Aware.exe - Free Antivirus Forum

Aware.exe

BullGuard Antivirus Forum > General Security > Spyware > Aware.exe

Forum Quick Jump

[ << Previous Thread | Next Thread >> ]

The Oysterboy
New Member

Date Joined Aug 2005
Total Posts : 13

Posted 10-18-2005 12:13 (GMT +1)

Hello thar!

Can anyone help me? Does anyone out there know where the aware.exe comes from and how i can get rid of it? I have run all of the spyware products I can find and still get the aware.exe process running when I start the machine - it's not causing any real damage at the mo but I need t get rid of it asap ideally.

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 16319

Posted 10-18-2005 1:41 (GMT +1)

Hey

I suggest you post a logfile -

Download:
Hijackthis

Please make a new folder to put your HijackThis.exe into

Click My Computer, then C:\
In the menu bar, File->New->Folder.
That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis".

Now you have C:\HJT\folder.

Run Hijackthis exe- Push - Do a systemscan and save a logfile – button

And Highlight the Entire Log by pressing Ctrl+A and Copy it. Post log here

Regards - Touch

Do not post your log file in a thread started by someone else. Start a new topic so that it may receive proper attention.

The Oysterboy
New Member

Date Joined Aug 2005
Total Posts : 13

Posted 10-18-2005 2:20 (GMT +1)

Here's my HJT lof - hope it sheds some light!!!

Logfile of HijackThis v1.99.0
Scan saved at 14:18:23, on 18/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\DWRCS.EXE
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\SMART Board Software\SMARTBoardService.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\DWRCST.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\SMART Board Software\SMARTBoardTools.exe
C:\Program Files\SMART Board Software\Marker.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\ScanSpyware v3.8.0.4\Scanner.exe
C:\Documents and Settings\ed.smith\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.six.somerset.gov.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Puriton Primary School
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.145.39.250:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.somerset.gov.uk;cachepilot
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DownloadFile Class - {30DA8584-E4B3-45f7-A164-DB8F869FCF77} - C:\Program Files\SMART Board Software\NotebookPlugin.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SMART Board Tools.lnk = C:\Program Files\SMART Board Software\SMARTBoardTools.exe
O4 - Global User Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global User Startup: SMART Board Tools.lnk = C:\Program Files\SMART Board Software\SMARTBoardTools.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: SiX - {02A54332-8D07-426b-A93D-63175619EF45} - http://www.six.somerset.gov.uk (file missing)
O9 - Extra 'Tools' menuitem: Somerset Information Exchange - {02A54332-8D07-426b-A93D-63175619EF45} - http://www.six.somerset.gov.uk (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.six.somerset.gov.uk
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = SCH2180.SOMERSET.GOV.UK
O17 - HKLM\Software\..\Telephony: DomainName = sch2180.somerset.gov.uk
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = SCH2180.SOMERSET.GOV.UK
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = SCH2180.SOMERSET.GOV.UK
O23 - Service: DameWare Mini Remote Control - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE
O23 - Service: eTrust Antivirus RPC Server - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: SMART Board Service - SMART Technologies Inc. - C:\Program Files\SMART Board Software\SMARTBoardService.exe
O23 - Service: WLTRYSVC - Unknown - C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe (file missing)

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 16319

Posted 10-18-2005 2:44 (GMT +1)

It is not visible in the log

I therefore suggest you run these scans -

Please download Ewido-Free Download: Ewido

Install and update it. Do not scan

Download this scanner - cureit.
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Or - Dr.Web CureIT! utility
To Desktop

Reboot into Safe Mode by tapping F8 after the BIOS has loaded.

Doubleclick the "drweb-cureit.exe" and click "ok" in the prompt window that will open , asking "start the express scan now".

It will first make a quick scan of your system, let it clean what it find, and when it says "done"

Click on the green screwdriver

File Types, put a checkmark in - All Files
Actions tab. Adware, Dialers, Hacktools, use dropdown menu and select – Rename

Click – Apply and OK
Click on the drive you want to scan . A red dot will mark the selected drive(s) . Then hit the green arrow in lower right corner It will now scan your drive(s), say yes to all

Run full scan with Ewido

Click on scanner
Click on Complete System Scan and the scan will begin.
While the scan is in progress you will be prompted to clean files, click OK
When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
Click Save report.
Save the report .txt file to your desktop.

Now close ewido security suite.

Reboot to normal mode, and tell if you still have aware running?

Do you have Ad-Aware installed?

Regards - Touch

Do not post your log file in a thread started by someone else. Start a new topic so that it may receive proper attention.

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 16319

Posted 10-18-2005 4:44 (GMT +1)

goldfish

Post your log as new topic: http://www.bullguard.com/forum/10/

It is confusing with more logs in same thread, it will therefore be deleted

Regards - Touch

Do not post your log file in a thread started by someone else. Start a new topic so that it may receive proper attention.

goldfish
New Member

Date Joined Oct 2005
Total Posts : 2

Posted 10-19-2005 5:09 (GMT +1)

it`s doesn`t work. I have still the virus on my disk

gwolf
New Member

Date Joined Apr 2006
Total Posts : 1

Posted 4-23-2006 9:15 (GMT +1)

Hi my wife has this aware.exe on her computer she also has smartboard applications installed.I did a google search on aware.exe and it came up as part of the smartboard.Don't know if this helps or not

Forum Information

Currently it is Saturday, November 21, 2009 5:25 PM (GMT +1)
There are a total of 73.034 posts in 17.116 threads.
In the last 3 days there were 14 new threads and 69 reply posts. View Active Threads