1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Two Towers.XViD-ViTE W32.Opaserv(win.ini) virus

Discussion in 'Virus & Other Malware Removal' started by louisj23, Feb 15, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. louisj23

    louisj23 Thread Starter

    Joined:
    Jun 11, 2001
    Messages:
    133
    I was just reading about how this may be a virus but I don't get all of the marajuna icons and windows.
    Anyway, my comp was completely bogged down so checked under my CPU processes in the task manager only to find a file named SYSTEM32.EXE was using up 100% !!
    What is this file and is it in fact a virus and which directory does it get lumped into cause I can't seem to find it.
    Ran a virus scan with System suite and found nothing.

    OK, found something new with this.
    Just tried opening up Windows Media Player and playing a couple of files.
    The.Lord.Of.The.Rings.The.Two.Towers.CD1.DVDScr.XViD-ViTE
    and
    The.Ring.(DVDScreener).Cd1.[ViTE].Osloskop

    Now earlier I downloaded and installed a couple XVid codecs to get the movies to play.
    Tried a couple of other video files and they were fine but when I open either one of those two, windows media player stops responding and is using up 100% of my resources. I know, I know, I just need to delete these files but I just want to make sure they didn't leave something behing

    and now just opened up another browser and EXPLORER.EXE is using 100%

    Here's my start up applications because I'm sure that SYSTEM32.EXE starts with windows.....

    StartupList report, 2/15/2003, 6:47:49 PM
    StartupList version: 1.51
    Started from : C:\DOCUME~1\LOUISC~1\LOCALS~1\Temp\Rar$EX00.121\StartupList.EXE
    Detected: Windows 2000 SP3 (WinNT 5.00.2195)
    Detected: Internet Explorer v6.00 (6.00.2600.0000)
    * Using default options
    ==================================================

    Running processes:

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\MSTask.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\PROGRA~1\Ontrack\SYSTEM~1\MXTask.exe
    C:\WINDOWS\System32\WBEM\WinMgmt.exe
    C:\WINDOWS\System32\mspmspsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.exe
    C:\windows\system32\syssrcvs.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\CMEII\CMESys.exe
    C:\Program Files\Common Files\GMT\GMT.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Ontrack\SystemSuite\SSuite.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\LOUISC~1\LOCALS~1\Temp\Rar$EX00.121\StartupList.exe

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Common Startup:
    [C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
    Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
    Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

    --------------------------------------------------

    Checking Windows NT UserInit:

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINDOWS\system32\userinit.exe,

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    SystemTray = SysTray.Exe
    SoundMan = soundman.exe
    Fix-It AV = C:\PROGRA~1\Ontrack\SYSTEM~1\MemCheck.exe
    NeroCheck = C:\WINDOWS\system32\NeroCheck.exe
    NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    nwiz = nwiz.exe /install
    SysTray = c:\windows\system32\syssrcvs.exe
    QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
    CMESys = "C:\Program Files\Common Files\CMEII\CMESys.exe"

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

    SystemSAS = system32.exe

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    Desktop Weather = C:\PROGRA~1\THEWEA~1\THEWEA~1.exe

    --------------------------------------------------

    File association entry for .SCR:
    HKEY_CLASSES_ROOT\scrFile\shell\open\command

    (Default) = "C:\Program Files\Internet Explorer\Iexplore.exe" %1

    --------------------------------------------------


    Enumerating Browser Helper Objects:

    (no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    Tune-up Application Start.job

    --------------------------------------------------

    Enumerating Download Program Files:

    [QuickTime Object]
    InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx
    CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

    [Shockwave ActiveX Control]
    InProcServer32 = C:\WINDOWS\SYSTEM32\Macromed\Director\SwDir.dll
    CODEBASE = http://download.macromedia.com/pub/...ector/swdir.cab

    [IEDial Class]
    InProcServer32 = C:\WINDOWS\System32\IEAccess2.dll
    CODEBASE = http://usa-download.nocreditcard.co...t/ieaccess2.cab

    [{41F17733-B041-4099-A042-B518BB6A408C}]
    CODEBASE = http://apple.speedera.net/qtinstall...meInstaller.exe

    [Update Class]
    InProcServer32 = C:\WINDOWS\System32\iuctl.dll
    CODEBASE = http://v4.windowsupdate.microsoft.c...7577.4276157407

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
    CODEBASE = http://download.macromedia.com/pub/...ash/swflash.cab

    --------------------------------------------------

    Enumerating Winsock LSP files:

    Protocol #1: wps.dll (file MISSING)
    Protocol #2: wps.dll (file MISSING)
    Protocol #3: wps.dll (file MISSING)
    Protocol #4: wps.dll (file MISSING)
    Protocol #5: wps.dll (file MISSING)
    Protocol #11: wps.dll (file MISSING)

    --------------------------------------------------
    End of report, 5,433 bytes
    Report generated in 0.161 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only


    Thanks
     
  2. steamwiz

    steamwiz

    Joined:
    Oct 4, 2002
    Messages:
    2,773
    Hi louisj23

    This is your worm

    http://securityresponse.symantec.com/avcenter/venc/data/[email protected]

    Do a free on-line virus scan here :-

    http://www.pandasoftware.com/activescan/

    or here :-

    http://housecall.trendmicro.com/

    You also have at least Gator spyware

    Please Download and install SpyBot,

    http://www.lurkhere.com/~nicefiles/

    click the online tab to search for and download the updates, then shut down and relaunch SpyBot.

    Go to the Settings tab > File Sets, and uncheck 'System Internals' and 'Tracks' .
    These aren't needed for our present purpose, and you can always experiment with them later on.

    Finally, after closing down Internet Explorer, click 'Check for problems', and have SpyBot remove all it finds 'Fix selected problems'

    you may have to run spybot more than once to clear everything

    Remove everything pre-ticked in Red

    steam
     
  3. louisj23

    louisj23 Thread Starter

    Joined:
    Jun 11, 2001
    Messages:
    133
    I will let youknow as soon as I am done.
    Thank you very much.
     
  4. louisj23

    louisj23 Thread Starter

    Joined:
    Jun 11, 2001
    Messages:
    133
    Worked like a champ.
    Thank you very much.
    Even the movies play perfectly!
     
  5. steamwiz

    steamwiz

    Joined:
    Oct 4, 2002
    Messages:
    2,773
    louisj23
    <marquee>
    <img src="http://forums.techguy.org/attachment.php?s=&postid=608976">you're welcome from Steam
    </marquee>
     
  6. SmoothMF

    SmoothMF

    Joined:
    Feb 19, 2003
    Messages:
    1
    I've downloaded this same file... Is it legit or what?? I can HEAR it fine with media player 9, but no video... It tries to download the right codec.. But gives an error each time it attempts... I am desperate for a high quality version of LOTR - TT.. But have had NO luck in SEVERAL attempts... Anyone know of a good version?? Or is the one I have ( Two Towers.XViD-ViTE ) the one I want and just need the right codec? any advice or ideas would be greatly appreciated...
    THANKS
     
  7. cheapshot

    cheapshot

    Joined:
    Aug 29, 2001
    Messages:
    284
    I would recommend using the NIMO video pack for this problem. Be careful downloading an XVID codec from KAZAA though. There is one out there that comes bundled with the IRC.Trojan. Just a heads up!!
     
  8. The_Egg

    The_Egg

    Joined:
    Sep 16, 2002
    Messages:
    1,157
    I don't recommend the Nimo Codec pack.
    It's been proved to be dangerous and also contains spyware.
    Installing multiple codecs at the same time is not good. Trust me.

    The DivX, XviD, and other codecs should all be installed separately, and the latest versions from the official sources

    http://www.divx.com
    http://www.divx-digest.com/software/xvid.html
    http://www.3ivx.com

    Other codec sources:
    http://www.moviecodec.com
    http://www.pcsupport.dk/support/codec.htm
    http://admin.dbpoweramp.com/codec-central.htm
    http://www.411forsex.com/help/codecs_and_tools/codecs.html
    http://www.skynet4ever.tk
    http://www.inf.ufpr.br/~rja00/programs.html


    Use G-Spot to determine which codecs/filters are required
    http://www.divx-digest.com/software/gspot.html
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/119014

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice