crosspost: having again a bad day with this virus on log into xp pro

[shajnday]

hi all!


this virus i have for at least 5 years....going on from my first
notebook, it is with hdd which i have cloned onto another disk and
repaired XP pro sp3. I have ben using malwarbytes, superantispyware,
avast and trusword allalong and everytime i do find some new kind of
spyware,trojan, virus or some other junk.


i really don't make much of downloads but i did had some stupid
applications and or some stupid programs which were security risks in
respect that i was using this notebook as an important workstation.


the last standing virus which i have now on my hdd is preventing me
to
long into adminstrator interface od win xp both regular and safe
mode,
i.e. i can't log into system. When i get the first log page there is
no users icons to log into, i.e. there is no empty field to input
username and password it is hidden, missing.


i did solved that issue once before as i did had backup and i did
have
pointed that disk on another clean computer and cleaned the disk with
some antivirus programs, i used combofix.exe also.


this virus is a persistent one, and it bumps out of nowhere also
after
5 antivirus-spyware checkups and manually deleting and dsearching for
"odd files" ...etc. maybe it is perlovga but i did everything i
possibly could to get rid of it.


One of old-school ways would be to put a fresh copy of system but i
do
have a load bunch of programs installed, and UI which i have adjusted
through many years...if i do that, the only things i wouldn0t like to
maintain are internet browsers favorites and their adjustmens, really
it is not such a hard work but i would rather choose the search and
destroy method manually or through the antivirus program...


What to do to punch thi virus into nose and to bring back normal
windows log-on console so as safemode.


p.s. this happened to me yesterday for som 6th time as i was trying
to
log on into safemode into admin account ...

 

[David H. Lipman]

From: "shajnday" <[email protected]>


| hi all!


| this virus i have for at least 5 years....going on from my first
| notebook, it is with hdd which i have cloned onto another disk and
| repaired XP pro sp3. I have ben using malwarbytes, superantispyware,
| avast and trusword allalong and everytime i do find some new kind of
| spyware,trojan, virus or some other junk.


| i really don't make much of downloads but i did had some stupid
| applications and or some stupid programs which were security risks in
| respect that i was using this notebook as an important workstation.


| the last standing virus which i have now on my hdd is preventing me
| to
| long into adminstrator interface od win xp both regular and safe
| mode,
| i.e. i can't log into system. When i get the first log page there is
| no users icons to log into, i.e. there is no empty field to input
| username and password it is hidden, missing.


| i did solved that issue once before as i did had backup and i did
| have
| pointed that disk on another clean computer and cleaned the disk with
| some antivirus programs, i used combofix.exe also.


| this virus is a persistent one, and it bumps out of nowhere also
| after
| 5 antivirus-spyware checkups and manually deleting and dsearching for
| "odd files" ...etc. maybe it is perlovga but i did everything i
| possibly could to get rid of it.


| One of old-school ways would be to put a fresh copy of system but i
| do
| have a load bunch of programs installed, and UI which i have adjusted
| through many years...if i do that, the only things i wouldn0t like to
| maintain are internet browsers favorites and their adjustmens, really
| it is not such a hard work but i would rather choose the search and
| destroy method manually or through the antivirus program...


| What to do to punch thi virus into nose and to bring back normal
| windows log-on console so as safemode.


| p.s. this happened to me yesterday for som 6th time as i was trying
| to
| log on into safemode into admin account ...

You write much but actually write nothing about the nature of the malware you suposedly
had for 5 years.

You call "it" a "virus". Assuming that you have malware it is doubtful it is a virus.
There are so few of them Today (or five years ago) while there are magnitudes more
trojans. That is why the term malware is used. All viruses are malware but not all
malware are viruses.

You say you have used; Malwarbytes, Superantispyware, Avast, "trusword" and have also
used ComboFix (dangerous tool if used wrongly or under certain circumstances).

What is "trusword" ?

What makes you think you have had a partucular malware for 5 years ?

 

[shajnday]

From: "shajnday" <[email protected]>

| hi all!

| this virus i have for at least  5 years....going on from my first
| notebook, it is with hdd which i have  cloned onto another disk and
| repaired XP pro sp3.  I have ben using malwarbytes, superantispyware,
| avast and trusword allalong and everytime i do find some new kind of
| spyware,trojan, virus or some other junk.

| i really don't make much of downloads but i did had some stupid
| applications and or some stupid programs which were security risks in
| respect that i was using this notebook as an important workstation.

| the last standing virus which i have now on my hdd is preventing me
| to
| long into adminstrator interface od win xp both regular and safe
| mode,
| i.e. i can't log into system. When i get the first log page there is
| no users icons to log into, i.e. there is no empty field to input
| username and password it is hidden, missing.

| i did solved that issue once before as i did had backup and i did
| have
| pointed that disk on another clean computer and cleaned the disk with
| some antivirus programs, i used combofix.exe also.

| this virus is a persistent one, and it bumps out of nowhere also
| after
| 5 antivirus-spyware checkups and manually deleting and dsearching for
| "odd files" ...etc.   maybe it is perlovga but i did everything i
| possibly could to get rid of it.

| One of old-school ways would be to put a fresh copy of system but i
| do
| have a load bunch of programs installed, and UI which i have adjusted
| through many years...if i do that, the only things i wouldn0t like to
| maintain are internet browsers favorites and their adjustmens, really
| it is not such a hard work but i would rather choose the search and
| destroy method manually or through the antivirus program...

| What to do to punch thi virus into nose and to bring back normal
| windows log-on console so as safemode.

| p.s. this happened to me yesterday for som 6th time as i was trying
| to
| log on into safemode into admin account ...

You write much but actually write nothing about the nature of the malwareyou suposedly
had for 5 years.

You call "it" a "virus".  Assuming that you have malware it is doubtful it is a virus.
There are so few of them Today (or five years ago) while there are magnitudes more
trojans.  That is why the term malware is used.  All viruses are malware but not all
malware are viruses.

You say you have used;  Malwarbytes, Superantispyware, Avast, "trusword" and have also
used ComboFix (dangerous tool if used wrongly or under certain circumstances).

What is "trusword" ?

What makes you think you have had a partucular malware for 5 years ?

i have been using Truesword 4 and newer Truesword 5 from stronghold
antivirus company---it is a good software for examinig computer but it
is a security risk i guess.

i have the same symptoms of this malware for 5 years ... this with
locking up login console is the same symptom for all this years, i
could only make an assumption that it started with the autorun.inf as
a part of this malware as you call it. That all are viruses for me.

 

[David H. Lipman]

| i have been using Truesword 4 and newer Truesword 5 from stronghold
| antivirus company---it is a good software for examinig computer but it
| is a security risk i guess.

| i have the same symptoms of this malware for 5 years ... this with
| locking up login console is the same symptom for all this years, i
| could only make an assumption that it started with the autorun.inf as
| a part of this malware as you call it. That all are viruses for me.

You may call all malware "viruses" but that is not correct as viruses have a specific
meaning and a different course of action to deal with them because true viruses have the
ability to self replicate and spread on their own whiles trojans don't have that ability
and they need assistance to spread.

Is "locking up login console" the ONLY symptom you have and thus attribute that to malware
?
This is what's been going on for 5 years ?

BTW: I had never heard of "Security Stronghold Company" out of Russia. I know of some
Russian software but NOT Truesword and I find it "interesting" that they chose to host the
US branch in Washington, DC. I had to look them up.

http://www.securitystronghold.com/contact/

Since I know nothing about them, I will reserve judgement except, I'm not sure I like
their "Remote Problem Solving" for $50/session.

 

[shajnday]

| i have been using Truesword 4  and newer Truesword 5 from stronghold
| antivirus company---it is a good software for examinig computer but it
| is a security risk i guess.

| i have the same symptoms of this malware for 5 years ... this with
| locking up login console is the same symptom for all this years, i
| could only make an assumption that it started with the autorun.inf  as
| a part of this malware as you call it. That all are viruses for me.

You may call all malware "viruses" but that is not correct as viruses have a specific
meaning and a different course of action to deal with them because true viruses have the
ability to self replicate and spread on their own whiles trojans don't have that ability
and they need assistance to spread.

Is "locking up login console" the ONLY symptom you have and thus attribute that to malware
?
This is what's been going on for 5 years ?

BTW:  I had never heard of "Security Stronghold Company" out of Russia.  I know of some
Russian software but NOT Truesword and I find it "interesting" that they chose to host the
US branch in Washington, DC.  I had to look them up.

http://www.securitystronghold.com/contact/

Since I know nothing about them, I will reserve judgement except, I'm notsure I like
their "Remote Problem Solving" for $50/session.

I do also don't respect stronghold company i'm asssured they do not
provide the good service for that 50$.
As i was having their software or of trouble maker software i chose to
install Trend micro Internet security package software called
TITANIUM, but it also ahven't found this malware, yes i call it a
malware as it replicates and it did that onto my other computer and
notebook. I have spred additional licenses over my other two stations
i.e. a notebook and a computer. I think Trend micro is a respectable
company and i don't need any other anti-virus softwares anymore. TM +
manual handling is ok.

i hope so...

p.s. i copied the wsaupdater.exe to system32 folder but again i could
not to approach the system...

 

[shajnday]

I do  also don't respect stronghold company i'm asssured they do not
provide the good service for that 50$.
As i was having their software or of trouble maker software i chose to
install Trend micro Internet security package software called
TITANIUM, but it also ahven't found this malware, yes i call it a
malware as it replicates and it did that onto my other computer and
notebook. I have spred additional licenses over my other two stations
i.e. a notebook and a computer. I think Trend micro is a respectable
company and i don't need any other anti-virus softwares anymore. TM +
manual handling is ok.

i hope so...

p.s. i copied the wsaupdater.exe to system32 folder but again i could
not to approach the system...- Sakrij citirani tekst -

- Prikaži citirani tekst -

i really couldn't to contrive about what other symptoms there were
except that one, but with monthly cleaning the computer with that 4-5
antivirus programs i did cleaned various infections such as newer
remebered small virus K or something like that. I would like to
know more on subject how to protect system when cleaned as a primary
thing so not to let that infections, to stay uninfected in the future
time..

 

[shajnday]

i really couldn't to contrive about what other symptoms there were
except that one, but with monthly cleaning the computer with that 4-5
antivirus programs i did cleaned various infections such as newer
remebered  small virus K  or something like that.  I wouldlike to
know more on subject how to protect system when cleaned as a primary
thing so not to let that infections, to stay uninfected in the future
time..- Sakrij citirani tekst -

- Prikaži citirani tekst -

what i suppose you suppose is that i lack the knowledge for manually
clean registry files or to search and destroy malicious files ...
i did it manualy once over the hijack but it was good for a month or
so, so it it is a replicative sonofabit..cs

 

[David H. Lipman]

From: "shajnday" <[email protected]>



| what i suppose you suppose is that i lack the knowledge for manually
| clean registry files or to search and destroy malicious files ...
| i did it manualy once over the hijack but it was good for a month or
| so, so it it is a replicative sonofabit..cs

Nothing you have stated yet, are symptoms of an infected computer. A computer with errors
and/or corruption yes, but not necessarily malware related unless you can provided
SPECIFIC information.

 

[shajnday]

From: "shajnday" <[email protected]>







| what  i suppose you suppose is that i lack the knowledge for manually
| clean registry files or to search and destroy malicious files ...
| i did it manualy once over the hijack but it was good for a month or
| so, so it it is a replicative sonofabit..cs

Nothing you have stated yet, are symptoms of an infected computer.  A computer with errors
and/or corruption yes, but not necessarily malware related unless you canprovided
SPECIFIC information.

--
Dave
Multi-AV Scanning Tool -http://www.pctipp.ch/downloads/dl/35905.asp- Sakrij citirani tekst -

- Prikaži citirani tekst -

now i'm doing the manual repair of system files, system32 folder files
were missing after manually tried to replace them...

i don't have REPAIR option through xp pro sp3 cd, so i'll try the
manual repairing these files by replacing them...

but that's just the consequence but not the source of this problem.
the goal was to replace windows logon console as this virus is acting
on that permanantely.


Thanks for your help, but you viruses are viruses, both malwares and
viruses, there is no difference, and that is as it is. !

your Friend,
myscosop.

 

[shajnday]

p.s. guys writing about this virus on some forum "We need to know
what the exact error message is. There maybe a way to get you booted
by installing the correct drivers (DLLs) but you may need to perform a
disc check to see if your harddrive is ok. Sometimes these viruses
just screw with the files and sometimes they are able to destroy
complete folders...

"

 

[shajnday]

I have had to copy files manualy on my backup disk, and now it is
working, after hours and hours of trying to manualy to copy system
files, something is corrupted in this files and i will have to again
manualy to sort every and inspect every file self.

thnks.

 

[shajnday]

I have had to copy files manualy on my backup disk, and now it is
working, after hours and hours of trying to manualy to copy system
files, something is corrupted in this files and i will have to again
manualy to sort every and inspect every file self.

thnks.

Problem mostly Solved.

 

[gufus]

Hello, David!

(e-mail address removed)
On Sun, 27 Mar 2011 06:52:27 -0400

That is why the term malware is used. All

I was told... Malicious software (or malware)

With best regards, gufus. E-mail: (e-mail address removed)

 

[shajnday]

Hello, David!

(e-mail address removed)
On Sun, 27 Mar 2011 06:52:27 -0400


I was told... Malicious software (or malware)

With best regards, gufus.  E-mail: (e-mail address removed)

What did you wanted to say Guffy ?

 

[Shadow]

i have been using Truesword 4 and newer Truesword 5 from stronghold
antivirus company---it is a good software for examinig computer but it
is a security risk i guess.

A good software ? Their homepage www.securitystronghold.com
resolves to a site in Russia, called vistaglance.vistaglance.com,
which is down ATM.
I believe that truesword might possibly be your malware.
[]'s

 

[Shadow]

i have been using Truesword 4 and newer Truesword 5 from stronghold
antivirus company---it is a good software for examinig computer but it
is a security risk i guess.

A good software ? Their homepage www.securitystronghold.com
resolves to a site in Russia, called vistaglance.vistaglance.com,
which is down ATM.
I believe that truesword might possibly be your malware.
[]'s

Investigating a little more deeply, www.securitystronghold.com
is on MVPS malware hosts file, also a search for the name brought up a
miss-spelt page at www.fileguru.com :
Truesword appears here, along with a lot of other improbable
"trojan-removers"
http://www.fileguru.com/apps/freeanty_virus/p4
But NOT here, the official page.
http://www.fileguru.com/directory/Security---Privacy/Anti-Virus-Tools
Mebbe fileguru's been hacked ?
[]'s