Virus?

[Steve]

I sure hope someone here knows what's going on with my computer.
I have been using Freedom Internet Security Anti-virus. Adelphia started
offering it for free a while back and it has been fine.

I can't do a scan. I can't even scan my 2nd hard drive which has nothing
much on it. It starts out flying through the files but part way through,
it bogs down and seems to stop except that the computer sounds like it
is working hard on something. After a while, the whole Freedom program
closes.

You may think it is simply a defect with Freedom but, read on:

I have used the free virus scan offered by Trend Micro. It also starts
out scanning through the files. It also gets to a point where it slows
down and, after a while, *poof* Internet Explorer just closes.

I tried running the computer in safe mode. Freedom doesn't work in safe
mode. Explorer works and the online virus scan worked great, right up to
where it said it had 40 minutes left. Same thing... it slowed down and
IE was just gone leaving me looking at the safe mode desk top.

What on earth is this? Some kind of new virus that shuts down any
program that looks at it too closely?

Steve

 

[David H. Lipman]

From: "Steve" <[email protected]>

| I sure hope someone here knows what's going on with my computer.
| I have been using Freedom Internet Security Anti-virus. Adelphia started
| offering it for free a while back and it has been fine.
|
| I can't do a scan. I can't even scan my 2nd hard drive which has nothing
| much on it. It starts out flying through the files but part way through,
| it bogs down and seems to stop except that the computer sounds like it
| is working hard on something. After a while, the whole Freedom program
| closes.
|
| You may think it is simply a defect with Freedom but, read on:
|
| I have used the free virus scan offered by Trend Micro. It also starts
| out scanning through the files. It also gets to a point where it slows
| down and, after a while, *poof* Internet Explorer just closes.
|
| I tried running the computer in safe mode. Freedom doesn't work in safe
| mode. Explorer works and the online virus scan worked great, right up to
| where it said it had 40 minutes left. Same thing... it slowed down and
| IE was just gone leaving me looking at the safe mode desk top.
|
| What on earth is this? Some kind of new virus that shuts down any
| program that looks at it too closely?
|
| Steve

Dump the contents of the IE Temporary Internet Folder cache (TIF)

start --> settings --> control panel --> internet options --> delete files

Open a Command Prompt.

In the Command Prompt type the following...

CHKDSK C: /F

If it replies..
"Chkdsk cannot run because the volume is in use by another process.
Would you like to schedule this volume to be checked the next time the system restarts?
(Y/N)"

Choose - Y

type; EXIT

Reboot the PC.

A full Check Disk will want to be performed, allow it.

When it reboots, perform a defragmentation of the hard disk.

You can get to the Defragmenting program easily by executing; dfrg.msc

Start --> run ->
type; dfrg.msc

 

[Steve]

From: "Steve" <[email protected]>

| I sure hope someone here knows what's going on with my computer.
| I have been using Freedom Internet Security Anti-virus. Adelphia started
| offering it for free a while back and it has been fine.
|
| I can't do a scan. I can't even scan my 2nd hard drive which has nothing
| much on it. It starts out flying through the files but part way through,
| it bogs down and seems to stop except that the computer sounds like it
| is working hard on something. After a while, the whole Freedom program
| closes.
|
| You may think it is simply a defect with Freedom but, read on:
|
| I have used the free virus scan offered by Trend Micro. It also starts
| out scanning through the files. It also gets to a point where it slows
| down and, after a while, *poof* Internet Explorer just closes.
|
| I tried running the computer in safe mode. Freedom doesn't work in safe
| mode. Explorer works and the online virus scan worked great, right up to
| where it said it had 40 minutes left. Same thing... it slowed down and
| IE was just gone leaving me looking at the safe mode desk top.
|
| What on earth is this? Some kind of new virus that shuts down any
| program that looks at it too closely?
|
| Steve

Dump the contents of the IE Temporary Internet Folder cache (TIF)

start --> settings --> control panel --> internet options --> delete files

Open a Command Prompt.

In the Command Prompt type the following...

CHKDSK C: /F

If it replies..
"Chkdsk cannot run because the volume is in use by another process.
Would you like to schedule this volume to be checked the next time the system restarts?
(Y/N)"

Choose - Y

type; EXIT

Reboot the PC.

A full Check Disk will want to be performed, allow it.

When it reboots, perform a defragmentation of the hard disk.

You can get to the Defragmenting program easily by executing; dfrg.msc

Start --> run ->
type; dfrg.msc

Well, I did exactly as you said. It was late so I let the
defragmentation run over night. I got up early and checked. It was done
and all good. I turned on the virus scan and went back to bed, since I
have the day off. When I got back up, I looked and the virus program was
shut down and no record of a scan was shown.
No improvement at all. I haven't yet tried the online scan. I'll try it
but I suppose Explorer will just close again. We'll see.

Any other ideas?

Steve

 

[Steve]

PS
I'm really at adelph ia dot net if anyone wants to answer by e-mail.

 

[Steve]

Well, I did exactly as you said. It was late so I let the
defragmentation run over night. I got up early and checked. It was done
and all good. I turned on the virus scan and went back to bed, since I
have the day off. When I got back up, I looked and the virus program was
shut down and no record of a scan was shown.
No improvement at all. I haven't yet tried the online scan. I'll try it
but I suppose Explorer will just close again. We'll see.

Any other ideas?

Steve

I just tried the online virus scan (http://housecall.trendmicro.com/).
It starts out saying it will take 4 hours but it progresses at a faster
pace. It got down to where it says 1 1/4 hours remain. I was looking
right at it because this is the point where it scans the problem area. I
was watching it scan a bunch of temporary files when *bam* , I was
looking at a naked desktop. No task bar and no icons. In a moment the
task bar was back followed shortly by the desktop icons. No IE though,
it was gone. As an experiment, I had a 2nd Explorer window open to see
if it would close too. It did. It doesn't just close the window doing
the scan, it closes all Explorer windows.
A search for .tmp files shows that I have 1551 of them. Long ago, I
remember deleting all .tmp files. I can't seem to do that. A message
comes up that it can't find *something* and when I click OK, nothing
gets deleted. I tried doing groups at a time by finding the temp folder
that contains several files but the same thing happens.
I'm open to any other serious suggestions!

Steve

 

[pc doctor]

Steve wrote:

I just tried the online virus scan (http://housecall.trendmicro.com/). It
starts out saying it will take 4 hours but it progresses at a faster pace.
It got down to where it says 1 1/4 hours remain. I was looking right at it
because this is the point where it scans the problem area. I was watching
it scan a bunch of temporary files when *bam* , I was looking at a naked
desktop. No task bar and no icons. In a moment the task bar was back
followed shortly by the desktop icons. No IE though, it was gone. As an
experiment, I had a 2nd Explorer window open to see if it would close too.
It did. It doesn't just close the window doing the scan, it closes all
Explorer windows.
A search for .tmp files shows that I have 1551 of them. Long ago, I
remember deleting all .tmp files. I can't seem to do that. A message comes
up that it can't find *something* and when I click OK, nothing gets
deleted. I tried doing groups at a time by finding the temp folder that
contains several files but the same thing happens.
I'm open to any other serious suggestions!

Steve

I have seen this once before, but it was a couple of years ago. The solution
escapes me now, but I would try booting into Safe Mode and attempt to empty
the Temp folders. If this does not work, then try booting to DOS or opening
a C:\ prompt, depending on your version of Windows. Then navigate to the
temp folders and try to delete their contents.
If you are running WinXP, then you have to delete files in both the Temp
folder and Temporary Internet Files, and do this for *each* user.

See the following instructions:
Delete ALL sub-folders and files from the following (Do NOT delete the Temp
folders themselves):

*On Win9x*
C:\Windows\Temp
C:\Windows\Temporary Internet Files

*On WinXP*
C:\Documents & Settings\[each user name]\Local Settings\Temp
C:\Documents & Settings\[each user name]\Local Settings\Temporary Internet
Files

*Note: If the above WinXP folders cannot be seen, use the instructions
below to make them visible.

Open My Computer or Windows Explorer. Click on "Tools" in the toolbar along
the top. From the drop-down menu, select "Folder Options...".
The Folder Options window will open. Select the "View" tab.
In the Advanced Settings section, select "Show hidden files and folders" and
right below it, uncheck "Hide extensions for known file types", and right
below this, uncheck "Hide protected operating system files".
These are the 9th, 10th, and 11th options down, respectively. Summarizing:
ON - Show hidden files...
OFF - Hide extensions...
OFF - Hide protected...

Please post back with the results.
pc doc

 

[David H. Lipman]

From: "pc doctor" <[email protected]>

< snip ?

|
| Open My Computer or Windows Explorer. Click on "Tools" in the toolbar along
| the top. From the drop-down menu, select "Folder Options...".
| The Folder Options window will open. Select the "View" tab.
| In the Advanced Settings section, select "Show hidden files and folders" and
| right below it, uncheck "Hide extensions for known file types", and right
| below this, uncheck "Hide protected operating system files".
| These are the 9th, 10th, and 11th options down, respectively. Summarizing:
| ON - Show hidden files...
| OFF - Hide extensions...
| OFF - Hide protected...
|
| Please post back with the results.
| pc doc
|

The settings...

ON - Show hidden files...
OFF - Hide extensions...
OFF - Hide protected...

are for the USER not the oS and AV scanners. An AV scanner will see the files no matteer
what.

I like to demonstrate this trick.

Go to "My Computer" an browse to the folder; %windir%\Downloaded Program Files

On my PC, Windows Explorer shows 24 files.

Now when I open a Command Prompt and view the same folder by issuing the DIR command.
Now I see 89 files listed.

Windows Explorer knows the folder "%windir%\Downloaded Program Files" is special at it
HIDES files.

Anti virus scanners care what Explorer is doing, it will see all 89 files listed even though
Windows Explorer shows only 24.

I redirected the DIR command so I could copy and paste my folder contents...

Volume in drive C is HDISK C
Volume Serial Number is 5C89-64A2

Directory of C:\WINNT\Downloaded Program Files

03/24/2006 03:27p 284 ArcaOnline.inf
07/21/2006 01:55p 258,720 arclib.dll

< snip >

05/26/2005 04:19a 291 wuweb.inf
06/09/2004 05:56p 435,712 xscan53.ocx
03/02/2005 02:00a 224 zdone.dat
89 File(s) 33,583,237 bytes
2 Dir(s) 36,750,671,360 bytes free


Getting back to the orginal problem, his disk structure and file structure are inttact.
However scanners are bombing out. This could be becuase of a ZIP Bomb (doubtful) or a Ghost
Image or other very large compressed file that is causing the scanner to "quit". It is also
possible that a rule of the OS was broken such as a folder with too many characters and/o is
too deep and exceed to the 254 char. length.

 

[Steve]

Steve wrote:

I just tried the online virus scan (http://housecall.trendmicro.com/). It
starts out saying it will take 4 hours but it progresses at a faster pace.
It got down to where it says 1 1/4 hours remain. I was looking right at it
because this is the point where it scans the problem area. I was watching
it scan a bunch of temporary files when *bam* , I was looking at a naked
desktop. No task bar and no icons. In a moment the task bar was back
followed shortly by the desktop icons. No IE though, it was gone. As an
experiment, I had a 2nd Explorer window open to see if it would close too.
It did. It doesn't just close the window doing the scan, it closes all
Explorer windows.
A search for .tmp files shows that I have 1551 of them. Long ago, I
remember deleting all .tmp files. I can't seem to do that. A message comes
up that it can't find *something* and when I click OK, nothing gets
deleted. I tried doing groups at a time by finding the temp folder that
contains several files but the same thing happens.
I'm open to any other serious suggestions!

Steve

I have seen this once before, but it was a couple of years ago. The solution
escapes me now, but I would try booting into Safe Mode and attempt to empty
the Temp folders. If this does not work, then try booting to DOS or opening
a C:\ prompt, depending on your version of Windows. Then navigate to the
temp folders and try to delete their contents.
If you are running WinXP, then you have to delete files in both the Temp
folder and Temporary Internet Files, and do this for *each* user.

See the following instructions:
Delete ALL sub-folders and files from the following (Do NOT delete the Temp
folders themselves):

*On Win9x*
C:\Windows\Temp
C:\Windows\Temporary Internet Files

*On WinXP*
C:\Documents & Settings\[each user name]\Local Settings\Temp
C:\Documents & Settings\[each user name]\Local Settings\Temporary Internet
Files

*Note: If the above WinXP folders cannot be seen, use the instructions
below to make them visible.

Open My Computer or Windows Explorer. Click on "Tools" in the toolbar along
the top. From the drop-down menu, select "Folder Options...".
The Folder Options window will open. Select the "View" tab.
In the Advanced Settings section, select "Show hidden files and folders" and
right below it, uncheck "Hide extensions for known file types", and right
below this, uncheck "Hide protected operating system files".
These are the 9th, 10th, and 11th options down, respectively. Summarizing:
ON - Show hidden files...
OFF - Hide extensions...
OFF - Hide protected...

Please post back with the results.
pc doc

I still have a ton of files in
C:\Documents & Settings\windows\Local Settings\Temp
What about all of those? If I don't here back soon, I'll try to dump
those too. It looks like the vast majority of .tmp files are in there.

Steve

 

[David H. Lipman]

From: "Steve" <[email protected]>


|
| I still have a ton of files in
| C:\Documents & Settings\windows\Local Settings\Temp
| What about all of those? If I don't here back soon, I'll try to dump
| those too. It looks like the vast majority of .tmp files are in there.
|
| Steve

Dump them and all files in; %windir%\temp

 

[Steve]

From: "Steve" <[email protected]>


|
| I still have a ton of files in
| C:\Documents & Settings\windows\Local Settings\Temp
| What about all of those? If I don't here back soon, I'll try to dump
| those too. It looks like the vast majority of .tmp files are in there.
|
| Steve

Dump them and all files in; %windir%\temp

Thanks Dave. I'll do that now and try to scan once again.

 

[Steve]

I still have a ton of files in
C:\Documents & Settings\windows\Local Settings\Temp
What about all of those? If I don't here back soon, I'll try to dump
those too. It looks like the vast majority of .tmp files are in there.

Steve

OK, this turns out to be the area that wouldn't let me just delete all
..tmp files.
To overcome this, I deleted sections of about 200 files at a time. I
finally narrowed it down to one file:
Inside :\Documents & Settings\windows\Local Settings\Temp there was a
folder named Temporary Internet Files and inside there was a folder
called Content.IE5. Which can't be deleted but the contents can except:
Inside that folder is another folder called 1AR1V2XT which couldn't be
deleted but all the contents can except:
Inside there were lots of pictures and one thing:
a thing with a huge long name. The name starts with
"Type=click&FlightID=15993&ADID..........etc...."
What ever that is, when I right click it, the only 2 choices are "Open
With" or "Send To". It can't be deleted, it can't be renamed and it
can't be dropped into the recycle bin.
I didn't try going to save mode yet. Maybe tomorrow. What is that thing
and what is it doing in there?

 

[pc doctor]

From: "pc doctor" <[email protected]>

< snip ?

|
| Open My Computer or Windows Explorer. Click on "Tools" in the toolbar
along
| the top. From the drop-down menu, select "Folder Options...".
| The Folder Options window will open. Select the "View" tab.
| In the Advanced Settings section, select "Show hidden files and folders"
and
| right below it, uncheck "Hide extensions for known file types", and
right
| below this, uncheck "Hide protected operating system files".
| These are the 9th, 10th, and 11th options down, respectively.
Summarizing:
| ON - Show hidden files...
| OFF - Hide extensions...
| OFF - Hide protected...
|
| Please post back with the results.
| pc doc
|

The settings...

ON - Show hidden files...
OFF - Hide extensions...
OFF - Hide protected...

are for the USER not the oS and AV scanners. An AV scanner will see the
files no matteer
what.

Yes, David, I am well aware of this...there is no need for a demonstration.
I thought that my instructions were quite clear in giving Steve two
different methods to try and delete the files manually from the temp
folders. One from safe mode, and the other from a dos prompt. If the OP
wants to try and delete those temp folders from either normal or safe mode,
and the folders are hidden, (by WinXP default), then he will have to un-hide
the folders.
I have been using these instructions in spyware removal forums for the past
2 or 3 years while helping people clean there systems. No one has ever had a
problem with them before.

[snip]

Getting back to the orginal problem, his disk structure and file structure
are inttact.
However scanners are bombing out. This could be becuase of a ZIP Bomb
(doubtful) or a Ghost
Image or other very large compressed file that is causing the scanner to
"quit". It is also
possible that a rule of the OS was broken such as a folder with too many
characters and/o is
too deep and exceed to the 254 char. length.

It sounds as if the 254 char. length may have been exceeded (based on new
posts from the OP). Can Scandisk/chkdsk repair this? I know that it could
with Win9x. I have never seen it happen on WinXP.

pc doc

 

[Wolf K]

From: "Steve" <[email protected]>


|
| I still have a ton of files in
| C:\Documents & Settings\windows\Local Settings\Temp
| What about all of those? If I don't here back soon, I'll try to dump
| those too. It looks like the vast majority of .tmp files are in there.
|
| Steve

Dump them and all files in; %windir%\temp

Also, make sure the settings for keeping messages received and sent,
etc, are set to the lowest values compatible with your needs. Eg, if you
"keep for 20 days", the files or folder storing these messages will be
larger than if you set for 10 days. That can make tens or even hundreds
of megabytes difference in disk space, depending on your browsing
habits. (I found this trick by searching for a couple of very large
files that refused to defragment.)

HTH

 

[David H. Lipman]

From: "pc doctor" <[email protected]>


|
| Yes, David, I am well aware of this...there is no need for a demonstration.
| I thought that my instructions were quite clear in giving Steve two
| different methods to try and delete the files manually from the temp
| folders. One from safe mode, and the other from a dos prompt. If the OP
| wants to try and delete those temp folders from either normal or safe mode,
| and the folders are hidden, (by WinXP default), then he will have to un-hide
| the folders.
| I have been using these instructions in spyware removal forums for the past
| 2 or 3 years while helping people clean there systems. No one has ever had a
| problem with them before.
|

I see it often stated and is incorrect. I don't hang in forums. I have been here for since
this groups inception and I had to comment on it.

I also had to post the Explorer hiding concept because YOU and I are not the only ones
reading this thread

 

[trippy]

I just tried the online virus scan (http://housecall.trendmicro.com/).
It starts out saying it will take 4 hours but it progresses at a faster
pace. It got down to where it says 1 1/4 hours remain. I was looking
right at it because this is the point where it scans the problem area. I
was watching it scan a bunch of temporary files when *bam* , I was
looking at a naked desktop. No task bar and no icons. In a moment the
task bar was back followed shortly by the desktop icons. No IE though,
it was gone. As an experiment, I had a 2nd Explorer window open to see
if it would close too. It did. It doesn't just close the window doing
the scan, it closes all Explorer windows.
A search for .tmp files shows that I have 1551 of them. Long ago, I
remember deleting all .tmp files. I can't seem to do that. A message
comes up that it can't find *something* and when I click OK, nothing
gets deleted. I tried doing groups at a time by finding the temp folder
that contains several files but the same thing happens.
I'm open to any other serious suggestions!

Steve

You can open up a command prompt, navigate to the C:\WINDOWS

(Your main drive may have a different letter)

attrib temp -h -r +a

That should unlock the temp folder itself and let you do a dir on it.

You may have to repeat the attrib for the individual files themselves.
I wouldn't recommend deleting the temp folder itself.

You can use this little trick (not really a trick, nitpickers) on any
folder in your drive. I'd navigate to the last directory displayed
where the scans bog down and see if there's some kind of bad file in
there. At this point I do need to caution you that snipping the wrong
files can lead to crashes/problems in programs or worse. Make sure you
know what you're deleting before you delete it.


--
trippy
mhm31x9 Smeeter#29 WSD#30
sTaRShInE_mOOnBeAm aT HoTmAil dOt CoM

NP: "To Live And Die In L.A." -- Wang Chung

"Now, technology's getting better all the time and that's fine,
but most of the time all you need is a stick of gum, a pocketknife,
and a smile."

-- Robert Redford "Spy Game"

 

[pc doctor]

From: "pc doctor" <[email protected]>


|
| Yes, David, I am well aware of this...there is no need for a
demonstration.
| I thought that my instructions were quite clear in giving Steve two
| different methods to try and delete the files manually from the temp
| folders. One from safe mode, and the other from a dos prompt. If the OP
| wants to try and delete those temp folders from either normal or safe
mode,
| and the folders are hidden, (by WinXP default), then he will have to
un-hide
| the folders.
| I have been using these instructions in spyware removal forums for the
past
| 2 or 3 years while helping people clean there systems. No one has ever
had a
| problem with them before.
|

I see it often stated and is incorrect. I don't hang in forums. I have
been here for since
this groups inception and I had to comment on it.

David, what is incorrect? My instructions for un-hiding the folders are only
relevant if the user is trying to view the Local Settings folders and beyond
in WinXP, and from Normal or Safe Mode. These instructions do not apply to a
dos window/command prompt.
Unless I am wrong about what you are refering to be incorrect...

....Or perhaps this will explain my reasoning for recommending to try and
manually search for and delete the file: I once had a file in a Temp folder
that I could visably see with Windows Explorer/My Computer, but I could not
find any way to move it, rename it, delete it, delete the folder(s) it was
located in. Nothing worked while I was in Windows Normal or Safe Mode. No
Scanners, disk repair programs, or defrag could get rid of it. It was not a
malware or virus file. Just a corrupted file.
I was finally able to delete it by opening a command prompt and browsing to
the appropriate Temp folder. But...I knew where the file was specifically
located by unhiding the Local Settings, etc., folders and locating the file
in the Temp Folder while I was still browsing with Windows Explorer.

pc doc