new adware?

I have a process running adware. The process associated with a blank window is shrinkwrap.exe

Anyone have any clue how to remove this

I ended process and it comes back. I do not have IT powers, but I can get the IT department to make changes if it needs to be done at the system level

adaware does not pick it up. I search the internet and its not anywhere

Thanks in advance.

anonymous
Wed Jun 09 14:01:35 CDT 2004

I sucessfully removed the worm... manually.
to registry entries and 3 end processes later.

Here are the associated files to the new worm. I could
not find them in anyone's virus definitions.

shrinkwrap.exe, onsvr.exe, aornum.exe

These files seem to be a new agobot worm.
I found them on my computer today. Not sure the extent of
its powers other than putting adware and auto
reinstallation. it accesses popup ads.

>-----Original Message-----
>I have a process running adware. The process associated
with a blank window is shrinkwrap.exe
>
>Anyone have any clue how to remove this?
>
>I ended process and it comes back. I do not have IT
powers, but I can get the IT department to make changes if
it needs to be done at the system level.
>
>adaware does not pick it up. I search the internet and
its not anywhere.
>
>Thanks in advance.
>.
>

Chuck
Wed Jun 09 14:22:07 CDT 2004

On Wed, 9 Jun 2004 09:36:03 -0700, "Crimsonshadow"
<anonymous@discussions.microsoft.com> wrote:

>I have a process running adware. The process associated with a blank window is shrinkwrap.exe
>
>Anyone have any clue how to remove this?
>
>I ended process and it comes back. I do not have IT powers, but I can get the IT department to make changes if it needs to be done at the system level.
>
>adaware does not pick it up. I search the internet and its not anywhere.
>
>Thanks in advance.

AdAware is good. Spybot S&D complements AA; both will detect threats that the
other won't. CWShredder and HijackThis are even better, and will detect threats
that neither AA nor SSD will. All are free, and download fairly quickly.

First, download LSP-Fix and WinsockXPFIx from <http://www.cexx.org/lspfix.htm>,
and CWShredder from <http://www.majorgeeks.com/download4086.html>. All are
free.

Next, close all Internet Explorer and Outlook windows, then run CWShredder.
Have it fix all variants.

Now check for, and remove, spyware. Get HijackThis
<http://www.majorgeeks.com/download.php?det=3155> and Spybot S&D
<http://www.safer-networking.org/index.php?page=download>. Both free.
1) Install and run Spybot. First update it ("Search for updates"), then run a
scan ("Check for problems"). Trust Spybot, and make all recommended deletions.
2) Install and run HijackThis. Do NOT make any changes immediately. Save the
HJT Log. <http://forums.spywareinfo.com/index.php?showtopic=227>
3) Have your HJT log interpreted by experts at one or more of the following
forums (and post it, or a link to your forum post, here):
<http://forums.net-integration.net/>
<http://forums.spywareinfo.com/>
<http://forums.tomcoyote.org/>
<http://www.wilderssecurity.com/>

If removal of any spyware affects your ability to access the internet (some
spyware builds itself into the network software, and its removal may damage your
network), run LSP-Fix and / or WinsockXPFIx.

Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.

PA
Wed Jun 09 22:32:56 CDT 2004

Remember that iWon pop-up you clicked on?

So How Did I Get Infected Anyway?
http://boards.cexx.org/viewtopic.php?t=957
--
HTH - Please Reply to This Thread

~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE), AH-VSOP

AumHa Forums
http://forum.aumha.org

Protect Your PC
http://www.microsoft.com/security/protect

Crimsonshadow wrote:
> I have a process running adware. The process associated with a blank
> window is shrinkwrap.exe
>
> Anyone have any clue how to remove this?
>
> I ended process and it comes back. I do not have IT powers, but I can
> get the IT department to make changes if it needs to be done at the
> system level.
>
> adaware does not pick it up. I search the internet and its not anywhere.
>
> Thanks in advance.