[freebird53]

Here are the results of that test:

This is a report processed by VirusTotal on 06/27/2005 at 00:48:35 (CET) after scanning the file "WININET.DLL" file.
Antivirus Version Update Result
AntiVir 6.31.0.7 06.24.2005 no virus found
Avira 6.31.0.7 06.24.2005 no virus found
BitDefender 7.0 06.27.2005 no virus found
ClamAV devel-20050501 06.27.2005 no virus found
DrWeb 4.32b 06.26.2005 no virus found
eTrust-Iris 7.1.194.0 06.26.2005 no virus found
eTrust-Vet 11.9.1.0 06.24.2005 no virus found
Fortinet 2.36.0.0 06.27.2005 no virus found
Ikarus 2.32 06.26.2005 no virus found
Kaspersky 4.0.2.24 06.27.2005 no virus found
McAfee 4521 06.24.2005 no virus found
NOD32v2 1.1155 06.26.2005 no virus found
Norman 5.70.10 06.23.2005 no virus found
Panda 8.02.00 06.26.2005 no virus found
Sybari 7.5.1314 06.27.2005 no virus found
Symantec 8.0 06.26.2005 no virus found
TheHacker 5.8.2.059 06.25.2005 no virus found
VBA32 3.10.4 06.26.2005 no virus found

[Advertisements]

the computer seems to be running much better now....not sure whats left on there though

[freebird53]

the computer seems to be running much better now....not sure whats left on there though

[g2i2r4]

As long as you cannot boot to safe mode, stay online for as long as you want etc. there is something wrong.

please download this trail AntiVirus (KAV):
http://www.kaspersky...uctupdates.html

Follow the instructions to get a trail key.

You will need to disable your current AV to be able to use KAV.

Let it scan and remove what it finds. Make sure to save me the results

I'll be back tomorrow.

[freebird53]

ok...and once again...Thanks so much...you've been a great help!

[freebird53]

I'm not sure what this virus is on here anymore but I downloaded the KAV antivirus software and something was keeping me from getting updates. I ran the scan with the program without the updates and this is what it found:

infected objects that couldnt be cleaned:
C:\WINNT\WMSysPrx.prx
C:\Documents and Settings\Administrator\Application Data\spweng\8594218.dat

Something is stopping me from getting updates on programs in these files and I'm not sure what it is

[g2i2r4]

Please download and unzip
About:Buster to a folder. Inside the folder is a readme file that has instructions on the use of the program.
AboutBuster MUST be updated before you use it.
Start AboutBuster, click the update button, check for update, drag the box to the side and hit download updates, close the box . Don't run it yet.

***

Download and unzip cwsserviceremove to your desktop. use either link below:
http://computercops....ownload&id=3002
http://www.mytechsup...rviceremove.zip

***

Download http://cwshredder.ne.../CWShredder.exe

***

Run About:Buster. This will scan your computer for the bad files and delete them.
Please run About:Buster:

• Click Start and then OK to allow About:Buster to scan for Alternate Data Streams.
• Click Yes to allow it to shutdown explorer.exe.
• It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
• When it has finished, click Save Log. Make sure you save it as I may need a copy of it later.
• Reboot your computer

Run About:Buster again following the same instructions as above, this time without the restart at the end.

Save the report (copy and paste into notepad or wordpad and save as a .txt file) and post a copy back here when you are done with all the steps.

***

Double click on the cwsserviceremove and when asked to merge say yes.

***

Run CW-Shredder - Hit the FIX button - let it run and fix what it finds.

***

Double-click on Killbox.exe to run it. Place the following lines (complete paths) in bold in the "Full Path of File to Delete" box in Killbox, and click the red button with the white X on it after each

C:\WINNT\WMSysPrx.prx
C:\Documents and Settings\Administrator\Application Data\spweng\8594218.dat

For these file, put a mark next to "Delete on Reboot". Copy and paste each file into the file name box, then click the red button with the X after each. It will ask you if you want to reboot each time you click it, answer NO until after you've pasted the last file name, at which time you should answer Yes.

***

Reboot the computer.

***

See if you can do this:
go to start - run
type sfc /scannow [note the space between sfc and /scannow]
press OK.

Please keep giving me as much information as you can.

[freebird53]

I haven't done the above yet but wanted to give you an update on what is going on since I was online downloading the KAV file (I'm dial up and it took 30 mins to download the file).

I can't access any system folders now. I can't scan my harddrive for errors. If I try to go into Net Bios it doesnt give me an option to change my boot sequence to reformat the harddrive. I still can't get a c: prompt nor go into Safe Mode. I can't boot from the IBM Product Recovery Disc. I'm not allowed to get any updates online. After the computer sits idle for several minutes, all of the icons disappear on the desktop. I can change the desktop but I don't think it changes to the original desktop in Windows 2000 when (none) is selected. So what alternative choices do I have if I am not able to get online and receive updates?

Here is my HiJack This log:

Logfile of HijackThis v1.99.1
Scan saved at 10:36:00 PM, on 06/26/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\hkcmd.exe
C:\WINNT\System32\LXSUPMON.EXE
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Administrator\Desktop\for john\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINNT\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKCU\..\Run: [SPYKILLER] C:\Program Files\Anonymizer\sk\SpyWareKiller.exe /BOOT /SCAN
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDACCESS_1060.dll,InstantAccess
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: updater.lnk = C:\Program Files\Common Files\updater\wupdater.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1604DF98-D1A5-44FE-844A-98D6FD0518D0} - http://akamai.downlo...ACCESS_1060.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots....SDownloader.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINNT\system32\PsaSrv.exe (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

[freebird53]

Ok, I did the above and when I went online I got the exact same error box popup that I did when trying to download the KAV updates "Error occurred with update" so I guess something has been fixed now that wont let me get any updates at all.

[g2i2r4]

Can you please try to do this without the updates?

A bunch of files should be found and deleted.

[freebird53]

Unfortunately, my friend came and picked up his computer today and is taking it in to a computer shop. I won't be volunteering any more help like that again...lol.....I'm sorry that I have no scan results to show you as this was unexpected. You have been a tremendous help G2i2R4....thanks so much...hugsssssssssssssssss. I know where I'll be coming if (big IF) I have anymore problems on my own computer.....I would like to have followed this through, but wasn't my choice......Thanks again!!!!!!!!!!!!!!!

[g2i2r4]

Thanks for the feedback, pitty we can't see it through.

Guess the shop will charge him bigtime.

Let me know what they did, if you can.

It was pleasure working with you.