screen saver worm

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

jujitsu62

Thread Starter
Joined
Mar 17, 2002
Messages
42
My daughter inadvertantly opened up a screen saver virus or worm . It did the usual ; sending out e-mails to everyone on the planet , ( sorry , if you got one ) . The worm went through my virus checker like butter . I could not find it to re-activate or load it back in (the virus checker ) and had to eventually down load another version 60 day trial . Now , my internet will not open via all ways that I know of . I hit the icon and it flashes open for a second and closes . I am on my work computor now and would like to know if anyone knows of any fixes or where to go for a fix. I appreciate any help , people and happy new year . See you and thanks . Don
 

jujitsu62

Thread Starter
Joined
Mar 17, 2002
Messages
42
Thanks , I will do this but one of my co-workers suggested uninstalling windows through program install , uninstall . Might this clear it up or is the problem deeper than this. I am running win98. Thanks again .
 

jujitsu62

Thread Starter
Joined
Mar 17, 2002
Messages
42
Thanks , I will try this first . It will take a while , I'm at work and after work I'll have to find someone who doesn't hate me now ( the list is getting longer by the minute ) and borrow their computer . Thanks Don
 

jujitsu62

Thread Starter
Joined
Mar 17, 2002
Messages
42
One quick one . What should I open this program up in or is it it's own ? Do I just execute it ? Thanks
 
Joined
Oct 4, 2002
Messages
2,773
It's a simple .txt readout and should automaticaly open in notepad - just select all save it and pop it on the floppy - then copy and paste it here

steam
 

jujitsu62

Thread Starter
Joined
Mar 17, 2002
Messages
42
StartupList report, 1/2/03, 3:59:06 PM
StartupList version: 1.50
Started from : C:\MY DOCUMENTS\STARTUPLIST.EXE
Detected: Windows 98 SE (Win9x 4.10.2222A)
Detected: Internet Explorer v6.00 (6.00.2600.0000)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\WINSERVICES.EXE
C:\PROGRAM FILES\ESAFE\PROTECT\SERV95.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\TCPSVS32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\SCANJET\PRECISIONSCANLT\HPPWRSAV.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\ESAFE\PROTECT\ESPWATCH.EXE
C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\PROGRAM FILES\DATE MANAGER\DATEMANAGER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\COMMON FILES\GMT\GMT.EXE
C:\PROGRAM FILES\ESAFE\PROTECT\LOOKOUT.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\MY DOCUMENTS\STARTUPLIST.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe
Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
TaskMonitor = C:\WINDOWS\taskmon.exe
SystemTray = SysTray.Exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SoundFusion = RunDll32 cwcprops.cpl,CrystalControlWnd
hppwrsav = C:\SCANJET\PrecisionScanLT\hppwrsav.exe
DXM6Patch_981116 = C:\WINDOWS\p_981116.exe /Q:A
LVComs = C:\WINDOWS\SYSTEM\LVComS.exe
LoadQM = loadqm.exe
CMESys = "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE"
WinServices = C:\WINDOWS\SYSTEM\WinServices.exe
NPROTECT = C:\Program Files\Norton Utilities\NPROTECT.EXE
eSafe Protect = "C:\Program Files\eSafe\Protect\ESPWatch.exe" /delay=5

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SchedulingAgent = mstask.exe
WinServices = C:\WINDOWS\SYSTEM\WinServices.exe
NPROTECT = C:\Program Files\Norton Utilities\NPROTECT.EXE
eSafe Protect = C:\Program Files\eSafe\Protect\SERV95.EXE

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

MSMSGS = "C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE" /background

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "C:\WINDOWS\SYSTEM\nav32_loader.exe""%1"%*

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {89820200-ECBD-11cf-8B85-00AA005B4383}

[>PerUser_MSN_Clean] *
StubPath = C:\WINDOWS\msnmgsr1.exe

[MmoptPreferredAudioDevices] *
StubPath = rundll32.exe shell32.dll,Control_RunDLL mmsys.cpl,@0,SPCI\VEN_1013&DEV_6003&SUBSYS_60031013&REV_01\BUS_00&DEV_06&FUNC_00

[PerUser_LinkBar_URLs] *
StubPath = C:\WINDOWS\COMMAND\sulfnbk.exe /L

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C}

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {7790769C-0471-11d2-AF11-00C04FA35D02}

[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
StubPath = C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=
run=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\SYSTEM\3DPIPE~1.SCR
drivers=mmsystem.dll power.drv

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 30/12/2002, 18:20:34)


--------------------------------------------------

C:\AUTOEXEC.BAT listing:

SET CLASSPATH=C:\Program Files\PhotoDeluxe 2.0\AdobeConnectables
C:\WINDOWS\cwcdata\cwcdos.exe

--------------------------------------------------

C:\WINDOWS\DOSSTART.BAT listing:

C:\WINDOWS\cwcdata\CWCDOS.EXE

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Enumerating Browser Helper Objects:

CSBHO - C:\PROGRAM FILES\COMET\BIN\CSBHO.DLL - {D14D6793-9B65-11D3-80B6-00500487BDBA}
(no name) - C:\PROGRAM FILES\ESAFE\PROTECT\espie.dll - {2F4F8CC3-FF89-11D1-9F63-0020182D7E20}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Tune-up Application Start.job
Symantec NetDetect.job
Maintenance-Defragment programs.job
Maintenance-ScanDisk.job
Maintenance-Disk cleanup.job

--------------------------------------------------

Enumerating Download Program Files:

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://active.macromedia.com/flash4/cabs/swflash.cab

[AcceptLang Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\SETACCEPTLANG.DLL
CODEBASE = http://runonce.msn.com/setacceptlang.cab

[CSBHO Class]
InProcServer32 = C:\PROGRAM FILES\COMET\BIN\CSBHO.DLL
CODEBASE = http://files.cc.cometsystems.com/cc2/release/bin/cc3.cab

[Yahoo! Audio Conferencing]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YACSCOM.DLL
CODEBASE = http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v43/yacscom.cab

[Yahoo! Audio UI1]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YACSUI.DLL
CODEBASE = http://chat.yahoo.com/cab/yacsui.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab

[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\XSCAN53.OCX
CODEBASE = http://a840.g.akamai.net/7/840/537/2002121801/housecall.antivirus.com/housecall/xscan53.cab

[McFreeScan Class]
InProcServer32 = C:\WINDOWS\MCAFEE.COM\FREESCAN\MCFSCAN.DLL
CODEBASE = http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,4,0,4240/mcfscan.cab

--------------------------------------------------

Enumerating Winsock LSP files:

Protocol #1: C:\PROGRAM FILES\ESAFE\PROTECT\EspSock2.Dll
Protocol #2: C:\PROGRAM FILES\ESAFE\PROTECT\EspSock2.Dll
Protocol #9: C:\PROGRAM FILES\ESAFE\PROTECT\EspSock2.Dll

--------------------------------------------------
End of report, 8,569 bytes
Report generated in 0.911 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
 

jujitsu62

Thread Starter
Joined
Mar 17, 2002
Messages
42
Thanks for your help people . I will ry hese solutions and hopefully there will be success . If all else fails , there is always the "F" word . Thanks again . Don.
 

jujitsu62

Thread Starter
Joined
Mar 17, 2002
Messages
42
Thanks for your help people . I will try these solutions and hopefully there will be success . If all else fails , there is always the "F" word . Thanks again . Don.
 

jujitsu62

Thread Starter
Joined
Mar 17, 2002
Messages
42
Thanks for your help people . I will try these solutions and hopefully there will be success . If all else fails , there is always the "F" word for my door mat. . Thanks again . Don.
 
Joined
Oct 4, 2002
Messages
2,773
You wont need to use the "F" word - it's not that bad

Once you have got rid of the virus - you have spyware\adware to get rid of so

Please Download and install SpyBot,

http://www.lurkhere.com/~nicefiles/spybotsd11r3.exe

click the online tab to search for and download the updates, then shut down and relaunch SpyBot.

Go to the Settings tab > File Sets, and uncheck 'System Internals' and 'Tracks' .
These aren't needed for our present purpose, and you can always experiment with them later on.

Finally, after closing down Internet Explorer, click 'Check for problems', and have SpyBot remove all it finds 'Fix selected problems'

you may have to run spybot more than once to clear everything

------------
Then go to
start
run
type msconfig
ok
click startup tab and untick LOADQM.EXE

LoadQM = LOADQM.EXE --

Description of the Loadqm.exe File

This loads the MSN Query Manager. This program gobbles up system resources and appears on most end-users’ Task List who come to us complaining of low System & User Resources or very slow, "crawling", PCs. Recommendation : Disable immediately, or Delete using Startup Manager.

http://support.microsoft.com/default.aspx?scid=KB;EN-US;q309418

steam
 

jujitsu62

Thread Starter
Joined
Mar 17, 2002
Messages
42
Thanks Steamwiz , the tips yesterday helped lots and now the only thing that still is out of sorts is explore . I will try the tips above while I still have a thread of sanity . Thanks Don .
 
Joined
Oct 4, 2002
Messages
2,773
Originally posted by jujitsu62:
Thanks Steamwiz , the tips yesterday helped lots and now the only thing that still is out of sorts is explore . I will try the tips above while I still have a thread of sanity . Thanks Don .
Please explain again what is not working - if it's the .exe files I can give you a fix for them

steam
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top