Re: Virus replacing core executables?
anonymous_at_discussions.microsoft.com
Date: 06/26/04
- Next message: Ron: "RE: task manager"
- Previous message: Tyrone: "Administrator password problem"
- In reply to: Carey Frisch [MVP]: "Re: Virus replacing core executables?"
- Next in thread: Sheila: "Re: Virus replacing core executables?"
- Reply: Sheila: "Re: Virus replacing core executables?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 26 Jun 2004 10:52:53 -0700
Thanks for the link. Actually, I have SBCGlobal.net's
firewall enabled and their virus checker, along with XPs
firewall. The virus checker warned of a Trojan but did
nothing (or was zapped by the virus before it could).
Then it set up it's own id on my computer, proceeded
redeclare everything, and enable/disable things (including
the firewall) as it so chose.
Anyway, thanks again for the link.
>-----Original Message-----
>Many viruses are expressly designed to alter or corrupt
>operating system files. That's why it is prudent to use
>a good antivirus program.
>
>How to Perform a Windows XP Repair Install
>http://www.michaelstevenstech.com/XPrepairinstall.htm
>
>[Courtesy of MS-MVP Michael Stevens]
>
>
>If a repair install does not work, then you'll need
>to perform a "clean install".
>
>Clean Install Windows XP
>http://www.michaelstevenstech.com/cleanxpinstall.html
>
>[Courtesy of MS-MVP Michael Stevens]
>
>--
>Carey Frisch
>Microsoft MVP
>Windows XP - Shell/User
>
>Be Smart! Protect your PC!
>http://www.microsoft.com/security/protect/
>
>----------------------------------------------------------
---------------------------
>
>"Donnie" <anonymous@discussions.microsoft.com> wrote in
message:
> news:21c8e01c45b96$8c7052d0$a101280a@phx.gbl...
>
>|I believe I have gotten a virus or spyware or something
>| that has replaced many if not all of the system files.
I
>| first noticed something wrong when a network icon
appeared
>| in the system tray (mine had always been hidden). I
went
>| to the control panel and found a new network connection
>| created and enabled, and the firewall turned off the
other
>| network settings. After deleting several files and
>| killing several processes that kept restarting, I was
>| unable to log on at all and ended up in Safe mode,
where I
>| discovered a newly created Administrator account. I
never
>| created one name Administrator, and if it is a default
in
>| XP, it never prompted me to log on before. So I was
able
>| to clean things up and seem normal... but every now and
>| again something would come back, despite that I was
>| leaving it off the network. Logn story short, in the
>| setupapi.log I see hundreds of EXEs and DLLs being
updated
>| on reboot, and if I am interpretting correctly, it
updated
>| the installation area first, then initiated a
reinstall.
>| It's copying everything from the \windows\i386 folder,
but
>| is also generating an error that an unsaigned or
>| incorrectly signed file is being copied, and that it's
>| going to install it anyway because Policy=Ignore.
There
>| are several other registry, inf, and ini entries I've
>| found that suggest it's done this... has anyone else
ever
>| seen this? Or am I (hopefully) misunderstanding what
I'm
>| seeing and it's really the Microsoft auto updates?
(all
>| of my exes now start running out of control using up
>| memory, so I really think they have been replace).
>|
>| Is there any place to check the copy of your Windows
files
>| against what a real install should have?
>.
>
- Next message: Ron: "RE: task manager"
- Previous message: Tyrone: "Administrator password problem"
- In reply to: Carey Frisch [MVP]: "Re: Virus replacing core executables?"
- Next in thread: Sheila: "Re: Virus replacing core executables?"
- Reply: Sheila: "Re: Virus replacing core executables?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
