1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Repairing software

Discussion in 'Virus & Other Malware Removal' started by zamir, Feb 7, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. zamir

    zamir Thread Starter

    Joined:
    Feb 7, 2003
    Messages:
    9
    Dear Sirs,

    I use Windows 98. My computer was infected by a virus. I checked the computer on the website
    http://housecall.antivirus.com/housecall/start_corp.asp. The result of the scan: 7 files infected by Worm YAHA.K and 1 file with JS NOCLOSE.E. It said the viruses were non cleanable.

    Then I checked the computer on www.srnmicro.com and dowloaded the solo anti virus system. The scan said that 7 files/or folders in Windows system were infected by YAHA: Friend 1. Exe, Friend 2.SCR, Friend.3.SCR, Dance. SCR, Best-F 1. SCR, Colour 1.SCR and one more I forgot which one. It said that Internet Worms, Trojans and Malicious Scripts files could not be cleaned but had to be deleted. So I deleted the infected files.
    The scan did not say anything about JS NOCLOSE.E virus.

    I checked the computer again using http://housecall.antivirus.com/housecall/start_corp.asp. It detected JS virus again but no YAHA virus.

    I am writing all this because it seems that some substantial changes took place on my computer: I cannot play chess on the Yahoo anymore, the BBC website is not ruuning the latest news, no droplists/options from browser windows from any websites would drop, I can't use the tool on the website to organize my favorites, etc. Is there a cure?

    Many thanks in advance.

    Mirza from London
     
  2. Davey7549

    Davey7549

    Joined:
    Feb 28, 2001
    Messages:
    11,584
    Mirza
    Welcome to TSG!
    I moved your Question to the Security Forum where the Virus Doctors are more qualified to help you. Be patient and they will help.

    Dave
     
  3. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396

    Attached Files:

  4. zamir

    zamir Thread Starter

    Joined:
    Feb 7, 2003
    Messages:
    9
    Hi Steve,

    Thank you for your advice. When I downloaded what they asked me to the file appears as Word file not the ZIP file as they said it would. Probably it is because I dont' have a program like Winzip installed. So when I try to open the Word file it's just gibberish on the screen. Any advice?

    Thanks.

    Mirza
     
  5. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    yes.........download winzip,its free
    http://www.winzip.com/

    the free version is fully working(i think) you just get a nag screen
     
  6. zamir

    zamir Thread Starter

    Joined:
    Feb 7, 2003
    Messages:
    9
    Hi Stee,

    Thanks. I downloaded the winzip file. Whne I unzip the file from the website you suggested this is what I got:

    ---------------------------------------------
    Trend Micro
    New Virus Pattern Release
    -----------------------------------------------------------------------------

    Pattern: 456
    Version: 03
    Release Type: Control Release
    Notes:

    February 4, 2003


    ---------------------
    New Virus Detected:
    ---------------------

    There are [08] new viruses detected by the pattern file.
    All detail virus names please refer to the list below.

    BAT_ARHIWORM.590
    PERL_NIRVANA.A
    REG_WOW.A
    TROJ_FRMTER.A
    TROJ_WSHWC.A
    VBS_SLUDGE.A
    W97M_BLACKOUT.A
    WORM_WINUR.A


    ------------------
    Virus Name Changed:
    -------------------


    Old Virus Name New Virus Name
    -------------- --------------



    -------------------------
    Virus Signature Modified:
    -------------------------

    REG_WOW.A
    x
    ------------------------
    Virus Signature Dropped:
    ------------------------


    What is my next step?

    Thanks.

    Mirza
    -----------------------------------------------------------------------------
    Copyright 1989-2003 Trend Micro, Inc. All rights reserved.
     
  7. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    well.......at least you have the latest signature files:rolleyes:



    dont panic.............you just downloaded trends virus update file....unless you are using there product its no use at all.

    js_noclose is really not a virus or a trojan,more like spy/adware.
    and i doubt that its the sole cause for your online problems.

    download "spybot" from here:http://spybot.eon.net.au/ hit the online tab and download the latest updates then hit "check all" and let it do its thing.......everything it checks in RED let spybot fix,there may be some things that cant be deleted until the next re-boot but it will run on your next boot up and deleted then.


    and then go here:http://www.lurkhere.com/~nicefiles/
    and download "startuplist" run it and copy/paste the list here.
     
  8. zamir

    zamir Thread Starter

    Joined:
    Feb 7, 2003
    Messages:
    9
    Hi Steve,

    Thanks again. I've done what you asked me to do. There were 37 items (marked with a red exclamation mark) that spybot couldn't deal with. But yes, it said at the end - congratulations, no bots have been found (after it cleand a dozen of them).
    Here is the stratup list:

    StartupList report, 2/8/03, 2:48:16 PM
    StartupList version: 1.40.3
    Started from : C:\WINDOWS\DESKTOP\STARTUPLIST.EXE
    Detected: Windows 98 SE (Win9x 4.10.2222A)
    Detected: Internet Explorer v6.00 (6.00.2600.0000)
    * Using default options
    ==================================================

    Running processes:

    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
    C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\DESKTOP\STARTUPLIST.EXE

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Startup:
    [C:\WINDOWS\Start Menu\Programs\StartUp]
    Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
    TaskMonitor = C:\WINDOWS\taskmon.exe
    SystemTray = SysTray.Exe
    LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    LoadQM = loadqm.exe
    OpiStat = C:\PROGRA~1\OPISTAT\OPISTAT\OPISTAT.EXE

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

    LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    SchedulingAgent = mstask.exe

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    msnmsgr = "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background

    --------------------------------------------------

    Enumerating Active Setup stub paths:
    HKLM\Software\Microsoft\Active Setup\Installed Components
    (* = disabled by HKCU twin)

    [{89820200-ECBD-11cf-8B85-00AA005B4383}] *
    StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {89820200-ECBD-11cf-8B85-00AA005B4383}

    [>PerUser_MSN_Clean] *
    StubPath = C:\WINDOWS\msnmgsr1.exe

    [PerUser_LinkBar_URLs] *
    StubPath = C:\WINDOWS\COMMAND\sulfnbk.exe /L

    [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
    StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C}

    [{7790769C-0471-11d2-AF11-00C04FA35D02}] *
    StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {7790769C-0471-11d2-AF11-00C04FA35D02}

    [{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
    StubPath = C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl

    --------------------------------------------------

    Load/Run keys from C:\WINDOWS\WIN.INI:

    load=
    run=

    --------------------------------------------------

    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

    Shell=Explorer.exe
    SCRNSAVE.EXE=
    drivers=mmsystem.dll power.drv

    --------------------------------------------------

    Checking for EXPLORER.EXE instances:

    C:\WINDOWS\Explorer.exe: PRESENT!

    C:\Explorer.exe: not present
    C:\WINDOWS\Explorer\Explorer.exe: not present
    C:\WINDOWS\System\Explorer.exe: not present
    C:\WINDOWS\System32\Explorer.exe: not present
    C:\WINDOWS\Command\Explorer.exe: not present

    --------------------------------------------------

    C:\WINDOWS\WININIT.BAK listing:
    (Created 31/1/2003, 11:24:30)

    [Rename]
    NUL=C:\WINDOWS\INSTAL~1\CB591.MSI
    NUL=C:\WINDOWS\APPLIC~1\MICROS~1\INSTAL~1\{ABEB8~1\

    --------------------------------------------------

    Checking for superhidden extensions:

    .lnk: HIDDEN! (arrow overlay: yes)
    .pif: HIDDEN! (arrow overlay: yes)
    .exe: not hidden
    .com: not hidden
    .bat: not hidden
    .hta: not hidden
    .scr: not hidden
    .shs: HIDDEN!
    .shb: HIDDEN!
    .vbs: not hidden
    .vbe: not hidden
    .wsh: not hidden
    .scf: HIDDEN! (arrow overlay: NO!)
    .url: HIDDEN! (arrow overlay: yes)
    .js: not hidden
    .jse: not hidden

    --------------------------------------------------

    Enumerating Browser Helper Objects:

    (no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    Tune-up Application Start.job

    --------------------------------------------------

    Enumerating Download Program Files:

    [Shockwave ActiveX Control]
    InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    [HouseCall Control]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\XSCAN53.OCX
    CODEBASE = http://a840.g.akamai.net/7/840/537/2003011601/housecall.antivirus.com/housecall/xscan53.cab

    --------------------------------------------------

    Enumerating Winsock LSP files:

    Protocol #1: nmtracer.dll (file MISSING)
    Protocol #2: nmtracer.dll (file MISSING)
    Protocol #3: nmtracer.dll (file MISSING)
    Protocol #4: nmtracer.dll (file MISSING)
    Protocol #11: nmtracer.dll (file MISSING)

    --------------------------------------------------
    End of report, 6,246 bytes
    Report generated in 0.673 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only
     
  9. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    ok zamir.......it looks like spybot did the job.
    keep it updated and run it every few days.....dont worry about the cookies it finds...you can delete them from time to time as they build up....its the red checked stuff that you dont want.

    take a look here:http://forums.techguy.org/t110854/s.html

    theres a lot of info on helping protect your computer from the dark side.
    ciao;)
     
  10. zamir

    zamir Thread Starter

    Joined:
    Feb 7, 2003
    Messages:
    9
    Thanks, Steve.
    But what am I to do with the following: I cannot play chess on the Yahoo, the BBC website is not ruuning the latest news, no droplists/options from browser windows from any websites would drop, I can't use the tool on the website to organize my favorites, I can't print out anything from any website, etc. Why is that? Is there a cure?

    Mirza
     
  11. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    check your browser’s caching status.
    tools/internet options,on the general tab....hit the temp internet files settings tab and make sure "every visit to the page"is checked under "check for newer versions of stored pages"

    which version of windows and internet explorer are you using?
     
  12. zamir

    zamir Thread Starter

    Joined:
    Feb 7, 2003
    Messages:
    9
    I checked the "every visit to page". It was "automotically" that was checked before.

    I use Windows 98.
    I'm not quite sure what Int Explorer I use - mayube 4? How do I find out? (Illiterate, eh?)

    Thanks.
     
  13. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    open the internet explorer folder)c:\program files/internet explorer.......right click the IE icon and choose "properties"tab,there will be a version number.
    to do a repair of IE go to control panel/add remove programs and click on IE and select repair.
    cant remember if you can do this with IE4 but you may be better upgrading to a newer version like 6.0

    http://www.microsoft.com/downloads/...9D-7ECA-411C-882F-BA7FE3233D11&displaylang=en
     
  14. zamir

    zamir Thread Starter

    Joined:
    Feb 7, 2003
    Messages:
    9
    Thanks, Steve.
    In the Program files/IE, click right, there's nothing - it doesn't even says whether the files are read only or archive or anything, none of the boxes is checked.

    In the Add/Romove it says that I have Microsoft Internet Explorer 6 and Internet Tools. I've done the repair. It works now: i can organize my favourites, play chess, the only things that's different is the size of the letter on the chessboard ( some of them are too small and illegible). It is perhaps because I downloaded the other day Java WEb start, I thought my problems were to do with Java.
    Any way, thanks a lot once again.

    What sort of anti virus programme would you recommend and is it free?

    Mirza
     
  15. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/117504

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice