My Internet Explorer started generating an error message(which varies occasionally in text) like the one posted below and on the next boot, my entire system started up fine but before my AV Guard started up it seems to have rendered all my desktop files inoperable and the Start Menu won't do anything(the cursor turns to the hourglass).
I ran scans in Safe Mode and Ad-Aware & AV both picked up on a couple of infections, I found a couple of suspect entries on Hijack This(I have some limited knowledge and it's all backed up!) but even in Safe Mode the Internet Explorer error message comes up and it still won't do anything in normal mode(and explorer.exe won't close comes up when I shut down from normal mode) unless I use task manager without Browsing(I have run everything again using the Command Paths this way and they can't see anything!!!).
As you can see I am stumped and in dire need of help, my log file is below. Thanks in advance
Logfile of HijackThis v1.99.1
Scan saved at 14:56:21, on 03/07/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\Colm's AV Files\hijackthis\HijackThis.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
Just as an extra note to this when I was trying to track this problem down I came across a definition of Worm/Deborm.R.3 in my AV Definition library which sounded like a variant on my problem, I did find two copies of iexplore.exe in different folders and replaced one with the other but I also found two copies of explorer.exe. I don't know if this is supposed to be the case but I'm worried about using HJT to delete this in case it renders the system completely inoperable!!
Edited by cosmidnight, 04 July 2005 - 03:45 PM.