Recently, I've downloaded w3hph.exe (198K, prime suspect!), WC3 (directly transferred from my friend's laptop) and shadowfrench maphack (downloaded from original site) onto my lappy.

I suspect w3hph.eye is a malware and causing my laptop painful lag and even that error everything I boot up. I've ran spybot, antivirus countless times but it doesn't fix the problem!

What should I do?

Edit: I notice my explorer.exe is running at 65+k memory charge. And I got few instances of svchost running.

2nd Edit: New problems - now I've keep getting this popup that tells me my computer is infected with spywares and ask me if I want to install antispywaremaster to rectify the problem. Then IE will pop up showing the website.

.... Gosh...

can i have a bigger screenshot?

Edit: Picture's too small. It reads "To help protect your computer Windows has close this program (which is windows explorer)" - Data Execution Prevention

Kenneth, save me!

Dont suspect that malware first.

http://www.pcmag.com/article2/0,1759,1854559,00.asp

Follow the steps, turn it on for windows services only and see if you get the error messages and the lags

It's already on "turn on DEP for essential windows program and services"

And I still have the error when I boot up

can you remove your w3hph by anychance?

or

1. Click Start
2. Select Control Panel
3. Select System
4. Click the Advanced tab
5. In the Performance region select Settings
6. Click the Data Execute tab in the dialog box that opens
7. Select Turn on DEP for all programs and services except for those I select
8. Click Add. (Find that one that programme, Warcraft 3 in this case)
9. The open dialog box will open. Browse and select your application.
10. Click Open
11. Click Apply
12. Click Ok
13. Reboot

dp

A-Squared  Found nothing
AntiVir  Found nothing
ArcaVir  Found nothing
Avast  Found nothing
AVG Antivirus  Found nothing
BitDefender  Found nothing
ClamAV  Found nothing
CPsecure  Found nothing
Dr.Web  Found nothing
F-Prot Antivirus  Found nothing
F-Secure Anti-Virus  Found nothing
Fortinet  Found nothing
Ikarus  Found Trojan-Spy.Win32.Banker.NG 
Kaspersky Anti-Virus  Found nothing
NOD32  Found nothing
Norman Virus Control  Found nothing
Panda Antivirus  Found nothing
Sophos Antivirus  Found nothing
VirusBuster  Found nothing
VBA32  Found nothing

Originally posted by kenn3th:

can you remove your w3hph by anychance?

or

1. Click Start
2. Select Control Panel
3. Select System
4. Click the Advanced tab
5. In the Performance region select Settings
6. Click the Data Execute tab in the dialog box that opens
7. Select Turn on DEP for all programs and services except for those I select
8. Click Add. (Find that one that programme, Warcraft 3 in this case)
9. The open dialog box will open. Browse and select your application.
10. Click Open
11. Click Apply
12. Click Ok
13. Reboot

I'll try that asap, can't reboot now - doing work  Hope it will work, I wouldn't want to go down to acer.

Originally posted by manyu882:

From Jotti:

POSSIBLY INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) (Note: this file was only classified as malware by scanners known to generate more false positives than the average scanner. Do not consider these results definately accurate. Also, because of this, results of this scan will not be recorded in the database.)

 

A-Squared  Found nothing
AntiVir  Found nothing
ArcaVir  Found nothing
Avast  Found nothing
AVG Antivirus  Found nothing
BitDefender  Found nothing
ClamAV  Found nothing
CPsecure  Found nothing
Dr.Web  Found nothing
F-Prot Antivirus  Found nothing
F-Secure Anti-Virus  Found nothing
Fortinet  Found nothing
Ikarus  Found Trojan-Spy.Win32.Banker.NG 
Kaspersky Anti-Virus  Found nothing
NOD32  Found nothing
Norman Virus Control  Found nothing
Panda Antivirus  Found nothing
Sophos Antivirus  Found nothing
VirusBuster  Found nothing
VBA32  Found nothing

Erm what's that? And what should I do?!

bump due to new updates

Originally posted by kenn3th:

can you remove your w3hph by anychance?

or

1. Click Start
2. Select Control Panel
3. Select System
4. Click the Advanced tab
5. In the Performance region select Settings
6. Click the Data Execute tab in the dialog box that opens
7. Select Turn on DEP for all programs and services except for those I select
8. Click Add. (Find that one that programme, Warcraft 3 in this case)
9. The open dialog box will open. Browse and select your application.
10. Click Open
11. Click Apply
12. Click Ok
13. Reboot

I believe I've already deleted WC3 and w3hph.exe but the problem still persists... Help!

bump due to edit

Good!

2nd Edit: New problems - now I've keep getting this popup that tells me my computer is infected with spywares and ask me if I want to install antispywaremaster to rectify the problem. Then IE will pop up showing the website.

now we know the root of the problem.

Solution:

http://removal-tool.com/antispywaremaster/

Originally posted by kenn3th:

Solution:

http://removal-tool.com/antispywaremaster/

The software needs to pay for license :(

The manual solution's too hard

bump for mayi.

Please read stickies.

Originally posted by ndmmxiaomayi:

Please read stickies.

http://www.mediafire.com/?2bjcjw9ztwj

Here is the copy of my Hijackthis logfile, mayi please advise!

a simple way is to reformat ur PC

Did you install Kazza P2P program? If so, uninstall it.

Disable Symantec Antivirus.

If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once Recovery Console is installed, you should see a blue screen prompt like the one below:

Click Yes to allow Combofix to continue scanning for malware.

When done, a log will be produced. Please post that log and a new HijackThis log in your next reply.

Do not mouse click on Combofix while it is running. That may cause it to stall.

Originally posted by ndmmxiaomayi:

Did you install Kazza P2P program? If so, uninstall it.

Disable Symantec Antivirus.

If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once Recovery Console is installed, you should see a blue screen prompt like the one below:

Click Yes to allow Combofix to continue scanning for malware.

When done, a log will be produced. Please post that log and a new HijackThis log in your next reply.

Do not mouse click on Combofix while it is running. That may cause it to stall.

Kazza, I did install in the past and have deleted it since months ago. There weren't any problems till I downloaded some w3hph.exe.

Now, DEP would automatically close windows explorer and I'd have to manually start explorer.exe from taskmanager. And the process charge for explorer.exe's like 70k+ and for IE 100k++, it's really killing my com.

I'll stuck at work now till tomorrow evening, I'll get the combofix and hijackthis done by tomorrow evening (hopefullly)

Thanks mayi, your help is greatly appreciated.

Mayi, how do I disable the anti-virus? As you know, RP's configuration... kinda disallow us to 'easily' disable it..

I can't disable the antivirus...