Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Need help removing stuff that Ewido can't [RESOLVED]


  • This topic is locked This topic is locked

#16
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
We almost made it out of the woods too :tazz:

OK, let's see what else if wrong here. Try this first:
Go to Start->Run and type in sfc /scannow and hit OK. Let it scan. If it finds any files missing/corrupted, it may ask for the Windows CD.

See if that fixes anything and test out Panda and the search window.

If that doesn't do it, run this scan:

Please empty any Quarantine folder in your antivirus program and purge all recovery items in the Spybot program (if you use it) before running this tool.

CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp!. Download CleanUp! http://cleanup.stevengould.org/ (Alternate Link if main link don't work - http://www.greyknigh...spy/CleanUp.exe ) and install it. Run CleanUp! and click on the Options button. Uncheck 'Scan local drives for temporary files'. Also uncheck those two Newsgroup entries if you don't want to delete them. Click OK and then click on the CleanUp! button. Let it run. After it's done, choose Yes to logoff.

Download the Mwav virus checker at http://www.mwti.net/antivirus/mwav.asp (Use Link 3)

1. Save it to a folder.
2. Reboot into Safe Mode.
3. Double click the Mwav.exe file. This is a stand alone tool and NOT just a virus checker......so it won't install anything.
4. Select all local drives, scan all files, and press SCAN. When it is completed, anything found will be displayed in the lower pane.
5. In the Virus Log Information Pane......
Left click and highlight all the information in the Lower pane --- Use &CTRL C &on your keyboard to copy everything found in the lower pane and save it to a notepad file
*Note* If prompted that a virus was found and you need to purchase the product to remove the malware, just close out the prompt and let it continue scanning. We are not going to use this to remove anything...but to ID the bad files.

Once you copy that to a Notepad file...highlight the text and copy it here.
  • 0

Advertisements


#17
david_s

david_s

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
I ran sfc. After that I can regsvr32 jscript.dll, but not vbscript.dll.

Search window now looks ok. PandaSoftware ActiveScan still doesn't run.

I ran cleanup and mwav and attached the mwav log.

Attached Files

  • Attached File  mwav.txt   348.82KB   685 downloads

  • 0

#18
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer and uncheck the same box to enable System Restore.

Download KillBox http://www.greyknigh...spy/KillBox.exe. Run KillBox and check the box that says 'End Explorer Shell While Killing File'. Next click on 'Delete on Reboot'. Copy the below files and go back to KillBox. Go to File->Paste from Clipboard and then hit the button with a red circle and white X. Confirm to delete and when asked if you want to reboot, say no:

C:\WINDOWS\system32\neo{56D0586E-787C-4484-892E-C8822BC0AA43}0115.dll
C:\WINDOWS\sys154.exe
C:\WINDOWS\sys156.exe
C:\WINDOWS\sys16.exe
C:\WINDOWS\sys160.exe
C:\WINDOWS\sys163.exe
C:\WINDOWS\sys165.exe
C:\WINDOWS\sys17.exe
C:\WINDOWS\sys2237.exe
C:\WINDOWS\sys2240.exe
C:\WINDOWS\sys2242.exe
C:\WINDOWS\sys3159.exe
C:\WINDOWS\sys328.exe
C:\WINDOWS\sys3617.exe
C:\WINDOWS\sys3618.exe
C:\WINDOWS\sys3912.exe
C:\WINDOWS\sys3926.exe
C:\WINDOWS\sys3934.exe
C:\WINDOWS\sys561.exe
C:\WINDOWS\sys564.exe
C:\WINDOWS\sys565.exe
C:\WINDOWS\sys611.exe
C:\WINDOWS\sys618.exe
C:\WINDOWS\sys68.exe
C:\WINDOWS\system32\csrss.dll
C:\WINDOWS\system32\djkbaaaa.exe
C:\WINDOWS\system32\tslaal32.dll
C:\Documents and Settings\All Users\Application Data\IEService\v28.exe
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchYexe1.zip
C:\Documents and Settings\Guest\Local Settings\Application Data\u.exe
C:\Program Files\Common Files\Java\flnclean.exe
C:\WINDOWS\Downloaded Program Files\imloader.exe
C:\WINDOWS\system\QUASI.EXE


Delete these folders if found:

C:\Program Files\Aprps\
C:\Program Files\bpc_search\
C:\Program Files\SearchAssistant4\


Restart. Try running Panda.
  • 0

#19
david_s

david_s

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
OK, I turned system restore off, rebooted, and turned it back on.

I used KillBox to delete that list of files. I also deleted that extra list of folders.

Unfortunately, Panda still doesn't run. The good news is that the explorer "Search" function does work.

jscript.dll registers sucessfully, vbscript.dll doesn't.
  • 0

#20
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
I''m not sure what is causing this anymore. What happens when you run Panda again? Does it freeze or show anything at all?

Try going into safe mode and running another Ewido scan. Save the log and restart your computer. Post that log here.
  • 0

#21
david_s

david_s

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
When I run Panda, it asks me if I want to install the ActiveX component, I say "yes", then if just sits there (for hours).

A safe mode Ewido scan is clean.
  • 0

#22
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
OK, I'm not sure what's wrong here anymore, but let's give this a try. Download this program and install it. Then run it and look for the Panda ActiveScan entry. Is it enabled? Click on it and click on the Green button on top left corner. Try running Panda.

Run mwav and post a new log for that again.
  • 0

#23
david_s

david_s

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
I ran the ActiveX Compatibility Manager but didn't see anything that said "panda" or "activescan" or anything that looked close.

My theory is that not being able to register vbscript.dll is part of the problem (of course I could be quite wrong).

I'm running mwav now and will post a log later.
  • 0

#24
david_s

david_s

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Here's the new mwav log file.

Attached Files


  • 0

#25
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
That vbscript is used to run VB script files. I don't think Panda needs that. I could be wrong also :tazz: So far, I haven't figured out why some users are having this problem. My only guess is that malware/spyware might be doing this.

Let's see that mwav log when you are ready.
  • 0

Advertisements


#26
david_s

david_s

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
I've posted the mwav log just as you posted this.

I went searching for vbscript.dll on this system and found that the version in c:\windows\system32 matched my WinXP SP2 system. However, the version in c:\windows\system32\dllcache was different. I didn't have that on my WinXP SP2 system so I deleted it. But after a reboot, I still can't register vbscript.dll (I get error 0x80004005).

I've found something else wrong with this system that may (or may not) give you a clue. I decided to check the security settings. When I bring up the Security Settings control panel applet and pick "Windows Firewall", I get the following error message:

"Due to an unidentified problem, Windows cannot display Windows Firewall settings".

Does that point you anywhere?
  • 0

#27
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
I'm not sure if you should be deleting that file in the dllcache. Windows usually saves a good copy of a system file in there. Probably try asking this and the Security Center question in the Windows Forum. See if it's a Windows problem.

Let's try this:

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer and uncheck the same box to enable System Restore.

Make sure you uncheck that box before proceeding any further.

*Download RegSeeker http://www.hoverdesk.net/freeware.htm and install it.
*Click on 'Clean The Registry' in the left panel.
*Check all boxes (make sure the backup box in the lower left corner is selected!).
*After it runs, click 'Select All' on the bottom. Then right-click on any selected item in the window and select 'Delete Selected Items'.
*Click 'Quit RegSeeker'.

Now, open any of your installed programs, and make sure that everything opens ok. If so, reboot, then go back and run RegSeeker again. Do the same thing again if anything is found. You may have to run RegSeeker 5 - 6 times, but you want it showing none to very few items.

*Make sure to reboot between each use of the program.


Update Ad-aware, Spybot and Ewido if there are any updates for them. Boot into Safe Mode. Run those programs again (use Ewido last). Save the Ewido log.

Run the CleanUp! program you downloaded earlier ago.

Restart and run a new mwav scan. Post the log along with the Ewido log.

Does Panda work now?
  • 0

#28
david_s

david_s

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Well, because my friends were getting impatient, I ended up copying everything off, reformatting, reinstalling XP, and copy data files back on.

Thanks again for all the help.

We were so close...
  • 0

#29
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP