Re: challenging malware-need help

From: Karl Levinson, mvp (
Date: 11/22/04

Date: Mon, 22 Nov 2004 08:33:36 -0500

Sounds like a virus to me. Did you try running stinger? You might need to
boot to a linux defender CD to scan the computer, or
hook up another computer via a network card to scan the hard drive across
windows networking, or slave the hard drive into a known virus-free PC and
scan it from there. You could also try downloading and running rkdetect
from and Silent Runners from

"Azy" <> wrote in message
> Hi, Im on a big mission; I have been trying to clean up another pc.
> Heres info: Win XP>outdated NAV 2003>sp1>little or ZERO windows updates
> ever.
> Heres what I finally installed today(& beleive me it has taken weeks to
> this far;I'll explain below)& I live out of town where this pc is.
> -Updated to ad-aware SE 105,spy blaster,spybot S&D, Hijack this, CW
> SHredder.
> I tried to install these others as well but could NOT
> -Zonealarm,AVG 7,I could not even do a pestpatrol scan,bitdefender scan. I
> would launch IE and many times, the cannot find server thing came on.
> came on many times,a box that says on the upper top:
> "wuactld.exe 16 bit MS-DOS subsystem"
> then inside the box it says: c:\explor.exe CS:0de5IP:018a OPze (then
> numbers here)
> Also said " The ntvdm CPU has encountered an illegal intrusion and has to
> close. CLose or ignore buttons were shown. I was unable to continue
> installing AVG or ZA due to this.Let me note that the downloading time for
> both these were 2 hours or so on dialup. Then 45 minutes,or less, into the
> installation, that 'wuactld' would dissrupt everything and I was back to
> beginning.
> I did numerous scans in reg mode,safe mode,turned off system
> files showing, etc. Stuff that I cleaned up were:purity scan,clickspring,
> welchia (using ad-aware), and more. I was unable to do any virus scanning.
> I beleive the firewall and AV are extremely important to have. I use ZA on
> my pc. Is there a way to copy this program to a cd-rom so that I can
> it on the infected cd offline???As bazaar of a question that could be, its
> the only thing I could think of to do next before continuing with the
> cleaning given the problems I am having. I am not a pc expert and only
> 2 years of pc/internet use. But I have learned many things from these
> newsgroups and you all. Can you advise me on options I have. I will keep
> trying the above as well as install other programs like trend micro
> sysclean,stinger, etc and eventually also do sp2.
> Thanks so much. Note that I did not post a log to forums in HJT yet.

Relevant Pages

  • Re: Win XP RPC Service Failure Reboot Rant Help - the story of a ruined weekend!
    ... "Virus Alert About the Blaster Worm and Its Variants" ... | of Windows ME to XP Home Edition and install Symantec Internet Security ... | mucked up Zone Alarm so uninstall it and switch on the XP firewall. ...
  • Re: Fixing broken XP install on XPS machine
    ... friend who's an IT tech" messed with it after an apparent virus attack. ... system boots, the pre-desktop screen displays a text message saying that ... We decided to first try a conservative strategy, doing a repair install ...
  • Answers to frequently asked questions - 17SEP03
    ... I have this mystery re trying to install Norton ... Internet Security 2003 on my XP Pro. ... > specific virus, please tell us what it's name is! ... > date with antivirus software and more importantly ...
  • Re: Virus alert about the Win32/Conficker.B worm
    ... It started with my McAfee virus software being disabled ... point that even starting up windows xp would take over 5 minutes to ... same - I cannot install any software that is intended for finding ... The program can access FAT32 or NTFS partitions, ...
  • Re: Where is the MS Office Pro Shortcut Toolbar
    ... there is no shortcut bar. ... > the (insert latest virus name here) virus, all mail sent to my personal ... > | I do not see Do Not Install. ... > | under Office Tools. ...