help! possible virus!

  gizzyx 02:07 17 Jan 2004
Locked

each time i connect to the internet, a "my computer" window opens up at C:\WINDOWS\SYSTEM. in msconfig on the startup tab, there are 2 entries with no description, but a reference to C:\WINDOWS\SYSTEM. if i untick them, the next time i reboot they are ticked again. i have run AVG (up-to-date) but no virii are found. any ideas, chaps?

  Chegs ® 02:30 17 Jan 2004

I have one in msconfig/startup thats simply C:/W SOFTWARE\Microsoft\Windows\Current Version\Run that does the same.To disable it involves registry editing,and I tend to leave my registry alone now,as previously tweaking registry inevitably broke my windows.If AVG cannot find anything on your puter,then your machine hasn't got any nasties. :-)

  kimjhon 02:37 17 Jan 2004

Peruse the list that this little prog generates.
click here

Virii (Like it!)

  kimjhon 02:38 17 Jan 2004

Sorry

The prog : Hijack This

  Big Elf 10:58 17 Jan 2004

Download and run these:

Spybot click here

AdAware click here

SpywareBlaster click here

Post the log generated by HiJack This before selecting items to remove. When I ran it on my PC it generated about 20 items,all legitimate.

  spuds 12:15 17 Jan 2004

If you have got a nasty, look it this click here

Could could also download Avast Virus Cleaner,which will find it, then refer you to AVG [if installed].

  gizzyx 12:05 19 Jan 2004

thanx guys. haven't been online 4 a while but will try these suggestions.

  gizzyx 12:38 19 Jan 2004

tried to post the HiJack log but was unable to. maybe it exceeds the permitted 800 words...there are loads of entries!!!! i will try to remove what i think it is safe to

  gizzyx 13:03 19 Jan 2004

bit defender online scan found nothing
thanx anyway

  gizzyx 13:28 19 Jan 2004

this is what's left after removing what (i hope) was safe to remove...
Logfile of HijackThis v1.97.7
Scan saved at 12:31:13, on 19/01/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\ptsnoop.exe
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\E_S10IC2.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\DOWNLOADS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = click here
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\Program Files\Copernic 2001 Pro\Search Bar.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = click here
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = cod's web quest
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM\E_SRCV02.EXE
O8 - Extra context menu item: Search Using Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htm
O8 - Extra context menu item: Bookmark This Page - C:\Program Files\CommonName\AddressBar\createbookmark.htm
O8 - Extra context menu item: Add A Page Note - C:\Program Files\CommonName\AddressBar\createnote.htm
O8 - Extra context menu item: Email This Link - C:\Program Files\CommonName\AddressBar\emaillink.htm
O8 - Extra context menu item: Search using CommonName - C:\Program Files\CommonName\AddressBar\navigate.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Launch Copernic Agent (HKLM)
O9 - Extra button: Copernic Agent (HKLM)
O11 - Options group: [CommonName] CommonName
O14 - IERESET.INF: START_PAGE_URL=click here
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - click here
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - click here

  Big Elf 14:31 19 Jan 2004

You could post the list in small chunks, say 10 at a time.

I'm slowly working through the list but haven't found anything so far.

Do you still get the 'my computer message' thing?

Did the other programs I recommended pick up anything?

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Best phone camera 2017

Stunning new film posters by Hattie Stewart, Joe Cruz & more

iPad Pro 10.5in (2017) review

28 astuces pour profiter au mieux de votre iPhone