Report New Spyware Here

Network Icon has been hijacked, in it's place is the text string:
"CPL.Cgures network hardwak aare.
Icon will not open. Win 98.
Must be new spyware. Logging onto Internet freezes all I/O for long periods of time separated by short intervals of operability.
Search for this text string on Microsoft and Google produce no results.

Have you looked into your registry and searched for either restrictions, policies, and control panel? are there' any suspect lines there. Canyou access your registry at all?

I can access the registry, fond references to comload. Tried to delete, access denied. Double clicking on the imposter network icon does nothing. Netdi.dll and netos.dll and nettrans.inf are still there and show a vendor name of Microsoft on the version tab of properties. I ran Adaware and it removed the spyware, but left the network crippled. I am not sure if this spyware as removed my TCP/IP stack and replaced it with something else that does it's own bidding.

First thing I should do is to get rid of all restrictions in the registry. Maybe then you'll be able to delete any references to comload. As far as I know comload doesn't install itself into the winsock stack, but if it does, then this might be a new variant.
If that doesn't do the trick then your next option is MSCONFIG. Disable the offending lines (so that they won't start at next boot) and check if the culprit files let themselves be deleted then.
About the corrupt TCP/IP stack, if it's really broken (check to make sure cos AOL takes up a lot of TCP/IP connections for itself), then you are luckily enough to run a DOS-based OS (who ever said that the oldies were bad), and there's a sneaky way of fixing things. First, check your machine for the following map C:\winodws\options\cabs or C:\windows\options\install. If it's there, then count your blessings. If not, look up your Windows installation CD, insert it and copy it's contents to a temporary folder.

Next thing: delete the following reg keys:

HKey_Local_Machine\System\CurrentControlSet\Services\Remote Access
HKey_Local_Machine\System\CurrentControlSet\Services\Winsock
HKey_Local_Machine\System\CurrentControlSet\Services\Winsock2
HKey_Local_Machine\System\CurrentControlSet\Services\VxD\Winsock
HKey_Local_Machine\System\CurrentControlSet\Services\VxD\Winsock2


Do an F3 search for the following entries:

winsock
winsck
wsock
rasapi
rnr


Write down the path of each file and boot into DOS and delete those files.
Next thing: go to C:\windows\options\cabs\setup.exe (or C:\windows\options\install\setup.exe or your temporary folder) and run the setup to "reinstall" windows. what we have done is ripping out any corrupt files and reg keys and replaced them with fresh ones.

If you can connect to the internet again, then I'd suggest the following URL's

http://patrick.kolla.de    get spybot search & destroy
http://www.wilderssecurity.net/spywareblaster.html     get spywareblaster
http://www.wilderssecurity.net/spywareguard.html      get spywareguard
http://www.spywareinfo.com/downloads.php   get hijackthis

and of course http://www.lavasoftusa.com    for Adaware 6, but make sure you run spybot first and then and only then adaware the next time you do a spyware-scan.
Also, get a good trojan scanner like BOclean 4.1 , TDS 3 or trojanhunter 3.5, trial or full version, cos, correct me if I'm wrong but I'm guess that nettrans is a familiar trojan. But it also can be the settings file of AOL.


Hope this helps

The_AceStriker
[/b]

What version of windows do u have?

hir error log says clearly win98. I am running ME myself (tried to set up a dual boot but win 2kpro gives that annoying inacceesible boot device error way too often).