Antivirus 2008

A

Alan C

One XPPro workstn was infected by the antivirus 2008 trojan, which I have
managed to clean.
One problem remains: I cannot browse any server (2003) shares via network
places or explorer, although all mapped drives are accessible.
When I try to browse to the server, - '\\our_srv\' only one share is shown -
'userdata' - and this appears as an empty folder.

Z:\ is mapped to \\our_srv\userdata\username and lists all files, but in
explorer that same path returns 'windows cannot find (path). check
spelling....'

I know that the trojan affects the local policies, which I've reset, but
cannot find anything that would cause the above.

Any help, suggestions, guidance would be gratefully received.

P.S. I'm not sure if this is the correct ng. Hope it is.
 
C

Carey Frisch [MVP]

Once your PC is infected with a computer virus or worm, your
computer becomes compromised and nothing less than a reinstallation
of the operating system is going to work. Yes, you can try
to scan and eliminate the initial virus, but you generally
cannot undo the damage caused by the virus to the system
files. You'll need to reformat your hard drive and then
reinstall your Windows operating system.

Cleaning a Compromised System
http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx

Clean Install Windows XP
http://www.michaelstevenstech.com/cleanxpinstall.html

After restoring your system, consider installing a good
antivirus program, such as Windows OneCare. You can
try it absolutely FREE for 90 days.
http://onecare.live.com/standard/en-us/default.htm


--
Carey Frisch
Microsoft MVP
Windows Desktop Experience -
Windows Vista Enthusiast

---------------------------------------------------------------

One XPPro workstn was infected by the antivirus 2008 trojan, which I have
managed to clean.
One problem remains: I cannot browse any server (2003) shares via network
places or explorer, although all mapped drives are accessible.
When I try to browse to the server, - '\\our_srv\' only one share is shown -
'userdata' - and this appears as an empty folder.

Z:\ is mapped to \\our_srv\userdata\username and lists all files, but in
explorer that same path returns 'windows cannot find (path). check
spelling....'

I know that the trojan affects the local policies, which I've reset, but
cannot find anything that would cause the above.

Any help, suggestions, guidance would be gratefully received.

P.S. I'm not sure if this is the correct ng. Hope it is.
 
H

Homer J. Simpson

After restoring your system, consider installing a good
Stupid and very ill informed advice.

Alias
Click to expand...

If I was going on the offensive like that, I'd post my alternative;
otherwise this isn't terribly constructive.
 
D

Daave

Alias said:
http://www.avast.com/. Free.
Click to expand...

I doubt Avast will adequately address an Antivirus 2008 infection (which
is a rogue malware program).

OP should check out "How to remove Antivirus XP 2008 (Uninstall
Instructions)":
http://www.bleepingcomputer.com/malware-removal/remove-antivirus-xp-2008

And for good measure, use HijackThis for good measure. The following is
courtesy of David H. Lipman:

1. Download and execute HiJack This! (HJT)
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe


2. Disable Notepad's word wrap:
In Notepad.exe; Format --> uncheck; "Word wrap"


3. Download/run Deckard's System Scanner:
http://www.techsupportforum.com/sectools/Deckard/dss.exe

[Note: There is a warning that a "recent rootkit infection has been
interfering with Deckard's System Scanner (DSS) resulting in possible
damage to the Operating System." Has this been addressed. To OP: You may
want to hold off on DSS for the time being!]


4. Save the scan results (Main.txt and Extra.txt)


5. And then post the contents of Main.txt and Extra.txt in your post in
one of the below
expert forums...


{ Please - Do NOT post the HJT and Deckard's System Scanner Logs here
! }


Forums where you can get expert advice for HiJack This! (HJT) and
Deckard's System Scanner
Logs.


NOTE: Registration is REQUIRED in any of the below before posting a log


Suggested primary:
http://www.thespykiller.co.uk/index.php?board=3.0


Suggested secondary:
http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html
http://www.malwarebytes.org/forums/index.php?showforum=7


Suggested tertiary:
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.atribune.org/forums/index.php?showforum=9
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://forum.networktechs.com/forumdisplay.php?f=130
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://www.5starsupport.com/ipboard/index.php?showforum=18
http://aumha.net/viewforum.php?f=30
http://makephpbb.com/phpbb/viewforum.php?f=2
http://forums.techguy.org/54-security/
http://forums.security-central.us/forumdisplay.php?f=13
 
A

Alan C

Please read the original post!!!!!!

I HAVE REMOVED the trojan/virus, and am hoping that someone clever may know
why network browsing stopped working and how to restore it.


Daave said:
Alias said:
http://www.avast.com/. Free.
Click to expand...

I doubt Avast will adequately address an Antivirus 2008 infection (which
is a rogue malware program).

OP should check out "How to remove Antivirus XP 2008 (Uninstall
Instructions)":
http://www.bleepingcomputer.com/malware-removal/remove-antivirus-xp-2008

And for good measure, use HijackThis for good measure. The following is
courtesy of David H. Lipman:

1. Download and execute HiJack This! (HJT)
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe


2. Disable Notepad's word wrap:
In Notepad.exe; Format --> uncheck; "Word wrap"


3. Download/run Deckard's System Scanner:
http://www.techsupportforum.com/sectools/Deckard/dss.exe

[Note: There is a warning that a "recent rootkit infection has been
interfering with Deckard's System Scanner (DSS) resulting in possible
damage to the Operating System." Has this been addressed. To OP: You may
want to hold off on DSS for the time being!]


4. Save the scan results (Main.txt and Extra.txt)


5. And then post the contents of Main.txt and Extra.txt in your post in
one of the below
expert forums...


{ Please - Do NOT post the HJT and Deckard's System Scanner Logs here ! }


Forums where you can get expert advice for HiJack This! (HJT) and
Deckard's System Scanner
Logs.


NOTE: Registration is REQUIRED in any of the below before posting a log


Suggested primary:
http://www.thespykiller.co.uk/index.php?board=3.0


Suggested secondary:
http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html
http://www.malwarebytes.org/forums/index.php?showforum=7


Suggested tertiary:
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.atribune.org/forums/index.php?showforum=9
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://forum.networktechs.com/forumdisplay.php?f=130
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://www.5starsupport.com/ipboard/index.php?showforum=18
http://aumha.net/viewforum.php?f=30
http://makephpbb.com/phpbb/viewforum.php?f=2
http://forums.techguy.org/54-security/
http://forums.security-central.us/forumdisplay.php?f=13
Click to expand...
 
P

PA Bear [MS MVP]

Unexplained computer behavior may be caused by deceptive software
http://support.microsoft.com/kb/827315

Run a /thorough/ check for hijackware, including posting your hijackthis log
to an appropriate forum.

Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine2.blogspot.com/
http://www.elephantboycomputers.com/page2.html#Removing_Malware

When all else fails, HijackThis v2.0.2
(http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use (in
conjuction with some other utilities). HijackThis will NOT fix anything on
its own, but it will help you to both identify and remove any
hijackware/spyware with assistance from an expert. **Post your log to
http://aumha.net/viewforum.php?f=30,
http://forums.spybot.info/forumdisplay.php?f=22,
http://castlecops.com/forum67.html, or other appropriate forums for review
by an expert in such matters, not here.**

If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop.
 
D

Daave

Good point. Apparently, Alias snipped out that bit!

What method did you use to get rid of this malware? Are you sure your PC
is clean? That particular rogue seems to come with other infections.

Alan C said:
Please read the original post!!!!!!

I HAVE REMOVED the trojan/virus, and am hoping that someone clever may
know why network browsing stopped working and how to restore it.


Daave said:
Alias said:
Homer J. Simpson wrote:
After restoring your system, consider installing a good
antivirus program, such as Windows OneCare. You can
try it absolutely FREE for 90 days.
http://onecare.live.com/standard/en-us/default.htm
Stupid and very ill informed advice.

Alias

If I was going on the offensive like that, I'd post my alternative;
otherwise this isn't terribly constructive.



http://www.avast.com/. Free.
Click to expand...

I doubt Avast will adequately address an Antivirus 2008 infection
(which is a rogue malware program).

OP should check out "How to remove Antivirus XP 2008 (Uninstall
Instructions)":
http://www.bleepingcomputer.com/malware-removal/remove-antivirus-xp-2008

And for good measure, use HijackThis for good measure. The following
is courtesy of David H. Lipman:

1. Download and execute HiJack This! (HJT)
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe


2. Disable Notepad's word wrap:
In Notepad.exe; Format --> uncheck; "Word wrap"


3. Download/run Deckard's System Scanner:
http://www.techsupportforum.com/sectools/Deckard/dss.exe

[Note: There is a warning that a "recent rootkit infection has been
interfering with Deckard's System Scanner (DSS) resulting in possible
damage to the Operating System." Has this been addressed. To OP: You
may want to hold off on DSS for the time being!]


4. Save the scan results (Main.txt and Extra.txt)


5. And then post the contents of Main.txt and Extra.txt in your post
in one of the below
expert forums...


{ Please - Do NOT post the HJT and Deckard's System Scanner Logs here
! }


Forums where you can get expert advice for HiJack This! (HJT) and
Deckard's System Scanner
Logs.


NOTE: Registration is REQUIRED in any of the below before posting a
log


Suggested primary:
http://www.thespykiller.co.uk/index.php?board=3.0


Suggested secondary:
http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html
http://www.malwarebytes.org/forums/index.php?showforum=7


Suggested tertiary:
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.atribune.org/forums/index.php?showforum=9
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://forum.networktechs.com/forumdisplay.php?f=130
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://www.5starsupport.com/ipboard/index.php?showforum=18
http://aumha.net/viewforum.php?f=30
http://makephpbb.com/phpbb/viewforum.php?f=2
http://forums.techguy.org/54-security/
http://forums.security-central.us/forumdisplay.php?f=13
Click to expand...
Click to expand...
 
P

Peter Foldes

Alan

You also posted this to the W2K3 Server newsgroup where you also had some answers and explanations.

No need to multipost and next time crosspost instead. Read the explanation why

http://www.blakjak.demon.co.uk/mul_crss.htm

--
Peter

Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.

Alan C said:
Please read the original post!!!!!!

I HAVE REMOVED the trojan/virus, and am hoping that someone clever may know
why network browsing stopped working and how to restore it.


Daave said:
Alias said:
Homer J. Simpson wrote:
After restoring your system, consider installing a good
antivirus program, such as Windows OneCare. You can
try it absolutely FREE for 90 days.
http://onecare.live.com/standard/en-us/default.htm
Stupid and very ill informed advice.

Alias

If I was going on the offensive like that, I'd post my alternative;
otherwise this isn't terribly constructive.



http://www.avast.com/. Free.
Click to expand...

I doubt Avast will adequately address an Antivirus 2008 infection (which
is a rogue malware program).

OP should check out "How to remove Antivirus XP 2008 (Uninstall
Instructions)":
http://www.bleepingcomputer.com/malware-removal/remove-antivirus-xp-2008

And for good measure, use HijackThis for good measure. The following is
courtesy of David H. Lipman:

1. Download and execute HiJack This! (HJT)
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe


2. Disable Notepad's word wrap:
In Notepad.exe; Format --> uncheck; "Word wrap"


3. Download/run Deckard's System Scanner:
http://www.techsupportforum.com/sectools/Deckard/dss.exe

[Note: There is a warning that a "recent rootkit infection has been
interfering with Deckard's System Scanner (DSS) resulting in possible
damage to the Operating System." Has this been addressed. To OP: You may
want to hold off on DSS for the time being!]


4. Save the scan results (Main.txt and Extra.txt)


5. And then post the contents of Main.txt and Extra.txt in your post in
one of the below
expert forums...


{ Please - Do NOT post the HJT and Deckard's System Scanner Logs here ! }


Forums where you can get expert advice for HiJack This! (HJT) and
Deckard's System Scanner
Logs.


NOTE: Registration is REQUIRED in any of the below before posting a log


Suggested primary:
http://www.thespykiller.co.uk/index.php?board=3.0


Suggested secondary:
http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html
http://www.malwarebytes.org/forums/index.php?showforum=7


Suggested tertiary:
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.atribune.org/forums/index.php?showforum=9
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://forum.networktechs.com/forumdisplay.php?f=130
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://www.5starsupport.com/ipboard/index.php?showforum=18
http://aumha.net/viewforum.php?f=30
http://makephpbb.com/phpbb/viewforum.php?f=2
http://forums.techguy.org/54-security/
http://forums.security-central.us/forumdisplay.php?f=13
Click to expand...
Click to expand...
 
A

Alias

Daave said:
I doubt Avast will adequately address an Antivirus 2008 infection (which
is a rogue malware program).
Click to expand...

I didn't say it did. I said Avast is better than OneCare.

The following is much longer and for sure not surer than reinstalling XP:

OP should check out "How to remove Antivirus XP 2008 (Uninstall
Instructions)":
http://www.bleepingcomputer.com/malware-removal/remove-antivirus-xp-2008
Click to expand...

Snip long convoluted and complicated time consuming unsure
"troubleshooting". Reinstall XP and be sure or use Linux and not have
these problems again.

Alias
 
A

Alan C

Well spotted Peter,

I did say I wasn't sure if this was the best ng to post to.

Either way, I've had no useful suggestions, only run xyz or reformat. Not an
option. I was hoping to get some meaningful advice. Oh well.


Alan

You also posted this to the W2K3 Server newsgroup where you also had some
answers and explanations.

No need to multipost and next time crosspost instead. Read the explanation
why

http://www.blakjak.demon.co.uk/mul_crss.htm

--
Peter

Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.

Alan C said:
Please read the original post!!!!!!

I HAVE REMOVED the trojan/virus, and am hoping that someone clever may
know
why network browsing stopped working and how to restore it.


Daave said:
Alias said:
Homer J. Simpson wrote:
After restoring your system, consider installing a good
antivirus program, such as Windows OneCare. You can
try it absolutely FREE for 90 days.
http://onecare.live.com/standard/en-us/default.htm
Stupid and very ill informed advice.

Alias

If I was going on the offensive like that, I'd post my alternative;
otherwise this isn't terribly constructive.



http://www.avast.com/. Free.
Click to expand...

I doubt Avast will adequately address an Antivirus 2008 infection (which
is a rogue malware program).

OP should check out "How to remove Antivirus XP 2008 (Uninstall
Instructions)":
http://www.bleepingcomputer.com/malware-removal/remove-antivirus-xp-2008

And for good measure, use HijackThis for good measure. The following is
courtesy of David H. Lipman:

1. Download and execute HiJack This! (HJT)
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe


2. Disable Notepad's word wrap:
In Notepad.exe; Format --> uncheck; "Word wrap"


3. Download/run Deckard's System Scanner:
http://www.techsupportforum.com/sectools/Deckard/dss.exe

[Note: There is a warning that a "recent rootkit infection has been
interfering with Deckard's System Scanner (DSS) resulting in possible
damage to the Operating System." Has this been addressed. To OP: You may
want to hold off on DSS for the time being!]


4. Save the scan results (Main.txt and Extra.txt)


5. And then post the contents of Main.txt and Extra.txt in your post in
one of the below
expert forums...


{ Please - Do NOT post the HJT and Deckard's System Scanner Logs here ! }


Forums where you can get expert advice for HiJack This! (HJT) and
Deckard's System Scanner
Logs.


NOTE: Registration is REQUIRED in any of the below before posting a log


Suggested primary:
http://www.thespykiller.co.uk/index.php?board=3.0


Suggested secondary:
http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html
http://www.malwarebytes.org/forums/index.php?showforum=7


Suggested tertiary:
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.atribune.org/forums/index.php?showforum=9
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://forum.networktechs.com/forumdisplay.php?f=130
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://www.5starsupport.com/ipboard/index.php?showforum=18
http://aumha.net/viewforum.php?f=30
http://makephpbb.com/phpbb/viewforum.php?f=2
http://forums.techguy.org/54-security/
http://forums.security-central.us/forumdisplay.php?f=13
Click to expand...
Click to expand...
 
A

Alan C

Thanks, PA,
I have definitely cleaned the trojan/virus, and am hoping that someone
clever may know
why network browsing stopped working and how to restore it.

After 30+ years in IT I am pretty much more expert than most computer shop
bods, but even the best get stumped sometimes.
 
D

Daave

Alias said:
I didn't say it did. I said Avast is better than OneCare.

The following is much longer and for sure not surer than reinstalling
XP:



Snip long convoluted and complicated time consuming unsure
"troubleshooting". Reinstall XP and be sure or use Linux and not have
these problems again.
Click to expand...

Reinstalling XP is arguably more convoluted and time-consuming than what
you snipped.
 
D

Daave

Something tells me that if Alan C. has over thirty years' experience in
IT, he won't be downloading anything at all from that site!
 
D

Daave

I'm pretty sure that you are the only poster with an MVP in his handle
that uses such juvenile and foul language. Something tells me you're not
really an MVP.

And please enlighten us as to what "cyberstalking" is. Did someone
install a Web cam on your PC that you don't know how to disconnect? Or
is someone perhaps sending e-mails to you that you haven't figured out
how to filter? Instant messages? Perhaps you should visit that Web page
and just stay there and do the rest of the world a big favor by stalking
yourself. If not, I guess I'll just have to exercise my option to ignore
you. In fact, I think I'll start right now: PLONK!
 
A

Alias

Daave said:
Reinstalling XP is arguably more convoluted and time-consuming than what
you snipped.
Click to expand...

Not in my opinion but I've installed XP so many times, I can do it in my
sleep. Nonetheless, with malware, you're never sure. With a format and a
reinstall you are unless, of course, you have a virus in the BIOS.

Alias
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Antivirus XP 2008 8
Offline Files and Folders - MADNESS! 3
USB storage devices do not show drive letter in Explorer - but otherwisework perfectly 11
Mapped Network Drives Problem 8
Connect to Printer / Network browsing problems 5
Cannot browse computers by name over LAN, only by IP 1
Shadow Copies @GMT folder remains visible after restore 0
"Thunderbird cannot be integrated with your Norton AntiVirus 2008" 3

Top