Repairing software

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

zamir

Thread Starter
Joined
Feb 7, 2003
Messages
9
Dear Sirs,

I use Windows 98. My computer was infected by a virus. I checked the computer on the website
http://housecall.antivirus.com/housecall/start_corp.asp. The result of the scan: 7 files infected by Worm YAHA.K and 1 file with JS NOCLOSE.E. It said the viruses were non cleanable.

Then I checked the computer on www.srnmicro.com and dowloaded the solo anti virus system. The scan said that 7 files/or folders in Windows system were infected by YAHA: Friend 1. Exe, Friend 2.SCR, Friend.3.SCR, Dance. SCR, Best-F 1. SCR, Colour 1.SCR and one more I forgot which one. It said that Internet Worms, Trojans and Malicious Scripts files could not be cleaned but had to be deleted. So I deleted the infected files.
The scan did not say anything about JS NOCLOSE.E virus.

I checked the computer again using http://housecall.antivirus.com/housecall/start_corp.asp. It detected JS virus again but no YAHA virus.

I am writing all this because it seems that some substantial changes took place on my computer: I cannot play chess on the Yahoo anymore, the BBC website is not ruuning the latest news, no droplists/options from browser windows from any websites would drop, I can't use the tool on the website to organize my favorites, etc. Is there a cure?

Many thanks in advance.

Mirza from London
 
Joined
Feb 28, 2001
Messages
11,584
Mirza
Welcome to TSG!
I moved your Question to the Security Forum where the Virus Doctors are more qualified to help you. Be patient and they will help.

Dave
 

zamir

Thread Starter
Joined
Feb 7, 2003
Messages
9
Hi Steve,

Thank you for your advice. When I downloaded what they asked me to the file appears as Word file not the ZIP file as they said it would. Probably it is because I dont' have a program like Winzip installed. So when I try to open the Word file it's just gibberish on the screen. Any advice?

Thanks.

Mirza
 

zamir

Thread Starter
Joined
Feb 7, 2003
Messages
9
Hi Stee,

Thanks. I downloaded the winzip file. Whne I unzip the file from the website you suggested this is what I got:

---------------------------------------------
Trend Micro
New Virus Pattern Release
-----------------------------------------------------------------------------

Pattern: 456
Version: 03
Release Type: Control Release
Notes:

February 4, 2003


---------------------
New Virus Detected:
---------------------

There are [08] new viruses detected by the pattern file.
All detail virus names please refer to the list below.

BAT_ARHIWORM.590
PERL_NIRVANA.A
REG_WOW.A
TROJ_FRMTER.A
TROJ_WSHWC.A
VBS_SLUDGE.A
W97M_BLACKOUT.A
WORM_WINUR.A


------------------
Virus Name Changed:
-------------------


Old Virus Name New Virus Name
-------------- --------------



-------------------------
Virus Signature Modified:
-------------------------

REG_WOW.A
x
------------------------
Virus Signature Dropped:
------------------------


What is my next step?

Thanks.

Mirza
-----------------------------------------------------------------------------
Copyright 1989-2003 Trend Micro, Inc. All rights reserved.
 
Joined
Oct 9, 2001
Messages
9,396
well.......at least you have the latest signature files:rolleyes:



dont panic.............you just downloaded trends virus update file....unless you are using there product its no use at all.

js_noclose is really not a virus or a trojan,more like spy/adware.
and i doubt that its the sole cause for your online problems.

download "spybot" from here:http://spybot.eon.net.au/ hit the online tab and download the latest updates then hit "check all" and let it do its thing.......everything it checks in RED let spybot fix,there may be some things that cant be deleted until the next re-boot but it will run on your next boot up and deleted then.


and then go here:http://www.lurkhere.com/~nicefiles/
and download "startuplist" run it and copy/paste the list here.
 

zamir

Thread Starter
Joined
Feb 7, 2003
Messages
9
Hi Steve,

Thanks again. I've done what you asked me to do. There were 37 items (marked with a red exclamation mark) that spybot couldn't deal with. But yes, it said at the end - congratulations, no bots have been found (after it cleand a dozen of them).
Here is the stratup list:

StartupList report, 2/8/03, 2:48:16 PM
StartupList version: 1.40.3
Started from : C:\WINDOWS\DESKTOP\STARTUPLIST.EXE
Detected: Windows 98 SE (Win9x 4.10.2222A)
Detected: Internet Explorer v6.00 (6.00.2600.0000)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\DESKTOP\STARTUPLIST.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
TaskMonitor = C:\WINDOWS\taskmon.exe
SystemTray = SysTray.Exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
LoadQM = loadqm.exe
OpiStat = C:\PROGRA~1\OPISTAT\OPISTAT\OPISTAT.EXE

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SchedulingAgent = mstask.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

msnmsgr = "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {89820200-ECBD-11cf-8B85-00AA005B4383}

[>PerUser_MSN_Clean] *
StubPath = C:\WINDOWS\msnmgsr1.exe

[PerUser_LinkBar_URLs] *
StubPath = C:\WINDOWS\COMMAND\sulfnbk.exe /L

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C}

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {7790769C-0471-11d2-AF11-00C04FA35D02}

[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
StubPath = C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=
run=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=Explorer.exe
SCRNSAVE.EXE=
drivers=mmsystem.dll power.drv

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 31/1/2003, 11:24:30)

[Rename]
NUL=C:\WINDOWS\INSTAL~1\CB591.MSI
NUL=C:\WINDOWS\APPLIC~1\MICROS~1\INSTAL~1\{ABEB8~1\

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Tune-up Application Start.job

--------------------------------------------------

Enumerating Download Program Files:

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\XSCAN53.OCX
CODEBASE = http://a840.g.akamai.net/7/840/537/2003011601/housecall.antivirus.com/housecall/xscan53.cab

--------------------------------------------------

Enumerating Winsock LSP files:

Protocol #1: nmtracer.dll (file MISSING)
Protocol #2: nmtracer.dll (file MISSING)
Protocol #3: nmtracer.dll (file MISSING)
Protocol #4: nmtracer.dll (file MISSING)
Protocol #11: nmtracer.dll (file MISSING)

--------------------------------------------------
End of report, 6,246 bytes
Report generated in 0.673 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
 
Joined
Oct 9, 2001
Messages
9,396
ok zamir.......it looks like spybot did the job.
keep it updated and run it every few days.....dont worry about the cookies it finds...you can delete them from time to time as they build up....its the red checked stuff that you dont want.

take a look here:http://forums.techguy.org/t110854/s.html

theres a lot of info on helping protect your computer from the dark side.
ciao;)
 

zamir

Thread Starter
Joined
Feb 7, 2003
Messages
9
Thanks, Steve.
But what am I to do with the following: I cannot play chess on the Yahoo, the BBC website is not ruuning the latest news, no droplists/options from browser windows from any websites would drop, I can't use the tool on the website to organize my favorites, I can't print out anything from any website, etc. Why is that? Is there a cure?

Mirza
 
Joined
Oct 9, 2001
Messages
9,396
check your browser’s caching status.
tools/internet options,on the general tab....hit the temp internet files settings tab and make sure "every visit to the page"is checked under "check for newer versions of stored pages"

which version of windows and internet explorer are you using?
 

zamir

Thread Starter
Joined
Feb 7, 2003
Messages
9
I checked the "every visit to page". It was "automotically" that was checked before.

I use Windows 98.
I'm not quite sure what Int Explorer I use - mayube 4? How do I find out? (Illiterate, eh?)

Thanks.
 

zamir

Thread Starter
Joined
Feb 7, 2003
Messages
9
Thanks, Steve.
In the Program files/IE, click right, there's nothing - it doesn't even says whether the files are read only or archive or anything, none of the boxes is checked.

In the Add/Romove it says that I have Microsoft Internet Explorer 6 and Internet Tools. I've done the repair. It works now: i can organize my favourites, play chess, the only things that's different is the size of the letter on the chessboard ( some of them are too small and illegible). It is perhaps because I downloaded the other day Java WEb start, I thought my problems were to do with Java.
Any way, thanks a lot once again.

What sort of anti virus programme would you recommend and is it free?

Mirza
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top