Virus Problem

ACID

Continuation for the thread
http://forums.moneysavingexpert.com/showthread.html?t=53155

its still there, the virus and it cannto be deleeted

what can be done??

now i have a major prob, if i reisntall windows xp hoem, i have lost my oem key and my cd, even though i bougth a elgti window hoME edition ...
HWO CAN i get it replaced??

secondly if i format my computer, will the virus guaranteed be gone???

please help

im just about used every adaware there is

anmd is there a quick way to save soem of the stuff i need, such as vast amounts of music and photos?

gk172

Why not try running a few online virus scans see what they show - Nortons or PC Pitstop or Trend Online scanner also within spybot you change the options to advanced user and go into settings and click to allow all versions inc beta and then update, i had a problem with stuff that wouldnt go away but once i updated spybot and ran it they never appeared again.

deary65

One of the most asked about questions (other then SP2) is virus's, spyware, adware, malware, and worms/trojans removal, protection/preventions, and basic questions on which is better and what-not. Here is a list of links as well as brief descriptions to to said products. Most are free or offer free, limited versions of thier products and some offer free trials. Most products listed below are totally free, asking only that you donate if you choose to and all currencies listed below are in U.S.Dollars. Some of you have products not listed below. I advise that if you do have a product not on the list and it may be a rogue product so please refer to Rogue Anti-Spyware List for further help on that. Also to the regulars of this site, If there are any more resources that I may have left off, please add them in your response. please note: before using any product, have an understanding of it, if not sure, post ask, we will assist you in anyway we can.

Spyware & MalwareRemoval Utilities
Ad-Aware SE(free, and pro version available for $39.95)-advanced protection from known Data-mining, aggressive advertising, Parasites, Scumware, selected traditional Trojans, Dialers, Malware, Browser hijackers, and tracking components
SpyBot-Search & Destroy(free)-detect and remove spyware of different kinds from your computer, use along side with Ad-Aware for great protection and removal of scumware.Read the Spybot Tutorial for further aid on how to use.
CWShredder 2.0(free)-Originally developed by Merijn Bellekom of the Netherlands, CWShredder™ detects and removes coolwebsearch and its variants, a must have.this newest version, 2.0 was just released: October 2004, please note CoolWWWSearch.SmartKiller (v1 and v2) is a new, real ugly variant of CoolWWWSearch. When running, it will close every browser window you use to visit a large list of anti-spyware-sites, and even will close Spybot-S&D and some other anti-spyware applications as well. So if your copy of Spybot-S&D (or the anti-spyware application of your choice) closes a few seconds after starting, or your browser closes whenever you try to visit an anti-spyware site, try CWShredder Mini Removal (v.1/v.2).
A-squared (free, personal version available for $29.95)-This is a great and highly recommended bit of software for scanning, detecting, and removing Trojans, Worms, and Dialers.
HijackThis 1.98.2(free)- a general homepage hijackers detector and remover, please note that Hijack This is for advanced users. If you are not familiar with running processes on your computer as well as anything ever installed that could tie into your web browser, so ask for help from someone whom is familiar with this program, there is plenty of help here or on the web, or log onto and read the HijackThis tutorial
LSPFix(free)-a utility to repair a specific type of problem associated with certain Internet software. This type of software is known as a Layered Service Provider or LSP, a piece of software that can be inserted into the Windows TCP/IP handler like a link in a chain. However, due to bugs in the LSP software or deletion of the software, this chain can get broken, rendering the user unable to access the Internet.

Spyware Protection Programs
SpywareBlaster 3.2(free)Prevents the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests in Internet Explorer, and Mozilla/Firefox
SpywareGuard 2.2 (free)- provides a real-time protection solution against spyware that is a great addition to SpywareBlaster's protection method.
MVPS Host(free)-A hosts file that will block you from connecting to known malware and adware sites
IE-SPYAD(free)-adds a long list of sites and domains associated with known advertisers, marketers, and crapware pushers to the Restricted sites zone of Internet Explorer.

Free Online/Virus Scanners
(scanners)
HOUSECALL
Panda ActiveScan
Bit Defender
GFI Trojan Scan
(free software)
AVG 6.0 (free, 7.0 pro version around $30-$35)
Avast!(free, professional version available, one year subscribtion is $39.95)
AntiVir(free)
BitDefender Free Edition v7.0(Professional Plus Version 8.0 available for $49.95)
(Trialware)
Symantec (Norton)
McAfee
TrendMicro (PC-cillin)
Panda Software
(stand-alone utilities)
Stinger(free)
Panda's Free 38 Virus Removal Tool

Firewalls
Zone Alarm (free, pro version available for $49.95)
OutPost Free Firewall(pro version available for $39.95)
Kerio(Kerio Personal Firewall 4 is available in two flavors - the full edition and the limited free edition. After installation, KPF works as the full edition for 30 days, after which it becomes the limited free edition.Full version available for $45)
Sygate Personal(free, pro version available for $39.95)

Other Important Removal Tools
KazaaBegone(free)-A Kazaa uninstall which scans and removes all elements of all Kazaa versions, as well as all of the bundled software that comes with it.
Spybot Worm Removal(free)-W32.Spybot.Worm is a detection for a family of worms that spreads using KaZaA file sharing and mIRC. This worm can also spread to computers that are infected with common backdoor Trojan horses
sasser.removal.tool(free)

Other important links
Spywareinfo " the spyware and hijackware removal specialists"
doxdesk spyware and parasites specialist
Audit My PC Free online PC security check
security advisorshow did I get infected in the first place self explanatory
pchell a reputable spyware removal infromative site
Major Geeks a plethora of free and shareware scumware removers

just a few of many great Annoyances.org responses
virus/spyware/ADware removal
lsass.exe

Great Browsers that are safer to use then Internet Explorer
Mozilla/Firefox
Opera

And finally, if push comes to shove
Clean XP Install/Reformat

There is alot of other links that i forgot to mention or just didn't put on the list. Other resonses will aid you to those sites, also, installing the google toolbar to your browser or just plain using the Google Search will also aid you in finding alot of the easier answers on your own if you want.

deary65

download this Everest Home Download,it will cive you the reg. key

ACID

STILL didnt work the online scanners

dont see why i should downlaod more anti virus s/w
as it clearly isnt working!!!!

deary65

Run a hijackthis scan and post it here. I can send you a windows boot disk which can save all your work to cd/dvd. and run boot scans.

T4i

ACID wrote:

im just about used every adaware there is

You are prolly downloading lots of spyware by using just about every adaware there is. Lots of people have tried to help and you are still no further, it must be a damn nasty virus.....

If you format it will get rid of any nasties, but if youve lost both your XP cd and key your pretty much stuffed!

If you post a hijackthis log we might be able to help further, otherwise we will be guessing forever more.

ACID

Logfile of HijackThis v1.99.1
Scan saved at 11:28:26, on 24/05/05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AOL 8.0\waol.exe
C:\Program Files\AOL 8.0\shellmon.exe
C:\DOCUME~1\RSGILL~1\LOCALS~1\Temp\Rar$EX02.625\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Desktop Wenger] C:\Program Files\Desktop Wenger\skinkers.exe
O8 - Extra context menu item: &Check Spelling - res://C:\Program Files\ieSpell\ieSpell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\ieSpell.dll/SPELLOPTION.HTM
O9 - Extra button: ieSpell - !!0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\ieSpell.dll
O9 - Extra 'Tools' menuitem: ieSpell - !!0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\ieSpell.dll
O9 - Extra button: (no name) - !!1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\ieSpell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - !!1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\ieSpell.dll
O9 - Extra button: Messenger - !!4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - !!4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: !!0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: !!31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: !!644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\!!45A79CDA-DF1D-4563-B277-B8742496AE3D}: NameServer = 152.163.0.26 205.188.64.153
O17 - HKLM\System\CCS\Services\Tcpip\..\!!9D1FDEF6-26C5-4851-A50D-F01B47C1CB8D}: NameServer = 205.188.146.145
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

WELL NUMBERS

4 , 16 ,17
might alert you, but this just load up and nothign major as these i installed recently but either way i checked all these and clicked on the option 'fix checked'

ACID

well after this , i beleleve the virsu to be gone....

despite not actually doign much in the last few days. is that possible???

T4i

Your log looks ok to me.

Are you farmiliar with the following IP address?

152.163.0.26
205.188.64.153
205.188.146.145

What makes you think you still have a virus?

ACID

T4i wrote:

Your log looks ok to me.

Are you farmiliar with the following IP address?

152.163.0.26
205.188.64.153
205.188.146.145

What makes you think you still have a virus?

well i got rid of the named probs inc. i.p addresses

and now it apears ok, i thought the voru was still there as svchost which ws infected
was appearing on msconfig
but not it is not
so should be ok now