Caught a worm or trojan - please help!

[Julie Groves]

At some point unbeknownst to me either my wife or I have planted something
on my pc. It behaves like an RPC worm i.e I cannot connect to the 'net, but
this appears to only apply to IE. As you can see I can get on newsgroups
and receive email. I tried a complete format and reinstall (of XP) and it's
still there. Consequently I can't register PC-Cillin or AVG to get an
update to scan my system. Neither have picked up anything thus far, nor has
the Cleaner, Tauscan or Bullguard. I, and especially my wife are at the end
of our tethers.

What can I do?

Duncan Smith

 

[Jafar]

It sounds similar to what I encountered recently. Do you have an svchost.exe
process running at 70% cpu?
Here is my suggestion of what to do....

Do another complete reformat/install, install the net connection, download
and install avast antivirus ( http://www.avast.com/) and update.
After that, do a complete windows update including SP1 (I assume your on XP)

I did all that even before downloading nvidia drivers etc... I also dumped
IE for Mozilla Firebird ( www.mozilla.org ) to ensure greater security.
Also, if you know what to look for, stop and disable all the services you
dont need such as remote access support.

Hope that helps a little.

Jafar

 

[Dirk]

At some point unbeknownst to me either my wife or I have planted something
on my pc. It behaves like an RPC worm i.e I cannot connect to the 'net, but
this appears to only apply to IE. As you can see I can get on newsgroups
and receive email. I tried a complete format and reinstall (of XP) and it's
still there. Consequently I can't register PC-Cillin or AVG to get an
update to scan my system. Neither have picked up anything thus far, nor has
the Cleaner, Tauscan or Bullguard. I, and especially my wife are at the end
of our tethers.

What can I do?

http://vil.nai.com/vil/stinger/ download it if possible, if not I could send
it by e-mail (700k).

 

[Julie Groves]

emailing it would be good. I've just tried to download and it just keeps
crashing my system. TIA,

Duncan Smith

(e-mail address removed)

 

[FromTheRafters]

emailing it would be good. I've just tried to download and it just keeps
crashing my system. TIA,

Duncan Smith

It is not generally a good idea to accept executable files from
strangers and execute them. I'm not saying that "Dirk" is in any
way not trustworthy (never seen him post before today), just
that this is not a safe practice.

Also, you may want to consider not making your e-maill address
available for harvesting by the likes of spammers (or worms) by
posting it in usenet without "munging" it first.

....just a "heads up"

 

[Netuser 58]

Try an online scan here: http://housecall.trendmicro.com/
or at mcafee.com.

Be sure to install all patches for XP also.

 

[Jafar]

Try an online scan here: http://housecall.trendmicro.com/
or at mcafee.com.

Be sure to install all patches for XP also.

In my case, no virus scan including housecall picked up this particular
virus/trojan. Also, It wouldn't let me run regedit or msconfig. While I was
not connected to the net I kept getting pop-ups requesting access to
various internet sites with variations on the name jayzee or jz in the URL.
All I could do was a very careful full re-install and update. Oh, and none
of the patches from windows update could be applied successfully.
One day I hope somebody can identify this nasty one.

Jafar

 

[Netuser 58]

In my case, no virus scan including housecall picked up this particular
virus/trojan. Also, It wouldn't let me run regedit or msconfig.

That sounds like the Swen worm. McAfee says this:
Update September 19th 13:00 PST --
AVERT has released a standalone removal tool to aid users in
removing this virus from infected systems. If you're unable to run
..exe files, you may need to install this fixswen.inf first (save the
fixswen.inf file to your local hard disk, right-click on the file and
choose install ).

Netuser 58

 

[Jafar]

That sounds like the Swen worm. McAfee says this:
Update September 19th 13:00 PST --
AVERT has released a standalone removal tool to aid users in
removing this virus from infected systems. If you're unable to run
.exe files, you may need to install this fixswen.inf first (save the
fixswen.inf file to your local hard disk, right-click on the file and
choose install ).

Netuser 58

Thanks. I'll keep that in mind for the next time my XP partition catches a
mystery illness

Jafar

 

[Julie Groves]

Cheers for the advice. Normally I would have thought about it properly, but
desperation clouds my brain. What is this "munging" of which you speak?

 

[Dirk]

Cheers for the advice. Normally I would have thought about it properly, but
desperation clouds my brain.

In this case you are lucky, but you are right to be more carefull. How is
the problem?

 

[Beauregard T. Shagnasty]

Quoth the raven named Julie Groves:

Cheers for the advice. Normally I would have thought about it properly, but
desperation clouds my brain. What is this "munging" of which you speak?

First two google hits for: mung your email address

http://members.aol.com/emailfaq/mungfaq.html
http://www.fingerlakesbmw.org/main/flmung.asp

Your address - theasylum - is posted in the clear for spambots and
Swen viruses to harvest. See mine in this post.