General discussion

Virus and Registry Repair

I have just completed a reformat and have installed Norton and did a complete scan. Did a disk cleanup, disk defrag and installed all critical window updates. Now Norton continues to show a box with this info: W32.spybot worm on C:Windows\system 32\VSSMON.EXE. Norton cannot get rid of it as access is denied. Where did it come from. I have just completed a reformat. How can I get rid of this worm? I did another scan with Nortaon and it showed no viruses present but in the corner of my screeen sits a message box. I did a spybot scan and it continues to show this error: during check! Smithfraud-C(152) [access violation at address]. I have performed three scans and deleted three times but it still comes back. What is this???? I am thoroughly confused and frustrated. I did the reformat, updates, scans and I seem to be hit again. Please help. Jen

Discussion is locked

Follow
Reply to: Virus and Registry Repair
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: Virus and Registry Repair
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Comments
- Collapse -
re virus
- Collapse -
Reply to: Virus.
- Collapse -
CATKUS

What is kazaa file sharing? I do not understand and obviously I need to know so that I can stay away. What is irc chat programs? I do not know what that is? I only come to this site, dell support and microsoft support forums for help. Please advise me. Thanks for your site info as I will go there and see what I am to do. When you reformat, do you get rid of everything including viruses that are sitting on your system?

- Collapse -
RE: What is kazaa
W32.Spybot.Worm is a detection for a family of worms that spreads using the Kazaa file-sharing network and mIRC

Kazaa and Kazaa Lite is Peer to peer or p2p file sharing service which aids computer users to upload/download music files to one another. At best this may infringe on copywite protections. At worst, you have no idea what else (viruses, trojans, dialers, Key loggers, etc.) may be downloaded onto your computer.

But then it could have been placed on the computer by other means. Regardless how careful we are while surfing the net, when we least expect it, stuff happens.

These procedures may get rid of the W32.Spybot.Worm.

1. Disable System restore. Right click on MY COMPUTER > left click on PROPERTIES > left click on SYSTEM RESTORE > remove the check mark from TURN OFF SYSTEM RESTORE FOR ALL DRIVES > left click on APPLY > YES > OK.

This will delete all System Restore points. Sometimes a pest can be hiding in a System Restore point and keep comming back.

2. Go to start > run > msconfig, and click the startup tab...look
for any suspicious files that are being loaded on startup, if you
think they are suspicious, just uncheck them...
some files to look for:
TFTP####
dcom.exe
webdav.exe
msconfig32.exe

Also, you can compare your Startup items with items listed in this download start_ups.exe

3. Go to START > RUN > type in
''ndir%\prefetch'' without the quotes > OK.

This will open the prefetch file. If in the prefetch file you see
TFTP####
dcom.exe
webdav.exe
msconfig32.exe
or any files resembling W32.Spybot.Worm. then delete them by right clicking on them and left clicking on DELETE.

If you are unsure of what to delete or you just don't feel like digging through the list it is safe to just delete them all. To do this: left click on the first file to highlight it, scroll to the bottom of the list and while holding down the SHIFT key highlight the last file. This will highlight the entire list. Then right click anywhere on the highlighted list and left click on DELETE. **NOTE** THIS MAY CAUSE RESTARTING AND OPENING PROGRAMS TO BE A BIT SLOW FOR A FEW DAYS.


4. Go to START > RUN > type in ''indir%\pss\'' w/o the quotes. Delete the following files if they are present:

TFTP####
dcom.exe
webdav.exe
msconfig32.exe

5. Update and run your anti-virus program.

6. Go to Trend Micro Systems and run thier free online scan Housecall. Read the instructions. It will have to download an ActiveX before you can start the scan. If you get a message asking if you want to download the ActiveX, click YES. This will take about 15 minutes. If for some reason it doesn't download go back to the previous page and start over.

Before you start the scan be sure to click CLEAN.

7. Re-enable System Restore.
=======================================================

If you reformat and reload the Operating System as you mentioned you may do, this should clean the hard drive of any files including viruses and such.
=======================================================

You may want to download and install the free version of WinPatrol English (9.7.4.0)
=======================================================

Read about IRC Security (Internet Relay Chat/chat rooms.A good rule of thumb is just don't use chat rooms. Or Instant Messaging for that matter.
=======================================================

While the PC and internet are fun to play with, basically they are just tools. And like any tools they should be used properly and well maintained. Safe surfing (staying away from riske' sites, chat rooms, instamt messaging, file sharing) help to keep us out of trouble. And if in doubt about the safety of a web site or download I leave it alone unless I learn from a reliable source that it's safe. And usually when something sounds too good to be true (especially on the net or email) it usually is.

Email too is often used as a conveyance of dasturdly deeds. If I don't recognize the sender I usually just delete it, and never open an attachment I am unsure of as they can carry viruses, etc. But if I am still curious about a suspicious email I can open it's Properties and Source Code to read it's text as this is safe.

And of course we can't be without regularly updated anti-virus, spy/adware, firewall programs, and Operating System updates. You might want to check out R. Proffitt's Anti-Parasite Suite
- Collapse -
From MamaJen

Thanks for all your advice. I have printed all of your instructions and will follow them to the letter as well as keep them in my notebook. I did want you to know that I have never gone to any chat rooms except cnet, dell forum and microsoft forum chats. I had never had this problem until I installed Norton; however, I did do another reformat and eliminated Norton and installed AVG. I will also install adaware and spybot. Do you recommend that I install another software? Thanks again. Jen

- Collapse -
Can't Resist

I'm sorry, but I can't resist replying to this. I tested on line chat years ago as an employee of Prodigy, before the Internet went public. I have been using IRC chat since the days that the Internet became as available as local BBS's ... I have never had a virus from chat. I have been using email since the days of 2400 baud modems on local BBS's ... I never was infected by an email virus. Not to say that I have never received an email that contained a virus. Doing tech support for various companies using email to the general public ensured that I would receive some. But there is such a thing as safe computing. It involves mostly common sense. Running an up-to-date anti virus program, keeping it updated, not opening unexpected attachments, just using plain common sense, will go a long way towards keeping your computing experience safe. Locking oneself away in a tower afraid to enjoy the world because of evil out there, living in paranoia ... well ...

- Collapse -
(NT) (NT) Noticed what forum you're posting in?
- Collapse -
MamaJen

I too use the AVG (free). It's probably as good as any.

I too once used Norton, and it's probably the most popular utilities vendor. But I figure they come with too many gadgets, and that means too many things can go wrong. And some Norton utlilties are system resource hogs.

Forums, and chat rooms and instant messaging are not quite the same. With chat rooms and instant messaging user's can communicate back and forth as fast as they can type. Like communicating over the phone, except with type. Chat rooms and instant messaging can interrupt your work and drive you and the computer crazy ads, spyware, and more.

Are you actually sellecting reformat? If you are sellecting repair or recover a lot of stuff will remain, perhaps even the virus. Then when you first go online you should get your anti-virus up and running and download windows critical updates.

Another free utility I find very useful is
ewido
free Just let it apply the default settings. If it finds a pest while you run it, select REMOVE >
CREATE ENCRYPED BACKUP IN QUARENTINE > PERFORM ACTION WITH ALL INFECTIONS > OK.

Another must is a Firewall. I recommend Zone Alarm free which can be downloaded at www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp
Just let it install default settings. At first, while surfing the net it may through up messages asking if you want to allow a page to load, but just select Yes or No, and Remenmber My Answer.

While many utlity programs offer paid versions the only big difference is after trial period you have to maually download the updates, and in some cases manually run the program. I download updates and run them atleast once a week.

- Collapse -
(NT) Registry Repair

First thing and a must have thang...

Go to PC World downloads and find *Registry Editor Plus*.

Maybe find it as *RegEdit+*...something like that. Anyway, find Registry Editor Plus and prowl around and through and over and under your registry like a Gate's engineer.
Store registry entries you don't need or want...but be able to click and restore any entry you eliminated but want back...etc, etc, etc.
Your worm is somewhere in your registry. RegEdit+ should find it for you and let you eliminate it.
I have found this free program one of the most valuable ever offered to a newbie or anyone else.
Hope this helps.

- Collapse -
clean up your crap

If you got this worm from the internet, you can try Crap Cleaner (seriously, that's the name) to clean up your internet and windows file. It is very powerful, and clean up very throughly, and don't worry, your personal files will not be harmed.

CNET Forums

Forum Info