1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Need Help

Discussion in 'All Other Software' started by oldsrick, Jan 18, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. oldsrick

    oldsrick Thread Starter

    Joined:
    Jan 18, 2007
    Messages:
    3
    I know I have a virus, Im told spware, Janet32, kaliber32 and others
    I have virus protection but does not do the job on spyware.
    can I repair this, I was thinking about repartitioning the drive.
    using window 98se,
    I have one file that has made itself write protected and kicks me
    off the computer if I touch it.
    \progra~1\common~1\instal~1\engine\6
    Please help
     
  2. 1002richards

    1002richards Retired Trusted Advisor

    Joined:
    Jan 29, 2006
    Messages:
    5,333
    Hi oldsrick,
    From what you say I think you need to post a HijackThis log and then wait for someone qualified (gold shield next to their name) to take you through what needs to be done. Please go no further than the steps below and posting your results for now.You may want to print off this guide just in case.

    Using Hijackthis with the self-installer that puts it into Program Files for you:

    go to Click here to download HJTsetup.exe


    • Save HJTsetup.exe to your desktop.
    • Double click on the HJTsetup.exe icon on your desktop.
    • By default it will install to C:\Program Files\Hijack This.
    • Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
    • Put a check by Create a desktop icon then click Next again.
    • Continue to follow the rest of the prompts from there.
    • At the final dialogue box click Finish and it will launch Hijack This.
    • Click on the Do a system scan and save a log file button. It will scan and then save the log and then the log will open in Notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Paste the log in your next reply.
    • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

    Once you've done this, wait and you'll get great help.

    Richard.
     
  3. oldsrick

    oldsrick Thread Starter

    Joined:
    Jan 18, 2007
    Messages:
    3
    I was advised to post my HJT log, could someone please help
    the virus is win32.janet_30.419328 and win32.kaliber.24576
    What can I do???

    Please help I have this on several hard-drives.
    Logfile of HijackThis v1.99.1
    Scan saved at 9:36:07 AM, on 1/19/07
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\PROGRAM FILES\COMMON FILES\IS3\ANTI-SPYWARE\SZSERVER.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\3DFX INTERACTIVE\3DFX TOOLS\APPS\3DFXMAN.EXE
    C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\PROGRAM FILES\COMMON FILES\ROXIO SHARED\PROJECT SELECTOR\PROJSELECTOR.EXE
    C:\PROGRAM FILES\ROXIO\EASY CD CREATOR 6\DRAGTODISC\DRGTODSC.EXE
    C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE
    C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
    C:\WINDOWS\SYSTEM\SISTRAY.EXE
    C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQSTE08.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAM FILES\PCSECURITYSHIELD\SHIELDANTIVIRUS\VRRES.EXE
    C:\PROGRAM FILES\PCSECURITYSHIELD\SHIELDANTIVIRUS\VRMON.EXE
    C:\RICKSVIR\HIGHJACK\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - E:\Program Files\STOPzilla!\SZIEBHO.dll (file missing)
    O2 - BHO: ZILLAbar BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - E:\Program Files\STOPzilla!\ZB2.dll (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - E:\Program Files\STOPzilla!\ZB2.dll (file missing)
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [3dfx Tools] rundll32.exe 3dfxCmn.dll,CMNUpdateOnBoot
    O4 - HKLM\..\Run: [3dfx Task Manager] "C:\Program Files\3dfx Interactive\3dfx Tools\Apps\3dfxMan.exe"
    O4 - HKLM\..\Run: [VrMon] C:\Program Files\PCSecurityShield\ShieldAntivirus\vrmon.exe Main
    O4 - HKLM\..\Run: [VrSchedule] C:\Program Files\PCSecurityShield\ShieldAntivirus\Vrres.exe
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [projselector] "C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [VrBootScan] C:\Program Files\PCSecurityShield\ShieldAntivirus\VRBScan.exe
    O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [szserver] C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
    O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
    O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Startup: Utility Tray.lnk = C:\WINDOWS\SYSTEM\sistray.exe
    O4 - Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://www.freedom.net/viruscenter/onlineviruscheck/cabs/cssweb.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_ansi.cab
     
  4. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, I see you have posted your log in more than one forum....we ask that
    you stick with one thread. The one in Security I will leave open

    and will close the other.

    Please continue with the Security thread.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/536326

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice