what is this? Apparently, its a text doc that is about 168 bytes ? ? I

delete it over and over and each time I restart my pc, there it is again

under the C\ drive along with all the other folders-WHen I click to open it,

this is what I see- One time it was filled with the objects below. But as

for now, it only has these.

WinMain - Web Function

MainInitGlobals - Web Function

MainInitWindow - Web Function

WinMain - Web Function

MainInitGlobals - Web Function

MainInitWindow - Web Function





--

Thanks so very much for your help-! ! ! !

It's a hijacker.



Dealing with Trojans & Hijackware



A. Trojans



1. Check in at Windows Update and install all critical updates & reboot.



2. Download and run Stinger (http://vil.nai.com/vil/stinger/); then...



3. Update your virus definitions, enable Show Hidden Files

(http://service1.symantec.com/SUPPORT...02092715262339)

and then run a full system scan in Safe Mode

(http://service1.symantec.com/SUPPORT...01052409420406)

with nothing else running in background.  Note the files identified and

removed then find the corresponding page for the file at your AV maker's

online support pages (e.g.,

http://securityresponse.symantec.com...favorites.html)

and follow *all* Removal steps, including editing the Registry if directed.



WinXP Only (WinME similar): If this scan finds anything, create a new

Restore Point then:



Disk Cleanup > More options > Delete all but the most recent Restore

Point.



B. Hijackware



Help with Hijackware (MS MVP sites all)

http://aumha.org/a/parasite.htm

http://aumha.org/a/quickfix.htm

http://mvps.org/winhelp2002/unwanted.htm

http://inetexplorer.mvps.org/Darnit.htm

http://www.mvps.org/sramesh2k/Malware_Defence.htm



CoolWebSearch Chronicles

http://www.spywareinfo.com/~merijn/cwschronicles.html



Run these tools in the following order with nothing else running in

background:



1. CWShredder v1.59.1 (no updates available currently; fix all found)



2. Ad-Aware SE (reconfigure per Post #2 in

http://aumha.org/forum/viewtopic.php?t=5877; fix all found)



3. Spybot (RTFM but generally fix everything in red)



Important: You must seek updates for Ad-Aware, Spybot, etc., before each and

every use, even "right out of the box".  But even they can't catch

everything, 24/7.  When all else fails, HijackThis

(http://forum.aumha.org/downloads/hijackthis.zip) is the preferred tool to

use.  It will help you to both identify and remove any hijackware/spyware.

**Post your files to http://forums.spywareinfo.com/ or

http://forum.aumha.org/viewforum.php?f=30 for expert analysis, not here.**



[Alternate download pages for many of the above tools may be found at

http://aumha.org/a/parasite.htm.]



So How Did I Get Infected Anyway?

http://boards.cexx.org/viewtopic.php?t=957



--

~Robear Dyer (PA Bear)

MS MVP-Windows (IE/OE), AH-VSOP



Are You Ready for WinXP SP2?

http://www.microsoft.com/athome/secu...t/default.aspx



WinXP SP2 Release Notes

http://support.microsoft.com/default...b;en-us;835935



AumHa Forums

http://forum.aumha.org



RustyM wrote:

> what is this? Apparently, its a text doc that is about 168 bytes ? ? I

> delete it over and over and each time I restart my pc, there it is again

> under the C\ drive along with all the other folders-WHen I click to open

> it,

> this is what I see- One time it was filled with the objects below. But as

> for now, it only has these.

> WinMain - Web Function

> MainInitGlobals - Web Function

> MainInitWindow - Web Function

> WinMain - Web Function

> MainInitGlobals - Web Function

> MainInitWindow - Web Function

Thanks Pa bear. I tried your suggestions below for another problem not long

ago (that was virus related) on my home pc. But now, I will install stinger

for this pc at my work-which is the one with the JSWX file. I use: AVG free,

ZA free, Ad-aware 1.05, sysclean too- My pc is patched  with MS patches. I

just got my CD for sp2 today but have not installed yet. I do occasional

online scans at pestpatrol, trendmicro, & panda. Inspite of all this, No one

mentions this JSWX at all. I may add that this has been in my C drive for

several months now. I fould out that the extention is 'log' and is opens

with notepad. Seeing that you recommend multiple things to do,and I've done

the ones listed above,do you recommend doing a hijack this< coolweb

shreadder,etc. Can you please be more specific as to which ones? I will do

stinger upon closing this post. thanks



--

Thanks so very much for your help-! ! ! !

"PA Bear" <PABear@mvps.org> wrote in message

news:uBf6LRUoEHA.2920@TK2MSFTNGP10.phx.gbl...

> It's a hijacker.

>

> Dealing with Trojans & Hijackware

>

> A. Trojans

>

> 1. Check in at Windows Update and install all critical updates & reboot.

>

> 2. Download and run Stinger (http://vil.nai.com/vil/stinger/); then...

>

> 3. Update your virus definitions, enable Show Hidden Files

>

(http://service1.symantec.com/SUPPORT...02092715262339)

> and then run a full system scan in Safe Mode

>

(http://service1.symantec.com/SUPPORT...01052409420406)

> with nothing else running in background.  Note the files identified and

> removed then find the corresponding page for the file at your AV maker's

> online support pages (e.g.,

>

http://securityresponse.symantec.com...favorites.html)

> and follow *all* Removal steps, including editing the Registry if

directed.

>

> WinXP Only (WinME similar): If this scan finds anything, create a new

> Restore Point then:

>

>     Disk Cleanup > More options > Delete all but the most recent Restore

> Point.

>

> B. Hijackware

>

> Help with Hijackware (MS MVP sites all)

> http://aumha.org/a/parasite.htm

>    http://aumha.org/a/quickfix.htm

> http://mvps.org/winhelp2002/unwanted.htm

> http://inetexplorer.mvps.org/Darnit.htm

> http://www.mvps.org/sramesh2k/Malware_Defence.htm

>

> CoolWebSearch Chronicles

> http://www.spywareinfo.com/~merijn/cwschronicles.html

>

> Run these tools in the following order with nothing else running in

> background:

>

> 1. CWShredder v1.59.1 (no updates available currently; fix all found)

>

> 2. Ad-Aware SE (reconfigure per Post #2 in

> http://aumha.org/forum/viewtopic.php?t=5877; fix all found)

>

> 3. Spybot (RTFM but generally fix everything in red)

>

> Important: You must seek updates for Ad-Aware, Spybot, etc., before each

and[vbcol=seagreen]

> every use, even "right out of the box".  But even they can't catch

> everything, 24/7.  When all else fails, HijackThis

> (http://forum.aumha.org/downloads/hijackthis.zip) is the preferred tool to

> use.  It will help you to both identify and remove any hijackware/spyware.

> **Post your files to http://forums.spywareinfo.com/ or

> http://forum.aumha.org/viewforum.php?f=30 for expert analysis, not here.**

>

> [Alternate download pages for many of the above tools may be found at

> http://aumha.org/a/parasite.htm.]

>

> So How Did I Get Infected Anyway?

> http://boards.cexx.org/viewtopic.php?t=957

>

> --

> ~Robear Dyer (PA Bear)

> MS MVP-Windows (IE/OE), AH-VSOP

>

> Are You Ready for WinXP SP2?

> http://www.microsoft.com/athome/secu...t/default.aspx

>

> WinXP SP2 Release Notes

> http://support.microsoft.com/default...b;en-us;835935

>

> AumHa Forums

> http://forum.aumha.org

>

> RustyM wrote: 

as 

>

Rusty,



This log file has been created in my PC for a while as well and I have been wondering what this is.

I tried using anti-virus software and anti-spyware software but these software have never detected anything.



I checked start up files with msconfig and unchecked everything on the startup items. Then I checked one item by one item and see which program will create this log file. Then I have found that the long file IS created with a program called LXSUPMON.exe.



This program is from Lexmark and I have been using their printer called Z22. If you uncheck this at startup, then the log file will not be created on my PC.



I am not sure if you are using Lexmark printer, but if you do, please check this out. I do not know if uncheck of this program at startup will do any harm upon the print. Perhaps you can check with Lexmark. 



Cheers

5000K

Hi 5000k

THANKS ! ! !You saved me from weeks of investigating on this thing. Yes...I

used to use the lexmark Z22 printer. It stopped working so I had to get

another one (also a Lexmark......3100)-

Anyways, I did what you sugessted at start up. Then I deleted the jswx.log

file and then rebooted. It is no longer on my pc. Glad that I dont have to

see that log file anymore. Plus, Im releived that it was not anykind of

malware.

I do have one question, though. you said:.

>" I checked start up files with msconfig and unchecked everything on the

> startup items. Then I checked one item by one item and see which

> program will create this log file"

I'd like to look at all the stuff I have at start up as well and see if it

needs to be there.  How did you check each item, one by one to see which

program created this or any other log files?? In other words, what are the

steps once your in the msconfig box area.

Thanks so very much for your help-! ! ! !



"5000K" <5000K.1ffgad@mail.mcse.ms> wrote in message

news:5000K.1ffgad@mail.mcse.ms...

>

> Rusty,

>

> This log file has been created in my PC for a while as well and I have

> been wondering what this is.

> I tried using anti-virus software and anti-spyware software but these

> software have never detected anything.

>

> I checked start up files with msconfig and unchecked everything on the

> startup items. Then I checked one item by one item and see which

> program will create this log file. Then I have found that the long file

> IS created with a program called LXSUPMON.exe.

>

> This program is from Lexmark and I have been using their printer called

> Z22. If you uncheck this at startup, then the log file will not be

> created on my PC.

>

> I am not sure if you are using Lexmark printer, but if you do, please

> check this out. I do not know if uncheck of this program at startup

> will do any harm upon the print. Perhaps you can check with Lexmark.

>

> Cheers

> 5000K

>

>

>

> --

> 5000K

> ------------------------------------------------------------------------

> Posted via http://www.mcse.ms

> ------------------------------------------------------------------------

> View this thread: http://www.mcse.ms/message1088228.html

>