cabvie.dll

May 29, 2008

I am not sure which forum this should go to: If someone directs me, I would

be thankful.

Today, my McAfee AV caught CABVIE.DLL, and could not delete it. I started the

scan at safe mode/command prompt, and it marked it for deltion.

I could not find anything sensible on either Symantex or McAfee But a whole

lot of Spyremoval advice on a lot of Spyware names. But I am surprised to

note that the body of the instructions for ALL the spyware names was the same.

Could someone advise me?

Thanks,

Mohan

--

Message posted via WindowsKB.com

http://www.windowskb.com/Uwe/Forums.aspx/windowsxp/200805/1

May 29, 2008

Re: cabvie.dll

bnmohan via WindowsKB.com wrote:

> I am not sure which forum this should go to: If someone directs me, I

> would be thankful.

> Today, my McAfee AV caught CABVIE.DLL, and could not delete it. I started

> the scan at safe mode/command prompt, and it marked it for deltion.

> I could not find anything sensible on either Symantex or McAfee But a

> whole lot of Spyremoval advice on a lot of Spyware names. But I am

> surprised to note that the body of the instructions for ALL the spyware

> names was the same.

You definitely have picked up some malware. Go through these general malware

removal steps systematically -

http://www.elephantboycomputers.com/page2.html#Removing_Malware

Include scanning with David Lipman's Multi_AV and follow instructions to do

all scans in Safe Mode.

http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions

http://tinyurl.com/yoeru3 - download link and more instructions

You can also check to see if there are targeted removal steps for your

malware here:

Bleeping Computer removal how-to's -

http://www.bleepingcomputer.com/forums/forum55.html

When all else fails, get guided help. Choose one of the specialty forums

listed at the first link. Register and read its posting FAQ. You will

generally be asked to:

1. Download and execute HiJack This! (HJT) -

http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

2. Disable Notepad's word wrap - In Notepad.exe; Format --> uncheck; "Word

wrap"

3. Download/run Deckard's System Scanner -

http://www.techsupportforum.com/sectools/Deckard/dss.exe

4. Save the scan results (Main.txt and Extra.txt)

5. And then post the contents of Main.txt and Extra.txt in your post at the

forum you chose. DO NOT POST LOGS IN THE MS NEWSGROUPS.

Standard disclaimer: I can't see and test your computer myself, so these are

just suggestions based on many years of being a professional computer tech;

suggestions based on what you've written. You should not take my

suggestions as a definitive diagnosis. If you can't do the work yourself

(and there is no shame in admitting this isn't your cup of tea), take the

machine to a professional computer repair shop (not your local equivalent

of BigComputerStore/GeekSquad). Please be aware that not all local shops

are skilled at removing malware and even if they are, your computer may be

so infested that Windows will need to be clean-installed. If possible, have

all your data backed up before you take the machine into a shop.

Malke

--

MS-MVP

Elephant Boy Computers

http://www.elephantboycomputers.com

Don't Panic!

May 29, 2008

Re: cabvie.dll

Thanks!

I realised I had missed out on a lot of information:

McAfee cathces CABVIE.DLL when IE or Windows Explorer is launched. ONLY.

It reports it as GENERIC.??

Tried to CLEAN/DELETE when McAfee caught it. Access Denied

Disabled all services and start-up item thru msconfig, and then tried to

rename CABVIE: Access Denied

Started in Safe Mode and tried to rename CABVIE.DLL. Access Denied

Started in Safe mode/command prompt and ran the McAfee scanner. It failed to

clean, and marked the file for deletion on next startup. Failed to delete on

next startup

Looked in the registry: found CABVIE.DLL in HKCR and HKLM CLSID ( clsid 353A..

.. : there was no other 353a...). Tried to modify the key to ZZZCABVIE.DLL:

Access Denied

Tried to give myself permissions to modify all child objects. Since I have

forgotten how to, failed.

Ran HIJACKTHIS. Tried to upload the log to TrendMicro. FAILED!! TrenMicro

said that If I could run HJT and fail to upload, there could be some VB

components missing. (???%$#&*%)

Uploaded to HIJACKTHIS.DE: who said CABVIE.DLL is worthy of fixing. Told it

to fix. It said it did, but had failed.

Gave up.

Will SFC /SCANNOW help?

Should I reinstall IE6 vis IE.INF?

Can Windows Explorer be reinstalled?

Which one first?

There is one last option : SYSTEM RESTORE, which I have not tried, as I would

like to find out what this is. The problem turned up 8 hrs ago. The date

stamp for CABVIE.DLL is 5 Mar 08.

Surprisingly, there is find on searches for CABVIE on both Symantec and

Mcafee!

A lot of info. Throws any light?

Thanks a lot again!!!

Mohan

Malke wrote:

>> I am not sure which forum this should go to: If someone directs me, I

>> would be thankful.

>

>> surprised to note that the body of the instructions for ALL the spyware
>> names was the same.
>
>You definitely have picked up some malware. Go through these general malware
>removal steps systematically -
>http://www.elephantboycomputers.com/page2.html#Removing_Malware
>
>Include scanning with David Lipman's Multi_AV and follow instructions to do
>all scans in Safe Mode.
>
>http://www.elephantboycomputers.com/page2.html#Multi-AV - instructions
>http://tinyurl.com/yoeru3 - download link and more instructions
>
>You can also check to see if there are targeted removal steps for your
>malware here:
>Bleeping Computer removal how-to's -
>http://www.bleepingcomputer.com/forums/forum55.html
>
>When all else fails, get guided help. Choose one of the specialty forums
>listed at the first link. Register and read its posting FAQ. You will
>generally be asked to:
>
>1. Download and execute HiJack This! (HJT) -
>http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
>
>2. Disable Notepad's word wrap - In Notepad.exe; Format --> uncheck; "Word
>wrap"
>
>3. Download/run Deckard's System Scanner -
>http://www.techsupportforum.com/sectools/Deckard/dss.exe
>
>4. Save the scan results (Main.txt and Extra.txt)
>
>5. And then post the contents of Main.txt and Extra.txt in your post at the
>forum you chose. DO NOT POST LOGS IN THE MS NEWSGROUPS.
>
>Standard disclaimer: I can't see and test your computer myself, so these are
>just suggestions based on many years of being a professional computer tech;
>suggestions based on what you've written. You should not take my
>suggestions as a definitive diagnosis. If you can't do the work yourself
>(and there is no shame in admitting this isn't your cup of tea), take the
>machine to a professional computer repair shop (not your local equivalent
>of BigComputerStore/GeekSquad). Please be aware that not all local shops
>are skilled at removing malware and even if they are, your computer may be
>so infested that Windows will need to be clean-installed. If possible, have
>all your data backed up before you take the machine into a shop.
>
>Malke

--
Message posted via WindowsKB.com
http://www.windowskb.com/Uwe/Forums.aspx/windowsxp/200805/1