1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

cant get rid of virus HELP!!!

Discussion in 'Virus & Other Malware Removal' started by mojohelpless, Feb 15, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. mojohelpless

    mojohelpless Thread Starter

    Joined:
    Feb 8, 2003
    Messages:
    19
    i have a post in hardware section (gremlins...) but believe this is my problem area. i have run numerous scan programs they find nothing. i went to housecall and during download of program it found a trojan (malware.vbs_LOVELETTRAS), which i cannot find in any library. thought i removed it but problems are back again. old symptoms returned. a startuplist run with trojan was 10 pages now it is 5 pages. other virus found were JS/NoClose; JS/Winbomb; JS/IEStart.gen.d. I am way over my head in this i need seriuos help.
     
  2. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    Would you please run the Startuplist application as advised in the other thread and actually post the log, please?

    I believe we haven't been able to look at it yet, and we need to, if we're going to offer any meaningful advice.
     
  3. mojohelpless

    mojohelpless Thread Starter

    Joined:
    Feb 8, 2003
    Messages:
    19
    i am sorry understand you are dealing with a neophyte copy and paste is still beyond me i have attached startup list i hope.
     

    Attached Files:

  4. pyritechips

    pyritechips Gone but Never Forgotten

    Joined:
    Jun 2, 2002
    Messages:
    26,907
    First Name:
    Jim
    Hello!

    I have opened and pasted the list here for all to see easily and help you out.

    StartupList report, 2/16/03, 2:56:34 AM
    StartupList version: 1.51
    Started from : C:\WINDOWS.000\TEMP\STARTUPLIST.EXE
    Detected: Windows 98 SE (Win9x 4.10.2222A)
    Detected: Internet Explorer v6.00 (6.00.2600.0000)
    * Using default options
    ==================================================

    Running processes:

    C:\WINDOWS.000\SYSTEM\KERNEL32.DLL
    C:\WINDOWS.000\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS.000\SYSTEM\MPREXE.EXE
    C:\WINDOWS.000\SYSTEM\mmtask.tsk
    C:\WINDOWS.000\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVSYNMGR.EXE
    C:\WINDOWS.000\EXPLORER.EXE
    C:\WINDOWS.000\TASKMON.EXE
    C:\WINDOWS.000\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\HP CD-WRITER\DIRECTCD\DIRECTCD.EXE
    C:\PROGRAM FILES\HP CD-WRITER\MMENU\HPCDTRAY.EXE
    C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE
    C:\WINDOWS.000\SYSTEM\STIMON.EXE
    C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\ALOGSERV.EXE
    C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\GUARDIAN\CMGRDIAN.EXE
    C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
    C:\PROGRAM FILES\AGNITUM\TAUSCAN 1.6\TAUMON.EXE
    C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\INSTANT UPDATER\RULAUNCH.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
    C:\PROGRAM FILES\CALLWAVE\IAM.EXE
    C:\PROGRAM FILES\DVLINK\DVSYNC.EXE
    C:\PROGRAM FILES\AOL COMPANION\COMPANION.EXE
    C:\WINDOWS.000\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\AMERICA ONLINE 8.0\AOLTRAY.EXE
    C:\MSOFFICE\MSOFFICE.EXE
    C:\WINDOWS.000\SYSTEM\WMIEXE.EXE
    C:\WINDOWS.000\SYSTEM\TAPISRV.EXE
    C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSSTAT.EXE
    C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVCONSOL.EXE
    C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSHWIN32.EXE
    C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\WEBSCANX.EXE
    C:\WINDOWS.000\SYSTEM\RNAAPP.EXE
    C:\WINDOWS.000\SYSTEM\SPOOL32.EXE
    C:\PROGRAM FILES\AMERICA ONLINE 8.0\AOL.EXE
    C:\PROGRAM FILES\AMERICA ONLINE 8.0\WAOL.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
    C:\WINDOWS.000\TEMP\STARTUPLIST.EXE

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Startup:
    [C:\WINDOWS.000\Start Menu\Programs\StartUp]
    Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    Internet Answering Machine.lnk = C:\Program Files\CallWave\IAM.EXE
    DVSync.lnk = C:\Program Files\DVLink\dvsync.exe
    Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
    America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
    PowerReg Scheduler.exe
    Microsoft Office.lnk = C:\MSOFFICE\MSOFFICE.EXE

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    ScanRegistry = C:\WINDOWS.000\scanregw.exe /autorun
    TaskMonitor = C:\WINDOWS.000\taskmon.exe
    SystemTray = SysTray.Exe
    QuickTime Task = C:\WINDOWS.000\SYSTEM\QTTASK.EXE
    Adaptec DirectCD = C:\PROGRA~1\HPCD-W~1\DIRECTCD\DIRECTCD.EXE
    HP CD-Writer = C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe
    zBrowser Launcher = C:\Program Files\Logitech\iTouch\iTouch.exe
    StillImageMonitor = C:\WINDOWS.000\SYSTEM\STIMON.EXE
    LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    Alogserv = C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
    McAfee Guardian = "C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\GUARDIAN\CMGRDIAN.EXE" /SU
    RealTray = C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    Tau Monitor = C:\PROGRA~1\AGNITUM\TAUSCA~1.6\taumon.exe

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

    LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    SchedulingAgent = C:\WINDOWS.000\SYSTEM\mstask.exe
    McAfeeVirusScanService = C:\Program Files\McAfee\McAfee VirusScan\AVSYNMGR.EXE

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    McAfee.InstantUpdate.Monitor = "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor

    --------------------------------------------------

    C:\WINDOWS.000\WININIT.BAK listing:
    (Created 15/2/2003, 18:16:4)

    [rename]
    C:\WINDOWS.000\SYSTEM\MSVCRT.DLL=C:\WINDOWS.000\SYSTEM\~GLH0002.TMP
    C:\WINDOWS.000\SYSTEM\MFC42.DLL=C:\WINDOWS.000\SYSTEM\~GLH0003.TMP

    --------------------------------------------------

    C:\AUTOEXEC.BAT listing:

    SET CLASSPATH=C:\PROGRA~1\PHOTOD~1.1\ADOBEC~1
    SET PATH=C:\PROGRA~1\DVLINK;%PATH%

    --------------------------------------------------


    Enumerating Task Scheduler jobs:

    Tune-up Application Start.job

    --------------------------------------------------

    Enumerating Download Program Files:

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS.000\SYSTEM\MACROMED\FLASH\FLASH.OCX
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    [QuickTime Object]
    InProcServer32 = C:\WINDOWS.000\SYSTEM\QTPLUGIN.OCX
    CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

    [Shockwave ActiveX Control]
    InProcServer32 = C:\WINDOWS.000\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

    [CV3 Class]
    InProcServer32 = C:\WINDOWS.000\SYSTEM\WUV3IS.DLL
    CODEBASE = http://windowsupdate.microsoft.com/R1044/V31Controls/x86/w98/en/actsetup.cab

    [YInstStarter Class]
    InProcServer32 = C:\WINDOWS.000\DOWNLOADED PROGRAM FILES\YINSTHELPER.DLL
    CODEBASE = http://download.yahoo.com/dl/installs/yinst.cab

    [{0335A685-ED24-4F7B-A08E-3BD15D84E668}]
    CODEBASE = http://www.photoparade.com/autoinstall/phpsetup.cab

    [Update Class]
    InProcServer32 = C:\WINDOWS.000\SYSTEM\IUCTL.DLL
    CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37657.6444212963

    [HouseCall Control]
    InProcServer32 = C:\WINDOWS.000\DOWNLO~1\XSCAN53.OCX
    CODEBASE = http://a840.g.akamai.net/7/840/537/2003012801/housecall.antivirus.com/housecall/xscan53.cab

    --------------------------------------------------

    Enumerating Winsock LSP files:

    Protocol #2: C:\WINDOWS.000\SYSTEM\CSLSP.DLL

    --------------------------------------------------
    End of report, 7,087 bytes
    Report generated in 1.556 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only
     
  5. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    Well, no sign of a virus of trojan right there.

    I do notice that Windows has been installed to the 000 folder.

    You may want to read this:

    Setup Defaults to Windows.000 Folder

    About those problems you're having, could you please detail them once more?
     
  6. mojohelpless

    mojohelpless Thread Starter

    Joined:
    Feb 8, 2003
    Messages:
    19
    the most telling problem is a lagging mouse and the echos of accompanying sounds.(open, close, etc. ), clock is running slow. after removal(?) of trojan, clock kept time , next day problems back. i had the W32/Kris.4050 virus last May removed(?) thru DOS programif i go to X out onpage must wait for word "close" to appear before command can be done. I'm a wreck about this. Anyway 000 file created when I tried toreinstall windows at that time did it more than once, but have different files in windows and windows.000 file and .000seems to be default working program. any help is greatly appreciated and this is quite the education. again many thanks to all who try to help me.
     
  7. bartje

    bartje

    Joined:
    Feb 17, 2003
    Messages:
    1
    well, I don't know if your virusscanner is updated. I you are sure it is kris, you might try to use a tool you can dowload from www.f-secure.com or www.K7computing.com

    on these sites you also have trial versions of virus soft.

    K7computing is an Indian company that has a very good version for win98. F-secure is Finnish, and to my opinion one of the best on the market.

    I hope this can help you
     
  8. mojohelpless

    mojohelpless Thread Starter

    Joined:
    Feb 8, 2003
    Messages:
    19
    I now have three or four antivirus programs on my computer each finds nothing. the free online scan at housecalls has found two. one trojan (Malware. VBS_LovelettrAS) removed it. then next time found two infected files with (JS_TrafficHBARA) interestingly enough both were Spybot files. again removed? my problem still exists a lagging mouse and repetitive program sounds clock running slow. I believe I have a morphing virus which hides and changes itself to avoid detection. Very strange
     
  9. funnelspider

    funnelspider

    Joined:
    Jan 31, 2003
    Messages:
    7
    Hi there, don't know if this helps, I went through the same on my current system last week, kept checking for trojans and hijackers and viruses found nothing, over and over nothing, then on wednesday eve a tech that I go to school did a traceroute on my system and stated he thought a virus also, so I did the virus scan called Avast! and it found a virus called PEnimad, or the "red worm" it gets into you're system and network and hides itself in files. Hope this helps. Just type into Avast! and it's free also.
     
  10. mojohelpless

    mojohelpless Thread Starter

    Joined:
    Feb 8, 2003
    Messages:
    19
    Is that just Avast in address bar
     
  11. cmlyon

    cmlyon

    Joined:
    Feb 15, 2003
    Messages:
    28
  12. mojohelpless

    mojohelpless Thread Starter

    Joined:
    Feb 8, 2003
    Messages:
    19
    I have run the Avast program, now the fourth anti-virus/trojan program in my machine. they all have found nothing. yet, problems still exist. sometimes to a lesser degree sometimes more. it is very frustrating. My wife says that she experiences no problems when on computer, she is usually just on the net and not using programs like Word or excel. Any help is appreciated.
     
  13. jm100dm

    jm100dm

    Joined:
    May 26, 1999
    Messages:
    994
    Findfast should be removed from startups. That should help.

    Find Fast
    Findfast.exe
    Complete utter waste of space! Part of MS Office - searches disk drives for Office file types to make opening them easier

    info from here
    http://www.spywareinfo.org/startup_pages/startup_full.htm




    Also you seem to have a lot running. If you can trim down what you are not using the computer may run better.

    Have you ran spybot or adaware lately?
     
  14. mojohelpless

    mojohelpless Thread Starter

    Joined:
    Feb 8, 2003
    Messages:
    19
    the problems i'm having are getting much worse. the mouse lags horribly the soundds are now repeting 15-20 times when usually there should be one sound i have run scvans and checkups ad infinitum and they find nothing. If my sysytem is runnoing to many programs i have tried to thin but it becomes moot if the problems continue
     
  15. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/118991

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice