PLEASE assist with possible virus/Registry key modification

Compaq Intel Pentium III
MS Windows Me 4.90.2000
511 MB RAM
System Resources 57% free

Norton Internet Security 2005
AdAware SEPlus

have added since problems began:
HiJack This
Spybot Search & Destory
SpywareGuard

Much to my chagrin, only became aware of NAV's inability to play nice w/WinME following a recent update.
That said, AdAware detects a ''Critical'' Vulnerability described as a possible virus that despite removal, returns everytime I start my computer (Norton never detects):
HKEY_CLASSES_ROOT:exefile/shell/open/command''''c:\windows\system\iexplored.exe ''%'' %*

therefore, I begin each day with the following:

AdAware - ck for updates
AdAware - system scan, removal of stated vulnerability (and a host of other tracking cookies/items)
NAV - live update
NAV - system scan
Windows Update

Upon installation, Spybot initially cleared several items but has come up clean every scan since. Posted a thread with a HijackThis log on the Tom Coyote forums 2 wks. ago, have had no response. And several free scans have returned what looked like some pretty serious stuff, but was it just ''scare-ware''? (pay for removal)

On occasion the system will run pretty smoothly, the following are the most significant problems encountered:

-windows will freeze, interestingly enough, with a pattern... 1st freeze lasts ~ 30 seconds, momentarily releases and immediately freezes again for up to 1 min. OR permanantly and must reboot
-unable to ''minimize'' windows from systray
-receive an ''Runtime 91'' error when closing system down, which appears once desktop has cleared itself
-Windows Update consistently returns a Critial Update for Outlook Express (which I don't even use) despite daily downloads noted as ''Successful'' in my ''Installation History'' as well as removal via the Personalization Settings

Time wise, have lost ability to use System Restore as I thought I had beat the problem, only to have it return.

I feel as if I know only enough to be dangerous (lol) therefore treading carefully - any assistance and/or redirection to a more appropriate thread would be greatly appreciated!

- Collapse -

Hi sprng2rn

by roddy32 Oct 12, 2005 3:47AM PDT

We don't do those logs here and normally I would NEVER suggest to post a log in a second HJT forum because they frown on multiple forums but if you have waited 2 weeks without a response, perhaps you should post in another one also but PLEASE, JUST ONE of them. Thy one of these.

- http://castlecops.com/f67-Hijackthis_Spyware_Viruses_Worms_Trojans_Oh_My.html
- http://forums.spywareinfo.com/index.php?showforum=18
- http://forums.subratam.org/index.php?showforum=7

- Collapse -

Assist

by sprng2rn Oct 12, 2005 6:28AM PDT

Thanks Roddy! Appreciate the insight and suggestions!

- Collapse -

(NT) (NT) Good luck to you. :)

by roddy32 Oct 12, 2005 8:19AM PDT

- Collapse -

Your Help

by sprng2rn Oct 19, 2005 9:03AM PDT

Hey Roddy - the mentioned forum did come back and diligently stick with me to see it through, so I'm back on track now. But did want to thank you for your thorough effort in assisting.

You take care!

- Collapse -

(NT) (NT) You're welcome, glad it's fixed. :)

by roddy32 Oct 20, 2005 10:24AM PDT

- Collapse -

startup control panel and startup monitor

by a__l__a__n Oct 12, 2005 4:21AM PDT

Here are two free tools that have helped me extract some of these kinds of things:

http://www.mlin.net/StartupCPL.shtml
http://www.mlin.net/StartupMonitor.shtml

The Startup Control Panel (CPL) tool adds a Startup icon in your control panel window. Launching this gives a tool you can use to temporarily (or permanently) disable things from starting when you boot your pc. There are multiple places in the registry where these kinds of things can be hidden, and this tool has a page for each of those places. After installing, just look through the pages and uncheck anything you don't want to start. Of course you need to know what you want to disable. Maybe you could post the things that are starting and someone here could suggest what to disable. Or you could google for each one to see which if any are possibly related to a virus. Or just use trial and error (you can always re-enable things later).

Startup Monitor recognizes when a program attempts to insert something new in the startup areas of the registry, and prompts you for your approval before allowing it. That won't remove what's already in your registry, but it can stop a program from being re-inserted in the startup sequence.

Hope these help.

- Collapse -

Assist

by sprng2rn Oct 12, 2005 6:32AM PDT

Thanks a_l_a_n, will give that a look, interested to see if anything shows up in those hiding places! Aprreciate it!

- Collapse -

You might also try these

by steve11375 Oct 12, 2005 7:10AM PDT

Hi sprng2rn,

The moderators parasite suite:
http://reviews.cnet.com/5208-6132-0.html?forumID=32&threadID=1313&messageID=15002

I think Roddy gets a kickback from Ewido as he always pushes this one... (Just kidding Roddy I like this one also )
http://www.ewido.net/en/download/

Microsoft anti-spyware beta is also good:

http://www.microsoft.com/downloads/details.aspx?FamilyId=321CD7A2-6A57-4C57-A8BD-DBF62EDA9671&displaylang=en

Try these things & report back

Hope That Helps,
Steve

- Collapse -

LOL Steve, Let me explain

by roddy32 Oct 12, 2005 8:18AM PDT

a little about ewido and why I'm pushing it. It gets rid of some real nasty things that some of the others don't. They all do different jobs so I push the ones that I feel will work for that particular job. The HJT forums are using ewido a lot lately which is another reason why I push it. If anybody knows what works, it would be them. It was the FIRST program that got rid of qoologic for starters which was when the HJT forums started using it more. Unfortunately the malware changes every day so lets hope the programs we are all using will keep working for us.

- Collapse -

Roddy I agree Ewido is Great!

by steve11375 Oct 12, 2005 8:33AM PDT

Hey Roddy,

Ewido also found a couple things on my computer which nothing else found, I was just kidding with you on the pushing it, I hope you understand that, you (the moderators all inclusive) provide a GREAT service to the CNET community.

Thanks ALL Mod's for your dedication to the forums you have helped so many people with issues ME included!

Steve

- Collapse -

No problem at all Steve, I knew

by roddy32 Oct 12, 2005 8:54AM PDT

you were kidding around but you were correct, I DO push it so I just felt I should explain as to why.

- Collapse -

Roddy!

by sprng2rn Oct 19, 2005 9:17AM PDT

Speaking of Malware... following my recent problems, could you suggest a top site/program for Malware - would like to be sure I'm covered in that respect as well.

Thanks!
Sprng2n

- Collapse -

Here are some free ones and

by roddy32 Oct 20, 2005 10:27AM PDT

sorry I was so slow to respond. I haven been here for a day or so. These are all free.
Spybot S&D (download, check for updates, read the tutorial and scan often, it also does some blocking)
http://www.safer-networking.org/en/home/index.html

SpywareBlaster (a blocker only, download it, check for updates, enable it and leave it alone except for checking for updates occasionally)
http://www.javacoolsoftware.com/spywareblaster.html

SpywareGuard (similiar to SpywareBlaster but works in a different way and does not update as often for that reason.
http://www.javacoolsoftware.com/spywareguard.html

Ad-Aware SE (a scanner, download, check for updates, read the directions and scan.
http://www.lavasoftusa.com/

cwshredder (stand alone unit)(another small scanner for certain things, ALL other windows should be closed)
http://www.intermute.com/spysubtract/cwshredder_download.html

- Collapse -

links

by sprng2rn Oct 27, 2005 8:16AM PDT

Great! Thanks again - you are awesome!

- Collapse -

(NT) (NT) You're welcome. :)

by roddy32 Oct 27, 2005 9:44AM PDT

- Collapse -

Your Help

by sprng2rn Oct 19, 2005 9:07AM PDT

Hey Steve, Thanks so much for the input. Have gotten back on track and just wanted to let you know how much I appreciate the effort of your post!

Take care!

- Collapse -

Another one to try...

by Larry38 Oct 12, 2005 8:13AM PDT

I use all the above, plus a few others. Here is another free program that will catch some things that ewido will miss.
a-squared
http://www.emsisoft.com/en/software/free/
Good Luck
Larry

- Collapse -

Your Help

by sprng2rn Oct 19, 2005 9:10AM PDT

Thanks Larry! Will check them out and save in my ''arsenals'' file, lol

Appreciate your post!

- Collapse -

Your HJT Log

by Bugbatter Oct 12, 2005 11:44AM PDT

There have been several replies to your log at Tom Coyote. http://forums.tomcoyote.org/index.php?showtopic=47894&st=0&p=217692&#entry217692

- Collapse -

Apologies

by sprng2rn Oct 19, 2005 9:15AM PDT

Yes! Had to wait a little while as they were swamped, but when available I got two replies within 2 minutes of one another. They were great, and stuck with me.

Had never used a forum like this before, and have gained an extreme appreciation for all who help.

Thanks for your post!

- Collapse -

Thanks

by Bugbatter Oct 19, 2005 9:35AM PDT

Thank you for the follow-up. I'm glad everything worked out well.

CNET Forums

Other Forums

Forum Info