Re: system 32 i found a problem i need help fixing it

From: Rick \ (rick_at_mvps.org)
Date: 03/19/04

• Next message: Cerridwen: "Re: XP Pro processes under suspicion"
• Previous message: JAX: "Re: Triple-size taskbar"
• In reply to: Charlie: "Re: system 32 i found a problem i need help fixing it"
• Next in thread: anonymous_at_discussions.microsoft.com: "Re: system 32 i found a problem i need help fixing it"
• Messages sorted by: [ date ] [ thread ]

---

Date: Thu, 18 Mar 2004 21:04:52 -0500

Hi Charlie,

Go ahead and post the contents of those keys if you have already tried the
other fixes that were recommended.

-- 
Best of Luck,
Rick Rogers aka "Nutcase" MS-MVP - Win9x
Windows isn't rocket science!  That's my other hobby!
http://mvp.support.microsoft.com/
Associate Expert - WinXP - Expert Zone
www.microsoft.com/windowsxp/expertzone
Win98 Help - www.rickrogers.org
"Charlie" <anonymous@discussions.microsoft.com> wrote in message
news:fb4101c40d29$da9a6bf0$a401280a@phx.gbl...
> hey could you help me too? i replied just expand the
> different branches of this topic.
>
>
> >-----Original Message-----
> >Hi fa sho,
> >
> >You have your work cut out for you. You will need the
> better part of a day
> >to do all this. Please do the following:
> >
> >The first thing you need to do is get rid of the blaster
> worm:
> >> "windows auto update"="msblast.exe"
> >
> >Information:
> >http://www.kellys-korner-xp.com/xp_qr.htm#rpc
> >http://www.pchell.com/virus/msblast.shtml
> >http://vil.nai.com/vil/content/v_100499.htm
> >http://www.symantec.com/avcenter/venc/data/w32.blaster.wo
> rm.html
> >http://www.bigblackglasses.com/Article.aspx?Article=342
> >
> >You need the patch described here to protect against it:
> >MS03-039: A Buffer Overrun in RPCSS Could Allow an
> Attacker to Run Malicious
> >Programs
> >http://support.microsoft.com/?kbid=824146
> >
> >Then you want to get rid of these trojans:
> >> "atjganym"="C:\\WINDOWS\\tfewgvqv.exe"
> >> "nvid"="C:\\WINDOWS\\System32\\ymcxmajw.exe"
> >
> >Restart in Safe mode (hit F8 at bootup), search the
> system for tfewgvqv.exe
> >and ymcxmajw.exe, delete both. Then start/run regedit
> and delete those
> >strings from the run key they were in.
> >
> >You should also remove these:
> >> "WinFavorites"="C:\\Program
> Files\\WinFavorites\\WinFavorites.exe1"
> >> "SafeSurfingUpdate"="C:\\WINDOWS\\System32
> \\SSUpdate.exe"
> >
> >These pages explains how and why:
> >http://www.kephyr.com/spywarescanner/library/winfavorites
> /index.phtml
> >http://www.kephyr.com/spywarescanner/library/safesurfing/
> index.phtml
> >
> >This one should go as well:
> >> "Belt"="C:\\WINDOWS\\Belt.exe"
> >
> >Why? See:
> >http://www.faqfarm.com/Computer/Virus/5922
> >
> >More garbage:
> >> "UpdateStats"="C:\\Program
> Files\\Media\\Media\\UpdateStats.exe"
> >> "RunWindowsUpdate"="C:\\WINDOWS\\uptodate.exe"
> >> "AutoUpdater"="C:\\PROGRA~1\\AUTOUP~1\\AUTOUP~1.EXE"
> >> "SBHC"="C:\\Program Files\\SuperBar\\sbhc.exe"
> >> C:\\WINDOWS\\System32\\stlbupdt.DLL,DllRunMain"
> >> "wcmdmgr"="C:\\WINDOWS\\wt\\updater\\wcmdmgrl.exe -
> launch"
> >> "Rundll32_7"="rundll32.exe
> >C:\\WINDOWS\\System32\\msiefr40.dll,DllRunServer"
> >> "msbb"="C:\\WINDOWS\\msbb.exe"
> >
> >Download and run Adaware to assist you with these. Go to
> www.lavasoft.de for
> >the latest version.
> >
> >Definitely don't want this parasite either:
> >> "updater"="C:\\Program Files\\Common
> files\\updater\\wupdater.exe"
> >
> >Please see this link:
> >http://www.safersite.com/pestinfo/k/keenvalue.asp
> >
> >These should be disabled on the startup tab of msconfig
> (start/run
> >msconfig). They are not harmful, but can be a nuisance.
> They do not need to
> >load at boot, and can bog down the system:
> >
> >> "QuickTime Task"="\"C:\\Program
> >Files\\QuickTime\\qttask.exe\" -atboottime"
> >> "iTunesHelper"="C:\\Program
> Files\\iTunes\\iTunesHelper.exe"
> >> "RealTray"="C:\\Program
> Files\\Real\\RealPlayer\\RealPlay.exe
> >
> >Another trojan:
> >> "BEH"="C:\\WINDOWS\\BEH.exe"
> >
> >See:
> >http://www.trendmicro.com/vinfo/virusencyclo/default5.asp
> ?VName=BKDR_WOMANIZ.C&VSect=T
> >
> >After cleaning up all this mess (someone in your
> household likes to click on
> >anything that pops up in front of them), if the system32
> folder still loads
> >at boot, start/run msconfig. On the general tab put the
> system in diagnostic
> >mode. Click apply/ok and reboot. Then, reverse the steps
> to put the system
> >in normal mode, it should no longer appear.
> >
> >-- 
> >Best of Luck,
> >
> >Rick Rogers aka "Nutcase" MS-MVP - Win9x
> >Windows isn't rocket science!  That's my other hobby!
> >http://mvp.support.microsoft.com/
> >Associate Expert - WinXP - Expert Zone
> >www.microsoft.com/windowsxp/expertzone
> >Win98 Help - www.rickrogers.org
> >
> ><snip>
> >
> >
> >.
> >

---

• Next message: Cerridwen: "Re: XP Pro processes under suspicion"
• Previous message: JAX: "Re: Triple-size taskbar"
• In reply to: Charlie: "Re: system 32 i found a problem i need help fixing it"
• Next in thread: anonymous_at_discussions.microsoft.com: "Re: system 32 i found a problem i need help fixing it"
• Messages sorted by: [ date ] [ thread ]

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(10)