Re: challenging malware-need help
From: Karl Levinson, mvp (levinson_k_at_despammed.com)
Date: Mon, 22 Nov 2004 08:33:36 -0500
Sounds like a virus to me. Did you try running stinger? You might need to
boot to a www.bitdefender.com linux defender CD to scan the computer, or
hook up another computer via a network card to scan the hard drive across
windows networking, or slave the hard drive into a known virus-free PC and
scan it from there. You could also try downloading and running rkdetect
from www.google.com and Silent Runners from www.silentrunners.org
"Azy" <email@example.com> wrote in message
> Hi, Im on a big mission; I have been trying to clean up another pc.
> Heres info: Win XP>outdated NAV 2003>sp1>little or ZERO windows updates
> Heres what I finally installed today(& beleive me it has taken weeks to
> this far;I'll explain below)& I live out of town where this pc is.
> -Updated to ad-aware SE 105,spy blaster,spybot S&D, Hijack this, CW
> I tried to install these others as well but could NOT
> -Zonealarm,AVG 7,I could not even do a pestpatrol scan,bitdefender scan. I
> would launch IE and many times, the cannot find server thing came on.
> came on many times,a box that says on the upper top:
> "wuactld.exe 16 bit MS-DOS subsystem"
> then inside the box it says: c:\explor.exe CS:0de5IP:018a OPze (then
> numbers here)
> Also said " The ntvdm CPU has encountered an illegal intrusion and has to
> close. CLose or ignore buttons were shown. I was unable to continue
> installing AVG or ZA due to this.Let me note that the downloading time for
> both these were 2 hours or so on dialup. Then 45 minutes,or less, into the
> installation, that 'wuactld' would dissrupt everything and I was back to
> I did numerous scans in reg mode,safe mode,turned off system
> files showing, etc. Stuff that I cleaned up were:purity scan,clickspring,
> welchia (using ad-aware), and more. I was unable to do any virus scanning.
> I beleive the firewall and AV are extremely important to have. I use ZA on
> my pc. Is there a way to copy this program to a cd-rom so that I can
> it on the infected cd offline???As bazaar of a question that could be, its
> the only thing I could think of to do next before continuing with the
> cleaning given the problems I am having. I am not a pc expert and only
> 2 years of pc/internet use. But I have learned many things from these
> newsgroups and you all. Can you advise me on options I have. I will keep
> trying the above as well as install other programs like trend micro
> sysclean,stinger, etc and eventually also do sp2.
> Thanks so much. Note that I did not post a log to forums in HJT yet.