Re: Virus wont let me run certain programs

You have given pathetically little information to go on. You should
learn how to help others to help you. OS, version and SP level?
How long has it been infected?
Did a name or anything meaningful ever pop up on the screen as most
viruses will do?
Any error messages? Quote them.
What AV have you run?
What malware detectors have you run?
A list of the programs that WON'T run?
Some that DO run?
Router? Is it NAT?
Is it running a firewall? Which one? Is it set to high, mid, low, or
what?
Is the machine used for gaming? What IS it used for?
Any idea how/when it got infected? When did the problem first start to
show up? Was it all at once and sudden or slowly developing in its
maliciousness.
Etc. etc. etc. .
Clarvoyance and ESP aren't as rampant as they used to be and since no
one can sit in front of you machine, you have to try, at least a little,
to help people help you!

You should read, in its entirety, the following article:
How to Post a newsgroup question effectively:
http://support.microsoft.com/kb/q555375

While the advice at the end of this post sounds reasonable, have you run
or tried to run:
-- Run AV ware?
-- Run at least 3 different anti-spyware programs? People here wil be
happy to provide you with a list of good ones if you don't already have
them.
-- Checked at Symantec-Norton for a description of the virus?
-- Checked for same at McAfee and any other viral site you prefer?
You should already have done those last two (actually, all of the
above) since you obviously have a name. What does the AVG site say
about it? Is there a manual removal procedure? I'm betting there will
be at AVG or one of the virus-detecting companies, especially Norton.

Inline please:

"C.Joseph Drayton" <c.joseph@xxxxxxxxxxxxxxxx> wrote in message
news:h7p4dk$jpi$1@xxxxxxxxxxxxxxxxxxxxxxxxxx
On 9/2/2009 9:28 PM, trant wrote:
A friend brought me his computer which has Windows XP Pro SP3 on it.
He complained about a virus and not being able to access the
Internet (IE gets hijacked).

If it gets hijacked, then what web site does it go to? Jeez, that's a
hint and a half to tell us! If you mean IE doesn't work, that's not
hijacking. WHAT do you mean by that? Be specific.


While trying to fix it I am noticing something on this machine is
preventing me from running certain programs (exe files). For example
I couldn't run HijackThis. I would double click it's icon and the
hourglass would appear for a brief few seconds then go away and the
program never launches. Looking in Task Manager or Process Explorer
I see the process gets started, then DPC kicks in or crss.exe and
the process I ran goes away. It's as if the virus has some kind of

HiJack This, if you'll RTFM, should be a last resort after you have done
all that it recommends, most of which is noted above. Have you even
read it?

If you can't get to some web sites, try using the site's IP number
instead of the text name. If you don't know how or can't access a site
to get the IPs, ask here; several here could give you the IPs you need;
it's an easy lookup.

It may not be a virus also; it may be plain old malware which
anti-malware detectors can find. Anti-virus, regardless of its claims,
is ONLY good at finding viruses. There is a LOT of other malware out
there running around.

interrupt which allows it to filter any process and kill it if it
determines it to be something potential detrimental to it's
survival.

Not unusual. An old trick to frustrate newbies and the inexperienced.


Any idea how this virus could do this so that I can remove this
capability?

Yes, but it'd take nearly a book to explain it so it would be useful for
any kind of trouble-shooting purposes. First make use of the tools that
are available. Malware can be pretty complex and run around Hogan's
Barn several times in accomplishing what it does. It's seldom of any
value to know HOW it does it unless you're in the business of detecting
it. And it's not an easy task.


Needless to say nearly all my antivirus programs are being blocked.

Well, since that's a friend's computer, how about using your OWN
computer to look up what you need?
Or,
Then use the IPs. Which AV programs do you need an IP for? I'll look
them up and provide them to you. Then, instead of putting somesite.com\
for an address, you use the IP number xxx.xxx.xxx.xxx.

AVG for instance is IP 64.74.243.20 It works, I tried it.
Norton/Symantec is IP 64.208.248.193 and it works, too.
McAfee is IP 216.49.88.12
In fact, if you just find a working computer if that one won't do it,

And if you use Google to search for win32.crypto you get about 1,920,000
hits, and the first page is full of information about it.

So you don't really need help: Just Google has all the information you
need to understand and remove it and take care of any leftover nuances.

It allows AVG to run possible because AVG was already installed but

So why not use your own working computer? Why do you feel you have to
use the problem PC to do research on the problem?

AVG is unable to detect it or remove it. I know it finds something
called Win32.Crypto but it is unable to remove it (it keeps coming
up again and again)

What does AVG say about that? Have you even asked them? I'll bet they
have the answer you're looking for. Very often some part of a virus
cannot be removed because to do so would render the machine incapable of
booting or otherwise trashed. That's when you go looking for the manual
procedures, usually starting with the mfr of you AV ware.

The assistance you need is all around you; just look at it and use it.

HTH,

Twayne`




Before you do anything drastic like wipe the system, I would use
Hiren's v9.9 boot disk to load Mini-WindowsXP. From a connected USB
drive, I would run ClamWin and Spybot Search & Destroy.

Once that has been done, I would use a Linux LiveCD to copy clean
versions of the files mentioned by 'Duke' in another article here.

Then from safe mode, turn off 'System Restore', then run regedit to
remove the keys mentioned by 'Duke'.

If that doesn't work then you might actually have to reinitialize the
system.

Sincerely,
C.Joseph Drayton, Ph.D. AS&T

CSD Computer Services

Web site: http://csdcs.site90.net/
E-mail: c.joseph@xxxxxxxxxxxxxxxx



.

Relevant Pages

  • Re: "running virus scan" slowing down Word
    ... Word MVP web site http://word.mvps.org ... I have been using AVG since I bought the computer over 3 ... I see the words "running virus scan" on the lower left of the ...
    (microsoft.public.word.newusers)
  • Re: "running virus scan" slowing down Word
    ... The virus scan message comes not from Word but from the linked AVG ... Word MVP web site http://word.mvps.org ... relatively fast and it should not take this long to open a short Word ...
    (microsoft.public.word.newusers)
  • Re: Word 2003 Global template and "Running Virus Scan
    ... I will do some research on the Symantec web site. ... file in the global templates window. ... in the global templates window and the "Running Virus Scan" that is ... not related to Anti Virus program. ...
    (microsoft.public.word.docmanagement)
  • Email from Microsoft ?
    ... My virus scanner detected your attached files as ... I have visited the link on your web site and the file name ... - A vulnerability that could allow an unauthorized user to ... For more information about these issues, read Microsoft ...
    (microsoft.public.security)
  • Re: Have virus I cant get rid of and I need HELP!
    ... The first web site did find some remnants of what I had ... removed it still did not fix the problem. ... >> I have recently got a JS.exception.exploit virus that I ... >> registry settings for my browser are fine so I can not ...
    (microsoft.public.windowsxp.security_admin)
Quantcast