1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Problem

Discussion in 'Hardware' started by BerneDog, Feb 3, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. BerneDog

    BerneDog Thread Starter

    Joined:
    Feb 3, 2003
    Messages:
    48
    Hey, I am having a problem with my computer. I am not sure if something was installed or whatever but my configuration settings are messing up. The colours are messed up and it wont let me return to 800X600 pixels when I click it in settings. The following files have been altered in the past few days, not of my own doing: powerpnt,system and wavemix- all configuration files.

    When I boot up the colours are gone really and it asks me for a USER password. I am on windows 98 and my graphics card is sis multimedia V1.32. The sound appears to be gone too. Its really a problem with the configuration settings I think. I did a virus check and there was none so any help or advice would be great.

    I dont have a windows disk though as the company that made my computer a few years ago didnt give me one and when I emailed them for support today they havent emailed me back.

    If anyone has any idea how to go back to the normal configuration settings or fix my problem I would be grateful. Thanks in advance.
     
  2. BerneDog

    BerneDog Thread Starter

    Joined:
    Feb 3, 2003
    Messages:
    48
    :(

    Anyone?
     
  3. exocet

    exocet

    Joined:
    May 10, 2002
    Messages:
    134
    What operating system? I'll assume you're using Win98.. other versions of windows will be similar to this:

    Do me a favor and check something out first. Click "start"-->"settings" -->"control panel" then click the "system" icon, and click the "device manager" tab. Expand the "Display adapter" tree, and post back exactly what is listed for that.

    SiS Multimedia v1.32 seems to be the driver version, but i don't think that tells us what chipset you're using, which we need. Once we have that info (or verified it), we can find you a driver.

    Let us know if you have more questions.
     
  4. n2gun

    n2gun

    Joined:
    Mar 3, 2000
    Messages:
    4,168
  5. JohnWill

    JohnWill Retired Moderator

    Joined:
    Oct 19, 2002
    Messages:
    106,418
    After you do the virus scan, I'd consider reinstalling the video drivers, since they appear to be missing.
     
  6. BerneDog

    BerneDog Thread Starter

    Joined:
    Feb 3, 2003
    Messages:
    48
    Hey, Thanks for the help so far.

    I did a virus scan from that site and it appears I have 2 trojans.

    1 is REG STARTPAGE.A which is the one that I think is affecting the most and the other is Troj SUA.A

    If anyone can provide removal tools for the pair or advice I would be most grateful, especially the first one.

    Thanks alot.
     
  7. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, Here is one tool. http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=REG_STARTPAGE.A

    Most likely, they have remover for the other, too.
    You may have trouble using the online virus scanner at Housecall....lots of people do, the infection makes it worse. it can take up to 20 minutes or more to get the download to scan system online....but eventually, it should allow you to scan.
    it looks like it stops at 95% lots of times....but will finish if you can stand the wait!

    Symantec has a remover, too.http://securityresponse.symantec.com/avcenter/venc/data/trojan.startpage.html
     
  8. BerneDog

    BerneDog Thread Starter

    Joined:
    Feb 3, 2003
    Messages:
    48
    Hey, I followed the instructions and got rid of the first one. However SUA.A is causing me problems. I followed the instructions and deleted what needed to be deleted but it still finds the infected files when I scanned again.

    They are

    windows/temp/ff09072.TMP*bvt.exe
    ff0A061.TMP*ABS
    ff016.TMP*f39bb1

    There is also another two in the same ending *bvt and *aus or something to that affect.

    Anyone know how I can get rid of them?
     
  9. BerneDog

    BerneDog Thread Starter

    Joined:
    Feb 3, 2003
    Messages:
    48
    Its sis6326. I think I will need the driver after I get rid of the virus as they are messed up. If you can help me out I would be grateful.
     
  10. mtbird

    mtbird

    Joined:
    Dec 10, 2001
    Messages:
    3,687
    These are just temp files and can be deleted. Go to ...
    C:windows\temp...
    Click edit >select all, then delete. Reboot your computer to make sure all is ok......then empty your recycle bin.

    Debe
     
  11. mtbird

    mtbird

    Joined:
    Dec 10, 2001
    Messages:
    3,687
  12. BerneDog

    BerneDog Thread Starter

    Joined:
    Feb 3, 2003
    Messages:
    48
    The colours etc are still wonky. The viruses are gone but I still think its something to do with the configuration files which appear to modify every time I boot up, according to find anyways.

    Here is the thing that I think is the problem. It is the configuration file system and here are its details. I think something is changed so if anyone can give any advice: I still think its this and powerpnt and wavemix.

    [default]
    WaveBlockLen=688
    WaveBlocks=5
    Remix=1

    þ[‡•ÿÿÿÿÿÿ?ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ

    [drivers]
    wave=mmsystem.dll

    [drivers]
    midi=mmsystem.dll

    [boot]
    *DisplayFallback=0

    [boot]
    *DisplayFallback=0

    [Password Lists]
    USER=C:\WINDOWS\USER001.PWL

    [boot]
    *DisplayFallback=1

    [boot]
    *DisplayFallback=0

    [boot]
    *DisplayFallback=1

    [boot]
    *DisplayFallback=0

    [boot]
    *DisplayFallback=0

    [boot]
    *DisplayFallback=0

    [boot]
    *DisplayFallback=1

    [boot]
    *DisplayFallback=0

    [Password Lists]
    USER=C:\WINDOWS\USER002.PWL

    [boot]
    *DisplayFallback=1

    [boot]
    *DisplayFallback=0

    [boot]
    *DisplayFallback=1

    [boot]
    *DisplayFallback=0

    [boot]
    mouse.drv=mouse.drv

    [386Enh]
    mouse=*vmouse, msmouse.vxd
    EMMExclude=C000-CFFF

    [boot.description]
    mouse.drv=WebLink Mouse
    display.drv=SiS 6326

    [TTFontDimenCache]
    0 12=7 12
    0 13=8 13
    0 14=8 14
    0 15=9 15
    0 16=10 16
    0 18=11 18
    0 20=12 20
    0 22=13 22
     
  13. BerneDog

    BerneDog Thread Starter

    Joined:
    Feb 3, 2003
    Messages:
    48
    Come on chaps.

    HELP, I NEED SOMEBODY

    HELP, NOT JUST ANYBODY

    PLEAAAAAAASSSSEEEE
     
  14. exocet

    exocet

    Joined:
    May 10, 2002
    Messages:
    134
    If he's been deleting the files and they're still appearing, then it sounds like the trojan is leaving some garbage in the registry. Go to "start" ->"run", type "regedit" in the box and hit ok. The FIRST thing you want to do, and I CANT STRESS THIS ENOUGH, is to go to "Registry"--> "Export Registry File" and save a copy someone SAFE. This will backup your registry.

    Now goto "edit" --> "Find" and for the search string, start by typing in the EXACT filenames that your instructions were telling you to delete. IF IN DOUBT, DO NOT DELETE ANYTHING. Deleting the wrong thing can result in your computer not working!

    I've had to delete a trojan before manually, and it did require me to find and delete certain registry keys before i could delete files off my machine, because they kept reappearing as well after rebooting.
     
  15. BerneDog

    BerneDog Thread Starter

    Joined:
    Feb 3, 2003
    Messages:
    48
    2 seconds
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/116775

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice