Advice needed on possible virus please

Happy_Bunny_6

My computer has been running a bit slow and not quite right for a couple days,
I started Spybot yesterday and a message popped up and said something had changed, and as Spybot couldn't change itself, then something else had,

Ran adaware and usual couple things turned up on there.

Ran Virus scan although it does run everyday, (AVG FREE)
and that said
No threats found but had all these in the box

No idea what to do now, please can you help

File- kernal32dil

user32dil

shell32dil

intoskml.exe

hosts

The Result/Infection all say Change

Path all start with c;/windows system32

Marcuk

hey,

To be honest the best way to sort out a slow running computer like this which the issues issnt obivous what is causing, i would reccomment a full system recovery - this will delet everything on your machine and start again from fresh (ie like a brand new computer) but there is two negtive issue people dont really like about doing this is internet connection will have to be resetup (unless it is wireless then all you need to do is press connect) and the other is you will lose every thing on the machine, which can be easiy backed up on to a memory stick, cd/dvd's and better option external Hard drive. and if running to slow to back up data you can do this in something called safe mode which should allow you to back up data and also should run a lot quicker hopefully - to get there as your computre is loading up (before it mentions windows xp) tap the f5 key on keyboard. this will give u and advanced option and select safe mode off that list with keyboard and press Enter and then press enter again on next screen and let load up, when gets to sign in screen click administrator account - then when asks you a question answer yes. then back up your data.

after all data is nice and safe you can then reinstal windows. this is slighty different on the make of you machine so may be good to check any user guides for "recovery" but make sure if you do this and run a recovery u select the full recovery option. this may also be called destructive, system recovery quick format or complete recovery - you will either get here by taping key on keyboard normally f11 or f10 or inserting cd's depending on your computer.

this should resolve the issue - if not it will more then lickly be a hardware fauly where a new compant will be needed but this is unlikcly for this issue

hope this helped - good luck. please forgive my spelling and typing not strong point and shooting out not time to proof read.

p.s if you look there will be other ways around fixing this issue without runng a recovery. but i personaly like them as just gets computer to run like brand new again.

Happy_Bunny_6

My computer is a home built one (not me) and it has 2 hard drives in it,
if I do this, will it clean both hard drives automatically

albertross_2

Did you spell all of those correctly?

kernal32dil

user32dil

shell32dil

intoskml.exe

what is the content of c:\windows\system32\drivers\etc\hosts

Happy_Bunny_6

albertross wrote: »

Did you spell all of those correctly?

kernal32dil

user32dil

shell32dil

intoskml.exe

what is the content of c:\windows\system32\drivers\etc\hosts

The last one is wrong it should be notosksnlexe
That one says drivers/hosts after windows\system

The others have the same after windows
eg c\windows\systemkernal32dil

Thats all the info it gives.
I tried to copy it directly but I couldn't

albertross_2

c:\windows\system\kernel32.dll or

c\windows\systemkernal32dil

ntoskrnl.exe or notosksnlexe

The first ones are legit, the second ones aren't, so the correct spelling is important.

Happy_Bunny_6

I've just done another scan
It's a bit difficult to read, so sorry, wasn't quite right first time I don't think!

c\windows\system32\kernal32dll

c\windows\system32\user32dll

c\windows\system32\shell32dll

The last one is ntosknlexe and then c\windows\system32\drivers\etc\hosts

Happy_Bunny_6

Under the column Result/Infection
They all say "Changed"

albertross_2

I doubt it is anything, kernal or kernel?, but you could do a diff antispyware scan to check

http://free.grisoft.com/doc/download-free-anti-spyware/us/frt/0

also post the contents of the hosts file

have you just installed sp2 or patched windows? It says changed, not infected?

Happy_Bunny_6

Thanks
I just downloaded AVG anti spyware
That found something called
Not a virus,badjoke win32
and not a virus remote admin

It said risk is low, but said they could be a threat to passwords, and I have had spot of bother logging into sites.
I quarantined them and I'm running scan again, but if it doesn't show this time, does that mean that they won't give me any more problems

Alfonso_Skinarelli

AVG is forever throwing up alerts about those files changing. It's nearly always the result of updates from Microsoft being recently installed.

A format and reinstallation of Windows certainly isn't what the doctor ordered.