Spyware, Viruses, & Security forum

General discussion

Virus symptons but none found.... Please HELP!

by mark960 / June 24, 2004 12:34 AM PDT

My Win XP computer has begun to show a number of symptons indicating a virus....

1. When the computer is started, AOL IM attempts to auto-start. I disabled the IM autostart, but it contiunes. Even when I exit it, (including in the system tray) it attempts to restart AOL IM every 4-5 minutes later.

2. I can NOT open Task Manager. Task Manager responds to the CTRL-ALT-DEL but promptly closes as quickly as it starts.

3. I am unable to run MSCONFIG or REGEDIT.

4. If started in the SAFE MODE, Task Manger, MSConfig, and Regedit work normal.

5. I removed AOL Instant Messenger, which has stopped the IM pop-up but the OS utilities are still inop.

I have run the following programs to attempt to track down what's happening. (All versions have most current updates.) None have indicated any problem.

Norton Anti-Virus
Trend House Call (Online virus check)
Symantec online virus check
Adaware
Spybot
Spysweeper

Thanks
Mark K

Discussion is locked
You are posting a reply to: Virus symptons but none found.... Please HELP!
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Virus symptons but none found.... Please HELP!
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Re: Virus symptons but none found.... Please HELP!
by Donna Buenaventura / June 24, 2004 12:49 AM PDT

Hi Mark,

When you open System Configuration Utility [MSCONFIG], Registry Editor or Task Manager, they flash for a second and quit. This symptom is caused by Viruses. These three are important system utilities which the viruses target. A quick workaround is to rename the files and run them. Extracting new copies of these files with the same name will not help.

Or use MVP Doug Knox's "Emergency Msconfig, Regedit, Task Manager" utility: http://www.dougknox.com/xp/utils/xp_emerutils.htm. This utility creates usable copies of MSCONFIG, REGEDIT AND TASK MANAGER by creating copies of the actual files to C:\EmergencyUtils folder. BTW, the alternate copies will have the following file names: MSCONFIG1.EXE, TASKMGR1.EXE and REGEDIT.COM.

http://www.mvps.org/sramesh2k/ToolsQuit.htm

Collapse -
Re: Virus symptons but none found.... Please HELP!
by mark960 / June 24, 2004 3:07 AM PDT

Doug Knox's utility helped track down the culprit. The problem was due to a program "NETSTATT" (Note the 2 T's at the end of the file name). Although I had previously disabled this via MSCONFIG when I was in the safe mode, it was still running at normal start up.

I renamed the file and now the system seems to work normal.

Just wondering why none of the virus programs picked this up?

Also I am concerned about other damage/files that this program may have caused.


Thanks
Mark K

Collapse -
Re: Virus symptons but none found.... Please HELP!
by Marianna Schmudlach / June 24, 2004 3:18 AM PDT

Mark,

NETSTATT.EXE <------ may have to search for this via Start/Search
Delete files/folder from the following directories (But not the directory itself, for example delete all files/folder IN temp; but not temp itself!)
[*]C:\Windows\Temp\
[*]C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
[*]C:\Documents and Settings\<All other users Profile>\Local Settings\Temp\
[*]C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <---This will delete your internet cache--including cookies. This is recommended and strongly suggested.
[*]C:\Documents and Settings\<All other users Profile>\Local Settings\Temporary Internet Files\
[*]Empty your "Recycle Bin"

May also try this:
Run an online virus scan at Housecall and/or Panda Online.

Collapse -
Re: Virus symptons but none found.... Please HELP!
by Donna Buenaventura / June 24, 2004 4:05 AM PDT
Doug Knox's utility helped track down the culprit. The problem was due to a program "NETSTATT" (Note the 2 T's at the end of the file name). Although I had previously disabled this via MSCONFIG when I was in the safe mode, it was still running at normal start up.

I renamed the file and now the system seems to work normal.

Glad to hear that it is now working normally.
To delete NETSTATT.exe successfully, you need to end the NETSTATT.exe process via Task Manager>Processes tab before deleting it. Locate the file then delete. You can't delete it if it's running as a service so if it's still there, end it then delete from the location.

You should also temporarily disable System Restore so you won't re-infect your system when you use System Restore later on.

Just wondering why none of the virus programs picked this up?

Maybe because it's a variant. Maybe it isn't a virus but a trojan. Not all anti-virus program can detect trojan

Also I am concerned about other damage/files that this program may have caused.
Follow Mariannas' advise to scan the system using the online scanner or try using anti-trojan: www.moosoft.com
Collapse -
Re: Virus symptons but none found.... Please HELP!
by mark960 / June 24, 2004 4:45 AM PDT

Thanks for all your help. It looks like it's all cleared.

Thanks again
Mark

Collapse -
(NT) (NT) You're welcome Mark. Glad we could help :)
by Donna Buenaventura / June 24, 2004 5:00 AM PDT
Collapse -
(NT) (NT) Interesting posts.
by chipmarker / June 7, 2005 8:28 PM PDT
Collapse -
Now I remember how I got here in the first place.
by chipmarker / June 7, 2005 8:34 PM PDT
Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

FALL TV PREMIERES

Your favorite shows are back!

Don’t miss your dramas, sitcoms and reality shows. Find out when and where they’re airing!