Strange Virus problem on Windows XP

From: VJ (vjkumarr_at_gmail.com)
Date: 07/20/04

  • Next message: Derek: "Re: DSO exploite" 
    Date: 20 Jul 2004 01:37:26 -0700

    Folks,

    I have a very strange virus on my windows XP system.

    Firstly the default home page of IE has been automatically changed to
    "res://lbndq.dll/index.html" and there are some services and
    processes which stet automatically when the system comes up.
    There is also a sub process always attached to iexplorer.exe process
    when the Internet explorer is started up.

    And there are host of files in \windows and also in \windows\system32
    directory which keep changing their names when they are deleted (i.e
    the name of the file .dat, .exe, and .dll keeps changing when they are
    deleted)

    I have used process explorer, file monitor, reg mon and also startup
    monitor from sysinternals.com to verify the various process that are
    started on my system and then take appropriate action in killing the
    process and then deleting the file from System32 and windows directory
    and also cleaning the registry entries. But, within a few minutes
    after the files are deleted a new set of files with different names
    are created and also the registry entries are re-created, now these
    files start a new peocess.

    I went through some of the posting and thought that this was a coolwww
    spyware and followed the instruction posted to find the super hidden
    dll which might be causing the files to be recreate along with
    registry entries. But the xfind tool did not give any positive result.

    I am totally clueless at this point and am looking forward for any
    help in removing this nast stuff from my System also let me know if
    any particular information is required.

    Regards,
    -VJ

    PS: I have got the hosts file from MVPS web site to block unwanted pop
    ups, every time I place the file in "C:\WINDOWS\SYSTEM32\DRIVERS\ETC"
    folder, the file is deleted within a few minutes and I have no clue
    who is deleting the hosts file. Any Help / suggestion ??

  • Next message: Derek: "Re: DSO exploite"

    Relevant Pages

    • Re: WindowsUpdate_80244019 Help
      ... Windows uses the HOSTS file to map IP addys. ... The HOSTS.sam file has been overwritten with a backup of the HOSTS file on my system so I can't see if that entry is unusual or atypical, but it should have no bearing as to any of the MS update servers. ... Scroll down to Win HTTP Web Proxy Auto-Discovery Service ...
      (microsoft.public.windowsupdate)
    • Re: Hacked???
      ... > appeared that said "If you see this page, your hosts file ... > What folloed was a list pf steps that tell me how to edit ... > all patches for your computer from the Windows Update ... > Are the instructions legitimate or will I make matters ...
      (microsoft.public.security.virus)
    • Installing some antique programs
      ... I have been able to use Windows 2000 as long as I have only because the 2000 Forum is outstanding -- not only in the knowledge encountered there, but in the willingness of folks far more computer literate than I to devote time to assisting others with problems. ... "Daniel Jameson" wrote in message ... For most programs you only have to do this once, because the program only needs to create the registry entries the one time; from then on it needs only read access to the registry. ... >I have a program, Harvard Graphics for Windows, developed by Software ...
      (microsoft.public.windows.vista.general)
    • Re: New comp. Got infected before SP2 installed.
      ... There are worms/viruses that edit the Windows XP Hosts file, ... impossible to connect to web sites for various antivirus program makers and antivirus ... I had waited to connect to the internet until ...
      (microsoft.public.windowsxp.general)
    • Re: cant sign into hotmail from IE,
      ... Did you uninstall the Messenger? ... Also..try updating your script engine: Windows Script 5.6 for Windows 2000 ... Check your HOSTS file for anything that might be blocked. ...
      (microsoft.public.windows.inetexplorer.ie6.browser)
    • Quantcast