Re: Virus replacing core executables?

From: Sheila (anonymous_at_discussions.microsoft.com)
Date: 06/26/04 

Date: Sat, 26 Jun 2004 14:37:07 -0700

I have had the same problem for the past 4 months. I
have done everything to rid myself of this virus but it's
in the MBR and it WON'T go away! I've flashed my bios -
even a new HD - I do NOT know where it's hiding if it's
not in the HD but it's NASTY! My virus checkers also did
not catch it - it counteracts everything I do (i've also
done what you did in the registry). Can you check in
your system information under system tools and tell me if
it has changed your version to "5.1.2600 Service Pack 1
Build 2600" ? I have been trying to rid myself of this
for months and i've had NO LUCK!!
Thanks!
Sheila

>-----Original Message-----
>Thanks for the link. Actually, I have SBCGlobal.net's
>firewall enabled and their virus checker, along with XPs
>firewall. The virus checker warned of a Trojan but did
>nothing (or was zapped by the virus before it could).
>Then it set up it's own id on my computer, proceeded
>redeclare everything, and enable/disable things
(including
>the firewall) as it so chose.
>
>Anyway, thanks again for the link.
>
>>-----Original Message-----
>>Many viruses are expressly designed to alter or corrupt
>>operating system files. That's why it is prudent to use
>>a good antivirus program.
>>
>>How to Perform a Windows XP Repair Install
>>http://www.michaelstevenstech.com/XPrepairinstall.htm
>>
>>[Courtesy of MS-MVP Michael Stevens]
>>
>>
>>If a repair install does not work, then you'll need
>>to perform a "clean install".
>>
>>Clean Install Windows XP
>>http://www.michaelstevenstech.com/cleanxpinstall.html
>>
>>[Courtesy of MS-MVP Michael Stevens]
>>
>>--
>>Carey Frisch
>>Microsoft MVP
>>Windows XP - Shell/User
>>
>>Be Smart! Protect your PC!
>>http://www.microsoft.com/security/protect/
>>
>>-------------------------------------------------------- 

--
>---------------------------
>>
>>"Donnie" <anonymous@discussions.microsoft.com> wrote in 
>message:
>> news:21c8e01c45b96$8c7052d0$a101280a@phx.gbl...
>>
>>|I believe I have gotten a virus or spyware or 
something 
>>| that has replaced many if not all of the system 
files.  
>I 
>>| first noticed something wrong when a network icon 
>appeared 
>>| in the system tray (mine had always been hidden).  I 
>went 
>>| to the control panel and found a new network 
connection 
>>| created and enabled, and the firewall turned off the 
>other 
>>| network settings.  After deleting several files and 
>>| killing several processes that kept restarting, I was 
>>| unable to log on at all and ended up in Safe mode, 
>where I 
>>| discovered a newly created Administrator account. I 
>never 
>>| created one name Administrator, and if it is a 
default 
>in 
>>| XP, it never prompted me to log on before.  So I was 
>able 
>>| to clean things up and seem normal... but every now 
and 
>>| again something would come back, despite that I was 
>>| leaving it off the network.  Logn story short, in the 
>>| setupapi.log I see hundreds of EXEs and DLLs being 
>updated 
>>| on reboot, and if I am interpretting correctly, it 
>updated 
>>| the installation area first, then initiated a 
>reinstall.   
>>| It's copying everything from the \windows\i386 
folder, 
>but 
>>| is also generating an error that an unsaigned or 
>>| incorrectly signed file is being copied, and that 
it's 
>>| going to install it anyway because Policy=Ignore.  
>There 
>>| are several other registry, inf, and ini entries I've 
>>| found that suggest it's done this... has anyone else 
>ever 
>>| seen this?  Or am I (hopefully) misunderstanding what 
>I'm 
>>| seeing and it's really the Microsoft auto updates?  
>(all 
>>| of my exes now start running out of control using up 
>>| memory, so I really think they have been replace).
>>| 
>>| Is there any place to check the copy of your Windows 
>files 
>>| against what a real install should have?
>>.
>>
>.
>

Relevant Pages

  • Re: Lost access to home network
    ... virus scans on the CDs ... then beginning again with a fresh install. ... I have 3 computers on a network. ... Then post the logs to an appropriate forum where they specialize in ...
    (microsoft.public.windowsxp.general)
  • Re: XPE Security - virus and hacker attacs
    ... a firewall, close most network ports as much as possible, ... Any system could be broken (intentionally, or with a virus). ... > alone" and help from several of the more nasty network borne viruses... ...
    (microsoft.public.windowsxp.embedded)
  • Re: Unable to reinstall windows XP home after virus
    ... We have been>> unable to identify the virus. ... >>snip> reformatting the HD should remove everything. ... > It's very difficult these days to install XP and get the updates without> being attacked in the process unless you have a hardware or good software> firewall in the loop. ... As long as AV software is installed and firewall is installed and running I have never gotten a virus upon connecting to the internet. ...
    (microsoft.public.windowsxp.general)
  • Re: Win XP RPC Service Failure Reboot Rant Help - the story of a ruined weekend!
    ... "Virus Alert About the Blaster Worm and Its Variants" ... | of Windows ME to XP Home Edition and install Symantec Internet Security ... | mucked up Zone Alarm so uninstall it and switch on the XP firewall. ...
    (microsoft.public.windowsxp.general)
  • Re: NEED HELP...please
    ... Make sure your virus definition files are up-to-date. ... Viruses aren't the only thing that can leave your computer dead in the ... Download and install Lavasoft's "AdAware" program - the free one. ... If your XP "Internet Connection Firewall" isn't ...
    (microsoft.public.windowsxp.newusers)