Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

virus:application/restart [CLOSED]


  • This topic is locked This topic is locked

#1
rivrplay

rivrplay

    New Member

  • Member
  • Pip
  • 4 posts
Hi,
New to the site. Hope someone can help. Have a win98 system that blue screened last week. When I tryed to reboot it would only come up in safe mode. Tried several adware and virus scans. Never could get it back so I reformated and reloaded window. The computer ran one week and blue screened again. Same situation, computer will only boot in safe mode. Have reformated and reloaded windows again. I found this site and this time, before loading any other software, I followed the first timer instructions. I did the cleanup, adaware, cwshredder and spybot. I then went to Panda for their online virus scan. It came back with two files infected with "VIRUS: APPLICATION/RESTART". but it would not disinfect. So then I went to install Hijac This so I could post my log here but it won't load. I get a message that MSVBVM60.dll was not found. Anyone have any suggestions? Thanks
  • 0

Advertisements


#2
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Welcome to GTG.

Did you delete those two infected files that it couldn't disinfect?

For HijackThis, you are missing the library to load this program properly. Do a search for MSVBVM60.dll on Google and you should find it (usually on dll-files site). Get it and copy it to your system folder. Now run HijackThis.
  • 0

#3
rivrplay

rivrplay

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thanks for responding. I tried to delete the two files "C:\WINDOWS\SYSTEM\Tools\Restart.exe" and "C:\WINDOWS\TEMP\pav2130.TMP" . I could not find the restart.exe file. I have also run HijackThis. My log follows:

Logfile of HijackThis v1.99.1
Scan saved at 10:45:17 AM, on 7/23/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\DESKTOP\DOWNLOADS\VIRUS\HIJACKTHIS\HIJACKTHIS.EXE

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivi...n/ravonline.cab


Thanks again

Edited by rivrplay, 23 July 2005 - 08:56 AM.

  • 0

#4
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
The log is clean here.

So restart.exe does not exist right?

OK, right click on My Computer->Properties->Device Manager and see if you can locate any suspicious entries (exclamation or yellow mark entries). If so, there is a problem with that hardware/device.

If nothing is found, try asking this in the Windows 98 forum. It doesn't seem to be virus related anymore. Might be Windows or some other hardware.
  • 0

#5
rivrplay

rivrplay

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
The file windows\system\tools\restart.exe does exist. Turns out I was not viewing the hidden files the first time. I also ran a MWav and the restart.exe showed along with a few others. The results follow....

Object "isearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D3B1DE00-6B94-1069-8754-08002B2BD64F}" refers to invalid object "C:\WINDOWS\SYSTEM\disktool.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B0693766-5278-4ec6-B9E1-3CE40560EF5A}" refers to invalid object "CaPlgin.ax". Action Taken: No Action Taken.
Entry "HKCR\Overview.Document" refers to invalid object "{DA23B9C9-6893-11D0-8534-00C04FD7AD0C}". Action Taken: No Action Taken.
Entry "HKCR\TSHOOT.TSHOOTCtrl.1" refers to invalid object "{4B106874-DD36-11D0-8B44-00A024DD9EFF}". Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM\Tools\Restart.exe tagged as not-a-virus:Tool.Win32.Destart. No Action Taken.
File C:\WINDOWS\COMMAND\EBD\EBD.CAB tagged as not-a-virus:Tool.DOS.Restart. No Action Taken.
File C:\Program Files\Online Services\AT&T\ATTSETUP.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
  • 0

#6
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Download CCleaner and install it. Run it and go to the Issues button. Run a scan. Once it shows you the invalid entries, check and fix all those issues in the registry.

Are you still having any problems now?
  • 0

#7
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP