Microsoft Windows Vista Community Forums - Vistaheads
Recommended Download



Welcome to the Microsoft Windows Vista Community Forums - Vistaheads, YOUR Largest Resource for Windows Vista related information.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so , join our community today!

If you have any problems with the registration process or your account login, please contact us.

Driver Scanner

worm has control of my XP, can't update etc

microsoft.public.windowsupdate






Speedup My PC
Reply
  #1 (permalink)  
Old 04-23-2009
starman321
 

Posts: n/a
worm has control of my XP, can't update etc
Windows update won't work, can't redownload the service packs, the worm has
disabled servicve packs. Microsoft tells me to go to services and check
automatic updates, background intelligent, and event log. Every time I
correct from disable setting with the corrected word the worm changes it back
every time. I'm running XP verison 5.1 Help ! how do I get rid of this worm
?
--
starman321
Reply With Quote
Sponsored Links
  #2 (permalink)  
Old 04-23-2009
MowGreen
 

Posts: n/a
Re: worm has control of my XP, can't update etc
How do you know that the malware is a worm ?
If in the US, call 1-866-PCSafety [1-866-727-2338] for *free* assistance
from MS in getting the malware removed.

MowGreen
===============
*-343-* FDNY
Never Forgotten
===============


starman321 wrote:

> Windows update won't work, can't redownload the service packs, the worm has
> disabled servicve packs. Microsoft tells me to go to services and check
> automatic updates, background intelligent, and event log. Every time I
> correct from disable setting with the corrected word the worm changes it back
> every time. I'm running XP verison 5.1 Help ! how do I get rid of this worm
> ?
> --
> starman321

Reply With Quote
  #3 (permalink)  
Old 04-23-2009
Kayman
 

Posts: n/a
Re: worm has control of my XP, can't update etc
On Thu, 23 Apr 2009 13:33:01 -0700, starman321 wrote:

> Windows update won't work, can't redownload the service packs, the worm has
> disabled servicve packs. Microsoft tells me to go to services and check
> automatic updates, background intelligent, and event log. Every time I
> correct from disable setting with the corrected word the worm changes it back
> every time. I'm running XP verison 5.1 Help ! how do I get rid of this worm
> ?


1.Clear the (IE) temporary Internet files and the history cache.
Click 'Start' and then click 'Run'... then type (or copy/paste)
"inetcpl.cpl" (w/out quotation marks) into the box, then click the 'OK'
button.
In Internet Properties panel 'General' tab, under 'Browsing history', click
'Delete...'button, in 'Delete Browsing History' panel, click the 'Delete
all...' button then place a checkmark into the box beside 'Also delete
files and settings stored by add-ons', Click 'Yes' and exit the Internet
Properties panel by clicking the 'OK' button.

2.Clean HDD
Click 'Start' and then click 'Run...' then type (or copy/paste) "cleanmgr"
(w/out quotation marks into the box, then click the 'OK' button. Select
your drive (presumably WinXP (C and click OK.
http://support.microsoft.com/kb/310312
--or--
2a.Delete files using Disk Cleanup (if on Vista)
http://windowshelp.microsoft.com/Win...139d91033.mspx

3.Download/execute:
Malwarebytes© Corporation - Anti-Malware
http://www.download.com/Malwarebytes...html?tag=mncol
--or--
http://majorgeeks.com/Malwarebytes_A...are_d5756.html
--direct--
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
--and--
SuperAntispyware - Free
http://www.superantispyware.com/supe...freevspro.html
--direct--
http://www.superantispyware.com/down...NTISPYWAREFREE

Both free versions of MBAM and SAS are on-demand scanners and offer no
'real-time' protection. Keep them installed and use them as
'second-opinion' scanner which is purposely (by design) recommended by
their respective authors.

*--And/Optional--*
Kaspersky® Virus Removal Tool
http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/
http://www.kaspersky.com/support/vir...vptool?level=2

--and/optional--
Dr.Web CureIt!® Utility - FREE
http://www.freedrweb.com/cureit/

--and/optional--
a-squared (a²) Free or a-squared (a²) Command Line Scanner
http://www.emsisoft.com/en/software/download/

--and/optional--
BitDefender10 Free Edition (*NOT FOR VISTA*)
http://www.bitdefender.com/site/Down...nVersion/1/42/

--and/optional
Sophos Anti-Virus (SAV32CLI), is a 32 bit free command line scanner used in
an emergency as a disinfection utility for Windows NT, Windows 2000,
Windows XP and Windows 2003.
To use the Sophos command line software follow the steps below:
a) Download SAV32CLI
http://downloads.sophos.com/tools/sav32sfx.exe
--and--
extract the contents by double clicking the file.
b) Add the latest virus identity files (IDE) to the folder; These can be
downloaded here:
http://www.sophos.com/downloads/ide/
c) Read Scanning Options with SAV32CLI.
http://www.sophos.com/support/knowle...cle/13252.html
See removing malicious files with SAV32CLI for basic information on virus,
spyware, Trojan and worm removal with SAV32CLI.
http://www.sophos.com/support/knowle...cle/13251.html

--and/optional--
David H. Lipman's MULTI_AV.EXE from the URL:
http://www.pctip.ch/ds/28400/28470/Multi_AV.exe
or
http://212.98.39.7/ds/28400/28470/Multi_AV.exe

http://www.pctip.ch/downloads/dl/35905.asp
or
http://212.98.39.7/downloads/dl/35905.asp

http://www.raymond.cc/blog/archives/...irus-for-free/

NOTE:
The above mentioned applications are not capable for real-time protection
of your computer; They are on-demand scanners.

Kaspersky® Virus Removal Tool, Dr.Web CureIt!® have no update feature (so
they don't turn into full blown scanners). As soon as your computer is
cleaned you are supposed to remove these tools from your operating system
and revert back to your (updated) resident (real-time) AV application.
Re: Kaspersky® Virus Removal Tool; To uninstall/move this program 'enable
self-defense' must be unchecked!

To scan your computer with the most up-to-date Kaspersky® AVPTool and
Dr.Web CureIT!® virus databases next time you should download new
Kaspersky® AVPTool and Dr.Web CureIt!® packages.

BitDefender10 Free Edition, a-squared Free or a-squared Command Line
Scanner, Sophos Anti-Virus (SAV32CLI) and the free version of Malwarebytes©
and SuperAntispyware have an update feature; You may wish to keep a couple
of them installed in addtion to your resident AV/A-S applications and scan
frequently.

After the software is updated, it is suggested scanning the system in Safe
Mode (this does not apply to MBAM).

"Malwarebytes actually performs better in Normal Mode" says Dustin Cook,
Malwarebytes Researcher of MBAM.

How do you boot to Safe Mode?
By pressing/tabbing F8 (or F5 on some keyboards) continually during
re-boot.

A description of the Safe Mode Boot options in Windows XP
http://support.microsoft.com/default.aspx?scid=315222
Alternatively:
Click Start==>Run... then type (or copy/paste) "msconfig" (without
quotation marks), click OK. Then click onto BOOT.INI tab and 'check'
/SAFEBOOT then OK and click Restart. To go back to Normal Mode, you must
access the System Configuration utility again and click the General tab
then click/check the radio button 'Normal Startup'- load all device drivers
and services'.

Start your computer in safe mode (Vista)
http://windowshelp.microsoft.com/Win...904a11033.mspx
http://www.bleepingcomputer.com/tuto...utorial61.html

4.Download and execute HiJack This! (HJT)
http://www.trendsecure.com/portal/en...ols/hijackthis

Please, do not post HJT logs to this newsgroup.
Fora where you can get expert advice for HiJack This! (HJT) logs.

http://www.thespykiller.co.uk/index.php?board=3.0
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.tomcoyote.org/index.php?showforum=27
http://www.bleepingcomputer.com/forums/forum22.html
http://www.malwarebytes.org/forums/i...hp?showforum=7
http://www.5starsupport.com/ipboard/...p?showforum=18
http://www.theeldergeek.com/forum/in...showf orum=29

NOTE:
Registration is required in any of the above mentioned fora before posting
a HJT log and read the 'stickies' (instructions/guidelines) for the
respective HJT forum.

Additional references:
Malicious Software Removal Tool
http://www.microsoft.com/security/ma...e/default.mspx
(Skip: Run an Online Scan of Your PC for Malicious Software).

How to optimize or reset Internet Explorer
http://support.microsoft.com/kb/936213
Applies to: Windows Internet Explorer in Windows Vista

How to use Reset Internet Explorer Settings (RIES)
http://support.microsoft.com/kb/923737
Read: "What you must know"
Applies to: Windows Internet Explorer for Windows XP and
Windows Internet Explorer 7 in Windows Vista

GMER - is an application that detects and removes rootkits.
http://www.gmer.net/index.php

For additional assistance in relation GMER scan results consult either:
http://www.thespykiller.co.uk/index.php?board=3.0
--or--
http://antirootkit.com/forums/index....81ffe4361c3a17

CCleaner - Free
Cleans temporary internet files, cookies, history, recent urls, application
MRUs, etc. ...(*Tune out the registry scanning/fixing option!*)
http://www.ccleaner.com/download/bui...wnloading-slim

If Windows Defender is utilized go to Applications, under Utilities
uncheck "Windows Defender" (so it won't delete the history of WD).
If you wish, click 'Options' button the 'Settings' [check] 'Run CCleaner
when the computer starts'.
--or--
Setup CCleaner to Automatically Run Each Night in Vista or XP
http://www.howtogeek.com/howto/windo...n-vista-or-xp/

Routinely practice Safe-Hex.
http://www.claymania.com/safe-hex.html

You'll need to upgrade to SP3 by 2010 or you won't be able receiving vital
and pertinent security updates/patches for your WinXP operating system.

Why Service Packs are Better Than Patches.
http://www.microsoft.com/technet/arc....mspx?mfr=true

Description of Microsoft Office XP Service Pack 3
http://support.microsoft.com/kb/832671

Good luck
Reply With Quote
  #4 (permalink)  
Old 04-23-2009
Clayman
 

Posts: n/a
RE: worm has control of my XP, can't update etc
Virus update will not download, computer tells me "at danger" but will not
update virus prorgram. What to do???

"starman321" wrote:

> Windows update won't work, can't redownload the service packs, the worm has
> disabled servicve packs. Microsoft tells me to go to services and check
> automatic updates, background intelligent, and event log. Every time I
> correct from disable setting with the corrected word the worm changes it back
> every time. I'm running XP verison 5.1 Help ! how do I get rid of this worm
> ?
> --
> starman321

Reply With Quote
  #5 (permalink)  
Old 04-24-2009
H Brown
 

Posts: n/a
Re: worm has control of my XP, can't update etc
Nuke your system and start over.
"starman321" <starman@discussions.microsoft,.com> wrote in message
news:74A996D4-11C7-4C18-9812-BEB5976DFAF3@microsoft.com...
> Windows update won't work, can't redownload the service packs, the worm
> has
> disabled servicve packs. Microsoft tells me to go to services and check
> automatic updates, background intelligent, and event log. Every time I
> correct from disable setting with the corrected word the worm changes it
> back
> every time. I'm running XP verison 5.1 Help ! how do I get rid of this
> worm
> ?
> --
> starman321


Reply With Quote
  #6 (permalink)  
Old 04-24-2009
PA Bear [MS MVP]
 

Posts: n/a
Re: worm has control of my XP, can't update etc
There is a very good chance that you are seeing the affects of a hijackware
infection.

1. See if you can download/run the MSRT manually:
http://www.microsoft.com/security/ma...e/default.mspx

NB: Run the FULL scan, not the QUICK scan!

2. WinXP ONLY!! => Run the Windows Live Safety Center's 'Protection' scan
(only!) in Safe Mode with Networking, if need be:
http://onecare.live.com/site/en-us/center/howsafe.htm

3. Run a /thorough/ check for hijackware, including posting the requested
logs in an appropriate forum, not here.

Checking for/Help with Hijackware
http://aumha.net/viewtopic.php?f=30&t=4075
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://www.elephantboycomputers.com/...moving_Malware

**Seek expert assistance in
http://spywarehammer.com/simplemachi...php?board=10.0,
http://forums.spybot.info/forumdisplay.php?f=22,
http://www.dslreports.com/forum/cleanup, http://aumha.net/viewforum.php?f=30
or other appropriate forums.**

If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.
=====================
Start a free Windows Update support incident request:
https://support.microsoft.com/oas/de...spx?gprid=6527

Support for Windows Update:
http://support.microsoft.com/gp/wusupport

For home users, no-charge support is available by calling 1-866-PCSAFETY in
the United States and in Canada or by contacting your local Microsoft
subsidiary. There is no-charge for support calls that are associated with
security updates.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/


starman321 wrote:
> Windows update won't work, can't redownload the service packs, the worm
> has
> disabled servicve packs. Microsoft tells me to go to services and check
> automatic updates, background intelligent, and event log. Every time I
> correct from disable setting with the corrected word the worm changes it
> back every time. I'm running XP verison 5.1 Help ! how do I get rid of
> this worm ?


Reply With Quote
  #7 (permalink)  
Old 04-24-2009
Ǝиçεl
 

Posts: n/a
RE: worm has control of my XP, can't update etc
Hi starman,

Time to format. ;-)

<http://technet.microsoft.com/en-us/library/cc512587.aspx>
-=-




"starman321" wrote:

> Windows update won't work, can't redownload the service packs, the worm has
> disabled servicve packs. Microsoft tells me to go to services and check
> automatic updates, background intelligent, and event log. Every time I
> correct from disable setting with the corrected word the worm changes it back
> every time. I'm running XP verison 5.1 Help ! how do I get rid of this worm
> ?
> --
> starman321

Reply With Quote
  #8 (permalink)  
Old 07-08-2009
peace101
 

Posts: n/a
RE: worm has control of my XP, can't update etc
im hoping you dont have the same worm that i still have which i got in
aug/sep of 2008. if so, formating wont work. in order to get rid of it
partly, this is what i had to do: turn off all but 1 computer on the
network. if more than 1 hardrive installed, disconnect the others and low
level format 1 at a time. the reason being is that the worm monitors itself
and needs any 2 or more drives anywhere on the network. else the program
will shut down. if for any reason you forget to turn off the other computers
or accedintly format another drive and forget to disconnect the drive you
already formated, the worm will reinstall itself..
after thats all done, you need to find an original windows 98 cd or any
original cd that has fdisk and format on it. if you used a burn cd, it will
affect them and again reinstall. use FDISK /mbr to make the master boot
records be identical and then create 1 partition. after that, need to
format. you can prolly get away with your restore disk format, but one thing
that needs to be fixed is that the new computers need to come with factory
restore disk. my burned restore disk even got affected.

after all that, it seems that somehow the cd rom gets affected where when
you put a CD in, it says invalid disk till the third time you put it in. im
trying to ask microsoft how thats possible.
i would suggest you find eather an update to your cmos firmware or hope you
can reinstall, cause im not sure if thats affected, but the worm seems to
still exist.

another problem is, that if you got this same worm that i have, i have a
router and hub that in my log, i get over 1 or 2 thousand incoming blocked
random IP addresses and random PORTS, if im correct, that means that when you
get online, youll still get infected.

this worm monitors a lot, it keeps itself undetectable, intercept all
devices, breaks through any security from both sides of the connection using
smtp and cookies.

good news is that there is a shutoff switch for the worm.
when i sent a distress explaing the worm, i got an incoming from my
firewall, then incoming cookies from support.microsoft.com then the root
certificates it used was being deleted, then the files on the hardrive was
being removed, i copied the file he used to shut it down which was
install.exe in the driver's keyboard folder, but when i ran it, it didnt
work, so if i can findsomeone that knows how to break into the EXE file find
out what detals it uses to remove the worm. i accidently left one machine on
that night and the computer was faster than the first day i bought it. but
i learned that spreading the worm takes priority over removing itself


if this sounds familiar to anyone, please contact me at helpwithvb@yahoo.com
i been fighting this alone, and just recently got some temporary help.



"Ǝиçεl" wrote:

> Hi starman,
>
> Time to format. ;-)
>
> <http://technet.microsoft.com/en-us/library/cc512587.aspx>
> -=-
>
>
>
>
> "starman321" wrote:
>
> > Windows update won't work, can't redownload the service packs, the worm has
> > disabled servicve packs. Microsoft tells me to go to services and check
> > automatic updates, background intelligent, and event log. Every time I
> > correct from disable setting with the corrected word the worm changes it back
> > every time. I'm running XP verison 5.1 Help ! how do I get rid of this worm
> > ?
> > --
> > starman321

Reply With Quote
  #9 (permalink)  
Old 07-08-2009
PA Bear [MS MVP]
 

Posts: n/a
Re: worm has control of my XP, can't update etc
You could await the FBI (per your other threads), you could begin your own
thread in an appropriate newsgroup (instead of hijacking others' threads),
or you could...

Backup your personal data, then do a format & clean install of Windows.
Please note that a Repair Install (AKA in-place upgrade) will NOT fix this!

After the clean install, you'll have the equivalent of a "new computer" so
take care of everything on the following page before otherwise connecting
the machine to the internet or a network and before using a USB key that
isn't brand-new or hasn't been freshly formatted:

5 steps to help protect your new computer before you go online
http://www.microsoft.com/protect/com...nced/xppc.mspx

Also see:

Steps To Help Prevent Spyware
http://www.microsoft.com/protect/com...e/prevent.mspx

Rogue Security Software - Microsoft Security:
http://www.microsoft.com/protect/com...ses/rogue.mspx
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Client - since 2002


peace101 wrote:
> im hoping you dont have the same worm that i still have which i got in
> aug/sep of 2008. if so, formating wont work. in order to get rid of it
> partly, this is what i had to do: turn off all but 1 computer on the
> network. if more than 1 hardrive installed, disconnect the others and low
> level format 1 at a time. the reason being is that the worm monitors
> itself
> and needs any 2 or more drives anywhere on the network. else the program
> will shut down. if for any reason you forget to turn off the other
> computers or accedintly format another drive and forget to disconnect the
> drive you already formated, the worm will reinstall itself..
> after thats all done, you need to find an original windows 98 cd or any
> original cd that has fdisk and format on it. if you used a burn cd, it
> will
> affect them and again reinstall. use FDISK /mbr to make the master boot
> records be identical and then create 1 partition. after that, need to
> format. you can prolly get away with your restore disk format, but one
> thing that needs to be fixed is that the new computers need to come with
> factory restore disk. my burned restore disk even got affected.
>
> after all that, it seems that somehow the cd rom gets affected where when
> you put a CD in, it says invalid disk till the third time you put it in.
> im
> trying to ask microsoft how thats possible.
> i would suggest you find eather an update to your cmos firmware or hope
> you
> can reinstall, cause im not sure if thats affected, but the worm seems to
> still exist.
>
> another problem is, that if you got this same worm that i have, i have a
> router and hub that in my log, i get over 1 or 2 thousand incoming blocked
> random IP addresses and random PORTS, if im correct, that means that when
> you get online, youll still get infected.
>
> this worm monitors a lot, it keeps itself undetectable, intercept all
> devices, breaks through any security from both sides of the connection
> using
> smtp and cookies.
>
> good news is that there is a shutoff switch for the worm.
> when i sent a distress explaing the worm, i got an incoming from my
> firewall, then incoming cookies from support.microsoft.com then the root
> certificates it used was being deleted, then the files on the hardrive was
> being removed, i copied the file he used to shut it down which was
> install.exe in the driver's keyboard folder, but when i ran it, it didnt
> work, so if i can findsomeone that knows how to break into the EXE file
> find
> out what detals it uses to remove the worm. i accidently left one machine
> on that night and the computer was faster than the first day i bought it.
> but i learned that spreading the worm takes priority over removing itself
>

<SNIP>

Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Hackers update Conficker worm, evade countermeasures Steve Security News 0 03-09-2009 17:00
Cant open Control Panel run windows update defender update CountyMan microsoft.public.windows.vista.performance maintenance 2 06-05-2008 22:51
Article ID: 927532 When you use Windows Update to install an update in Windows Vista, the update may not appear in the Programs and Features item in Control Panel KBArticles English 0 10-22-2007 20:00
Virus Center: Worm spreads in the guise of a Security Update Steve Security News 0 04-10-2007 15:05
3/1: SunOS/Wanuk.worm Detects Solaris Telnet Worm Paul Security News 0 03-01-2007 22:49




All times are GMT +1. The time now is 00:09.




Driver Scanner - Free Scan Now

Vistaheads.com is part of the Heads Network. See also XPHeads.com , Win7Heads.com and Win8Heads.com.


Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.7
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.6.0 RC 2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120