Re: Attn: Rock or anyone else that can help

From: Rock (rock_at_comcast.nospam.net)
Date: 09/19/04 

Date: Sun, 19 Sep 2004 14:21:05 -0700

Rachel K wrote:

> From: "Rachel K" <rkyker@yahoo.com> Sent: 9/19/2004
> 9:37:59 AM
>
>
>
>
>
>>-----Original Message-----
>>Rachel K wrote:
>>
>>
>>>Hi Rock,
>>>
>>>I went through the steps you gave me below in regards
>
> to
>
>>>my post on Sept 18th at 6:18 "Infected files that are
>>>archived, virus program wont remove" and it didn't
>
> work.
>
>>>The 5 infected files are still present and my
>
> antivirus
>
>>>wont delete them. I am not computer savvy and this
>
> very
>
>>>frustrating. Any other suggestions?
>>>
>>>Rachel
>>>
>>>
>>>When I run my virus software (Anti Vir XP)it gives me
>
> 5
>
>>>>infected files that are archived and cannot be removed
>>>
>>>or
>>>
>>>
>>>>deleted. I can't do anything in Windows Explorer
>>>
>>>because
>>>
>>>
>>>>it shuts down and restarts immediately and my IE 6
>>>
>>>shuts
>>>
>>>
>>>>down frequently. How do I get rid of something that
>
> is
>
>>>>archived when I can't stay in Windows Explorer or on
>>>
>>>the
>>>
>>>
>>>>Internet for very long?
>>>>
>>>>Thanks
>>>
>>>
>>>Start with Trend Micro's Sysclean. After downloading
>
> the
>
>>>program and
>>>signature file turn off system restore, boot into safe
>>>mode and run it.
>>> Then boot back into normal mode, turn system
>
> restore,
>
>>>and do a
>>>complete scan with your AV product.
>>>
>>>Trend Micro Sysclean
>>>http://www.trendmicro.com/download/dcs.asp
>>>
>>>Trend Micro Signature File
>>>http://www.trendmicro.com/download/pattern.asp
>>>
>>>
>>
>>Where are these files and what are file names? You mean
>
> you downloaded
>
>>and ran Trend Micro's sysclean in safe mode, and you
>
> turned of system
>
>>restore? What were the results of the scan?
>>_____________________________________________________
>>The folder and file names are...
>
> (1)Folder: C\Documents and Settings\kyker\Local
> Settings\temp
> File: conscorr...ini
> Status: Free memory
> Detected: TR/Dldr.Stubby.C
>
> (2)Folder: C\Documents and Settings\kyker\..\THI10BA.tmp
> File: multimpp.cap...prelnsmm.exe
> Status: Free memory
> Detected: TR/Hijack.mulltiPP
>
> (3)Folder: C\Documents and Settings\kyker\..\THI163A.tmp
> File: multimpp.cap...prelnsmm.exe
> Status: Free memory
> Detected: TR/Hijack.mulltiPP
>
> (4)Folder: C\Documents and Settings\kyker\..\THI22EA.tmp
> File: localNRd.cab...polall1I.exe
> Status: Free memory
> Detected: TR/Dldr.Krepper.3
>
> (5)Folder: C\Documents and Settings\kyker\..\THI6CF0.tmp
> File: multimpp.cap...prelnsmm.exe
> Status: Free memory
> Detected: TR/Hijack.MulltiPP
>
> I did download TM's sysclean and I ran it in safemode
> with system restore off. I rebooted in Normal mode,
> turned system restore back on, and ran AntiVir XP. The
> same 5 files showed up. The results from sysclean showed
> that there were errors for some of the files it couldnt
> get into (like yahoo or aol messenger), but it wasn't any
> of my files above. When sysclean was running I noticed
> if it couldnt clean something it deleted it. Maybe it
> couldn't do either for these? It may be easier to email
> any more suggestions because sometimes my IE shuts down
> before I can get to this page.
> My email is rkyker@yahoo.com. I really appreciate your
> help.
> Rachel
>

Rachel, for one thing keep all posts in one thread. Don't create
multiple threads. Second, maybe those are false positives for viruses?
That does happen. Try running several of the on line scans.

Online and Downloadable Virus Scanning:

Panda ActiveScan
http://www.pandasoftware.com/activescan/com/activescan_principal.htm

Bit Defender Online Virus Scan:
http://www.bitdefender.com/scan/license.php

Symantec Online Virus and Security Scan:
http://security.symantec.com/ssc/home.asp

TrendMicro:
http://housecall.trendmicro.com/housecall/start_corp.asp

McAfee Online Virus Scan:
http://www.mcafee.com/myapps/mfs/default.asp

RAV AntiVirus - Scan Online
http://www.ravantivirus.com/scan/

F-Secure:
http://support.f-secure.com/enu/home/ols.shtml

Did you run adaware and spybot in safe mode too?

The last thing you can try is run HijackThis and post the log to one of
the specialty forums along with the history of what you have done, _NOT_
this one. They are the experts in removing nasties.

HijackThis
http://www.majorgeeks.com/download.php?det=3155

Forums to Interpret HijackThis Logs:

http://computercops.biz/
http://www.spywareinfo.com/forums/
http://forum.aumha.org/viewforum.php?f=30
http://forums.tomcoyote.org/
http://www.wilderssecurity.com/

Good luck.

Relevant Pages

  • Re: Attn: Rock
    ... > Status: Free memory ... > I did download TM's sysclean and I ran it in safemode ...
    (microsoft.public.windowsxp.general)
  • Re: Please Help
    ... >> even closing my antivirus and it did not help. ... > now have a Windows 2000/98 look which turned off many of the annoying ... > Why you should use a computer firewall.. ... > The system restore feature is a new one - first appearing in Windows ...
    (microsoft.public.windowsxp.perform_maintain)
  • RE: Cannot mount Mailbox Store nor Public Folder Exchange 2000
    ... You were absolutely correct.The antivirus did as you ... However an overzealous server operator cleared out the ... Hence my restore ... >Hello Steve, ...
    (microsoft.public.windows.server.sbs)
  • Re: Lovsan problem
    ... viruses and worms. ... Windows prevents Antivirus programs access the restored files, ... restore in all drives. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Norton Anti Virus
    ... limited subscription for virus updates, ... subscription or purchase a new antivirus program. ... If you decide to stay with Norton AntiVirus you will need to purchase a new ... System Restore did not work because your computer is infected with viruses. ...
    (microsoft.public.windowsxp.newusers)