Help. A powerful virus has taken over my computer.

[Melvin Tyner]

Help. I have a powerful virus that has taken over my computer. It is
some kind of variant of the Backdoor.Agobot virus.

I'm running an HP desktop computer with Windows XP Pro.

The files that are infected are:

1.syscfg.exe
2.syscfg.exe.poly
3.winhlpp32.exe
4.msdv32.exe

Below is what the "BitDefender On Line Scan" results showed:

Memory unable to check
Process [msdv32.exe] [PID:000006C4]=>(Upx) infected:
Backdoor.Agobot.3.Gen
Process [msdv32.exe] [PID:000006C4]=>(Upx) unable to disinfect
C:\WINDOWS\SYSTEM32\syscfg.exe.poly=>(FSG 1.33) infected:
Backdoor.Agobot.3.Gen
C:\WINDOWS\SYSTEM32\syscfg.exe.poly=>(FSG 1.33) unable to disinfect
C:\WINDOWS\SYSTEM32\syscfg.exe=>(FSG 1.33) infected:
Backdoor.Agobot.3.Gen
C:\WINDOWS\SYSTEM32\syscfg.exe=>(FSG 1.33) unable to disinfect
C:\WINDOWS\SYSTEM32\winhlpp32.exe=>(FSG 1.33) infected:
Backdoor.Agobot.3.Gen
C:\WINDOWS\SYSTEM32\winhlpp32.exe=>(FSG 1.33) unable to disinfect

I searched their website for a solution or more information, but found
no help. I also searched Google and Google Groups for a solution but
found no help.

Many functions of my computer have been disabled by this powerful
virus.

Examples are:

1. Cannot run my Norton Anti-Virus 2004 program. It has been disabled
by the virus.
2. Cannot install or run any other Anti-Virus program. The Anti-Virus
installation will simple shut down in the middle. Almost all ".exe"
programs that are anti-virus related have been disabled by the virus.
3. Cannot run the McAfee online virus scan. Internet Explorer brings
up "a runtime error has occurred" and refuses to do the online scan.
4. Cannot open the registry editor by going to Run and typing regedit.
It has been disabled by the virus.

An important observation that I noted is that the infected syscfg.exe
may be hard to repair since the computer may not start up if not done
correctly.

Here are the positive things that I have available to me:

1. I obtained a program called "RegWorks version 1.1". It allows me to
edit the registry. But I don't know what I should edit.
2. Task manager (Ctrl, Alt, Delete) is working. It has shown me that
the syscfg.exe process is spiking about every 5 seconds (I don't know
what this means, but it is probably related to the activity of the
virus).
3. I've read many Google postings about similar viruses. so I already
know about certain things like making sure I turn off "system restore"
when and if I delete files and edit the registry.
2. I'm eager to try any suggestions that might be offered.

That's about it. Please, does anbody have any suggestions?

Mel

 

[user]

Go to symantec's website (on a known non-infected computer), download
and save their removal tool and print out the instructions. Follow them.

You will probably need to disable system restore and boot to safe mode
to properly remove the malware.

steve

Help. I have a powerful virus that has taken over my computer. It is
some kind of variant of the Backdoor.Agobot virus.

I'm running an HP desktop computer with Windows XP Pro.

The files that are infected are:

1.syscfg.exe
2.syscfg.exe.poly
3.winhlpp32.exe
4.msdv32.exe

Below is what the "BitDefender On Line Scan" results showed:

Memory unable to check
Process [msdv32.exe] [PID:000006C4]=>(Upx) infected:
Backdoor.Agobot.3.Gen
Process [msdv32.exe] [PID:000006C4]=>(Upx) unable to disinfect
C:\WINDOWS\SYSTEM32\syscfg.exe.poly=>(FSG 1.33) infected:
Backdoor.Agobot.3.Gen
C:\WINDOWS\SYSTEM32\syscfg.exe.poly=>(FSG 1.33) unable to disinfect
C:\WINDOWS\SYSTEM32\syscfg.exe=>(FSG 1.33) infected:
Backdoor.Agobot.3.Gen
C:\WINDOWS\SYSTEM32\syscfg.exe=>(FSG 1.33) unable to disinfect
C:\WINDOWS\SYSTEM32\winhlpp32.exe=>(FSG 1.33) infected:
Backdoor.Agobot.3.Gen
C:\WINDOWS\SYSTEM32\winhlpp32.exe=>(FSG 1.33) unable to disinfect

I searched their website for a solution or more information, but found
no help. I also searched Google and Google Groups for a solution but
found no help.

Many functions of my computer have been disabled by this powerful
virus.

Examples are:

1. Cannot run my Norton Anti-Virus 2004 program. It has been disabled
by the virus.
2. Cannot install or run any other Anti-Virus program. The Anti-Virus
installation will simple shut down in the middle. Almost all ".exe"
programs that are anti-virus related have been disabled by the virus.
3. Cannot run the McAfee online virus scan. Internet Explorer brings
up "a runtime error has occurred" and refuses to do the online scan.
4. Cannot open the registry editor by going to Run and typing regedit.
It has been disabled by the virus.

An important observation that I noted is that the infected syscfg.exe
may be hard to repair since the computer may not start up if not done
correctly.

Here are the positive things that I have available to me:

1. I obtained a program called "RegWorks version 1.1". It allows me to
edit the registry. But I don't know what I should edit.
2. Task manager (Ctrl, Alt, Delete) is working. It has shown me that
the syscfg.exe process is spiking about every 5 seconds (I don't know
what this means, but it is probably related to the activity of the
virus).
3. I've read many Google postings about similar viruses. so I already
know about certain things like making sure I turn off "system restore"
when and if I delete files and edit the registry.
2. I'm eager to try any suggestions that might be offered.

That's about it. Please, does anbody have any suggestions?

Mel

 

[microsoft]

if you can boot from cd, i do believe the norton antivirus cd is
bootable...did you try that?

 

[John K]

im sorry, i just realised i was named "microsoft"...lol fixed that, though

if you can boot from cd, i do believe the norton antivirus cd is
bootable...did you try that?

Help. I have a powerful virus that has taken over my computer. It is
some kind of variant of the Backdoor.Agobot virus.

I'm running an HP desktop computer with Windows XP Pro.

The files that are infected are:

1.syscfg.exe
2.syscfg.exe.poly
3.winhlpp32.exe
4.msdv32.exe

Below is what the "BitDefender On Line Scan" results showed:

Memory unable to check
Process [msdv32.exe] [PID:000006C4]=>(Upx) infected:
Backdoor.Agobot.3.Gen
Process [msdv32.exe] [PID:000006C4]=>(Upx) unable to disinfect
C:\WINDOWS\SYSTEM32\syscfg.exe.poly=>(FSG 1.33) infected:
Backdoor.Agobot.3.Gen
C:\WINDOWS\SYSTEM32\syscfg.exe.poly=>(FSG 1.33) unable to disinfect
C:\WINDOWS\SYSTEM32\syscfg.exe=>(FSG 1.33) infected:
Backdoor.Agobot.3.Gen
C:\WINDOWS\SYSTEM32\syscfg.exe=>(FSG 1.33) unable to disinfect
C:\WINDOWS\SYSTEM32\winhlpp32.exe=>(FSG 1.33) infected:
Backdoor.Agobot.3.Gen
C:\WINDOWS\SYSTEM32\winhlpp32.exe=>(FSG 1.33) unable to disinfect

I searched their website for a solution or more information, but found
no help. I also searched Google and Google Groups for a solution but
found no help.

Many functions of my computer have been disabled by this powerful
virus.

Examples are:

1. Cannot run my Norton Anti-Virus 2004 program. It has been disabled
by the virus.
2. Cannot install or run any other Anti-Virus program. The Anti-Virus
installation will simple shut down in the middle. Almost all ".exe"
programs that are anti-virus related have been disabled by the virus.
3. Cannot run the McAfee online virus scan. Internet Explorer brings
up "a runtime error has occurred" and refuses to do the online scan.
4. Cannot open the registry editor by going to Run and typing regedit.
It has been disabled by the virus.

An important observation that I noted is that the infected syscfg.exe
may be hard to repair since the computer may not start up if not done
correctly.

Here are the positive things that I have available to me:

1. I obtained a program called "RegWorks version 1.1". It allows me to
edit the registry. But I don't know what I should edit.
2. Task manager (Ctrl, Alt, Delete) is working. It has shown me that
the syscfg.exe process is spiking about every 5 seconds (I don't know
what this means, but it is probably related to the activity of the
virus).
3. I've read many Google postings about similar viruses. so I already
know about certain things like making sure I turn off "system restore"
when and if I delete files and edit the registry.
2. I'm eager to try any suggestions that might be offered.

That's about it. Please, does anbody have any suggestions?

Mel

 

[Melvin Tyner]

Go to symantec's website (on a known non-infected computer), download
and save their removal tool and print out the instructions. Follow them.

You will probably need to disable system restore and boot to safe mode
to properly remove the malware.

steve

Help. I have a powerful virus that has taken over my computer. It is
some kind of variant of the Backdoor.Agobot virus.

I'm running an HP desktop computer with Windows XP Pro.

The files that are infected are:

1.syscfg.exe
2.syscfg.exe.poly
3.winhlpp32.exe
4.msdv32.exe

Below is what the "BitDefender On Line Scan" results showed:

Memory unable to check
Process [msdv32.exe] [PID:000006C4]=>(Upx) infected:
Backdoor.Agobot.3.Gen
Process [msdv32.exe] [PID:000006C4]=>(Upx) unable to disinfect
C:\WINDOWS\SYSTEM32\syscfg.exe.poly=>(FSG 1.33) infected:
Backdoor.Agobot.3.Gen
C:\WINDOWS\SYSTEM32\syscfg.exe.poly=>(FSG 1.33) unable to disinfect
C:\WINDOWS\SYSTEM32\syscfg.exe=>(FSG 1.33) infected:
Backdoor.Agobot.3.Gen
C:\WINDOWS\SYSTEM32\syscfg.exe=>(FSG 1.33) unable to disinfect
C:\WINDOWS\SYSTEM32\winhlpp32.exe=>(FSG 1.33) infected:
Backdoor.Agobot.3.Gen
C:\WINDOWS\SYSTEM32\winhlpp32.exe=>(FSG 1.33) unable to disinfect

I searched their website for a solution or more information, but found
no help. I also searched Google and Google Groups for a solution but
found no help.

Many functions of my computer have been disabled by this powerful
virus.

Examples are:

1. Cannot run my Norton Anti-Virus 2004 program. It has been disabled
by the virus.
2. Cannot install or run any other Anti-Virus program. The Anti-Virus
installation will simple shut down in the middle. Almost all ".exe"
programs that are anti-virus related have been disabled by the virus.
3. Cannot run the McAfee online virus scan. Internet Explorer brings
up "a runtime error has occurred" and refuses to do the online scan.
4. Cannot open the registry editor by going to Run and typing regedit.
It has been disabled by the virus.

An important observation that I noted is that the infected syscfg.exe
may be hard to repair since the computer may not start up if not done
correctly.

Here are the positive things that I have available to me:

1. I obtained a program called "RegWorks version 1.1". It allows me to
edit the registry. But I don't know what I should edit.
2. Task manager (Ctrl, Alt, Delete) is working. It has shown me that
the syscfg.exe process is spiking about every 5 seconds (I don't know
what this means, but it is probably related to the activity of the
virus).
3. I've read many Google postings about similar viruses. so I already
know about certain things like making sure I turn off "system restore"
when and if I delete files and edit the registry.
2. I'm eager to try any suggestions that might be offered.

That's about it. Please, does anbody have any suggestions?

Mel

Which removal tool do I download? Symantec's website has 58 removal tools.

Mel

 

[Melvin Tyner]

im sorry, i just realised i was named "microsoft"...lol fixed that, though

if you can boot from cd, i do believe the norton antivirus cd is
bootable...did you try that?

Help. I have a powerful virus that has taken over my computer. It is
some kind of variant of the Backdoor.Agobot virus.

I'm running an HP desktop computer with Windows XP Pro.

The files that are infected are:

1.syscfg.exe
2.syscfg.exe.poly
3.winhlpp32.exe
4.msdv32.exe

Below is what the "BitDefender On Line Scan" results showed:

Memory unable to check
Process [msdv32.exe] [PID:000006C4]=>(Upx) infected:
Backdoor.Agobot.3.Gen
Process [msdv32.exe] [PID:000006C4]=>(Upx) unable to disinfect
C:\WINDOWS\SYSTEM32\syscfg.exe.poly=>(FSG 1.33) infected:
Backdoor.Agobot.3.Gen
C:\WINDOWS\SYSTEM32\syscfg.exe.poly=>(FSG 1.33) unable to disinfect
C:\WINDOWS\SYSTEM32\syscfg.exe=>(FSG 1.33) infected:
Backdoor.Agobot.3.Gen
C:\WINDOWS\SYSTEM32\syscfg.exe=>(FSG 1.33) unable to disinfect
C:\WINDOWS\SYSTEM32\winhlpp32.exe=>(FSG 1.33) infected:
Backdoor.Agobot.3.Gen
C:\WINDOWS\SYSTEM32\winhlpp32.exe=>(FSG 1.33) unable to disinfect

I searched their website for a solution or more information, but found
no help. I also searched Google and Google Groups for a solution but
found no help.

Many functions of my computer have been disabled by this powerful
virus.

Examples are:

1. Cannot run my Norton Anti-Virus 2004 program. It has been disabled
by the virus.
2. Cannot install or run any other Anti-Virus program. The Anti-Virus
installation will simple shut down in the middle. Almost all ".exe"
programs that are anti-virus related have been disabled by the virus.
3. Cannot run the McAfee online virus scan. Internet Explorer brings
up "a runtime error has occurred" and refuses to do the online scan.
4. Cannot open the registry editor by going to Run and typing regedit.
It has been disabled by the virus.

An important observation that I noted is that the infected syscfg.exe
may be hard to repair since the computer may not start up if not done
correctly.

Here are the positive things that I have available to me:

1. I obtained a program called "RegWorks version 1.1". It allows me to
edit the registry. But I don't know what I should edit.
2. Task manager (Ctrl, Alt, Delete) is working. It has shown me that
the syscfg.exe process is spiking about every 5 seconds (I don't know
what this means, but it is probably related to the activity of the
virus).
3. I've read many Google postings about similar viruses. so I already
know about certain things like making sure I turn off "system restore"
when and if I delete files and edit the registry.
2. I'm eager to try any suggestions that might be offered.

That's about it. Please, does anbody have any suggestions?

Mel

I've got the trial version of Norton Anti-Virus 2004. I don't have a CD.

Mel

 

[user]

I did a little searching on Symantec's web site and I think you may have
mis-typed the name of the virus.

Assuming you meant "Backdoor.Gaobot" instead, try this:

http://securityresponse.symantec.com/avcenter/venc/data/backdoor.gaobot.html

Looks to me like you need to update your antivirus definitions and run a
scan after disabling system restore. Can you do this with the evaluation
version of Norton?

Go to symantec's website (on a known non-infected computer), download
and save their removal tool and print out the instructions. Follow them.

You will probably need to disable system restore and boot to safe mode
to properly remove the malware.

steve

Help. I have a powerful virus that has taken over my computer. It is
some kind of variant of the Backdoor.Agobot virus.

I'm running an HP desktop computer with Windows XP Pro.

The files that are infected are:

1.syscfg.exe
2.syscfg.exe.poly
3.winhlpp32.exe
4.msdv32.exe

Below is what the "BitDefender On Line Scan" results showed:

Memory unable to check
Process [msdv32.exe] [PID:000006C4]=>(Upx) infected:
Backdoor.Agobot.3.Gen
Process [msdv32.exe] [PID:000006C4]=>(Upx) unable to disinfect
C:\WINDOWS\SYSTEM32\syscfg.exe.poly=>(FSG 1.33) infected:
Backdoor.Agobot.3.Gen
C:\WINDOWS\SYSTEM32\syscfg.exe.poly=>(FSG 1.33) unable to disinfect
C:\WINDOWS\SYSTEM32\syscfg.exe=>(FSG 1.33) infected:
Backdoor.Agobot.3.Gen
C:\WINDOWS\SYSTEM32\syscfg.exe=>(FSG 1.33) unable to disinfect
C:\WINDOWS\SYSTEM32\winhlpp32.exe=>(FSG 1.33) infected:
Backdoor.Agobot.3.Gen
C:\WINDOWS\SYSTEM32\winhlpp32.exe=>(FSG 1.33) unable to disinfect

I searched their website for a solution or more information, but found
no help. I also searched Google and Google Groups for a solution but
found no help.

Many functions of my computer have been disabled by this powerful
virus.

Examples are:

1. Cannot run my Norton Anti-Virus 2004 program. It has been disabled
by the virus.
2. Cannot install or run any other Anti-Virus program. The Anti-Virus
installation will simple shut down in the middle. Almost all ".exe"
programs that are anti-virus related have been disabled by the virus.
3. Cannot run the McAfee online virus scan. Internet Explorer brings
up "a runtime error has occurred" and refuses to do the online scan.
4. Cannot open the registry editor by going to Run and typing regedit.
It has been disabled by the virus.

An important observation that I noted is that the infected syscfg.exe
may be hard to repair since the computer may not start up if not done
correctly.

Here are the positive things that I have available to me:

1. I obtained a program called "RegWorks version 1.1". It allows me to
edit the registry. But I don't know what I should edit.
2. Task manager (Ctrl, Alt, Delete) is working. It has shown me that
the syscfg.exe process is spiking about every 5 seconds (I don't know
what this means, but it is probably related to the activity of the
virus).
3. I've read many Google postings about similar viruses. so I already
know about certain things like making sure I turn off "system restore"
when and if I delete files and edit the registry.
2. I'm eager to try any suggestions that might be offered.

That's about it. Please, does anbody have any suggestions?

Mel

Which removal tool do I download? Symantec's website has 58 removal tools.

Mel