[Resolved] I believe I have a bad virus, HELP

[Williamtell]

here are the symptoms:

The computer locks up unexpectidly
When opening a new browser by clicking a web address the computer shuts down
Norton Antivirus 2000 (updated) stops at C:Windows System/doc95/oldole, then the computer locks up

I am running Windows ME

Can you help, I really would appreciate it...

Thanks

 

[beach51]

Hi williamtell,you can run an online scan here if you can stay online long enough.

http://www.housecalls.antivirus.com

Before you run the scan if you can that is,post your startup programs back here.Go to Start>Run>type in Msinfo32,click ok,click on software environment>startup programs>click edit,select all >Click edit>copy and paste the page back here.

 

[Williamtell]

*StateMgr c:\windows\system\restore\statemgr.exe All Users HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
AccessRampLAN 01 "c:\program files\verizondsl\ipinsight\arupld32.exe" -l All Users HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
AccessRampMonitor 01 "c:\program files\verizondsl\ipinsight\armon32a.exe" All Users HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
Adaptec DirectCD c:\progra~1\adaptec\directcd\directcd.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AIM c:\corel\suite8\programs\ccwin\aim\aim.exe -cnetwait.odl .DEFAULT HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AudioHQ c:\program files\creative\sblive\audiohq\ahqtb.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
CTRegRun c:\windows\ctregrun.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Disc Detector c:\program files\creative\sharedll\ctnotify.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
DMIStart c:\program files\intel\ldcm\dmistart.exe All Users HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
eZulaMain c:\progra~1\ezula\ezulamain.exe .DEFAULT HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Intel File Transfer c:\windows\system\cba\xfr.exe All Users HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
Intel PDS c:\windows\system\cba\pds.exe All Users HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
LoadPowerProfile rundll32.exe powrprof.dll,loadcurrentpwrscheme All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
LoadPowerProfile rundll32.exe powrprof.dll,loadcurrentpwrscheme All Users HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
LoadQM loadqm.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
LVComs c:\windows\system\lvcoms.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
MovieNetworks Instant Access "c:\program files\instant access\instantaccess.exe" /h All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
MSMSGS "c:\program files\messenger\msmsgs.exe" /background .DEFAULT HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
New.net Startup rundll32 c:\windows\newdot~1.dll,newdotnetstartup All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NewsUpd.exe c:\program files\creative\news\newsupd.exe /q All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Norton Auto-Protect c:\progra~1\norton~1\navapw32.exe /loadquiet All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
PCHealth c:\windows\pchealth\support\pchschd.exe -s All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
QuickTime Task c:\windows\system\qttask.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
RealTray c:\program files\real\realplayer\realplay.exe systemboothideplayer All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ScanRegistry c:\windows\scanregw.exe /autorun All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SchedulingAgent mstask.exe All Users HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
StillImageMonitor c:\windows\system\stimon.exe All Users HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
SystemTray systray.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
TaskMonitor c:\windows\taskmon.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
TMA Distribution c:\windows\system\cba\lcfinst.exe All Users HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
User Space Manager c:\program files\intel\ldcm\bin\usm.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
vTunerStartUp c:\progra~1\vtuner\vtuner.exe winstart=yes .DEFAULT HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
WinPoET c:\program files\verizondsl\winpoet\winpppoverethernet.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

 

[beach51]

oops,wrong page williamtell.When the window opens for system information,click on the + sign next to software environment,then click on startup programs,then click on the edit tab at the top of the page,click on select all,click on edit again,click on copy,then come back here and right click and choose paste.That should paste your programs you have running at startup here.Let me know if you have any problems.

 

[beach51]

Ok i see you got it.You have some nasty spyware on your computer,plus you have way to many programs starting up.Lets take care of the spyware first.Go to start>run>type in msconfig,click ok.Click on startup tab on the top of the page,Take the check mark out of

Ezula Main
Newnet

Then click apply then ok.The computer will want to reboot,let it.

Next go to Start>settings>control panel>highlight new net,click the remove botton.Reboot.Do the same thing for ezula main

Now i want you to go to this site and download a program called Ad=aware5.6.This is a free program that will scan your system for spyware.After you download that also download the ref-file at that site.Now run the scan and see if there is anymore spyware on your system.Dont be surprize if it finds alot.

Ad-Aware5.6

http://www.lavasoft.de/aaw


Lets know if you need any help with any of this.Am sure this is what is causeing your problem.Newnet is just like a trojan

 

[Williamtell]

*StateMgr c:\windows\system\restore\statemgr.exe All Users HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
AccessRampLAN 01 "c:\program files\verizondsl\ipinsight\arupld32.exe" -l All Users HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
AccessRampMonitor 01 "c:\program files\verizondsl\ipinsight\armon32a.exe" All Users HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
Adaptec DirectCD c:\progra~1\adaptec\directcd\directcd.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AIM c:\corel\suite8\programs\ccwin\aim\aim.exe -cnetwait.odl .DEFAULT HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AudioHQ c:\program files\creative\sblive\audiohq\ahqtb.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
CTRegRun c:\windows\ctregrun.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Disc Detector c:\program files\creative\sharedll\ctnotify.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
DMIStart c:\program files\intel\ldcm\dmistart.exe All Users HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
eZulaMain c:\progra~1\ezula\ezulamain.exe .DEFAULT HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Intel File Transfer c:\windows\system\cba\xfr.exe All Users HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
Intel PDS c:\windows\system\cba\pds.exe All Users HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
LoadPowerProfile rundll32.exe powrprof.dll,loadcurrentpwrscheme All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
LoadPowerProfile rundll32.exe powrprof.dll,loadcurrentpwrscheme All Users HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
LoadQM loadqm.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
LVComs c:\windows\system\lvcoms.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
MovieNetworks Instant Access "c:\program files\instant access\instantaccess.exe" /h All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
MSMSGS "c:\program files\messenger\msmsgs.exe" /background .DEFAULT HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
New.net Startup rundll32 c:\windows\newdot~1.dll,newdotnetstartup All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NewsUpd.exe c:\program files\creative\news\newsupd.exe /q All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Norton Auto-Protect c:\progra~1\norton~1\navapw32.exe /loadquiet All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
PCHealth c:\windows\pchealth\support\pchschd.exe -s All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
QuickTime Task c:\windows\system\qttask.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
RealTray c:\program files\real\realplayer\realplay.exe systemboothideplayer All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ScanRegistry c:\windows\scanregw.exe /autorun All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SchedulingAgent mstask.exe All Users HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
StillImageMonitor c:\windows\system\stimon.exe All Users HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
SystemTray systray.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
TaskMonitor c:\windows\taskmon.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
TMA Distribution c:\windows\system\cba\lcfinst.exe All Users HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
User Space Manager c:\program files\intel\ldcm\bin\usm.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
vTunerStartUp c:\progra~1\vtuner\vtuner.exe winstart=yes .DEFAULT HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
WinPoET c:\program files\verizondsl\winpoet\winpppoverethernet.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

 

[TonyKlein]

Newsupd.exe is also spyware: http://www.cexx.org/newsupd.htm

And there's more unneccessary stuff.

Do this:

Go to Start/run, and type msconfig.
On the Startup tab, uncheck EVERYTHING, EXCEPT for the following items

StateMgr
Adaptec DirectCD
AudioHQ
DMIStart
Intel File Transfer
Intel PDS
LoadPowerProfile
Norton Auto-Protect
PCHealth
ScanRegistry c
SchedulingAgent
StillImageMonitor
SystemTray s
TMA Distribution
User Space Manager
WinPoET

Click OK, close Msconfig, and reboot (important!)

Now go to Software add/remove and remove New(dot)net application.

Reboot AGAIN.

Download and install <A HREF="http://www.lavasoftusa.net/index.html">Ad-Aware</A> . This is a program which scans your system for spyware.

After having downloaded AAW, also download the latest Signature file (Reflist.sig) : http://www.lavasoftusa.net/aaw/binary/reflist.zip
Unpack it to the Lavasoft Ad-Aware folder in Program Files, and have it overwrite the one that's there.

Then have your drives and registry scanned for spyware, check all found files and reg keys, click continue, and have them removed.
Reboot one last time.

Your computer will thank you for this, and you'll be amazed about how much more smoothly your system will run.


Good luck,

 

[beach51]

Hi Tony,Thanks for the backup,your right Newsupd is spyware.Forgot all about that one.Williamtell,follow tony's advice on the programs that he said to remove from msconfig.I was going to send you to another site to see what you needed and dont need at startup,but Tony did it for you.Also follow his advice about how to download Ad-aware and the signature file,he sure does explain it better then i did.Thanks again for the backup Tony,it's really appreciated

 

[Williamtell]

Thank you, thank you, thank you. I truly appreciate your help. Not only is the problem fixed, my computer boots up faster!

I trust you two will have a wonderful holiday season, because, frankly, by your display here, you deserve it!

God bless

 

[beach51]

Williamtell,from Tony and I your welcome,glad we could help you out.You also have a great hoilday season,and may God bless you also.

 

[TonyKlein]

You're welcome, WilliamTell,

All these things that start up behind your back are bound to slow you down, so it's always good to remove everything there but the esssentials.

And it certainly is no big surprise that it solved your problem as well.

Incidentally, this is the site that beach51 was talking about: <A HREF="http://www.pacs-portal.co.uk/startup_pages/startup_full.htm">Startups - full list</A>

If you're ever in doubt what any of this stuff in Msconfig/startup is, you'll often find it there.

Good luck,