[rian222]

I have a pretty bad Virus. I just happened to have virus protection disabled at the time I got it. I downloaded what I thought was a good file, and i disabled virus protection while I tried to install it. So i installed it, and it put some icons on my desktop like 'Online Games' and 'Remove Spyware' which just looked to me like a way to lure me in and make the problem worse. It also randomely pops up popups about anti-spyware stuff and porn. I just exit those. It also added some pages in my 'Favorites' section in IE. I downloaded avast home edition (the free one), updated it fully and ran it. it detected about 5 and told me it wanted me to restart the computer so it can scan the computer before windows loads. I let it do this and it found about 20. I logged back in to windows, and resident protection loaded up, and then the yellow shield with an '!' appeared down in the corner that said 'downloading updates 0%' I thought 'this is an odd time for updates'. Avast popped up and said 'virus detected'. And it stopped the 'windows updating' thing. My guess is that windows want really updating because my sister has the EXACT same computer as me but without a virus and hers doesn't want to update. Anyway, I thought avast had things taken care of so I tried playing Americas Army. It would minimize americas army and say, 'virus detected' about every 10 mins. i would tell it to add virus to chest everytime. And another thing, my computer is running REALLY slow with all this going on. It took about 20 mins for me to go from desktop to ingame for americas army. The gameplay was smooth though.

Another problem, I think this is separate though. Before all this virus stuff, I bought an mp3 player. I came home, plugged it in, put mp3s on it and unplugged it. Then i noticed cat 6.6 was out. So i downloaded those and installed them. Every now and then an applet comes up that says 'please insert disk' and it says 'WINDOWS' on the headbar. It also has 3 buttons that say 'Ok' 'cancel' and 'continue'. I can push any combination of the buttons i like and i still get the same effect. I push 3 buttons and it goes away.I dont have a winxp cd though. Mine came installed on my computer. I also tried going to microsoft.com and updating windows manually. But it keeps saying problem detected. As soon as the avast virus thing comes up again, i will let you know the name and location of the virus. I do remeber that it was in C:/windows/system32/..... though

I dont know if these 2 probs are related, but I REALLY REALLY need help. Windows malicious software removal tool has been running for about 10 mins with no probs dected yet.

And on top of all this, i am still having the probs mentioned in this thread:

http://driverheaven.net/showthread.php?t=107485

Any help would be GREATLY appreciated, thx.

[niceguyrichy]

mmm, that sounds familiar.

when Avast pops up with the "virus detected" window, copy the filename it pops up and post it, help narrow it down

(try googling 'Spyfalcon' and see if that looks familiar)

[rian222]

[rian222]

I am now creating a list of files that come up when that happens.

-C:\WINDOWS\system32\1024\ld2DF5.tmp\[Upack]
-C:\WINDOWS\system32\1024\ldF988.tmp\[Upack]
-C:\WINDOWS\system32\1024\ldCE43.tmp\[Upack]
-C:\WINDOWS\system32\1024\ldF40B.tmp\[Upack]
-C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\7PRBGPBE\WinAntiVirusPro2006Free Install[1].cab\UWA6P_0001_N73M0604NetInstaller.exe
-C:\WINDOWS\system32\1024\ldFD02.tmp\[Upack]
-C:\WINDOWS\system32\1024\ld3E8C.tmp\[Upack]
-C:\WINDOWS\system32\1024\ld7193.tmp\[Upack]
-C:\WINDOWS\system32\1024\ld366A.tmp\[Upack]
-C:\WINDOWS\system32\1024\ldD0E7.tmp\[Upack]
-C:\WINDOWS\system32\1024\ld9DF4.tmp\[Upack]
-C:\WINDOWS\system32\1024\ldBBEC.tmp\[Upack]
-C:\WINDOWS\system32\1024\ld634.tmp\[Upack]
-C:\WINDOWS\system32\1024\ldC96C.tmp\[Upack]
-C:\WINDOWS\system32\1024\ld3FAA.tmp\[Upack]
-C:\WINDOWS\system32\atmclk.exe\[Upack]
-C:\WINDOWS\system32\1024\ldB4DA.tmp\[Upack]
-C:\WINDOWS\system32\1024\ldDC38.tmp\[Upack]
-C:\WINDOWS\system32\1024\ld1EFC.tmp\[Upack]
-C:\WINDOWS\system32\1024\ld3E5B.tmp\[Upack]
-C:\WINDOWS\system32\1024\ldEBFC.tmp\[Upack]
-C:\WINDOWS\system32\1024\ld1CDF.tmp\[Upack]
-C:\WINDOWS\system32\1024\ldC53F.tmp\[Upack]
-C:\WINDOWS\system32\1024\ld6FA8.tmp\[Upack]
-C:\WINDOWS\system32\1024\ldEC79.tmp\[Upack]
-C:\WINDOWS\system32\1024\ld8212.tmp\[Upack]
-C:\WINDOWS\system32\1024\ld7C36.tmp\[Upack]
-C:\WINDOWS\system32\1024\ld7BD8.tmp\[Upack]

[niceguyrichy]

try this page to get rid of it (it's a bit of reading, but is worthwhile )

THIS is also worth a read for that particular trojan

[rian222]

I checked my virus chest and found out that I have all these viruses in it:

[rian222]

hmm, its too small

[Partizan]

Download and install Ewido antispyware software, Spybot 1.4 and Lavasoft ad-aware and run the updates on them. The first one is trialware the other freeware for personal use. Clear Internet explorer cache and delete all temporary internet files.

Start windows in safemode (hit F8 at start and choose safemode from the menu). Run avast and all the above software, and delete all infected files.

This should solve the problem.

[EDIT]
I believe you got infected with Smithfraud-C, according to your simptoms.

[rian222]

[rian222]

darn, still not right

[rian222]

ok, partizan, yer idea solved the problem. But smithfraud-c wasn't detected ans spyfalcon was. Nevertheless, my computer is almost back to regular state. I have one question though. I was noticing all the programs starting up when i get into windows. there is nothing in the startup folder though. I was wondering if there was an official or unofficial program that you can manage your startup programs with so I dont have to do them all manually to make them stop starting up.

[Partizan]

I am using Tuneup Utilities, but you can also use regedit (and look for the following entries:
Hkey_Local_Machine\Software\Microsoft\Windows\Curr entVersion\Run,
Hkey_Current_User\Software\Microsoft\Windows\Curre ntVersion\Run)
or even msconfig and look under startup.

Both regedit and msconfig are started from Start/Run menu.

Regards, Partizan

[Dyre Straits]

Quote:

Originally Posted by rian222

ok, partizan, yer idea solved the problem. But smithfraud-c wasn't detected ans spyfalcon was. Nevertheless, my computer is almost back to regular state. I have one question though. I was noticing all the programs starting up when i get into windows. there is nothing in the startup folder though. I was wondering if there was an official or unofficial program that you can manage your startup programs with so I dont have to do them all manually to make them stop starting up.

I can highly recommend Crap Cleaner. If you Google for CCleaner that'll get you to a download site for the latest version.

This app will let you clean the Registry, Clean out Junk Files, determine which Internet Cookies you want to keep, AND, it will very easily allow you to decide with apps to Startup.

It takes a lot of guesswork out of the equation.

[PangingJr]

if you just wanted to stop any programs that put an entry in the Run registry keys to start itself with Windows as well as any programs that places its shortcut into the 'Startup' folders then i like to recommend using a small freeware program called Startup Control Panel - www.mlin.net/
the program is very easy to use, you can first try to stop each start ups program by uncheck front of the program name and see if any problem occurs when the program is not running with the Windows startups...



i also like to recommend against running any automated registry cleaning in Windows XP.
there may be times when a registry cleaner can be helpful in finding specific entries faster than using the Windows's regedit tool when an uninstall goes bad and the remnants are making a re-install difficult or impossible, if that ever happens to you, i recommend you check with the author of the problem program for the problem registry entry.

an automated registry cleaning is the most overrated tool for XP maintenance, using an automated registry cleaner program in XP is not necessary and it can cause problems to your Windows software system.

Quote:

http://groups.google.com/groups?hl=e...ic.windowsxp.*

These Registry Cleaner programs are "evil" things. Each release of Windows introduces subtle changes in how the registry is used by different programs and areas of the operating system. If you are using an older version of a cleaner or the developer of the cleaner isn't all that swift you have a screwed up system.

With Windows XP the registry is mapped into kernel memory through the memory manager. Meaning that the Registry, regardless of disk file size, will never use more than a few sections of cache memory in most situations with up to the maximum of 4M of RAM on a heavily used system. The 'normal' amount of RAM the registry will use is between 256 and 512k of memory. Which is insignificant compared to the dangers of using a registry cleaner.

Pinchbeck is correct-however occasionally it may be necessary to get rid of some junk that an uninstall of a programme has left behind.
All the good reg cleaners have a back up facility which will allow you to undo any changes if and when things go wrong

You're going to get a lot of conflicting opinions about this. You really don't need registry cleaner in XP. While some may disagree on that note, as
you pose your question you describe yourself as a novice. Even for the most experienced, a registry cleaner is frought with danger.

If you are not prepared for a complete reformat, all your data backed up, the ability to reinstall all your applications, use of a registry cleaner is
not something you should do.

Most of them a pretty simple, some will even describe what each key does and offer recomendations but these things are not perfect and setups are not identical. Thre are few things about which you need to be more cautious than with the use of a registry cleaner. Even those who would disagree with me about the need will likely tell you the same thing. You need to be prepared for the worst case scenario. If it messes things up to that point, you'll go through a lot of work bringing things back the way you want them and the potential "good" a registry cleaner does would be far outweighed by what you'd go through if things go wrong.

One other point, some might suggest making a restore point with System Restore before using a reg cleaner and I'd certainly concur. The only
problem is, it's possible the reg cleaner could break System Restore and then where would you be? Even if it doesn't, there are some things beyond which even System Restore wouldn't be able to fix.

[sonarmaster]

may you shouldt try the TREND MICRO.COM site. There you'll find online scanning tools virus signature and solutions to solve virus problems.

[Dyre Straits]

@ PangingJr:

I get the impression that you most certainly do not approve of my recommendation of Crap Cleaner.

So, let me address it this way: I'm using XP PRO and haven't had to reinstall my OS for many, many months. Even when I did.....some time early last FALL, it was a REPAIR and not an reformat and new installation.

I've been using Crap Cleaner on a regular basis for several months and run the Issues option -- as well as the Cleaner -- on a regular basis. The developers of Crap Cleaner do an excellent job of updating the software about every month or so. These tend to coincide with the Windows Updates that are released monthly.

Having used Windows programs since Windows 3.1, Windows 95, Windows 98, Windows 98SE, Windows XP Home, and Windows XP PRO, I do feel I have more than a 'novice' understanding of Windows.

I also completely respect your own expertise when it comes to Windows and computers. You're very capable and your help is very, very much appreciated.

While I completely concur that there are many Registry Tweakers/Cleaners that should NOT be used, I still can highly recommend Crap Cleaner to those who don't feel comfortable doing any manual Registry Editing.

I believe there are many other experienced users on this forum who have had the same excellent experience with Crap Cleaner, too.

So, I might ask if you have actually even tried this program before totally trying to shoot it down? I don't intend to reinstall Windows every 3 - 4 months on a reformat just to get the Registry cleaned up.

As I said before, I'm not quick to recommend a program if I haven't had good success with it myself.

Let me give you the latest example of how Crap Cleaner can help clean up the Windows Registry.

Just tonight, when I arrived home, there were brand new Windows Updates available for me to select and install. One of these was a newer version of the NET Framework.

After installing these Updates, I was prompted to reboot the computer. I did so.

Then, once I was back into Windows, I ran Crap Cleaner and cleaned up the temp files first. Then I ran the ISSUES option which checks the Registry integrity.

Check for yourself what Crap Cleaner detected in the image below. You'll notice that, since Microsoft had updated the NET framework, there were now some obsolete entries for NET Framework 1. These are the only things that Crap Cleaner detected and I was able to clean those out very easily and painlessly with the program. After doing so, I rebooted without any issues or problems.




Now, the question I have: Per some of the quoted resources, Windows XP is supposed to take care of these things itself. If so, why didn't it do so when I rebooted after doing the Updates? Simply put, it doesn't. Therefore, we do need to either be able to manually clean up the Registry, OR use a program that does it for us, OR do a reformat and clean install every so often.

For my own sanity, I'll use a program to do it for me.

[PangingJr]

if an automated registry cleaner is to be installed on my system it would take more of my hard drive space than what it can clean on my system.

the method of registry accesses in XP is different, it's not sequential, and is also no more size limit of the registry in XP,
so the number of orphans keys is not so important if they have some. the claim of any registry cleaner vendors about performance and optimisation factor is an hoax.

i have nothing against the program but the below quotes messages are true up to my knowlaged,
i do not have to use any automated registry cleaner on any XP's that i have and they all are working just fine for years.

Quote:

http://groups.google.com/group/micro...rch+this+group
microsoft.public.windowsxp.perform_maintain

The correct definition of registry cleaner is "something that causes more problems that it cures".

Quote:

http://groups.google.com/group/micro...rch+this+group
microsoft.public.windowsxp.perform_maintain

Most cleaners I have encountered will also clean out things which you in fact really need. Including probably quite a lot in that 300. Unless you have enough knowledge to decide what is safe and what not you are better not to use them. And if you have the knowledge, you can do it manually. The amount of cleaning that can safely be done in a typical XP registry is a pretty small proportion, and on the whole the best course for most people is to leave it alone.

Quote:

Hi. Mark's article
http://www.sysinternals.com/blog/200...t-of-life.html

[Q] "Hi Mark, do you really think that Registry junk left by uninstalled programs could severely slow down the computer? I would like to 'hear' your opinion.

[A] No, even if the registry was massively bloated there would be little impact on the performance of anything other than exhaustive searches.
On Win2K Terminal Server systems, however, there is a limit on the total amount of Registry data that can be loaded and so large profile hives can limit the number of users that can be logged on simultaneously.
I haven't and never will implement a Registry cleaner since it's of little practical use on anything other than Win2K terminal servers and developing one that's both safe and effective requires a huge amount of application-specific knowledge.
# posted by Mark Russinovich : 9:41 AM, October 07, 2005"

[Dyre Straits]

I will simply refer those who are not sure for themselves to this excellent article (written in PDF) 4 Myths About Windows XP Registry Cleanup

http://www.amustsoft.com/products/RegistryCleaner/amust%20software%20-%204%20myths%20about%20windows%20xp%20registry%20c leanup.pdf#search='Cleaning%20the%20Windows%20XP%2 0Registry'


Two brief paragraphs in the Introduction are hereby quoted:

If you have a brand new computer your registry is clean and healthy. However, over time it accumulates old and incorrect records which can lead to system errors and slowdown in performance. In addition, spyware, keyloggers, viruses, and Trojan horses use registry to manipulate the system.


Registry is the most sensitive and critical element of the Microsoft operating system. Cleaning and repairing registry requires knowledge and expertise. Doing it the wrong way can lead to more problems and even fatal system errors. Doing it the right way will lead to less system errors and better performance.


This same statement is generally shared by IT Professionals wherever I check for information re: Windows XP Registry and the problems that can be attributed to a bloated one that is filled with obsolete entries.

I'll leave the rest of the discussion to allow the users to decide for themselves based on the opinions of those professionals in the field.

But, as for me, again, I'll rather keep my Registry trimmed to only what's needed.

The debate has been healthy, but, I see we're neither one going to budge in our opinion of the subject.

[PangingJr]

okay, i admit that i used to think for a second here and there before (but not any more in the past years) that should i run an automated registry cleaner on my system? but as of many years that i've been using the XP i stongly believe that a 1,000 unused entries means nothing to XP performances.

it seems to me that you "want" to clean registry in your system more than it's actually need to be cleaned.
here is a pic of the regrun which shows the number of the registry accesses of Windows system and applications in around 5 minutes or so, as i've said something like this before somewhere in these forums, and as you can see here that under my system there are over a half million registry entries has been accessing.



now, allow me to talk about my system and myself first, and reason why i don't want to use any automated registry cleaner on my system and don't suggest anyone to use it. i may know some, but can/will not know/understand everything about Windows's registry,
but i always believe that each and every system's (this includes the installed application's) can have a very different registry.
so it's very simply because i don't think anyone knows "everything" about my Windows's registry and since i can't either, so i don't "want" to clean any registry entries that i do not know about, so if i use an automated registry cleaner it would have detected many entries that i cannot know about, and then just left me with just some of the MRU's entries (such as some of my text editor or my zip utility programs's most recent used entries) which i've never cared about anyway.

and now what you think? you've got to be kidding me IF you tell me that you believe the automated registry cleaner that you have been telling people about knows your system registry very well (also seems that you think it knows everyone system's as well). no?

[Dyre Straits]

I agree that I likely clean my Registry more than is needed. But, as I mentioned to you earlier, I do a LOT of installing/uninstalling, moving things around, etc. So, it's much easier to keep it clean than it is to let things get so cluttered and to become so bloated. It takes the program a total of maybe two minutes to do the job.

That aside, the only things that CCleaner looks for are those things that I have checked for it to look for in the left column of the image I posted above.

And, after cleaning things up last night, then doing the Windows Updates tonight...which is all I've had time to do....it appears that CCleaner has done the job of finding the newest obsolete entries.

CCleaner is only 1.38 MB in size to download. It uses a very little amount of HD space and, in addition to working well on the Registry, it also works quite well to remove actual temp files...which at times I've had well over 100 MB of them....after much WEB browsing, downloading of movies/videos, etc.

In addition, I can also use it to Delete Startup programs and even Uninstall programs instead of using the Windows Add/Remove app.

You're quite free and welcome to continue on as you've done. And, I'll continue on as I'm doing. I don't see the need to continue the debate at this point as we're both pretty well set in our own opinion.


EDIT: You don't have to take my word for it:

What others have to say about Crap Cleaner:
http://fileforum.betanews.com/review...?sortby=rating

[PangingJr]

no, not that... it's just when i'll never use it anyway it's a wasted application. so, to me it's more than a wasted of space.
if the app can do more than an automated registry cleaning then it's fine.
but you see, sometimes, when i can i like to encourage people to understand their own systems and learn how the things can be done manually by themselves first.