Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Virus and Registry Repair

by mamajenn Nov 8, 2005 11:30AM PST

I have just completed a reformat and have installed Norton and did a complete scan. Did a disk cleanup, disk defrag and installed all critical window updates. Now Norton continues to show a box with this info: W32.spybot worm on C:Windows\system 32\VSSMON.EXE. Norton cannot get rid of it as access is denied. Where did it come from. I have just completed a reformat. How can I get rid of this worm? I did another scan with Nortaon and it showed no viruses present but in the corner of my screeen sits a message box. I did a spybot scan and it continues to show this error: during check! Smithfraud-C(152) [access violation at address]. I have performed three scans and deleted three times but it still comes back. What is this???? I am thoroughly confused and frustrated. I did the reformat, updates, scans and I seem to be hit again. Please help. Jen

Discussion is locked

10 Posts
- Collapse + Expand Details
- Collapse -
re virus
by danthevan Nov 9, 2005 12:16AM PST
- Collapse -
Reply to: Virus.
by caktus Nov 9, 2005 2:25AM PST
- Collapse -
CATKUS
by mamajenn Nov 9, 2005 8:40PM PST

What is kazaa file sharing? I do not understand and obviously I need to know so that I can stay away. What is irc chat programs? I do not know what that is? I only come to this site, dell support and microsoft support forums for help. Please advise me. Thanks for your site info as I will go there and see what I am to do. When you reformat, do you get rid of everything including viruses that are sitting on your system?

- Collapse -
RE: What is kazaa
by caktus Nov 10, 2005 2:27PM PST
W32.Spybot.Worm is a detection for a family of worms that spreads using the Kazaa file-sharing network and mIRC

Kazaa and Kazaa Lite is Peer to peer or p2p file sharing service which aids computer users to upload/download music files to one another. At best this may infringe on copywite protections. At worst, you have no idea what else (viruses, trojans, dialers, Key loggers, etc.) may be downloaded onto your computer.

But then it could have been placed on the computer by other means. Regardless how careful we are while surfing the net, when we least expect it, stuff happens.

These procedures may get rid of the W32.Spybot.Worm.

1. Disable System restore. Right click on MY COMPUTER > left click on PROPERTIES > left click on SYSTEM RESTORE > remove the check mark from TURN OFF SYSTEM RESTORE FOR ALL DRIVES > left click on APPLY > YES > OK.

This will delete all System Restore points. Sometimes a pest can be hiding in a System Restore point and keep comming back.

2. Go to start > run > msconfig, and click the startup tab...look
for any suspicious files that are being loaded on startup, if you
think they are suspicious, just uncheck them...
some files to look for:
TFTP####
dcom.exe
webdav.exe
msconfig32.exe

Also, you can compare your Startup items with items listed in this download start_ups.exe

3. Go to START > RUN > type in
''ndir%\prefetch'' without the quotes > OK.

This will open the prefetch file. If in the prefetch file you see
TFTP####
dcom.exe
webdav.exe
msconfig32.exe
or any files resembling W32.Spybot.Worm. then delete them by right clicking on them and left clicking on DELETE.

If you are unsure of what to delete or you just don't feel like digging through the list it is safe to just delete them all. To do this: left click on the first file to highlight it, scroll to the bottom of the list and while holding down the SHIFT key highlight the last file. This will highlight the entire list. Then right click anywhere on the highlighted list and left click on DELETE. **NOTE** THIS MAY CAUSE RESTARTING AND OPENING PROGRAMS TO BE A BIT SLOW FOR A FEW DAYS.


4. Go to START > RUN > type in ''indir%\pss\'' w/o the quotes. Delete the following files if they are present:

TFTP####
dcom.exe
webdav.exe
msconfig32.exe

5. Update and run your anti-virus program.

6. Go to Trend Micro Systems and run thier free online scan Housecall. Read the instructions. It will have to download an ActiveX before you can start the scan. If you get a message asking if you want to download the ActiveX, click YES. This will take about 15 minutes. If for some reason it doesn't download go back to the previous page and start over.

Before you start the scan be sure to click CLEAN.

7. Re-enable System Restore.
=======================================================

If you reformat and reload the Operating System as you mentioned you may do, this should clean the hard drive of any files including viruses and such.
=======================================================

You may want to download and install the free version of WinPatrol English (9.7.4.0)
=======================================================

Read about IRC Security (Internet Relay Chat/chat rooms.A good rule of thumb is just don't use chat rooms. Or Instant Messaging for that matter.
=======================================================

While the PC and internet are fun to play with, basically they are just tools. And like any tools they should be used properly and well maintained. Safe surfing (staying away from riske' sites, chat rooms, instamt messaging, file sharing) help to keep us out of trouble. And if in doubt about the safety of a web site or download I leave it alone unless I learn from a reliable source that it's safe. And usually when something sounds too good to be true (especially on the net or email) it usually is.

Email too is often used as a conveyance of dasturdly deeds. If I don't recognize the sender I usually just delete it, and never open an attachment I am unsure of as they can carry viruses, etc. But if I am still curious about a suspicious email I can open it's Properties and Source Code to read it's text as this is safe.

And of course we can't be without regularly updated anti-virus, spy/adware, firewall programs, and Operating System updates. You might want to check out R. Proffitt's Anti-Parasite Suite
- Collapse -
From MamaJen
by mamajenn Nov 10, 2005 9:41PM PST

Thanks for all your advice. I have printed all of your instructions and will follow them to the letter as well as keep them in my notebook. I did want you to know that I have never gone to any chat rooms except cnet, dell forum and microsoft forum chats. I had never had this problem until I installed Norton; however, I did do another reformat and eliminated Norton and installed AVG. I will also install adaware and spybot. Do you recommend that I install another software? Thanks again. Jen

- Collapse -
Can't Resist
by yorba Nov 11, 2005 12:13AM PST

I'm sorry, but I can't resist replying to this. I tested on line chat years ago as an employee of Prodigy, before the Internet went public. I have been using IRC chat since the days that the Internet became as available as local BBS's ... I have never had a virus from chat. I have been using email since the days of 2400 baud modems on local BBS's ... I never was infected by an email virus. Not to say that I have never received an email that contained a virus. Doing tech support for various companies using email to the general public ensured that I would receive some. But there is such a thing as safe computing. It involves mostly common sense. Running an up-to-date anti virus program, keeping it updated, not opening unexpected attachments, just using plain common sense, will go a long way towards keeping your computing experience safe. Locking oneself away in a tower afraid to enjoy the world because of evil out there, living in paranoia ... well ...

- Collapse -
(NT) (NT) Noticed what forum you're posting in?
by caktus Nov 11, 2005 3:17AM PST
- Collapse -
MamaJen
by caktus Nov 11, 2005 3:15AM PST

I too use the AVG (free). It's probably as good as any.

I too once used Norton, and it's probably the most popular utilities vendor. But I figure they come with too many gadgets, and that means too many things can go wrong. And some Norton utlilties are system resource hogs.

Forums, and chat rooms and instant messaging are not quite the same. With chat rooms and instant messaging user's can communicate back and forth as fast as they can type. Like communicating over the phone, except with type. Chat rooms and instant messaging can interrupt your work and drive you and the computer crazy ads, spyware, and more.

Are you actually sellecting reformat? If you are sellecting repair or recover a lot of stuff will remain, perhaps even the virus. Then when you first go online you should get your anti-virus up and running and download windows critical updates.

Another free utility I find very useful is
ewido free Just let it apply the default settings. If it finds a pest while you run it, select REMOVE >
CREATE ENCRYPED BACKUP IN QUARENTINE > PERFORM ACTION WITH ALL INFECTIONS > OK.

Another must is a Firewall. I recommend Zone Alarm free which can be downloaded at www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp
Just let it install default settings. At first, while surfing the net it may through up messages asking if you want to allow a page to load, but just select Yes or No, and Remenmber My Answer.

While many utlity programs offer paid versions the only big difference is after trial period you have to maually download the updates, and in some cases manually run the program. I download updates and run them atleast once a week.

- Collapse -
(NT) Registry Repair
by remrod77 Nov 11, 2005 1:07AM PST

First thing and a must have thang...

Go to PC World downloads and find *Registry Editor Plus*.

Maybe find it as *RegEdit+*...something like that. Anyway, find Registry Editor Plus and prowl around and through and over and under your registry like a Gate's engineer.
Store registry entries you don't need or want...but be able to click and restore any entry you eliminated but want back...etc, etc, etc.
Your worm is somewhere in your registry. RegEdit+ should find it for you and let you eliminate it.
I have found this free program one of the most valuable ever offered to a newbie or anyone else.
Hope this helps.

- Collapse -
clean up your crap
by icepop4who Nov 11, 2005 6:52AM PST

If you got this worm from the internet, you can try Crap Cleaner (seriously, that's the name) to clean up your internet and windows file. It is very powerful, and clean up very throughly, and don't worry, your personal files will not be harmed.

Back to Computer Newbies forum

CNET Forums

Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Brand Forums
Roadshow Autos
Off Topic

Other Forums

Forum Info