David
Sat Jun 26 09:07:24 CDT 2004
thanks. very helpful.
"PA Bear" <PABear@mvps.org> wrote in message
news:OHU2bJ1WEHA.1144@TK2MSFTNGP10.phx.gbl...
> 1. Download and run Stinger (
http://vil.nai.com/vil/stinger/); then...
>
> 2. Update your virus definitions, enable Show Hidden Files
>
(
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2002092715262339)
> and then run a full system scan in Safe Mode
>
(
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406)
> with nothing else running in background. Note the files identified and
> removed then find the corresponding page for the file at your AV maker's
> online support pages (e.g.,
>
http://securityresponse.symantec.com/avcenter/venc/data/adware.winfavorites.html)
> and follow all Removal steps.
>
> WinXP Only (WinME similar): If this scan finds anything, create a new
> Restore Point then Disk Cleanup > More options > Delete all but the most
> recent Restore Point.
>
> Check your system for other "hijackware":
>
> Help with Hijackware
>
http://aumha.org/a/parasite.htm
>
http://aumha.org/a/quickfix.htm
>
http://mvps.org/winhelp2002/unwanted.htm
>
http://inetexplorer.mvps.org/Darnit.htm
>
> CoolWebSearch Chronicles
>
http://www.spywareinfo.com/~merijn/cwschronicles.html
>
> Run these tools in the following order with nothing else running in
> background:
>
> 1. CWShredder (fix all found)
>
> 2. Ad-Aware (fix all found)
>
> 3. Spybot (RTFM but generally fix everything in red)
>
> Important: You *must* seek updates for Ad-Aware, Spybot, etc., before each
> and every use, even "right out of the box". But even they can't catch
> everything, 24/7. When all else fails, HijackThis
> (
http://www.spywareinfo.com/~merijn/files/HijackThis.exe) is the preferred
> tool to use. It will help you to both identify and remove any
> hijackware/spyware. **Post your files to
http://forums.spywareinfo.com/
or
>
http://forum.aumha.org/viewforum.php?f=30 for expert analysis, not here.**
>
> [Alternate download pages for many of the above tools may be found at
>
http://aumha.org/a/parasite.htm.]
>
> So How Did I Get Infected Anyway?
>
http://boards.cexx.org/viewtopic.php?t=957
> --
> HTH - Please Reply to This Thread
>
> ~Robear Dyer (PA Bear)
> MS MVP-Windows (IE/OE), AH-VSOP
>
> AumHa Forums
>
http://forum.aumha.org
>
> What You Should Know About Spyware
>
http://www.microsoft.com/mscorp/twc/privacy/spyware.mspx
>
> Jacky Yau wrote:
> > It sounds like your explore.exe is already crashed by the
> > virus/trojan. I will suggested to do a restore by Windows
> > XP CD.
> >
> > Since I guess some of the files there is hidden or it may
> > resistance on the IE cookies/plug-in. Another method is
> > try to remove it by hand on those C:\WINNT/Downloaded
> > program files\*.*, you may also check if there have any
> > program running by checking Task Manager. You have to
> > delete the programs you feel it should not exist on
> > msconfig, autoexec, WINNT.INI and all windows startup
> > files.
> >
> > Actually restore is the last sort to sloving problems. If
> > it still cannot fix your problem, you may need to
> > reinstallit.
> >> -----Original Message-----
> >> For the past two days I tried to get rid of several pesky
viruses/trojans
> >> that apparently messed up my machine and kept returning on reboot.
> >>
> >> I'm running XP and turned off System Restore, then rebooted in Safe
Mode,
> >> then ran my AV program, and deleted the "Trojano" worm and a few other
> >> viruses, like the "DyfucDldr" variety.
> >>
> >> I think I'm now virus, trojan, worm, and adware-free, but the damage
> >> seems to have been done:
> >>
> >> First, I can't open programs from my desktop, like IE or Ad-Aware, or
> >> Real Audio. The system just hangs and the hourglass icon stares at me.
> >> CTL-ALT-DEL doesn't work...it either freezes the computer or I get an
> >> error message saying there is something wrong with the program and
> >> asking me to send a report to Microsoft.
> >>
> >> Second, there is no audio on the computer anymore. The files for all
of
> >> the Windows sounds are missing -- there is no
> > C:/WINDOWS/MEDIA folder anymore.
> >> Instead, in Control Panel, the icons for each sound show a path that
> >> begins with "%System Root%" and I get a message that the file can't be
> >> located. The same is true of all the other program sounds, for Real
> >> Audio, my anti-virus alerts, etc. (I checked and nothing is muted.)
> >>
> >> Finally, I noticed the Startup list after
> > running "msconfig" shows a couple
> >> strange ".exe" files, for example, "Nye42.exe". This box is checked
like
> >> all the others, and it says the location is in the C:/Windows folder,
> >> but I did a search for it and there is no such file found on my
> >> computer. I unchecked this from the Startup list, but the two problems
> >> noted above still exist.
> >>
> >> I'm afraid whatever got me really got me good and I have no idea how to
> >> recover from this.
> >>
> >> Any suggestions would be appreciated. I've done a web search (on my
> >> other computer) and reviewed the bulletin board threads. I think I've
> >> done everything I've read to get rid of the nasties, I just don't know
> >> how to restore the system to an operational mode.
> >>
> >> I am thinking of restoring the "System Restore" function and going back
a
> >> month or so before I got whacked to do a System Restore at that point.
> >> Hopefully that will restore the sounds and functionality. It may also
> >> restore the viruses, but I may be able to delete them this time before
> >> they do permanent damage.
> >>
> >> I'd appreciate anyone's thoughts on what I can do or whether my plan
even
> >> makes sense.
> >>
> >> Thanks in advance for your help.
> >>
> >>
> >> .
>