now!! It's after 1 am where you are! We'll take this up again tomorrow, ok?

"Lullaby... and good night... la la lala laaaaaaaa..." I forget the words.

Good night, Sweet Prince!




<font color=blue>"Our doubts are traitors and make us lose the good we oft might win by fearing to attempt" --Shakespeare</font color=blue>

Ok DO NOT delete rundll32.exe.

RUNDLL32.exe is the Windows program that loads DLLs into memory so the apps that need them can use them. You saw its name associated with that bad dll previously because it needed that command to launch itself... it was the dll that was naughty, not the RUNDLL file.

So go ahead and delete winhost32.exe, search for all of them and whack them all. Reboot, and see if that helps. If it won't let you delete winhost32 because it is "running" we will have to dig further. Otherwise we hope to slide into home base without getting tagged out.

The process list in the task manager will show RUNDLL but won't show you what DLL it is running. There is a way to find out the list of DLLs running from that command, but it is kind of convoluted... if deleting whinhost doesn't solve, that might be the next thing to try. It's not hard, just a bunch of steps typing weird commands.


------------------------------------
--http://www.idexter.com

What RUNDLL does is this... suppose you are going to make alfredo for dinner, but you want your hubby to cook the pasta for you. You can't tell him to look at the "cook pasta" card and do that, because the "cook pasta" card isn't designed to be a "recipe card"...lets say that to cook a meal, hubby goes to the recipe box and pulls out a recipe card, puts it on a little holder-stand, and follows the directions. If the recipe card says "pull out the "cook pasta dll" card and do that, he pulls the "cook pasta" card out, puts it on the stand to read it, and then goes back to the recipe card to follow up with the directions.

Now, you have told hubby that he is NOT allowed to take one of the DLL cards out of the box by itself and "do it" , he can only pull a dll card out when another recipe card tells him to do so. This is because you don't want him eating naked pasta by accident the next time you go on vacation, so you have distinguished the "Recipe" cards from the "DLL" cards, marked them blue or something.

But now you want him to do just that because you want his help in preparing dinner. The RUNDLL program allows him to get the DLL card, that normally isn't supposed to be "complete" on its own, and do just that. The RUNDLL card is just a blank recipe card, marked in blue like the others, with an empty line at the bottom... you take a magic marker and write in "cook pasta.dll" on the blank line and give him the card. He can do that now because the RUNDLL is marked as a Recipe card and he is allowed to do what a recipe card says. Otherwise you'd have to send him vaccuuming the living room instead to keep him out of your hair while you are trying to cook.

RUNDLL32.exe isn't a functional program by itself, that is it doesn't do anything on its own. Remember when you saw it listed as RUNDLL32.exe mywebsearch (or whatever, I forgot). The RUNDLL program has that "blank line" that has to be filled in, so the command to run it always includes another filename after it, that's the DLL that you have asked it to go fetch and run for you.

Someone sticks a "set house on fire" DLL card in your recipe box, steals a blank RUNDLL card and writes "set house on fire" on the blank line, and gives it you your husband... well, you see the problem. Someone could also steal your "cook pasta" DLL and replace it with one that has all the same instructions but then adds "pick up pot of boiling water and pasta and throw it against the wall of the kitchen" and sticks it back in the box... that's a virus... doesn't need a RUNDLL card, just has to sit back and wait for him to pull any recipe card for any pasta dish.

Is anyone hungry?

------------------------------------
--http://www.idexter.com

I SWEAR I DIDN'T DO ANYTHING YOU DIDN'T TELL ME TO DO!!!!!!

I've been working to get back online since early this morning. My AOL got all corrupted and wouldn't recognize my password, among other things. I finally hit on the right AOL to uninstall because I reinstalled a different version of 9 that I had! ARGH!!!! That's fixed now, I think, unless it screws up again when I log off or turn off the puter tonight.

Something else that got deleted and I don't know how, are my restoration points! ARGH!!! I had set one up once a month as long as the puter was working properly. All gone now, except today.

Back to square 2! I need to find the file(s) that needs RUNDLL32. exe ... or I need to find it somewhere on the web and reinstall it. I think I can manage from that point. What do you think?

BTW, I've only gotten one dll error box since I logged on this time, but I'm not holding my breath.

(I ate alfredo day before yesterday. Don't think I'll have him for dinner just yet. LOLOLOL )




<font color=blue>"Our doubts are traitors and make us lose the good we oft might win by fearing to attempt" --Shakespeare</font color=blue>
<div class="foot">(Edited by SeptemberMorn on 08/28/04 04:11 PM.)</div>

Which DLL error box is still appearing?

Restore points... maybe your hard drive is filling up? Restore points take a lot of disk space... however I would think if space began to fill up it would delete older ones as needed, not wipe out all of them in one fell swoop.

I don't use the restore points here, (I just keep careful track of everything and backup manually) so I can't say exactly how they are designed to add/delete.

Don't forget though that this could also be a registry issue... as I described above, the restore points involve making backup files on your hard drive, including the data of all the settings at that point in time... but the information that you have restore points... the list of restore points and the dates and such, are all stored, you guessed it, in the registry.

So if something deleted the list from the registry... the disc space and all the actual info needed for those restore points would still be there, but the dialog box that comes up that shows you the restore points would no longer have any "memory" to give you the list of those restore points.

------------------------------------
--http://www.idexter.com

>>I need to find the file(s) that needs RUNDLL32. exe

IF the files that are looking to be run from the RUNDLL command are legitamit system software files that actually got deleted, then yes you need to replace them.

BUT if the files that are looking to be run from the RUNDLL command are part of the spyware software, then you don't want to find the files, you want to make it stop trying to run those missing files in the first place.

(You've removed the "set house on fire" DLL card because you know it is bad, but someone keeps giving your husband the RUNDLL card with the blank line filled in "set house on fire"... so your husband comes to you each time scratching his head and whining "But I can't FIND the DLL card..." In this case you don't want to replace the bad DLL, you want to find out who keeps giving him that RUN card and smack them on the head... stop those cards coming and your husband will stop whining every time you boot him up )

Open up msconfig again and on the startup tab, expand the "command" column so you can see the full lines there (tip if you didn't know this... instead of dragging the line between the column borders to adjust the size, if you double-click right on that line the column will automatically expand or contract to just the right size to display the longest line in the list. This works for filenames in window lists too...)

Go down the list and look for ANYTHING that included the rundll32 command, and tell me the while line of the command including the dll it is calling. We still have to figure out if these dll's are being called directly on startup, or if some other program is starting up and calling these dlls.

Next thing I'm going to explain how to do a binary search. Simple concept, most efficient way to find something in a list, the same technique will almost guarantee you a win on "The Price Is Right" too.

------------------------------------
--http://www.idexter.com

The one error box that popped up was the 'winupd.dll' that kept popping up all the time. The count is still at one.

Ok... let me do what you said... BRB

Back... ggrrrr it won't expand! It rebooted for me and AOL was really slow starting up but at least it's the original version. So far, no DLL error boxes... hmmmm.... Maybe we should leave well enough alone?

Oh, crap!! Just went to my banking site and I got a "wincore.dll" error box! I think I need a break!




<font color=blue>"Our doubts are traitors and make us lose the good we oft might win by fearing to attempt" --Shakespeare</font color=blue>
<div class="foot">(Edited by SeptemberMorn on 08/28/04 04:56 PM.)</div>
<div class="foot">(Edited by SeptemberMorn on 08/28/04 04:59 PM.)</div>

OK, just to confirm... the "winupd.dll" is spyware. It's the "set fire to the house" recipe card which has been deleted, so you have to make the request to load it go away to stop the error.

So don't do anything to attempt to reinstall winupd.dll... anything that would succeed in doing that would be a reinstallation of the spyware that you wanted to get rid of in the first place...

---------------

2) "wincore.dll" is the same deal as above, I think even part of the same spyware application. Don't try to reinstall anything to get it back.

Take a break! Just hold on to the error messages for now... they are a good thing because it means the spyware is not loading when it is trying to. We'll work on getting rid of the errors after your break

Also just wanted to confirm, were you able to successfully find and delete the winhost32 file? (Any or all of them?)

In case the instructions I gave were confusing before, regarding the task manager... Suppose you want to delete the winhost32 DLL card from the recipe card box, but when you try to do so you can't (i.e. find the file, hit delete, and get an error message). This could be because your husband has the winhost32 DLL card in his hand and he is using it right now because some recipe called for him to use it. If it is in his hand, you can't delete it from the recipe card box.

Task manager shows you all of the cards that are in his hand. If you find the winhost32 card in there, you can select it, click "end task" and that takes it out of his hand and puts it back into the box. Then you can go back into the box and delete it without getting an error.

If you can find that file and delete it without getting an error message then there is no need to find it in task manager.

Of course if something tells the mister to go get that card again, then he's going to start whining again. If we are really lucky, winhost.exe might be the thing telling him to go find winupd.dll which is causing all the whining. Hopefully, again if we are lucky, deleting winhost.exe will cause that to stop without generating a different message complaining about winhost...

------------------------------------
--http://www.idexter.com

Ok... I did a search of all files and folders including hidden because I couldn't find it any other way. I found "winhost320.MCQ in quarantine in McAfee (\AllUsers\Application Data\McAfee.com\VSO\Quarantine). Why is it still working and what do I do with it? I should probably delete it but now I'm afraid to do anything without your say-so.

Hubby leaves tomorrow, (I think!) so I'll have more peace of mind. I just don't want to keep you busy with this and exhaust you when you have so much on your plate to deal with. I'll be patient if you need me to be.



<font color=blue>"Our doubts are traitors and make us lose the good we oft might win by fearing to attempt" --Shakespeare</font color=blue>
<div class="foot">(Edited by SeptemberMorn on 08/29/04 03:46 AM.)</div>

Ok... the reason you were looking for winhost32 was because McAfee said it was a virus, right? You didn't see it somewhere else, in a dialog box or in the startup list of msconfig?

You can go and delete it, but do not delete the file that you found (the .mcq file) instead open McAfee and get the "quarantined files" list and delete if from there. I don't use McAfee so I don't know the exact procedure.

If McAfee quarantined it then it should not be running... which means it is not the source of the DLL error messages. No reason to keep it around though.

<hr>

FYI... I say delete it through McAfee because that's another "registry" example. When you look at the list of quarantined files in McAfee, McAfee has stored that list and reads it back from the registry or its own reference file. When you invoke McAfee to delete it, it will delete the file and update the registry list.

If you were to bypass McAfee and delete the file right from Windows, the file would be gone but the list would not be updated. When you opened McAfee you would see that it still has that file "quarantined" but if you tried to delete it you might get an error, because McAfee wouldn't be able to find the file to delete. No serious harm, but could cause confusion if you forgot that you deleted the file on your own, not to mention the annoyance of having that name on the list forever more.

------------------------------------
--http://www.idexter.com

Yeah... I got an "Aha!" moment and realized that if the file was quarantined, then why not clean it, right? So I told McAfee to delete it.

Now I'm going to go back through all your instructions and make sure I've done everything like you told me and see if I have missed something. Maybe I need to delete or Uninstall SpyDoctor and download AdAware so we're more on the same page. SpyDoctor keeps coming up with all kinds of tracking cookies and sometimes, I swear!, I haven't been anywhere but here to THIS site and haven't clicked on any of the suggested sites. Go figure! SpyDoctor says they're relatively harmless so... I don't know!

Now that I'll have more peace and quiet than I really want, I'll be able to concentrate better... and no interruptions!




<font color=blue>"Our doubts are traitors and make us lose the good we oft might win by fearing to attempt" --Shakespeare</font color=blue>