Re: hidship.exe

From: Kelly (kelly_at_mvps.org)
Date: 08/14/04 

Date: Sat, 14 Aug 2004 02:54:33 -0500

Clean your system! Run the programs mentioned here:
http://www.kellys-korner-xp.com/xp_c.htm#cleanup 

-- 
All the Best,
Kelly
Microsoft-MVP Windows® XP
2004 Windows MVP "Winny" Award
Troubleshooting Windows XP
http://www.kellys-korner-xp.com
"jac" <jac@discussions.microsoft.com> wrote in message 
news:47C959E0-A4AD-4F55-A582-81EBFF2660CC@microsoft.com...
> hi,
>
> I have updated, scanned, and removed the viruses(W32.Spybot.Worm,
> W32.Randex.gen, but no Klez and Yaha viruses found), I have also changed 
> the
> registries there points to the affected files but it still doesn't worked. 
> I
> still unable to open those administrative tools
>
> Any suggestions?
>
> Thanks.
>
> "Rick "Nutcase" Rogers" wrote:
>
>> Hi,
>>
>> That's a virus, possibly Klez or Yaha. Both of these, as well as several
>> others, disable the administrative tools to try and prevent you from
>> removing them. Update your antivirus software, and in the meantime use 
>> the
>> emergency tools as described by MVP Doug Knox here:
>> http://www.dougknox.com/xp/utils/xp_emerutils.htm
>>
>> -- 
>> Best of Luck,
>>
>> Rick Rogers, aka "Nutcase" - Microsoft MVP
>> http://mvp.support.microsoft.com/
>> Associate Expert - WindowsXP Expert Zone
>> www.microsoft.com/windowsxp/expertzone
>> Windows help - www.rickrogers.org
>>
>> "jac" <jac@discussions.microsoft.com> wrote in message
>> news:C22892D0-6461-4DA1-AE30-3F053F9B0EE7@microsoft.com...
>> > Hi,
>> >
>> > Thanks, it works.  There is another question, everytime I open my
>> > adminstrative tools, it open for one second and it closes itself.  This
>> > includes the task manager, defragment tools, local policy etc.
>> >
>> > I wondered if anyone of you knows this too?
>> >
>> > thanks
>> >
>> > "Rick "Nutcase" Rogers" wrote:
>> >
>> >> Hi,
>> >>
>> >> Sounds like a trojan, I can't find any file by that name. Follow these
>> >> "relatively" simple removal steps:
>> >>
>> >> Restart in Safe mode by hitting F8 as Windows first begins to load on
>> >> boot.
>> >> Logon as administrator.
>> >>
>> >> Start/search/files and folders, look for <filename> and delete it
>> >> wherever
>> >> it is found.
>> >>
>> >> Start/run regedit, expand the + signs to look under these keys:
>> >>
>> >> HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
>> >> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
>> >> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
>> >>
>> >> Look in the right hand pane for the string or strings that load that
>> >> file.
>> >> Delete just those strings that contain the reference. Do not delete 
>> >> other
>> >> strings or the keys from the left pane. Close the registry editor when
>> >> completed, make sure you check all strings.
>> >>
>> >> Go to the Control Panel/System/System Restore tab. Check the box to 
>> >> "Turn
>> >> off system restore on all drives". Click apply/ok. This will remove 
>> >> all
>> >> restore points, however you don't want them back as some or all of 
>> >> them
>> >> will
>> >> contain the virus depending upon how recently you got infected.
>> >>
>> >> Restart the system normally. Go back to the Control Panel/System and
>> >> restart
>> >> System Restore.
>> >>
>> >> Update your antivirus software, run a full system scan.
>> >>
>> >> -- 
>> >> Best of Luck,
>> >>
>> >> Rick Rogers, aka "Nutcase" - Microsoft MVP
>> >> http://mvp.support.microsoft.com/
>> >> Associate Expert - WindowsXP Expert Zone
>> >> www.microsoft.com/windowsxp/expertzone
>> >> Windows help - www.rickrogers.org
>> >>
>> >> "jac" <jac@discussions.microsoft.com> wrote in message
>> >> news:3628A9BC-8A0F-45A8-9ED0-A7305CFE86A6@microsoft.com...
>> >> > hi,
>> >> >
>> >> > I have this process running in my PC.  It is stopping the windows 
>> >> > from
>> >> > loading my desktop everytime I on my PC.  I have to go to task 
>> >> > manager
>> >> > to
>> >> > kill this process in order to the desktop.
>> >> >
>> >> > Does anyone here knows what kind of process it's from or from where 
>> >> > can
>> >> > I
>> >> > get more help?  I really want to get rid of this process forever, 
>> >> > but I
>> >> > do
>> >> > not know which progem activate it.
>> >> >
>> >> > Please help.
>> >> >
>> >> > thanks
>> >>
>> >>
>> >>
>>
>>
>>

Relevant Pages

  • Re: Firewall blocked file
    ... Windows help - www.rickrogers.org ... >> Delete just those strings that contain the reference. ... >> off system restore on all drives". ... >> Associate Expert - WindowsXP Expert Zone ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Outlook Express question
    ... You appear to be using XP Classic Windows Theme. ... > ARE two separate strings within the file displaying two separate ... > and the controls are somehow flagged. ...
    (microsoft.public.windowsxp.general)
  • Re: Outlook Express question
    ... You appear to be using XP Classic Windows Theme. ... > ARE two separate strings within the file displaying two separate ... > and the controls are somehow flagged. ...
    (microsoft.public.windows.inetexplorer.ie6_outlookexpress)
  • Re: RfD: XCHAR wordset
    ... It's somewhat worse, because Windows has "A" prototypes, which convert the ... current code page into UTF-16 on the fly. ... Actually, it might be possible to change the current code page to UTF-8, but ... Windows strings are usually not C strings, ...
    (comp.lang.forth)
  • Re: file exphard.exe memory hog, help
    ... Restart in Safe mode by hitting F8 as Windows first begins to load on boot. ... Look in the right hand pane for the string or strings that load that file. ... Go to the Control Panel/System/System Restore tab. ...
    (microsoft.public.windowsxp.general)