[SOLVED] VIRUS/Rootkit => URL Blocked http://rk400.com/?sov=rook-s1ysoft.com

[jeffce]

Hi,

Get me a screen shot of the popup. 

[thekochs]

Hi,

Get me a screen shot of the popup.

Here you go............

[jeffce]

Hi,

I need some information on some unidentified files. We will use Virustotal Please submit these files for analysis

To submit a file to virustotal, please click  VirusTotal

copy and paste the following into the upload a file box  (one at a time if more than one file is listed)

C:\Program Files\Internet Explorer\ws2help.dll

scroll down a bit and click "send file", wait for the results and post them in your next reply.

Please note that sometimes the scans take a few minutes. Please ensure that the scan has completed and the results are complete before submitting the next sample. Also please make sure each result is clearly identified as to which sample they belong to.
----------

[thekochs]

Hi,

I need some information on some unidentified files. We will use Virustotal Please submit these files for analysis

To submit a file to virustotal, please click  VirusTotal

copy and paste the following into the upload a file box  (one at a time if more than one file is listed)

C:\Program Files\Internet Explorer\ws2help.dll

scroll down a bit and click "send file", wait for the results and post them in your next reply.

Please note that sometimes the scans take a few minutes. Please ensure that the scan has completed and the results are complete before submitting the next sample. Also please make sure each result is clearly identified as to which sample they belong to.
----------

I assume I'll need to re-install IE8 ?.....I only ask since not sure if this file is lurking on the computer but only used with IE8 and not IE7 ?
I guess I can check the prog-files\ie\ directory for system and/or hidden files too.

[jeffce]

No, I am not thinking that yet.  Let's just see what VirusTotal says. 

[thekochs]

No, I am not thinking that yet.  Let's just see what VirusTotal says. 

I only have IE7 installed......you think this ws2help.dll file is there on the PC ?

[thekochs]

No, I am not thinking that yet.  Let's just see what VirusTotal says. 

I only have IE7 installed......you think this ws2help.dll file is there on the PC ?

[jeffce]

It could be....but the problem is that sometimes malware will disguise itself as legit programs and we need to see what VirusTotal is saying about the entry. 

[thekochs]

It could be....but the problem is that sometimes malware will disguise itself as legit programs and we need to see what VirusTotal is saying about the entry.

I see the ws2help.dll file under IE7 install.
I try to copy & paste and also try to browse to the file.....does not "enter" into the VirusTotal file to scan field.
Is there a trick to this since a DLL file ?
I also just tried some other PDF file....no load there either....strange.

[jeffce]

Hi,

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

Code: [Select]

:file
C:\Program Files\Internet Explorer\ws2help.dll


• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

[thekochs]

Hi,

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

Code: [Select]

:file
C:\Program Files\Internet Explorer\ws2help.dll


• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Here you go............thx.

[jeffce]

Hi,

Go ahead and delete that file and see if that helps. 

[thekochs]

Hi,

Go ahead and delete that file and see if that helps.

Right now I have IE7......I can delete this DLL ?
I'll then need to re-install IE8 to see if it works......IE7 there is no popup as you know.

[jeffce]

If you update to IE8 and receive the popups just delete that file.  It is bad from what I am seeing of it. 

[thekochs]

I set restore point.
Deleted C:\Program Files\Internet Explorer\ws2help.dll file which was one showing in threat pop-up.
Installed IE8.
No popups !!!!

I'll run machine for a week and post back to make sure then we can change thread to [SOLVED].