Re: Task Mgr & Registry locked! AV won't load!

From: Bruce Chambers (bchambers_at_nospamcableone.net)
Date: 06/20/04 

Date: Sun, 20 Jun 2004 13:41:28 -0600

Greetings --

    Delete that bogus Hosts file; it's specifically designed to
preclude your getting to any antivirus web sites.

    The type of behavior you describe is typical behavior of more than
one virus/worm, the three below being the most common:

W32.Klez
http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.e@mm.html

W32.Yaha
http://securityresponse.symantec.com/avcenter/venc/data/w32.yaha.c@mm.html

W32.Spybot.Worm
http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.worm.html

    Because many of the newer viruses and worms, such as the
Spybot mentioned above, can disable antivirus applications whose
definitions aren't kept up-to-date, try using one or more of the free
on-line scanners to double-check your system.

Trend Micro - Free online virus Scan
http://housecall.trendmicro.com/

McAfee Security - FreeScan
http://www.mcafee.com/myapps/mfs/default.asp

Symantec Security Check
http://security.symantec.com/ssc/home.asp

Bruce Chambers 

-- 
Help us help you:
http://dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html
You can have peace. Or you can have freedom. Don't ever count on
having both at once. - RAH
"John Blaustein" <no@spam.com> wrote in message
news:enrc%230vVEHA.1764@TK2MSFTNGP10.phx.gbl...
> In my initial post, I neglected to add that one other symptom of my
problem
> is that my hosts file was overwritten to include the following
entries:
>
> 127.172.85.229 www.symantec.com
> 127.19.30.28 securityresponse.symantec.com
> 127.39.246.118 symantec.com
> 127.190.36.116 www.mcafee.com
> 127.92.240.156 mcafee.com
> 127.254.113.82 us.mcafee.com
> 127.227.121.203 www.sophos.com
> 127.35.187.53 sophos.com
> 127.232.178.174 www.viruslist.com
> 127.187.129.243 viruslist.com
> 127.175.250.143 f-secure.com
> 127.198.201.161 www.f-secure.com
> 127.23.235.39 kaspersky.com
> 127.176.166.155 www.avp.com
> 127.43.0.62 www.kaspersky.com
> 127.125.85.69 avp.com
> 127.28.25.172 www.networkassociates.com
> 127.220.7.164 networkassociates.com
> 127.59.78.143 www.ca.com
> 127.39.187.231 ca.com
> 127.209.216.216 my-etrust.com
> 127.124.180.109 www.my-etrust.com
> 127.224.244.121 secure.nai.com
> 127.110.104.243 nai.com
> 127.53.14.218 www.nai.com
> 127.252.4.233 trendmicro.com
> 127.85.153.104 www.trendmicro.com
> 127.216.213.38 housecall.trendmicro.com
> 127.40.87.79 www.pandasoftware.com
> 127.32.49.107 www.bitdefender.com
> 127.109.7.192 www.ravantivirus.com
> 127.19.193.123 www3.ca.com
>
> John
>
>
> "John Blaustein" <no@spam.com> wrote in message
> news:%23L7OufvVEHA.2408@tk2msftngp13.phx.gbl...
> > Hi...
> >
> > I had a real scare this morning.  I booted my XP Home laptop to
find that
> my
> > AV program -- Grisoft AVG Free Edition -- wasn't loaded.  I then
tried to
> > run AVG and it wouldn't start.  When I tried to run Task
Manager -- 
> > Ctrl+Alt+Del -- it would not run properly.
> >
> > I ran Ad Aware and it found two registry entries (which I didn't
write
> down,
> > sorry) that referred to blocking access to the registry.  Ad Aware
could
> not
> > delete them.
> >
> > I then used System Restore and rolled back to last week.  Now,
everything
> > appears to be working correctly.  An AVG full scan (all files)
shows no
> > viruses, and Ad Aware now reports no suspicious files.
> >
> > What happened?  Can someone help explain what went wrong here?
> >
> > Even though the system now appears to be working correctly, I am
worried
> > that something may still be on the system that caused this
registry
> hacking
> > in the first place.  Any ideas on how to identify and remove such
> programs?
> >
> > I use a SonicWALL hardware firewall, along with AVG Free Edition
with
> latest
> > update.  My security settings in IE are all set to Default
settings?
> Should
> > I change these.
> >
> > Thanks for any help.
> >
> > John
> >
> >
>
>
Quantcast