[pchelpers] Re: virus problem

Ekhart GEORGI (last name last) wrote:
>> After removing 100s of viruses and spyware (in safemode) I rebooted
>> and a window came up saying that IE had been completely removed and did 
>> I want to remove all personal settings.
>>     
>
> What did you answer?
>   
I answered yes, knowing that I would be re-installing IE
>   
>> Tried IEFix and tried to reinstall IE only getting the message that it 
>> already had a newer version installed.
>>     
>
> How did you try to reinstall? Sounds like there was corruption or junk 
> in the Windows Update or IE update folders and all you would have had to 
> do was empty them. C:/Program Files/Internet Explorer/Uninstall Information.
>   
I downloaded the IE 6 sp1 setup file. (All I could find besides IE 7 )
>   
>> So I installed IE7 and it seems to be working. Only on the MS update 
>> site the update scan window
>> won't come up. It says that there was an error.
>>     
>
> What error? If you have automatic updates turned on, you can more or 
>   
I would click the "Custom" button and when the next window came up to 
give me the list of updates to choose from,
the frame would only have a error message say something about an error 
and not being able to display the page. To
contact MS support.
I had auto turned on and was able to get all the updates that way.


> I'm curious; i get no Google hit at all for irnrs.exe. Not even for I 
> irnrs + trojan. What did you search for?
>   
I did the search on the Trojan Name that AVG reported: Downloader:UEO.
This is the page that came up:   http://www.gordano.com/kb.htm?q=2845
>> Spybot also shows two reg lines that it can't delete.
>> H..L..M\system\controlset001\services\cmdservice
>> H..L..M..\system\current controlset\service\cmdservice
>>
>> I tried to delete them with regedit but was denied access
>> Went to Safemode admin account and was still denied access
>>     
>
> Let's see if they are removed by the programs i mentioned above.
>   
I removed them by hand once I was reminded about setting the permissions.
> Are you talking about the online scan?
>   
Yes. The Panda online scan wouldn't work, but housecall worked
> I'm curious to know which if any of my steps helped. More ideas here 
> http://www.local.nu/HelpDesk/index.php/Windows_cleanup
>   
Yes it did. The customer picked her computer up today.

I scan the computer in safemode with every program that you mentioned.

Trojan Hunter
A-Squared
Counter Spy
Ewido
Bitdefender
Clean-up

Everyone pick- upped  4-5 things that the other programs didn't.

Then I took out the hard-drive and attached it to my computer and 
scanned again with
every program.
Once again every program pick-upped 1-2 things

Upon reboot the computers run for 3 hours without one pop-up or virus alert.
One of the programs found the "source file" for the virus.

I left AVG, Spybot, Ad-aware, and ZoneAlarm running on her computer, 
hopefully they will
prevent it from happening again. ( I deleted all the other programs)

I just wish I could have gotten the "Windows firewall" to turn on. The 
error message says that ICS couldn't start..

Thanks for all the help. I now have a lot more tools to work with.

Pc













-- 
-------list-services-below-----------
Regards, John Durham (list moderator) <http://modecideas.com/contact.html?sig>
Freelists login at http://www.freelists.org/cgi-bin/lsg2.cgi
List archives at http://www.freelists.org/archives/pchelpers
PC-HELPERS list subscribe/unsub at http://modecideas.com/discuss.htm?sig
Latest news live feeds at http://modecideas.com/indexhomenews.htm?sig
Good advice is like good paint- it only works if applied.

Other related posts: