XP Virus problem

[alexb123]

My g/f's PC has got a virus I'm not sure what to do. I have installed a new virus and spyware program but it can't get rid of all the infections, its an XP PC.

The computer is now very slow and on booting it says that it has problems with the registry. I have tried to do a system restore but it won't have it even when trying it from safemode screen.

Any ideas how I would restore the System Registry?

Cheers

 

[MacGyver1968]

One thing you might try is turn off "system restore" (many viruses hide there) and scan again in safe mode. What virus scanner are you using?

edit: You might also want to boot from a windows xp installation disk and hit "r" to go the recovery console and run a "chkdsk /r".

 

[Captain Kremmen]

You could try the free online virus checker Kaspersky.
That is very good.

If you haven't got a malware checker
you might try Superantispyware and Spybot.
Scan in safe mode, as some of them reload themselves as you are clearing them.

If you have the type of malware which downloads other malware
you may have enormous problems getting rid of it all.
You may have to give up and reload your whole system.

 

[cosmictraveler]

Just go here and get rid of whatever for free.........

http://housecall65.trendmicro.com/

 

[tablariddim]

Try this now. It's free and Panda is excellent. http://www.pandasecurity.com/cyprus/homeusers/solutions/activescan/default.htm?track=80383

 

[Dr Mabuse]

My g/f's PC has got a virus I'm not sure what to do. I have installed a new virus and spyware program but it can't get rid of all the infections, its an XP PC.

The computer is now very slow and on booting it says that it has problems with the registry. I have tried to do a system restore but it won't have it even when trying it from safemode screen.

Any ideas how I would restore the System Registry?

Cheers

i understand what you are asking...

here is the issue... there is no 'restore', though many will tell you there is... and you don't want to repair the registry... here's why...

the passwords and user data and permissions and etc. are in the hives in this registry... meaning a complete overhaul and repair may well leave you locked out... in fact it most likely will... so i'm not posting a proper repair sequence here...

the 'hiving' in the registry, and editing with hiving active, is the difference in 'regedit' and 'regedt32'(hiving active) on the newer microsoft OS's...

this isn't what you want to hear but i'm going to tell you the best advice you will get on this...

back up all her data... one 10 meg attachment at a time to Gmail... burn CD... burn DVD... use Veritas Backup Exec and an external SCSI DDS tape drive (i do and it's so sweet)... etc... back up all her user data...

format the hard drive and re-install the OS after formatting... there are specifics on the way to do this for each manufacturer, but it's easy and done automatically once you choose the option... some call it a 'destructive' system restore (HP and Compaq)... some call it a format system restore... some OEM's use Ghost now... some hide this option under 'advanced' when you boot to the restore media...

after you format and re-install the OS... get these two products...

1: Avira Antivir Personal Edition Premium... easily my favorite AV software... get that exact version, not the 'better' one they offer... Link...

2: Spyware Doctor... Link...

the combination of these two exact products is outstanding... stellar combination and terrific results... in my opinion the best combination available right now period...

SCAN fully the data you backed up to cd, dvd, or tape, or email... BEFORE restoring it... if it passes the scan by both of these products restore the user data...

running the combination of those two programs it would be very difficult for you to get re-infected even if you tried to on purpose...

anything short of a full format and re-install of the OS is simply foolish given the data you provide...

understand... every malware author on earth runs Spybot Search and Destroy and Ad Aware SE and the like on the more sophisticated malware programs...

though i was a die hard spybot fan... i have been wrestling malware off systems since 2000 when no one called it spyware and 'Gator' and the like were running loose... the day when Spybot and Ad Aware and the like, and the free AV programs and the like, were effective is simply past us...

a 'clean' scan from these products may 'feel' good but it is meaningless... it in no way indicates you are even partially free of malware and viruses...

 

[RubiksMaster]

Download the program Hijack This. Have it do a scan and then post the log file here. I or someone else can tell you what items need fixing. In my experience, a combination of a virus scanner, a spyware program, and hijackthis, can fix almost any virus you are likely to get.

 

[alexb123]

Cheers everyone for the advice. Dr M I think you are right that the best option here would be a reinstall its getting clogged these days anyway. But as the computer belongs to a uni we will have to wait for the IT department to get back from the Christmas break.

So really I suppose what is need is a good patch up that will at least stop the computer crashing every half hour.

Rubik cheers for the program I here is the log. Anyone able to make sense of it? Many Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:18:18, on 22/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Novell\XTAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\assaotch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Novell\ZENworks\nalntsrv.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Novell\ZENworks\wm.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\dpmw32.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Administrator\Application Data\WinTouch\WinTouch.exe
C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\qljbwi.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Mirar - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ShowLOMControl]
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\system32\dpmw32.exe
O4 - HKLM\..\Run: [ZENRC Tray Icon] C:\WINDOWS\system32\zentray.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\Administrator\Application Data\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\qljbwi.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?2d2bb3997818465f821e77cf67524a06
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?2d2bb3997818465f821e77cf67524a06
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Program Files\Novell\ZENworks\AxNalServer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://intranet/
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1198090190902
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1181908308684
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = silsoe.cranfield.ac.uk
O17 - HKLM\Software\..\Telephony: DomainName = silsoe.cranfield.ac.uk
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = silsoe.cranfield.ac.uk
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = silsoe.cranfield.ac.uk
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = silsoe.cranfield.ac.uk
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\assaotch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\Program Files\Novell\ZENworks\nalntsrv.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Novell ZENworks Remote Management Agent (Remote Management Agent) - Novell, Inc. - C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Novell XTier Agent Services (XTAgent) - Novell, Inc. - C:\WINDOWS\System32\Novell\XTAgent.exe
O23 - Service: Workstation Manager (ZFDWM) - Novell, Inc. - C:\Program Files\Novell\ZENworks\wm.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Messenger\projyfsib.html

--
End of file - 12254 bytes

 

[Captain Kremmen]

You seem to knw your stuff Dr M.
Remember the good old days when you could just run an anti-virus program
and any problem was gone?


Is Vista any better do you think?

 

[Dr Mabuse]

You seem to knw your stuff Dr M.
Remember the good old days when you could just run an anti-virus program
and any problem was gone?


Is Vista any better do you think?

no...

it will be far worse...

if i were a malware/virus author i would be salivating like Pavlov's dogs at the thought of Vista...

 

[RubiksMaster]

I've had Vista for over a year now. Still no viruses, and no spyware / adware.

Then again, in my 2 years of XP, I only had 1 virus, which got caught and immediately removed by the resident scanner.

 

[RubiksMaster]

First of all, if you don't have Ad-Aware, you'll need to download it and make sure it is updated. Then follow these steps.

Boot into safe mode.

Ctrl-Alt-Del to open the task manager, and end these processes (if they are still running).
assaotch.exe
qljbwi.exe

Run hijack this.
Go into the config and make sure you have it set to "make backups before fixing items" (it's just one checkbox that's probably already checked by default).

Then put a checkmark next to the following items and click "fix checked":

O3 - Toolbar: Mirar - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\qljbwi.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.v bs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.v bs" (User 'Default user')
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O23 - Service: DomainService - - C:\WINDOWS\system32\assaotch.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Messenger\projyfsib.html


After that's done:

Find and delete the following files (if they exist):
C:\WINDOWS\system32\assaotch.exe
C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\qljbwi.exe
C:\Program Files\Messenger\projyfsib.html
C:\WINDOWS\MIRARSETUP_876075.EXE (or anything mirar*.exe)
C:\WINDOWS\SYSTEM\WINNB58.DLL
nn_bar*.dll
winnb*.dll
mit3.tmp

If you find that the dll files can't be deleted because it says they're in use, try this:
click start->run, and type cmd.
Then type “regsvr32 /u [dllname].dll” (e.g., regsvr32 /u winnb58.dll)

Finally, while still in safe mode, run the trend micro online virus scanner:
http://housecall65.trendmicro.com/

Also go to control panel -> internet options, and delete all your temporary internet files and cookies.

Turn off your computer. Unplug your internet cable (this is important), and boot up windows normally. Run Ad-Aware. Then run hijackthis again and see if any of those items came back. If they did, then either your problem is a bit more serious, or I missed something in the log. In that case, try fixing them again and restarting. This all may seem excessive, but if there is something still there, it could download or install a bunch of other stuff leaving you right back where you started.

Then you can plug in your internet cable again, and your system should be a lot cleaner.

 

[Captain Kremmen]

Why do people devote their time to doing this kind of thing?
It must take a lot of work, and at the end of it all, some anonymous person
has the trouble of reloading all their programs and redoing anything they have not backed up. If they targetted people or organisations, I could understand it, but what is this general hatred about?
What kind of people engage in it?

 

[MacGyver1968]

It used to be just punks wanting to pull a prank...now days, it's a money making business...many of the viruses I see on customer's computers are rogue virus scanners, where they try to scam you into buying a worthless piece of software....or collect data that can be used in identity theft.

 

[Captain Kremmen]

It used to be just punks wanting to pull a prank...now days, it's a money making business...many of the viruses I see on customer's computers are rogue virus scanners, where they try to scam you into buying a worthless piece of software....or collect data that can be used in identity theft.

Whats your advice?
Mine would be to totally avoid free porn sites.
If you want it, pay for it.

 

[John99]

It used to be just punks wanting to pull a prank...now days, it's a money making business...many of the viruses I see on customer's computers are rogue virus scanners, where they try to scam you into buying a worthless piece of software....or collect data that can be used in identity theft.

Very true, add adware to the list too.

 

[MacGyver1968]

Whats your advice?
Mine would be to totally avoid free porn sites.
If you want it, pay for it.

Almost all of those machines I mentioned, had "limewire" file sharing software installed. Many of the media files will prompt you that you need a certain codec installed. If you click yes...it installs the trojan.

Some of them, like Vundo...can be difficult to get rid of.

 

[[a-5]]

if i were a malware/virus author i would be salivating like Pavlov's dogs at the thought of Vista...

Not really, you'd just be staring at the screen, thinking of how much you could corrupt with a single virus...then you'd pop a boner.

 

[alexb123]

Rubiks many thanks for taking the time to look into this. Have now got the computer usable which is great. Will get a clean install when the IT department opens. Many thanks.

 

[John99]

Has anyone tried um, RegVac?