Problems with Kerio Firewall

[adesito]

I´ve already checked to see if I can find userinit.exe in windows\system32 but I couldnt find it (operating from OS).
I cant use cd copier in the system I´m now because of ram memory capacity (this is only 32 mb).
I got rescue disks from another computer xp and also 2 cd OS winxp prof. (same as mine) sp1 (Ithink this is also the same).
Could this help?

 

[adesito]

I copied userinit.exe from a floppy directly to windows\system32 folder through OS and it boo, I´m checking if everything is ok

AVG antivirus found the following:
- File change in C:\Windows\System32\drivers\hosts
(Acording to Windows Explorer it was modiifed 2 days ago but two avg scans after that did not detect anything)
- Infection trojan horse BackDoor.Generic3.UYZ
(Generic3.*** were various virus found by AVG some days ago just before all this mess began, including corruption of the winstock file)

Also I checked the recycle bin:
- userinit.exe was delected frome C:Windows\System32 folder not from C:\Windows
but a further look through windows explorer shows no file with that name in C:\Windows folder
If I deleted the file from the wrong folder by mistake, why it is not still found in the folder you indicated?
¿How does this explain?

I will proceed to rehide protected OS files and HJT and AVG Antispyware logs

I proceed to:
-run HJT (log5 attached)
-run AVG antispyware and proceed to quaratime and delete what found as recomended (log attached)
-run AVG antitoolkit: nothing found
-run HJT (log6 attached)

Pop up windows are still beeing blocked in IE: is that an option of the program that can be dissabled? If so, how?

 

[howard_hopkinso]

Sorry for the delay in getting back to your.

Your HJT log is now clean.

Delete all files in AVG Antispyware quarantine.

Turn off system restore.(XP/ME only) See how HERE.

Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.

It`s a good idea for popup windows to be blocked. I assume you`re running IE7`s popupblocker? If so you should be able to configure it to allow or deny popups from sites as and when you want. In other words, if the site that`s trying to open up a popup is trusted, you should be able to allow it.

Personally, I don`t use IE and prefer Firefox, which is a lot more secure.

As far as I can tell, your system looks clean.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of adesito only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[adesito]

What´s IE7`s popupblocker?
I have IE6.0

 

[howard_hopkinso]

In that case, you either need to install a popupblocker, or better still, start using Firefox.

Regards Howard

This thread is for the use of adesito only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[adesito]

OK but then who is blocking popup windows?

 

[howard_hopkinso]

It`s probably the Yahoo toolbar. It does have a popup blocker built in.

Regards Howard

This thread is for the use of adesito only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[adesito]

Yes Howard Yahoo toolbar was blocking popup windows: you can dissabled it maintaining Control key pressed.
Thanks for everything Howard, you´ve been of much help!
But still there are things I dont clearly understand:
- What I posted before about the delection of the userinit.exe file: what did I really delete? In which folder was userinit.exe before deletion? Its fairly clear this was the problem that stopped windows from loading.
- What virus or trojan or spyware was the cause of all problems? How can I be sure that it would not suddenly appear again? I am still afraid of connecting the other computer to the lan, although it has win 98se, which seems more secure.
By the way I´ll try to find out about Firefox, but is it ok for running msn (kids are doing that all the time)

 

[howard_hopkinso]

userinit.exe is normally found in the Windows\system32 folder.

Yours were found in the Windows folder and the Windows/system32/dllcache folders. They had obviously been placed there by some kind of malware, which had also deleted your original userinit.exe file. When we deleted your rogue userinit.exe files, windows was no longer able to boot, because it`s own legit userinit.exe file had been removed by the malware.

Take a look at this thread HERE. It`ll show you how you can make your system more secure.

MSN shouldn`t be a problem in Firefox as far as I`m aware.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of adesito only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.