[Resolved] sbvxcg

[king_02891]

i just started getting this message, sbvxcg has performed an illegal operation and will be shut down, and behind that message is runtime error216@0000A430, evidently it is something windows is using, tried to delete it said no, my zone alarm activates and asks if this program can be a server, and asks if it can access the internet.
don't have any idea what it is or where it came from, but it's the first time i've seen it in the four years i've had this computor, running win 98se, cable/dsl isp, and have explorer 6. help?

 

[jbcalg]

likely a virus / trojan of some sort from what little i could find on the net

update your virus defn and run a scan

might also want to do a scan for spyware
- http://www.lavasoftusa.com/

also clean the registry
- http://download.cnet.com/downloads/....html?tag=srch&qt=registry+clean&cn=&ca=10001

 

[TonyKlein]

Hi jbcalg,

Certainly does sound like virus or trojan.

The first thing to do, is to have your machine scanned on line at <A HREF="http://housecall.antivirus.com/">Trend Micro HouseCall </A>

Cleaning your registry won't remove a virus or trojan, so I'd put that on the back burner for a while.

Good luck,

 

[king_02891]

thanks, i have ad-aware and it says there is no know spyware in my system, when i try to get my pc scanned at the trend pc-cillin site, it goes halfway on my progress bar then doesn't go any further, but it is still working, just won't open the scan site, maybe there is a mirror site i could use?

 

[TonyKlein]

I hope it's just the site...

Try this one: <A HREF="http://security2.norton.com/us/home.asp?j=1&venid=sym&langid=us&plfid=20&pkj=RBCQKZWCGZYFVHDYKDB">Symantec Security Check</A>

Choose 'scan for viruses.

Good luck,

 

[king_02891]

finally got through to the site and when it was done scanning, said i had 21 files infected with trojansub7.22.A and says it's non cleanable, so what do i do now? please tell me i don't have to reformat my hard drive, i have so much important stuff in my drive, it would take a thousand zip disks to copy it all, is there ant way to delete the infected files?

 

[TonyKlein]

Do this: Download a trial version of <A HREF="http://www.moosoft.com/intro.php">The Cleaner </A> , update with MooLive after downloading in order to have the latest trojan definitions, and deep-scan your drive(s)

Good luck,

 

[TonyKlein]

And why o why aren't you running an antivirus, with so much valuable stuff on your computer?

By the way, here's a manual Subseven removal guide as well, so that you'll have some more info:

http://www.hackfix.org/subseven/

Good luck, Tony

 

[king_02891]

sorry for being stupid, i should have looked harder before asking you guys to waste your time for answers, that i should have been able to find myself, i double clicked on the infected file in the scan box, and it went to a place that told me what it was and how to get rid of it,thank you for all your help, i do wonder why my mcaffe virus shield didn't pick it up and stop it in the first place though.

 

[king_02891]

i'm glad i went back and looked at your last post, your way is much better and easier, and i was running mcaffe antivirus shield, don't know why it didn't pick it up, thanks again

 

[TonyKlein]

Glad you managed to get rid of it!

Mos antiviruses are not very good at detecting trojans, so if you really want to have an extra level of security, install a dedicated antitrojan as well.

The Cleaner is not bad, but I use and recommend <A HREF="http://www.nsclean.com/boclean.html">BOClean </A>

It's better at detecting and destroying trojans, and unlike The Cleaner, Tauscan and others, it protects itself from trojans that are able to tamper with it, and disable it. Service is unparallelled.

And I assume you are running a firewall?

If not, ZoneAlarm, Tiny Personal Firewall and Sygate are good.

Good luck,

 

[king_02891]

well i'm free of trojans, and yes i do have zone alarm, but when i reboot now i get," the folder c\windows\ststem\system does not exist. what's up with that?

 

[TonyKlein]

Hi,

It's still a remainder of your trojan, and your computer is right: c\windows\ststem\ doesn't exist.

Take a look at the following excerpt from the HackFix article:

First, click Start, and go to Run. In the box, type regedit and click OK.
When regedit starts, you will see a file-like tree on the left hand panel. Open the folders to follow the path:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
At the end, click on 'Run' once, and the right hand panel should change.
On the right hand side of Regedit, look for the item titled
Loader = "c:\windows\system\***"
The *** will be a random .exe name. Write this down as it is the sub7 server!
Right click on that line only and choose delete.
Last, open the folders to follow the path:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
At the end, click on 'RunServices' once, and the right hand panel should change.
On the right hand side of Regedit, again look for the item titled the same as above.
Right click on that line only and choose delete. Close regedit and reboot your PC.

Close RegEdit and use Windows Explorer to open the file c:\windows\win.ini

Near the top you will see a line starting with run=
If you see a path pointing to the sub7 server here as well, delete it so the line Only reads run=
Save and close the win.ini file, then open your system.ini (also in the c:\windows directory)

Look for a line starting with Shell=explorer.exe
If the Sub7 server name is after this, remove that file name so the line reads exactly shell=explorer.exe
Save and close system.ini.


Follow up the tips in this article, and see whether anything remains in the locations indicated.

Details may vary, but any line starting with loader= in your RunServices key is to be deleted.
And make sure that the run= and load= lines in your Win.Ini are also empty, or at least don't contain anything suspicious.

Finally, if that doesn't help, search the registry by keyword 'ststem', and remove it, if found.
You could also search your System.ini and Autoexec.bat.

Good luck,

 

[king_02891]

I went and did everything, like you said, but when i got there, there was no loader, there was also 1 run; 1 run-; 2 run services, anyhow what i was loking for wasn't there.
but something in the back of my mind said i had seen these things before, so for anybody else who might have the same problem, i went to start-run-type in msconfig. and there i found the little buggers, system ini; and win ini, then i did what you said and that seemed to make everything all better.
oh yea, that was a typo, ststem. it was system\system.
but anyway thank you tony for all your help, don't know where i'd be without you guys, thanks again. and a happy and warm thanksgiving to everybody.