Wierd Virus issue

[dannic]

I believe I have a virus but I dont' want to have to reformat and start
over. Here are the symptoms.

I can no longer do the following.

View processes in the task manager.
use any of the administration tools such as Services manager.

My anti virus software is disabled and I cannot start it. It closes
immediately upon starting. Even installing new(different) software
does not help. I can scan individual files or entire directories by
right clicking but nothing is found.

Typing 'Virus' in the navigation window of any browser causes that
browser to immediately exit.

Cannot access the registry editor.

Manual commands through a command prompt do not work.

If I attempt to access any of the virus vendor websites it
automatically defaults to the computers personal web server istead of
the website I am trying to access. I can get around this but I still
cannot access vital sections of those sites in most cases.

Any website which has Anti-virus in the meta closes the browser
immediately.

Searching for registry editor also closes the browser immediately.

The update function for Windows xp and all of my anti virus software
does not work.

I cannot access the windows update site. the browser immediately
closes.

I cannot use spybot or any other spyware remover. It will start then
immediately close.

I may end up just formatting and reloading everything but I would like
to know what this is.

 

[Rock]

I believe I have a virus but I dont' want to have to reformat and start
over. Here are the symptoms.

I can no longer do the following.

View processes in the task manager.
use any of the administration tools such as Services manager.

My anti virus software is disabled and I cannot start it. It closes
immediately upon starting. Even installing new(different) software
does not help. I can scan individual files or entire directories by
right clicking but nothing is found.

Typing 'Virus' in the navigation window of any browser causes that
browser to immediately exit.

Cannot access the registry editor.

Manual commands through a command prompt do not work.

If I attempt to access any of the virus vendor websites it
automatically defaults to the computers personal web server istead of
the website I am trying to access. I can get around this but I still
cannot access vital sections of those sites in most cases.

Any website which has Anti-virus in the meta closes the browser
immediately.

Searching for registry editor also closes the browser immediately.

The update function for Windows xp and all of my anti virus software
does not work.

I cannot access the windows update site. the browser immediately
closes.

I cannot use spybot or any other spyware remover. It will start then
immediately close.

I may end up just formatting and reloading everything but I would like
to know what this is.

For viruses, start with Trend Micro’s Sysclean. Download it and the
signature file. Turn off system restore, boot into safe mode and run
sysclean. Boot back into normal mode and run a full AV scan with your
normal AV program. Then turn system restore back on.

Trend Micro Sysclean
http://www.trendmicro.com/download/dcs.asp

Trend Micro Signature File
http://www.trendmicro.com/download/pattern.asp

You should also regularly run at least two of these online scans in
addition to your regular up to date AV program:

Online and Downloadable Virus Scanning:

Panda ActiveScan
http://www.pandasoftware.com/activescan/com/activescan_principal.htm

Bit Defender Online Virus Scan:
http://www.bitdefender.com/scan/license.php

Symantec Online Virus and Security Scan:
http://security.symantec.com/ssc/home.asp

TrendMicro:
http://housecall.trendmicro.com/housecall/start_corp.asp

McAfee Online Virus Scan:
http://www.mcafee.com/myapps/mfs/default.asp

RAV AntiVirus - Scan Online
http://www.ravantivirus.com/scan/

F-Secure:
http://support.f-secure.com/enu/home/ols.shtml

McAfee AVert Stinger Virus Removal Tool
http://vil.nai.com/vil/stinger/

[Note: Stinger looks only for a limited number of specific viruses.
It’s not intended for full strength virus scanning and removal, but it
can help eliminate enough threats to allow you to install and scan with
a full featured AV program.]

Run these programs to check for spyware/malware. After installing
update them, then boot into safe mode and run them. You should update
and run them weekly.

Cwshredder
http://aumha.org/freeware/freeware.php#cwshred

Ad-aware SE
http://www.lavasoftusa.com

Spybot Search and Destroy
http://www.safer-networking.org

Bazooka Adware and Spyware Scanner
http://download.com.com/3000-2144-10247783.html

Pest Patrol Free Pest Scanner
http://www.pestscan.com/ScanOrTrial.asp

If you’re still having problems after running these then run HijackThis
and post the log to one of the specialty forums, _NOT_ this one.

HijackThis
http://www.majorgeeks.com/download.php?det=3155

Forums to Interpret HijackThis Logs:

http://www.spywareinfo.com/forums/
http://forum.aumha.org/viewforum.php?f=30
http://forums.tomcoyote.org/
http://www.wilderssecurity.com/

After your system is clean use these programs to help keep it clean:

Spywareblaster
www.javacoolsoftware.com/sbdownload.html

Spywareguard
http://www.javacoolsoftware.com/sgdownload.html

IE-SPYAD
http://www.staff.uiuc.edu/~ehowes/resource.htm

 

[Bert Kinney]

Hi,

It is difficult to advise on a fix, not knowing what the name of the
virus is. I could be the W32.Spybot.Worm. Use at least two of the
online virus scanners at the links below. I have also supplied links
to several removal tools that may be helpful.

Symantec Security Response - W32.Spybot.Worm:
http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html#removalinstructions

Symantec Security Response - W32.Klez Removal Tool:
http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.removal.tool.html

Symantec Security Response - W32.Yaha Removal Tool:
http://securityresponse.symantec.com/avcenter/venc/data/w32.yaha.removal.tool.html

Symantec Security Response - W32.Sasser Removal Tool:
http://securityresponse.symantec.com/avcenter/venc/data/w32.sasser.removal.tool.html

Symantec Security Response - W32.Blaster.Worm Removal Tool:
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.removal.tool.html


Trend Micro - Free online virus Scan:
http://housecall.trendmicro.com/

Panda ActiveScan - Free online scanner:
http://www.pandasoftware.com/activescan/com/activescan_principal.htm

BitDefender Scan Online:
http://www.bitdefender.com/scan/licence.php

Symantec Security Check:
http://security.symantec.com/sscv6/home.asp?bhcp=1

Computer Associates eTrust Antivirus Web Scanner:
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

 

[dannic]

I appreciate the links unfortunately none of those are accessible from
the computer affected with what ever it has. I have already been this
route.

 

[Bert Kinney]

The utility from Doug Knox site will creates usable copies of
REGEDIT, MSCONFIG and Task Manager.
http://www.dougknox.com/xp/utils/xp_emerutils.htm

This should allow you to stop any suspicious processes from
running using Task Manager. And run your anti virus.

Symantec Security Response - W32.Spybot.Worm:
http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html#removalinstructions

 

[Rock]

I appreciate the links unfortunately none of those are accessible from
the computer affected with what ever it has. I have already been this
route.

Come one, use some sense here to help yourself. Go to another computer
and download the sysclean package to start with. That can be put on
floppy and moved to your system. If that doesn't work go with McAfee
stinger. I have heard of one case where sysclean didn't do it but
stinger did. Hopefully those two will get you fixed enough to be able
to run the AV program you have and some of the online scanners, and make
sure a firewall is active at all times when going online.

 

[David H. Lipman]

There are anti virus News Groups specifically for this type of discussion.

microsoft.public.scripting.virus.discussion
microsoft.public.security.virus
alt.comp.virus
alt.comp.anti-virus


1) Download the following three items...

McAfee Stinger
http://vil.nai.com/vil/stinger/

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend signature files.
http://www.trendmicro.com/download/pattern.asp

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download SYSCLEAN.COM and place it in that directory.
Dowload the signature files (pattern files) by obtaining the ZIP file.
For example; lpt240.zip

Extract the contents of the ZIP file and place the contents in the same directory as
SYSCLEAN.COM.

2) If you are using WinME or WinXP, disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
3) Reboot your PC into Safe Mode
4) Using both the Trend Sysclean utility and Stinger, perform a Full Scan of your
platform and clean/delete any infectors found
5) Restart your PC and perform a "final" Full Scan of your platform using both.
6) If you are using WinME or WinXP, Re-enable System Restore and re-apply any
System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
7) Reboot your PC.
8) If you are using WinME or WinXP, create a new Restore point


* * * Please report back your results * * *

Dave






| I believe I have a virus but I dont' want to have to reformat and start
| over. Here are the symptoms.
|
| I can no longer do the following.
|
| View processes in the task manager.
| use any of the administration tools such as Services manager.
|
| My anti virus software is disabled and I cannot start it. It closes
| immediately upon starting. Even installing new(different) software
| does not help. I can scan individual files or entire directories by
| right clicking but nothing is found.
|
| Typing 'Virus' in the navigation window of any browser causes that
| browser to immediately exit.
|
| Cannot access the registry editor.
|
| Manual commands through a command prompt do not work.
|
| If I attempt to access any of the virus vendor websites it
| automatically defaults to the computers personal web server istead of
| the website I am trying to access. I can get around this but I still
| cannot access vital sections of those sites in most cases.
|
| Any website which has Anti-virus in the meta closes the browser
| immediately.
|
| Searching for registry editor also closes the browser immediately.
|
| The update function for Windows xp and all of my anti virus software
| does not work.
|
| I cannot access the windows update site. the browser immediately
| closes.
|
| I cannot use spybot or any other spyware remover. It will start then
| immediately close.
|
| I may end up just formatting and reloading everything but I would like
| to know what this is.
|

 

[dannic06]

Come one, use some sense here to help yourself. Go to another computer
and download the sysclean package to start with. That can be put on
floppy and moved to your system. If that doesn't work go with McAfee

stinger. I have heard of one case where sysclean didn't do it but
stinger did. Hopefully those two will get you fixed enough to be able
to run the AV program you have and some of the online scanners, and make
sure a firewall is active at all times when going online.

Been there already.

No AV programs will run on this machine. I cannot start the firewall.
It is disabled immediately upon starting. I have not found an online
scanner I can use since accessing the page the scanner is on causes the
browser to shut down immediately.

 

[Rock]

Been there already.

No AV programs will run on this machine. I cannot start the firewall.
It is disabled immediately upon starting. I have not found an online
scanner I can use since accessing the page the scanner is on causes the
browser to shut down immediately.

Did you download sysclean and stinger on another machine and copy over
by floppy or CD? You have to run those first, then you should be able
to run your AV program and online scans. Read the messages from David
and me again.

 

[Kelly]

Download this combo from another system to CD and run them now:

Run Ad-Aware SE, Spybot and HijackThis:
http://www.majorgeeks.com/downloads31.html

Note: Update each program, once installed, before running.

Note2: To avoid the False-Flag for the DSO Exploit (W3), open
Spybot/Advanced Mode/Settings/Ignore Products. On the All Products Tab,
scrol to DSO Exploit and check that item only. Randy (silj)

Free Online Virus Scan
http://housecall.trendmicro.com/housecall/start_corp.asp

More info here:
http://www.kellys-korner-xp.com/xp_c.htm#cleanup

 

[Guest]

Try this website

http://www.short-media.com/forum/showthread.php?t=18846