Numerous virus issues

[FJDx]

I have downloaded AVG anti virus and it detected the backdoor virus so
removed the system32.exe file. Now on reboot I get an error message
saying it cannot find the system.exe file. I did not see anything
linking to it in either
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run or
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.
However, in the latter, I did find a %systemroot%\system32\dumprep 0 -k
but I read this was just an office system file (?).

Also, the report from AVG said that it could not access the following
files:

C:\Documents and Settings\All Users\Application
Data\Microsoft\NETWORK\Downloader\QMGR0.DAT Cannot open; not checked!
C:\Documents and Settings\All Users\Application
Data\Microsoft\NETWORK\Downloader\QMGR1.DAT Cannot open; not checked!
C:\Documents and Settings\LocalService\NTUSER.DAT Cannot open; not
checked!
C:\Documents and Settings\LocalService\NTUSER.DAT.LOG Cannot open; not
checked!
C:\Documents and Settings\LocalService\Local Settings\Application
Data\Microsoft\WINDOWS\USRCLASS.DAT Cannot open; not checked!
C:\Documents and Settings\LocalService\Local Settings\Application
Data\Microsoft\WINDOWS\UsrClass.dat.LOG Cannot open; not checked!
C:\Documents and Settings\NetworkService\NTUSER.DAT Cannot open; not
checked!
C:\Documents and Settings\NetworkService\NTUSER.DAT.LOG Cannot open; not
checked!
C:\Documents and Settings\NetworkService\Local Settings\Application
Data\Microsoft\WINDOWS\USRCLASS.DAT Cannot open; not checked!
C:\Documents and Settings\NetworkService\Local Settings\Application
Data\Microsoft\WINDOWS\UsrClass.dat.LOG Cannot open; not checked!
C:\Documents and Settings\xxx\NTUSER.DAT Cannot open; not checked!
C:\Documents and Settings\xxx\NTUSER.DAT.LOG Cannot open; not checked!
C:\Documents and Settings\xxx\Application Data\Kazaa
Lite\DB\DATA1024.DBB Cannot open; not checked!
C:\Documents and Settings\xxx\Application Data\Kazaa Lite\DB\DATA256.DBB
Cannot open; not checked!
C:\Documents and Settings\xxx\Local Settings\Application
Data\Microsoft\WINDOWS\USRCLASS.DAT Cannot open; not checked!
C:\Documents and Settings\xxx\Local Settings\Application
Data\Microsoft\WINDOWS\UsrClass.dat.LOG Cannot open; not checked!
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Cannot open; not checked!

I did not have System Restore activated at the time of scan. I have
Windows XP Home and Office 2002.

Help - not very computer savvy and cannot make sense of all of this!

 

[Rick \Nutcase\ Rogers]

Hi,

Look for a registry string referencing it here:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

--
Best of Luck,

Rick Rogers aka "Nutcase" MS-MVP - Windows
Windows isn't rocket science! That's my other hobby!

Associate Expert - WinXP - Expert Zone

 

[FJDx]

Hi,

Look for a registry string referencing it here:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

Hi, there was nothign referring to it in there either.

 

[Ramesh [MVP]]

Hi,

You may try this VBS from MVP Doug Knox.

Clean KWBot Worm Registry and File Remnants:
http://www.dougknox.com/xp/scripts_desc/xp_clean_kwbot.htm

In addition, download Autoruns utility to manage your startup effectively:
http://www.spychecker.com/program/autoruns.html

--
Ramesh - Microsoft MVP
Windows XP Shell
http://www.mvps.org/sramesh2k

The Antivirus Defense-in-Depth Guide
http://go.microsoft.com/fwlink/?LinkId=28734

Hi,

Look for a registry string referencing it here:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

Hi, there was nothign referring to it in there either.