Re: TFTP

From: Teri (Teri_at_discussions.microsoft.com)
Date: 11/07/05 

Date: Mon, 7 Nov 2005 08:20:04 -0800

Ok Dave, this is my last question then I either shoot it or erase it and
start over. Why when I try to go into Event Viewer under application, system
or security it just says Unable to complete the operation " application"
interface not known?

"David H. Lipman" wrote:

> From: "Teri" <Teri@discussions.microsoft.com>
>
> | When I first detected a virus I had alot of files that were marked as private
> | or hidden I guess. Thats how they showed up in the attributes and everytime
> | I ran anykind of scan it couldn't read them it just said access denied. I
> | tried to go back and make them all not private. I probably messed something
> | up. I was wrong about my system being clean, check out my running processes
> | right now. Trend reported that they had deteted and fixed a W32/Codbot-AC!
> | located in the WUAPI. Exe file. Does that mean that they deleted the
> | WUAPI.exe file? It is still here running along with MediaGateway that I have
> | never seen . I also found 2 registry files in my documents that were names
> | wuapiii.
> | I appreciate your time Mr. Lipman, I am trying to avoid erasing my
> | harddrive. If I kill the process it doesn't go away. I ran all the scans
> | again and none of them detected it or the MediaGateway.
> | RUNNING PROCESSES
> | csrss.exe 404 C:\WINDOWS\system32\csrss.exe Client Server Runtime Process
> | 5.1.2600.0. © Microsoft Corporation. All rights reserved.
> | Explorer.EXE 1228 C:\WINDOWS\Explorer.EXE Windows Explorer 6.00.2800.1106.
> | © Microsoft Corporation. All rights reserved.
> | iexplore.exe 1556 C:\Program Files\Internet Explorer\iexplore.exe Internet
> | Explorer 6.00.2800.1106. © Microsoft Corporation. All rights reserved.
> | lsass.exe 484 C:\WINDOWS\system32\lsass.exe LSA Shell (Export Version)
> | 5.1.2600.1106. © Microsoft Corporation. All rights reserved.
> | MediaGateway.exe 1392 C:\Program Files\Media Gateway\MediaGateway.exe Media
> | Gateway 2, 0, 0, 0. Copyright 2005
> | PrcView.exe 1528 C:\Documents and Settings\Terri\My
> | Documents\Unzipped\PrcView\PrcView.exe Process Viewer Application 3.7.3.1.
> | Developed by Igor Nys, 1995-2003
> | services.exe 472 C:\WINDOWS\system32\services.exe Services and Controller
> | app 5.1.2600.0. © Microsoft Corporation. All rights reserved.
> | smss.exe 340 C:\WINDOWS\System32\smss.exe Windows NT Session Manager
> | 5.1.2600.1106. © Microsoft Corporation. All rights reserved.
> | svchost.exe 660 C:\WINDOWS\system32\svchost.exe Generic Host Process for
> | Win32 Services 5.1.2600.0. © Microsoft Corporation. All rights reserved.
> | svchost.exe 732 C:\WINDOWS\System32\svchost.exe Generic Host Process for
> | Win32 Services 5.1.2600.0. © Microsoft Corporation. All rights reserved.
> | svchost.exe 800 C:\WINDOWS\System32\svchost.exe Generic Host Process for
> | Win32 Services 5.1.2600.0. © Microsoft Corporation. All rights reserved.
> | winlogon.exe 428 C:\WINDOWS\system32\winlogon.exe Windows NT Logon
> | Application 5.1.2600.1106. © Microsoft Corporation. All rights reserved.
> | wmiapsrv.exe 1916 C:\WINDOWS\System32\wbem\wmiapsrv.exe WMI Performance
> | Adapter Service 5.1.2600.0. © Microsoft Corporation. All rights reserved.
> | wuapi.exe 1536 C:\WINDOWS\System32\wuapi.exe wuapi.exe
> | YPager.exe 1764 C:\Program Files\Yahoo!\Messenger\YPager.exe YPager.exe
>
>
> First off, its Dave. Please don't be so formal ;-)
>
> Some files are open by the OS and thus their respecitive File Handles are held open atnd
> thos files can not be scanned. In addition, they also can be infected either. So it isn't
> a file attribute problem and those error messages are normal and are not to be worried
> about.
>
> It looks like you have cleaned your PC of infectors. All those running processes look to be
> both legitimate and correct.
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
>

Quantcast