Unusual Problem

[Jeremy]

Holyyyy s***... that's a lot of Trojan Viruses man. Next time be careful with what you DL. Use Kaspersky or NOD32 for your antivirus, Norton is a resource hog. Use Firefox or Opera as your browser. If you're going to use P2P, use Shareaza or use torrents. Don't open e-mails from anyone unless you know exactly who it is from and what is in the e-mail. Also, follow my signature and use nLite.

[JoeMSFN]

I would be very carefule with the ones that the virus scan said had a virus. You will want to make sure you have up to date AV on whatever computer you move the files to and scan them before copying them.

<{POST_SNAPBACK}>

Well I really only meant my "step-by-step" list as a guide. I assume that anyone who does this takes reasonable (read overly cautious) steps at preventing contamination of the 2nd system.

In fact I prefer to use external drive enclosures to ensure the AV is up and running before the 2nd computer sees the infected computer's HD. I have (perhaps misguided belief) that this will help prevent potential infection in between boot and full AV load.

Although I have had problems with external drives as windows (for me) loves to say "delayed write failed, your data may be corrupt". Thanx windows.

Edited July 20, 2005 by JoeMSFN

[Fascix]

Okey whatever you decide to do (reinstall or not)

1. get a good Anti Virus protection, Norton Antivirus, NOD, AntiViri Panda, or search on www.download.com

2. get some decent antispyware apps. Lavasoft AdAware, Spybot Search & Destroy, Spywareblaster, Microsoft Antispyware (former Giant Antispyware)

3. Configure your Browser Especially if you use Internet Explorer 6 to not get spyware installed at the first place. ill post a link to this later on, i can´t remember the link to a good tutorial on this right now.

Spyware Blocklist

4. Consider using Firefox or maby Avant browser if you still want the IE6 as "ground install"

5. Usa a firewall, Hardware or software. If you are on a DSL connection check if your modem has a built in firewall. ZoneAlarm is a good software firewall check www.download.com for more

6. Backup. i NEVER backup everything and make silly restore points, i backup everything i think i need to backup, like favorites, documents, program saves, game saves and stuff i downloaded i need to save and so on. But none the less BACKUP. If you do it like i do you dont have to worry as much for getting REinfected again, there are offcourse macro viruses for Word documents but they are easily removed whit any antivirus program later on.

7. Update your Windows, i suppose you use Windows XP? well it doesnt matter, update none the less. Download ALL the critical updates that Windows Update finds.

8. And be carefull what you download and install and dont click "Yes" on popups on the internet that looks like install dialougs, unless you are really sure. and watch out for email attachments

9. Use several different programs for removing Viruses, Trojans, Spyware and so on as most of them finds different things and they complement eachother pretty well.

Optimize XP: Covers all of the above, a really good guide

Optimize 2000: Same guide as above but for Windows 2000

Antispyware Bundle Program

I know this post might be a bit n00b but many people seems to think that that they will never get viruses!

Thanx and good luck!

Edited July 25, 2005 by Fascix

[Pirate®]

Hmmm I when I ran the online scan I deleted the file(they were uncleanable) but still having the same problem. :/

[Marthax]

I know this sounds horrible, but if you wanna be on the safe side, deleting all files without any backup is the safest option her becuase backup files can easily get infected if the virus is smart. Even if you have a AV program, what if your AV doesn't detect a virus until it's to late. You'll have to do the same thing all over again. I know it sucks, but trying doing backups regularly in the future so that if something like this happends, you're prepared.

[Zxian]

Wow... that's a really long list (I've seen worse, mind you).

Anyways... I'm gonna be another person here to say backup everything you need (not want - need) and format and re-install. Wipe the whole drive clean (all partitions) and start from scratch.

Get a good anti-virus program (have a look in the software section for more info) and firewall, as well as either a handfull of spyware blockers/scanners of Opera/Firefox.

Trust me - you'll have a much easier time starting from scratch than trying to fix what you're left with.

[Pirate®]

..ok but if this is a virus which one, thats what I really wanna know. I dont think my problem has anything to do with the viruses on that list. It has to be another one. I was thinking of W32.Swen.A@MM or something else.

[Zxian]

Why does it really matter what virus it was? The only way you could have got that many viruses on your system was by either not running and anti-virus program, or running one without updating the definitions.

The viruses on the list could have easily corrupted links and files causing your problems. Also, the virus(es) could have messed with your registry resulting in the same behaviour.

[Marthax]

I would not recommend to do any backup before doing the format, this time because of the circumstances.

[Pirate®]

Well ya'll advice wont have help me.... but guess what I SOlVED THE PROBLEM!!!. The problem was something changed my registry so I had to add exe.reg text with it and it worked!!!! It was hard opening regedit because I couldnt open any exe and that includes command, so I had to open task and hold ctrl and click file and run and command opened automatic. But thx for ya'll help anyway

[dirtwarrior]

I too had a bad infection. I did a LLF and reinstalled everything, guess what it was still there. There are some virus that are very resilliant(resident virus) they will hide in memory when threatened.

With these do a LLF and then before you install OS unplug memory and let them discharge totally before reinstalling them.

I know I will get a negative responce for this reply but I am ready to defend myself.

[DonDamm]

Pirate®, you've had a bad infection of a number of different worms on that machine. There is no way yu can be sure you got them all or that the files they affected are in their former state. That means there is a good chance the system is still infected with something. Just becuase an AV program doesn't see anything doesn't mean it isn't infected with something.

Almost everyone here has recommended a reinstall for a very good reason. It is good that you were able to find a way to open the registry editor and to fix the association problem. However, you still had a very nasty situation. I noticed that your first screen showed 28 processes running, but only six were listed. Something is very wrong with that. Very wrong.

I could never trust a system like that. If this is your machine, then you can manage it yourself, but if it belongs to your folks, then maybe there is another issue to deal with like your not wanting to tell them about the problem.

Best advice: Tell them anyway. If you want to tell them there was sopme instability and that the only way to address it is to install anew and apply all service packs and updates, then do that.

As noted the only way you could have that kind of infestation is to have run unprotected and visited sites with driveby downloads (there are many of them whether porn, games, crack sites, or whatever). You need to learn how to avoid those ActiveX controls and how to safely go to the sites you visit. Firefox would help there for now. Exposing a an unprotected computer to the Internet is like skiing without safelty bindings - not to bright. The statistics are that an unprotected machine will get hit within 5 minutes. I've experienced it in less time.

[atakar]

Hi,

I have had this problem only once and it was related to the exe-file-association in the registry. A very well solution is offered at:

http://windowsxp.mvps.org/exefile.htm

Problem: How do you start regedit.exe when you cannot start any exe-file? A solution is creating a .reg-file that preforms the needed actions for you, since you can still run these files (hopefully ).

How to create your own .reg files. Applying .reg files is useful, but best of all, you could create your own .reg files. Here is how you can do it

1. Launch Regedit (Start, Run, Regedit)

2. Navigate to the area of the registry you are interested in.

3. Select File (menu), Export and save as .reg file.

4. Note: Export Range at the bottom of the diagram and choose: Selected Branch.

Do this for the required strings on a WORKING PC, and you have yourself a regfile that corrects the errors in your registry. Of course you can also try to use a external regeditor as ditributed with Norton Rescue discs I think, but this requires the right software.

CU,

atakar

[atakar]

Edited July 22, 2005 by atakar

[atakar]

Hi,

I have had this problem only once and it was related to the exe-file-association in the registry. A very well solution is offered at:

http://windowsxp.mvps.org/exefile.htm

Problem: How do you start regedit.exe when you cannot start any exe-file? A solution is creating a .reg-file that preforms the needed actions for you, since you can still run these files (hopefully ).

How to create your own .reg files. Applying .reg files is useful, but best of all, you could create your own .reg files. Here is how you can do it

1. Launch Regedit (Start, Run, Regedit)

2. Navigate to the area of the registry you are interested in.

3. Select File (menu), Export and save as .reg file.

4. Note: Export Range at the bottom of the diagram and choose: Selected Branch.

Do this for the required strings on a WORKING PC, and you have yourself a regfile that corrects the errors in your registry. Of course you can also try to use a external regeditor as ditributed with Norton Rescue discs I think, but this requires the right software.

CU,

atakar