TechSpot

norton, task manager won't start, anyplace i type "V i r u s" (including here) closes

By mintaddict
Jan 1, 2004
  1. tirwin88

    tirwin88 TS Rookie Posts: 17

    Have you tried editing the registry? Look for some of those .exe files that you mentioned earlier and delete them from the registry.
     
  2. tirwin88

    tirwin88 TS Rookie Posts: 17

    Also this looks as if you have the W32/Bodiru-A worm. There is a fix you can try for this. If you cannot access Norton then try Sophos.com

    They have a complete breakdown of this worm.

    Hope this helps

    Tina
     
  3. XtR-X

    XtR-X TS Rookie Posts: 1,040

    Your computer seems like a huge mess. I'd go with reformating, that's the very best way. Just make sure you disconnect your means of the internet from the PC.

    Reformatting is also good in a sense that your PC get's a "Fresh start".

    And before connecting to the internet, install anti-virus and a firewall. And then the first time you connect to the internet, make it your priority to first download updates to the software.
     
  4. Gnapp

    Gnapp TS Rookie

    Same problem

    I have almost the same problem as mintaddict. The computer is extremely slow, as if the CPU is working very hard. But I can't open the Task Manager (sometimes I see it for a second before it closes), I can't use ctrl+alt+del and I can't open the registry. I've scanned the discs with a couple of different anti-virus-programs (including Stinger), but no viruses are found. Very frustrating.
     
  5. Scol

    Scol TS Rookie Posts: 140

    Wow, sounds like a pretty vicious virus/worm. I understand your concerns for trying to save all of your backed up data as I've been there at a time with a different virus. Does anyone understand how it works yet? Does it attach itself to .exe's or something like that?

    How about running msconfig in the run bar. Can you edit your startup programs before the window closes on you?

    How is your computer set up? Do you only have C:\ or is your HD divided into partitions, or do you have multiple hard drives? I'm thinking if you have a spare computer around, you could maybe link up your hard drive to that spare computer, make sure that the system already has good virus protections installed, and then do a virus scan on that infected hard drive from a clean Windows. Only risk in that is that it could spread to your clean drive, and thats why I stress you to have the most up to date virus definitions and full blown protection on all your crap. Don't run any program from within the infected drive, and don't even access folders in it. Just choose the drive and let your Virus scan program scan it.
     
  6. mintaddict

    mintaddict TS Rookie Topic Starter Posts: 18

    i have managed to run the latest virus scans online in safe mode (where v irus does not seem to appear) and it comes up with nothing. msconfig will only run in safe mode, but i do not see anything suspicious in it. i tried the diagnostic startup, which removes everything in the different lists and ini files and whatnot, but it still somehow loads the vi rus or whatever it is.
     
  7. Spike

    Spike TS Rookie Posts: 2,371

    Do any of you have a second HDD with unpartitioned space on it?

    If so, use that space to install a fresh copy of windows. From there, you can access the other partitions to save data (be careful to scan it for virii before using it). Otherwise, you could install an AV on this fresh installation and scan with that. This should work, as anything starting up with your current installation shouldn't start on a fresh one.

    Other than that, has anybody tried rebuilding their Master Boot Record in the Recovery console (XP)? It could be a virus residing in the mbr.
     
  8. StormBringer

    StormBringer TS Rookie Posts: 2,871

    try a AV scan with a heuristic scan mode, this will find more stuff than a basic scan will, since it not only compares files with a definition file, it also compares properties of the file and can find virii that have yet to be identified(it can also turn up quite a few false positives so be careful) At this point I'd also try spyware removers, since your problem vaguely reminds me of something I had once(it popped open an IE window with ads when I typed specific words) not exactly the same, but it is close enough that I would try it.
    You can also go to the Registry link in my signature, read the guide and look through the registry for anything suspicious(use caution when doing that)
     
  9. mintaddict

    mintaddict TS Rookie Topic Starter Posts: 18

    i give up, my computer is unfixable
     
  10. MrGaribaldi

    MrGaribaldi TechSpot Ambassador Posts: 2,802

    Well, one last longshot...

    Try with another PSU...
    I've had some similar problems with a computer at work,and last night the PSU just died... Installed a new one, and hasn't had any problems yet...

    It never looked like a PSU fault, but rather virus, as it died when norton loaded, didn't like visiting certain anti-virus sites, changed text-formats in documents...
    But now everything is peachy :)
     
  11. mintaddict

    mintaddict TS Rookie Topic Starter Posts: 18

    i found the problem program... wininit32, but im not sure this if this is a system file or not. is it safe to delete?
     
     
  12. StormBringer

    StormBringer TS Rookie Posts: 2,871

  13. Per Hansson

    Per Hansson TS Server Guru Posts: 1,932   +126 Staff Member

  14. mintaddict

    mintaddict TS Rookie Topic Starter Posts: 18

    ok, so i fixed the virus and removed everything, but i cant open regedit because "Registry editing has been disabled by you administrator."
     
  15. Per Hansson

    Per Hansson TS Server Guru Posts: 1,932   +126 Staff Member

    Do what I said above and post back the info it finds
     
  16. mintaddict

    mintaddict TS Rookie Topic Starter Posts: 18

    nevermind, i fixed it all
     
  17. SNGX1275

    SNGX1275 TS Forces Special Posts: 12,635   +321

    Would you mind telling us how you got it fixed?
     
  18. conradguerrero

    conradguerrero TS Rookie Posts: 357

  19. MrsEmmaPeel

    MrsEmmaPeel TS Rookie

    Can someone help me? (Norton 2004 won't install)

    I'm in a situation where my Dad's computer (Xp box) will not install Norton 2004. He had Norton 2003, but clearly something must have happened to system. 2004 would not install on top of 2003. So, we removed 2003 completely (from Add/Remove Programs), and tried again. No luck. 2004 will not install. We've checked his disk (optimization/defrag).

    Does anyone have any suggestions?
     
  20. Per Hansson

    Per Hansson TS Server Guru Posts: 1,932   +126 Staff Member

    There is a special program that removes NAV that you can download from symantec... Sorry it's name escapes me... It's on their site but I found it via google
     
  21. Sul...

    Sul... TS Rookie

    Dude I did what you said and for the cmd I get

    Active Connections

    Proto Local Address Foreign Address State

    For Hijack I get this

    Logfile of HijackThis v1.97.7
    Scan saved at 00:26:04, on 21/01/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\WINDOWS\system32\crypserv.exe
    C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exeC:\Documents and Settings\Jameella\Local Settings\Temporary Internet Files\Content.IE5\0DWD6LK1\HijackThis[1].exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homeschool.batcave.net/Quran/suratulmulk2.htm
    O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
    O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
    O2 - BHO: WebBlinds - {4F92B827-1E56-4E30-A978-A17A7861A606} - C:\Program Files\Object Desktop\WebBlinds\WebBlinds.dll
    O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
    O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar.dll
    O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar.dll
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - (no file)
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
    O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
    O4 - HKCU\..\Run: [Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID {DA9935BA-22F7-44ee-BD12-BD8B87700BEA}
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O8 - Extra context menu item: AltaVista Search - file://C:\Program Files\Dynamic Toolbar\ALTAVISTA\Cache\SelectedContextSearch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Translate - file://C:\Program Files\Dynamic Toolbar\ALTAVISTA\Cache\SelectedContextTranslation.htm
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Create Mobile Favorite (HKLM)
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
    O9 - Extra button: Research (HKLM)
    O9 - Extra button: FlashGet (HKLM)
    O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
    O9 - Extra button: Grab (HKLM)
    O9 - Extra 'Tools' menuitem: Grab... (SmartGrabber) (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://F:\SuperCD\IntraLaunch.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

    and for Startup I get this...

    StartupList report, 21/01/2004, 00:26:37
    StartupList version: 1.52
    Started from : C:\Documents and Settings\Jameella\Local Settings\Temporary Internet Files\Content.IE5\QJQ9O5S3\StartupList[1].EXE
    Detected: Windows XP SP1 (WinNT 5.01.2600)
    Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    * Using default options
    ==================================================

    Running processes:

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\WINDOWS\system32\crypserv.exe
    C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    E:\3dsmax6\sfmgr\sfmgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Athan\Athan.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\msiexec.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Jameella\Local Settings\Temporary Internet Files\Content.IE5\0DWD6LK1\HijackThis[1].exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\Jameella\Local Settings\Temporary Internet Files\Content.IE5\QJQ9O5S3\StartupList[1].exe

    --------------------------------------------------

    Checking Windows NT UserInit:

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINDOWS\system32\userinit.exe,


    Continued>>>
     
  22. Sul...

    Sul... TS Rookie

    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    E:\3dsmax6\sfmgr\sfmgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Athan\Athan.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\msiexec.exe
    C:\Program Files\Internet Explorer\iexplore.exe

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    Athan = C:\Program Files\Athan\Athan.exe
    NAV CfgWiz = C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
    MSConfig = C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    SmcService = C:\PROGRA~1\Sygate\SPF\smc.exe -startgui



    ----------------------------------------------------------------------------------------------------

    Load/Run keys from C:\WINDOWS\WIN.INI:

    load=*INI section not found*
    run=*INI section not found*

    Load/Run keys from Registry:

    HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
    HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
    HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
    HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
    HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
    HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
    HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
    HKCU\..\Windows NT\CurrentVersion\Windows: load=
    HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=wbsys.dll

    --------------------------------------------------

    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

    Shell=*INI section not found*
    SCRNSAVE.EXE=*INI section not found*
    drivers=*INI section not found*

    Shell & screensaver key from Registry:

    Shell=Explorer.exe
    SCRNSAVE.EXE=C:\WINDOWS\System32\sspipes.scr
    drivers=*Registry value not found*

    Policies Shell key:

    HKCU\..\Policies: Shell=*Registry key not found*
    HKLM\..\Policies: Shell=*Registry value not found*

    --------------------------------------------------


    Enumerating Browser Helper Objects:



    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    McAfee.InstantUpdate.Monitor = "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
    Norton SystemWorks = C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID {DA9935BA-22F7-44ee-BD12-BD8B87700BEA}
    ctfmon.exe = C:\WINDOWS\System32\ctfmon.exe
    MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
    MessengerPlus2 = "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
    msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

    (no name) - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL - {00A6FAF1-072E-44cf-8957-5838F569A31D}
    (no name) - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    mwsBar BHO - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL - {07B18EA1-A523-4961-B6BB-170DE4475CCA}
    WebBlinds - C:\Program Files\Object Desktop\WebBlinds\WebBlinds.dll - {4F92B827-1E56-4E30-A978-A17A7861A606}
    NavErrRedir Class - (no file) - {5D60FF48-95BE-4956-B4C6-6BB168A70310}
    Web assistant - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll - {9ECB9560-04F9-4bbc-943D-298DDF1699E1}
    (no name) - C:\PROGRA~1\FlashGet\jccatch.dll - {A5366673-E8CA-11D3-9CD9-0090271D075B}
    (no name) - c:\windows\googletoolbar.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
    (no name) - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll - {AE7CD045-E861-484f-8273-0445EE161910}
    NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    Norton AntiVirus - Scan my computer.job
    Norton SystemWorks One Button Checkup.job
    Symantec Drmc.job
    Symantec NetDetect.job
    {84D3F799-0672-432E-9390-47006CC4DEB8}_PC_Sul.job

    --------------------------------------------------

    Enumerating Download Program Files:

    [Shockwave ActiveX Control]
    InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

    [Symantec AntiVirus scanner]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\avsniff.dll
    CODEBASE = http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab

    [{33564D57-0000-0010-8000-00AA00389B71}]
    CODEBASE = http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

    [Symantec RuFSI Utility Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\rufsi.dll
    CODEBASE = http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

    [FileSharingCtrl Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\fsmsngr-en.dll
    CODEBASE = http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab

    [MessengerStatsClient Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll
    CODEBASE = http://messenger.zone.msn.com/binary/MessengerStatsClient.cab

    [ActiveScan Installer Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll
    CODEBASE = http://www.pandasoftware.com/activescan/as5/asinst.cab

    [IntraLaunch.MainControl]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\INTRALAUNCH.OCX
    CODEBASE = file://F:\SuperCD\IntraLaunch.CAB

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    [MSN Chat Control 4.5]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\MSNChat45.ocx
    CODEBASE = http://chat.msn.com/bin/msnchat45.cab

    --------------------------------------------------

    Enumerating Winsock LSP files:

    NameSpace #4: C:\WINDOWS\system32\pnrpnsp.dll
    NameSpace #5: C:\WINDOWS\system32\pnrpnsp.dll

    --------------------------------------------------

    Enumerating ShellServiceObjectDelayLoad items:

    PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
    CDBurn: C:\WINDOWS\system32\SHELL32.dll
    WebCheck: C:\WINDOWS\System32\webcheck.dll
    SysTray: C:\WINDOWS\System32\stobject.dll

    --------------------------------------------------
    End of report, 9,376 bytes
    Report generated in 0.187 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only



    Baring in mind, all this is fromthe wifes account as mine is just shagged even more.

    I have found Sdbot.worm.gen virus but I think Stinger got rid of that I also have the wininit32.exe that the other dude was on about.

    Please help on the situation, this PC is my life line and without it I will have to do things like go out and socialise :dead:

    Thanks
     
  23. frozen-flame

    frozen-flame TS Rookie

    Man you guys take such a simple little virus and turn it into a huge rummage through this guys whole computer and command prompt. I got the easiest solution for your problem mint. First things first, you have a virus called "Lirva" it is a newer one that disable all AV programs and anything that had the words such as "Virus" or "Anti" in it like you have described. I have the simple fix here for you at this site.
    http://www.bullguard.com/antivirus/vi_lirva.aspx
    Try this site out, just simply scroll down a bit and download the fix for it. Good luck.
     
  24. MrsEmmaPeel

    MrsEmmaPeel TS Rookie

    Many thanks for your suggestion! I'll give that a try.
     
  25. frozen-flame

    frozen-flame TS Rookie

    How did that work out for you?
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.