Re: I cannot access the registry or the msconfig screen.

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Frank Martin (paul_at_colonel.com.au)
Date: 08/02/04 

Date: Tue, 3 Aug 2004 09:43:40 +1000

I tried every thing you suggested and scanned my computer with the
'Freescan' fromMcAfee.

This gave the following files infected with the "Spybot.worm.gen.m"
virus/worm.

C:\WINDOWS\system32cyutgujghf.exe,
ditto\dvdmilnhjw.exe,
ditto\hvvgdzthl.exe,
ditto\messenger.exe,
ditto\norton2001.exe,
ditto\rmcukifzjr.exe,
ditto\zonealarm.exe,

I noticed from their properties that these files had been created in the
last 2 months, though WindowsXP was installed on my machine in 2002.

I deleted all these files to the recycle bin, where they now reside, though
zonealarm.exe could not be deleted, so I renamed it.

I then cold booted the computer.

On restart I found the problem fixed.

What should I do now with these deleted/renamed files?

Many thanks for your help.

Regards, Frank

"Kaylene aka Taurarian" <taurarianREMOVECAPS@hotmail.com> wrote in message
news:OdbWB3GeEHA.724@TK2MSFTNGP10.phx.gbl...
> Some viruses actually disable your anti virus program. Perhaps an online
scan -
> links at the end.
>
> http://www.dougknox.com/xp/utils/xp_emerutils.htm
> Creates usable copies of REGEDIT, MSCONFIG and Task Manager
>
> You could be infected with one of these worms:
>
> W32.Spybot.Worm
>
http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html
> W32.Klez.Worm
>
http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.gen@mm.html
> W32.Yaha.Worm
> http://securityresponse.symantec.com/avcenter/venc/data/w32.yaha.e@mm.html
>
> These viruses terminate Regedit.exe and taskmgr.exe
> W32.HLLW.Kefy:
> http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.kefy.html
> W32.HLLW.Cydog@mm:
>
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.cydog@mm.html
> Backdoor.IRC.Yoink.A:
>
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.yoink.a.html
> Backdoor.Volac.dr:
>
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.volac.dr.html
> W32.Kwbot.R.Worm:
> http://www.symantec.com/avcenter/venc/data/w32.kwbot.r.worm.html
>
> These viruses delete the Regedit.exe, Regedt32.exe, Msconfig.exe,
Taskmgr.exe
> W32.Petch.B:
> http://www.symantec.com/avcenter/venc/data/w32.petch.b.html
> W32.HLLW.Maax.B@mm:
>
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.maax.b@mm.html
>
>
> Downloadable McAfee AVERT Stinger:
> Stinger: http://vil.nai.com/vil/stinger/
> stand-alone utility used to detect and remove specific viruses. It is not
a
> substitute for full anti-virus protection, but rather a tool to assist
> administrators and users when dealing with an infected system. Stinger
utilizes
> next generation scan engine technology, including process scanning,
digitally
> signed DAT files, and scan performance optimizations.
>
> Perhaps an online security/virus check
> Symantec
> http://security.norton.com/sscv6/default.asp?langid=ie&venid=sym
> Trend Micro House Call:
> http://housecall.trendmicro.com/
> Panda ActiveScan;
> http://www.pandasoftware.com/activescan/com/activescan_principal.htm
> McAfee FreeScan:
> http://us.mcafee.com/root/mfs/default.asp
> Kaspersky Labs On-line Virus Checker:
> http://www.kaspersky.com/remoteviruschk.html
> BitDefender Online Scan:
> http://www.bitdefender.com/scan/licence.php
>
>
> "Frank Martin" <paul@colonel.com.au> wrote in message
> news:uZDW3QGeEHA.592@TK2MSFTNGP11.phx.gbl...
> > Recently I had occasion to go to the msconfig program by going to "run"
on
> > the start bar and typing in "msconfig".
> >
> > The program starts but then disappears after about 5 seconds.
> >
> > The same thing happens to the registry.
> >
> > I have run all my virus checkers but it still happens.
> >
> > Can someone help me please, Frank
> >
> >
>

Relevant Pages

  • Re: I cannot access the registry or the msconfig screen.
    ... > Some viruses actually disable your anti virus program. ... > Downloadable McAfee AVERT Stinger: ... > Perhaps an online security/virus check ...
    (microsoft.public.windowsxp.basics)
  • Paging the Computeristi
    ... I've nuked a computer of a squillion viruses and various Spyware apps. ... As soon as all viruses were squished one would go online with his DSL ... What I'm worried about is when it's on an unprotected network (ie. ...
    (uk.rec.motorcycles)
  • Re: Paging the Computeristi
    ... As soon as all viruses were squished one would go online with his DSL ... I put on WinXP SP2 via a USB download and installed it. ...
    (uk.rec.motorcycles)
  • RE: Virus for testing purposes
    ... Is there is any place online from where i can download ... viruses or something like that. ... EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE ... Computer Emergency Response Teams, and Digital Investigations. ...
    (Security-Basics)
  • Re: I cannot access the registry or the msconfig screen.
    ... Some viruses actually disable your anti virus program. ... Perhaps an online security/virus check ...
    (microsoft.public.windowsxp.basics)