I think I have a virus. What do I do?

  Ridleyrider 09:05 24 Feb 04
Locked

I am running Windows XP Professional, 512MB DDR, 80GB hard drive & AMD Athlon 2400. Norton antivirus running (skipped the last update for 5 days).

I do not have AdAware, CWShredder or Spyware active.

The problems I have experiened are;

- Can't use any software
- Can't download any software
- IE running slowly
- Can't save any pages to favourites on IE
- PC hangs on IE pages & sometimes with control panel
- Programs not responding
- Can't print
- Reporting rundll32.exe errors

After searching for help, I have tried (with no joy);

- Searching for rundll32.exe file (found)
- Scanning PC for virus using Norton (it got stuck after 10 hours of scanning)
- Scanning for virus using Trend. It wouldn't work.
- Restoring to an older date
- Running in Safe Mode
- Clean boot
- Downloading fixes (SPyware, CWShredder, AdAware) but I can't download anything

I do not have the original copy of Windows as I bought the PC second hand.

So, I cant run the disc over the top.

It seems to me that I may have a virus.

What do I do?

I think I need to buy an original copy of Windows (XP Home & no Professional as Professional seems overpriced & PC is only used for home use).

How do I save my films, pictures & music to a disc if I can't run my CD creator software? Also, how do I save things to disc as a compressed file (i.e save several music albums or films to one disc). Is this called a data CD?

How do I wipe my computer clean so I can load a new OS?

  Jester2K 09:11 24 Feb 04

rundll32.exe is not necessarily a virus!!!

click here

I assume Norton was up to date?

  Jester2K 09:13 24 Feb 04

Can you goto Start Mneu, Run, type MSCONFIG and hit enter. Then list all the programs under Start Up Tab.

Only need the names from the left hand column.

  anon1 09:19 24 Feb 04

oh wow so many questions, it seems that you are panicking a bit. Are you using broadband or dial up? You say you tried scanning with trend was that the online housecall click here
or some other. If you are infected then system restore will be infected too and that means each time you use system restore you will reinfect. Norton should scan and find any virus unless it is a new one for which you do not have the update. You could try click here and download the free avg antivirus (assuming you can connect and you seem to be connected here) Post here any error messages that you are getting, rundll errors are quite common. Try click here

  Ridleyrider 09:54 24 Feb 04

I'm on broadband.

I have tried Trend Housecall & it wont work.

I can't download anything (I get 'unable to create file path' messages). So I can't get AVG antivirus. For the ame reason, i an't use any checks like PCDocRXOncall.

Jester - I have done the misconfig & here are the programs under the Startup tab

CTHelper
Winampa
realsched
SysTray
ShowBehind
remhelp
qttask
OrgyCam
Msgplus
GSICON
TopMoxie
dslagent
ccregvfy
ccApp
blss
ADVCHK
DirectCD
@tour_gb[1]
47428530
PSFree
msnmgr
WCESCOMM
ZoneAlarm
NKYMon.exe
Miscrosoft Office

I thought I had removed the OrgyCam one which may be the source of the problem?

  Jester2K 10:06 24 Feb 04

How many of these programs do you recognise and know you need starting up?

  Ridleyrider 10:22 24 Feb 04

Zone Alarm & MS Office are the only ones I know need starting up.

I recognise these

Winampa (music player)
msnmgr

These could go if necessary.

I don't recognise any of the others

  Jester2K 10:36 24 Feb 04

CTHelper - click here

Winampa - WinAmp (REMOVE)

Realsched - Real Player (REMOVE)

Systray - click here

ShowBehind - click here (REMOVE)

RemHelp - BT Voyager ADSL Modem Help related

qttask - Quick Time (REMOVE)

OrgyCam - ;-) (REMOVE)

MSGPLUS - Third party MSN Messenger extension that hides banner ads and adds archiving and other useful features. Appears not to work unless checked, but may be activated after startup. Not recommended as it includes Lop.com (REMOVE)

GSICON - ADSL modem monitor from Eicon Networks (as used by BT for its Broadband internet service for example). Can safely be disabled without affecting the connection - all this does is give an indication of connectivity and access to the diagnostic facilities

TopMoxie - Marketing software from TopMoxie (REMOVE)

DSLAgent - ADSL

ccregvfy - Part of NAV

ccApp - Part of NAV

blss - CBlaster trojan/dialer/downloader (REMOVE)

advchk - part of NAV

Direct CD - Part of Easy CD

PSFree - Pop-Up Stopper Free from Panicware. Pop-up blocker integrated into the IE toolbar. Note that the Pro version doesn't load in startup as it is installed as an Internet Explorer toolbar. Can cause problems with IE if you use WinXP and uninstall Service Pack 1. Uninstalling the software leaves it in the startup group

msnmgr - MSN

WCESCOMM - Active sync for use with Windows CE based palm PC

@tour_gb[1] 4742853

  temp003 10:36 24 Feb 04

You can disable most of the stuff in msconfig startup, except systray and Norton. Restart and do a scan for viruses. Better yet, go into Safe Mode and do a scan.

Also do a scan using spybot s&d or adaware.

Just looking at msconfig shows the mess (I'm afraid). You can definitely get rid of ShowBehind, OrgyCam and that thing called @tour_gb...

  Jester2K 10:36 24 Feb 04

Then reboot. Scan with NAV, get Adware / Spybot (use a mates PC and a CD) and scan and clean up...

  Jester2K 10:39 24 Feb 04

@tour_gb[1] 47428530 = ??????

This thread is now locked and can not be replied to.

Best phone camera 2016/2017: Galaxy S7 vs iPhone 7 vs Google Pixel vs HTC 10 Evo vs OnePlus 3T vs…

1995-2015: How technology has changed the world in 20 years

These are the Best Christmas Ads and Studio Projects of 2016

Super Mario Run preview | Hands-on first impressions of Super Mario Run: Mario's iPhone & iPad…