help! possible virus!

  gizzyx 02:07 17 Jan 04
Locked

each time i connect to the internet, a "my computer" window opens up at C:\WINDOWS\SYSTEM. in msconfig on the startup tab, there are 2 entries with no description, but a reference to C:\WINDOWS\SYSTEM. if i untick them, the next time i reboot they are ticked again. i have run AVG (up-to-date) but no virii are found. any ideas, chaps?

  Chegs ® 02:30 17 Jan 04

I have one in msconfig/startup thats simply C:/W SOFTWARE\Microsoft\Windows\Current Version\Run that does the same.To disable it involves registry editing,and I tend to leave my registry alone now,as previously tweaking registry inevitably broke my windows.If AVG cannot find anything on your puter,then your machine hasn't got any nasties. :-)

  kimjhon 02:37 17 Jan 04

Peruse the list that this little prog generates.
click here

Virii (Like it!)

  kimjhon 02:38 17 Jan 04

Sorry

The prog : Hijack This

  Big Elf 10:58 17 Jan 04

Download and run these:

Spybot click here

AdAware click here

SpywareBlaster click here

Post the log generated by HiJack This before selecting items to remove. When I ran it on my PC it generated about 20 items,all legitimate.

  spuds 12:15 17 Jan 04

If you have got a nasty, look it this click here

Could could also download Avast Virus Cleaner,which will find it, then refer you to AVG [if installed].

  gizzyx 12:05 19 Jan 04

thanx guys. haven't been online 4 a while but will try these suggestions.

  gizzyx 12:38 19 Jan 04

tried to post the HiJack log but was unable to. maybe it exceeds the permitted 800 words...there are loads of entries!!!! i will try to remove what i think it is safe to

  gizzyx 13:03 19 Jan 04

bit defender online scan found nothing
thanx anyway

  gizzyx 13:28 19 Jan 04

this is what's left after removing what (i hope) was safe to remove...
Logfile of HijackThis v1.97.7
Scan saved at 12:31:13, on 19/01/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\ptsnoop.exe
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\E_S10IC2.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\DOWNLOADS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = click here
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\Program Files\Copernic 2001 Pro\Search Bar.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = click here
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = cod's web quest
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
O8 - Extra context menu item: Search Using Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htm
O8 - Extra context menu item: Bookmark This Page - C:\Program Files\CommonName\AddressBar\createbookmark.htm
O8 - Extra context menu item: Add A Page Note - C:\Program Files\CommonName\AddressBar\createnote.htm
O8 - Extra context menu item: Email This Link - C:\Program Files\CommonName\AddressBar\emaillink.htm
O8 - Extra context menu item: Search using CommonName - C:\Program Files\CommonName\AddressBar\navigate.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Launch Copernic Agent (HKLM)
O9 - Extra button: Copernic Agent (HKLM)
O11 - Options group: [CommonName] CommonName
O14 - IERESET.INF: START_PAGE_URL=click here
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - click here
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - click here

  Big Elf 14:31 19 Jan 04

You could post the list in small chunks, say 10 at a time.

I'm slowly working through the list but haven't found anything so far.

Do you still get the 'my computer message' thing?

Did the other programs I recommended pick up anything?

This thread is now locked and can not be replied to.

How to get Windows 10 for free | How to install Windows 10: There is still a way to avoid paying…

1995-2015: How technology has changed the world in 20 years

Alex Chinneck’s giant ice cube Christmas tree at Kings Cross

Apple rumours & predictions 2017: The iPhone 8, new iPads, and everything else you should expect fr7…