Jump to content
Sign in to follow this  
Wademan

I have The Kama Sutra WorM

Recommended Posts

You probably still have some left over junk particles. Good that jotti found nothing, the file is okay.

 

Let's make a reg backup:

1. Backup the registry by going to Start>Run> and type "regedit" without the quotes. Then on the file menu choose ‘export’ in XP. Export the file to your Desktop. Name it today's date. You will see a new icon. Leave it alone until you're sure your system is stable.

 

*****If a restore of the registry is required in case of emergency, just click on the exported regfile on your desktop, and answer YES to the question whether you want to merge this file with the registry. Wait until you get a message saying something like Merge Successfull.

Do you have CCleaner? If not, download it http://www.ccleaner.com/

Before first use, check under Options, Settings, and ensure "Only delete files in Windows Temp folder older than 48 hours" is unchecked.

 

In the Windows Tab:

 

Clean all entries in the "Internet Explorer" section except Cookies.

Clean all the entries in the "Windows Explorer" section

Clean all entries in the "System" section (prefetch, etc)

 

In the Applications Tab:

 

Clean all except cookies in the Firefox/Mozilla section if you use it.

Clean all in the Opera section if you use it.

Clean Sun Java in the Internet Section.

 

Then click the "Run Cleaner" button

 

Reboot, and download RegSeeker http://www.hoverdesk.net/freeware.htm .

 

Extract it to it's own folder, open and double click RegSeeker.exe to start the program.

Maximize the window and click clean registry. (in the left column)

Check all sections and click OK.

 

When the scan is complete, verify the backup box in lower left corner is checked and click the select all button, then select all again.

Then right click within the search results and select delete.

 

Run it again and again, deleting everything it finds until it finds nothing. Reboot and make sure your programs are working properly, control panel and add/remove programs windows open, etc (basically just do a quick check of everything).

 

In the event anything was 'broken', you can open RegSeeker, click backups and double click any/all files to put the information back. (or use the emergency reg.file on your desk)

 

A reboot may be required for the effects to be seen.

 

Reboot When done, scan again with MWAV and let's see if the log is clean now.

 

Yes Jacee i have ccleaner, ran it..got regseeker, wow it found 540 things! you absolutly sure its safe to remove?...I never mess with registery as I have heard way too many horror stories, where people have used these types of "reg cleaners" an totally screwed up there pc. I did export to desktop the regedit file...but i kinda scared to delete 540 things regseeker found... :blink::unsure: so i will await for confirm response from you...I know or realize that the backup "should' protect registry but reviwes of this said that is not always 100% true... :unsure: Edited by Wademan

Share this post


Link to post
Share on other sites

Take a look at what RegSeeker found.....you can delete one at a time if you want to.

 

I've used the program on all three of my computers (I didn't have 540 things!)....

Share this post


Link to post
Share on other sites

Take a look at what RegSeeker found.....you can delete one at a time if you want to.

 

I've used the program on all three of my computers (I didn't have 540 things!)....

 

yeah yeah but jacee u like a goddess of computers,ie, super duper smart an all that jazz....LOL..take a long while do delete one at a time...ugggg...i read 34 reveiws of regSeeker, many swear by it, but 4 had to reformat, even with reg back up :blink: ...ill try tho, since i trust the pc goddess here, aka jaycee....cross ya fingers...btw housecall ran last Night, first time since these problems, found 2 things win32_ext virus, i think that was name..panda still wont run nor nortons online...ok..ill mess with RegBlowUpPc now..an report back...asap. :unsure: ..TY jacee ;)

EDIT: btw i have onboard for years Reg fixer by Ontrack part of system suite 4.0, rated #1 at pcworld.com mag,..anyways, i ran it as a comparsion to regSeeker, it found only 141 problems..it lists them in green ( 100% safe to remove ) yellow ( use caution ) red ( use extra caution )..i wonder why the big discrepancy...post back soon.. :unsure:

Edited by Wademan

Share this post


Link to post
Share on other sites

Take a look at what RegSeeker found.....you can delete one at a time if you want to.

 

I've used the program on all three of my computers (I didn't have 540 things!)....

 

wow had problems with desktop an boot up after delete...all them...restored i think...still the MMAv finds those 5 things... :mrsgreen: I may switch to BitDefender AV..but, i wanna try the regSeeker again...an do as ya said again..but not delete all 541 things...ugggg :mrsgreen:

Share this post


Link to post
Share on other sites

wow had problems with desktop an boot up after delete...all them...restored i think...still the MMAv finds those 5 things... :mrsgreen: I may switch to BitDefender AV..but, i wanna try the regSeeker again...an do as ya said again..but not delete all 541 things...ugggg :mrsgreen:

 

guess jacee hasnt seen this yet..well Iam not sure now what i should do..541 entries in RegSeeker, removed em all an pc wouldnt even boot right, had to use "last known good configeration"...how in hell can i go thru 541 reg problems...?..I mean even if i sit here 6 hours a day for a week..an research each an every RegSeeker reg clean up files, how would i even know which ones are safe to remove? :unsure: .. I know some need cleaned as they left over files from programs i removed over 6 months ago, but many others dont even know what they are.....so...any ideas?... :unsure: I wish regSeeker had the entries labeled in , green, yellow, an red...red being ones ya use caution to remove, green being totatly safe, but it only has em green an red..an lots of red ones..over 200... :unsure: an the virus files are still in MMAV

Share this post


Link to post
Share on other sites

Use the Reg fixer by Ontrack then.

 

You can always Google what you aren't sure of....write it down.

Share this post


Link to post
Share on other sites

Use the Reg fixer by Ontrack then.

 

You can always Google what you aren't sure of....write it down.

 

Well Jacee, I used 2 reg cleaners..removed alot...used tweak now reg cleaner that dunaster here gave me,..BUT same virus/spyware shows in the scanner u gave me ( MMAV )....so what now?..took me 4 days to do all this :mrsgreen: ...also i have ccleaner, is it good?it finds another 88 reg problems, BUT...some are windows updates???what the heck?...I mean I shouldnt remove those, right??..it also has tons of other stuff to remove...109mb, i used cyber scrub Pro daily to clean out ALL interent cache, cookies, files, an much more..so unceartain as if i should even use CCleaner...your imput is so much appreciated jacee, or anyone else's here...also, odd Panda online sacnner...still wont work, an they email me in spanish...ODD, an error is in spanish on active scan :blink: BitDefender, Housecall, mcafee online scanners show ZERO.....still VERY conecerned about what MMAV found... :mrsgreen:

Share this post


Link to post
Share on other sites

Well Jacee, I used 2 reg cleaners..removed alot...used tweak now reg cleaner that dunaster here gave me,..BUT same virus/spyware shows in the scanner u gave me ( MMAV )....so what now?..took me 4 days to do all this :mrsgreen: ...also i have ccleaner, is it good?it finds another 88 reg problems, BUT...some are windows updates???what the heck?...I mean I shouldnt remove those, right??..it also has tons of other stuff to remove...109mb, i used cyber scrub Pro daily to clean out ALL interent cache, cookies, files, an much more..so unceartain as if i should even use CCleaner...your imput is so much appreciated jacee, or anyone else's here...also, odd Panda online sacnner...still wont work, an they email me in spanish...ODD, an error is in spanish on active scan :blink: BitDefender, Housecall, mcafee online scanners show ZERO.....still VERY conecerned about what MMAV found... :mrsgreen:

 

Guess I stupmed Jacee :blink: ..oh well even the pros dont know or how to fix EVERYTHING.. :( ..prolly give up on this issuse..

Share this post


Link to post
Share on other sites

You haven't told me what MWAV still finds...

 

If you don't know what you're doing in the registry, then stay out of it :P

 

I don't know anything about Spanish emails from Panda, that's between you and them :lol:

Share this post


Link to post
Share on other sites

Panda is a Spanish company, and Spanish is their default. One of my updates was Spanish language; a trip to the home site corrected the problema.

Share this post


Link to post
Share on other sites

You haven't told me what MWAV still finds...

 

If you don't know what you're doing in the registry, then stay out of it :P

 

I don't know anything about Spanish emails from Panda, that's between you and them :lol:

 

Jacee!...I did to tell ya...grrrr...LOL..here MMAV>>> System found infected with w32/rbot-ank Email-Flooder ({19e28afc-eae3-4ce5-ac83-2407b42f57c9})! Action taken: No Action Taken.

Tue Feb 07 10:19:41 2006 => System found infected with searchexe Spyware/Adware ({807553e5-5146-11d5-a672-00b0d022e945})! Action taken: No Action Taken.

Tue Feb 07 10:19:41 2006 => System found infected with w32/rbot-ank Email-Flooder ({19e28afc-eae3-4ce5-ac83-2407b42f57c9})! Action taken: No Action Taken.

Tue Feb 07 10:19:45 2006 => Offending Folder found: C:\WINDOWS\DOWNLO~1\conflict.1

Tue Feb 07 10:19:45 2006 => Object "180solutions Spyware/Adware" found in File System! Action Taken: No Action Taken.

Ummm....... :rolleyes: Update RAN IT AGAIN>> Tue Feb 14 13:57:56 2006 => System found infected with w32/rbot-ank Email-Flooder ({19e28afc-eae3-4ce5-ac83-2407b42f57c9})! Action taken: No Action Taken.

Tue Feb 14 13:57:56 2006 => System found infected with searchexe Spyware/Adware ({807553e5-5146-11d5-a672-00b0d022e945})! Action taken: No Action Taken.

Tue Feb 14 13:57:58 2006 => System found infected with w32/rbot-ank Email-Flooder ({19e28afc-eae3-4ce5-ac83-2407b42f57c9})! Action taken: No Action Taken.

Tue Feb 14 13:58:03 2006 => Offending Folder found: C:\WINDOWS\DOWNLO~1\conflict.1

Tue Feb 14 13:58:03 2006 => Object "180solutions Spyware/Adware" found in File System! Action Taken: No Action Taken. C:\WINDOWS\System32\logonui.exe infected by "Trojan.Win32.Agent.on' Virus! Acton Taken:NoAction Taken OK NOW what???? :blink:

\

Edited by Wademan

Share this post


Link to post
Share on other sites

Panda is a Spanish company, and Spanish is their default. One of my updates was Spanish language; a trip to the home site corrected the problema.

 

HOW??? :blink:

Share this post


Link to post
Share on other sites

How to get rid of 180solutions:

 

180 Solutions Removal Instructions

 

For the Search variant, open a Command Prompt window (from the Accessories submenu in the [All] Programs menu on the Start button; and enter the commands:

 

cd %WinDir%\System

regsvr32 /u"Program Files\WhenUSearch\search.dll"

 

For all variants, open the registry (Start->Run->regedit) and find the key:

 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

 

Delete the 'SaveNow', 'WhenUSave', 'WhenUSearch' or 'VVSN' values. Reboot and you should be able to delete the 'SaveNow', 'Save', 'WhenUSearch', 'WhenUSearchWHSE' or 'VVSN' folder inside 'Program Files'.

 

To remove the ActiveX objects installed by the Download and Db variants, open the 'Downloaded Program Files' folder inside the Windows folder, and delete the SaveNow object. The name of this is 'WhenUDownload' in the Download variant, 'FC327B3F-377B-4CB7-8B61-27CD69816BC3' in the Db variant, and 'E2F2B9D0-96B9-4B25-B90C-636ECB207D18' in the WUInst variant.

I didn't see this in your HJT log....does it show up doing it this way?

Share this post


Link to post
Share on other sites

How to get rid of 180solutions:

I didn't see this in your HJT log....does it show up doing it this way?

 

ya mean HJT LOG??..this is from taht AV microworld ya had me get jacee...ya need NEW HJT log??... :blink: ...just tell me... ill deliver.. :unsure: Oh wait Ill need to re-read that...sorry..get back to ya on this..soon...an try the 180 soultion thing...i so tired scared ill wreck pc..been up for 23 hours...post tomorrow Edited by Wademan

Share this post


Link to post
Share on other sites

Don't hurry, no need for a HJT log.....take your time, settle down and don't let the computer paranoia take over your life :geezer::mrgreen:

Share this post


Link to post
Share on other sites

Don't hurry, no need for a HJT log.....take your time, settle down and don't let the computer paranoia take over your life :geezer::mrgreen:

 

Ok spent an hour+ searching for the i80Solutions..it is NOT found doing ALL the above vERY carefully, tried 5 times doing as you asked...Not found in regedit, nor using command promt, nor in deep search paid programs, iso cant be found, YET..it STILL is in the virus scanner u had me get MWAV, so what now?... :crash: BTW iam not letting pc take over my life, if so, id be here all day an night, or like chat room addicts, sit in chat rooms 18 hours a day everyday,lol..people REALY do that nonsense....guess they dont eat, shower, work..just chat,lol..anyways...thank you.. also the other things still in MWAV as well... sheesh how come no other antispy or virus scanner finds any of those? Ive used 6 online scanners, plus my onboard av plus ewidios, a2 scanner. adware, spybot, microsoft antispy, spysweeper, trojanHunter....none finds those 5 "malwares" except MWAV... : System found infected with w32/rbot-ank Email-Flooder ({19e28afc-eae3-4ce5-ac83-2407b42f57c9})! Action taken: No Action Taken.

Tue Feb 14 13:57:56 2006 => System found infected with searchexe Spyware/Adware ({807553e5-5146-11d5-a672-00b0d022e945})! Action taken: No Action Taken.

Tue Feb 14 13:57:58 2006 => System found infected with w32/rbot-ank Email-Flooder ({19e28afc-eae3-4ce5-ac83-2407b42f57c9})! Action taken: No Action Taken.

Tue Feb 14 13:58:03 2006 => Offending Folder found: C:\WINDOWS\DOWNLO~1\conflict.1

Tue Feb 14 13:58:03 2006 => Object "180solutions Spyware/Adware" found in File System! Action Taken: No Action Taken. C:\WINDOWS\System32\logonui.exe infected by "Trojan.Win32.Agent.on' Virus! Acton Taken:NoAction Taken :geezer: EDIT: Yes iam VERY frustrated over this, i would rather spend my valuable time helping others, an fight spyware,..out of my 700+ posts i bet like 500 or so are posts helping others here, id like that number to be much higher jaycee,,,thanks for ya help, as always ;)

Edited by Wademan

Share this post


Link to post
Share on other sites

Hiya wademan,sorry to chip in but have you thought of contacting MWAV and explaing to them your prob:

 

http://www.mwti.net/company/mwti_offices.asp

 

Just a thought..................

 

Regards pacman........

 

Hi Pacman ;) dont be sorry! need all the help i can get man....lol..an ill give that a shot, cant hurt,.. ;) Update: called Microworld BUT they closed for the day only open 9-6, so will try tomorrow.. Edited by Wademan

Share this post


Link to post
Share on other sites

Ok spent an hour+ searching for the i80Solutions..it is NOT found doing ALL the above vERY carefully, tried 5 times doing as you asked...Not found in regedit, nor using command promt, nor in deep search paid programs, iso cant be found, YET..it STILL is in the virus scanner u had me get MWAV, so what now?... :crash: BTW iam not letting pc take over my life, if so, id be here all day an night, or like chat room addicts, sit in chat rooms 18 hours a day everyday,lol..people REALY do that nonsense....guess they dont eat, shower, work..just chat,lol..anyways...thank you.. also the other things still in MWAV as well... sheesh how come no other antispy or virus scanner finds any of those? Ive used 6 online scanners, plus my onboard av plus ewidios, a2 scanner. adware, spybot, microsoft antispy, spysweeper, trojanHunter....none finds those 5 "malwares" except MWAV... : System found infected with w32/rbot-ank Email-Flooder ({19e28afc-eae3-4ce5-ac83-2407b42f57c9})! Action taken: No Action Taken.

Tue Feb 14 13:57:56 2006 => System found infected with searchexe Spyware/Adware ({807553e5-5146-11d5-a672-00b0d022e945})! Action taken: No Action Taken.

Tue Feb 14 13:57:58 2006 => System found infected with w32/rbot-ank Email-Flooder ({19e28afc-eae3-4ce5-ac83-2407b42f57c9})! Action taken: No Action Taken.

Tue Feb 14 13:58:03 2006 => Offending Folder found: C:\WINDOWS\DOWNLO~1\conflict.1

Tue Feb 14 13:58:03 2006 => Object "180solutions Spyware/Adware" found in File System! Action Taken: No Action Taken. C:\WINDOWS\System32\logonui.exe infected by "Trojan.Win32.Agent.on' Virus! Acton Taken:NoAction Taken :geezer: EDIT: Yes iam VERY frustrated over this, i would rather spend my valuable time helping others, an fight spyware,..out of my 700+ posts i bet like 500 or so are posts helping others here, id like that number to be much higher jaycee,,,thanks for ya help, as always ;)

 

:crash:

Share this post


Link to post
Share on other sites

:crash:

 

well microwworld wont help unless i pay , the MWAV thing in this thread that jacee had me run..those "virus's" still in there,a ll 5 of em'...so..,,guess jacee...Ya gave up on me?..or this mess...It ok, just tell me please. i gonna repost some of this at computing.net, an tom coyotoe forums an 1 other, an see if anyone has a defenative answer, ty all :crash:

Pc is running fine..guess if things go super nuts again, as they SURE did on Feb 3rd, an they do so again on March 3rd , taht would be too big of a coincidence, would surly indicate the karma surta worm is indeed on this pc, but, pros" tech level 3,top level' support say pc would be useless by now, not running in top notch condition, as it is, heck i dunno what to do/think TY all for any help :beer: :crash:

Share this post


Link to post
Share on other sites

well microwworld wont help unless i pay , the MWAV thing in this thread that jacee had me run..those "virus's" still in there,a ll 5 of em'...so..,,guess jacee...Ya gave up on me?..or this mess...It ok, just tell me please. i gonna repost some of this at computing.net, an tom coyotoe forums an 1 other, an see if anyone has a defenative answer, ty all :crash:

Pc is running fine..guess if things go super nuts again, as they SURE did on Feb 3rd, an they do so again on March 3rd , taht would be too big of a coincidence, would surly indicate the karma surta worm is indeed on this pc, but, pros" tech level 3,top level' support say pc would be useless by now, not running in top notch condition, as it is, heck i dunno what to do/think TY all for any help :beer: :crash:

 

Update: I STILL CANT run Pcpitstop TEST...It hang for like 30 mins+ at internet upload test,....tried 17 times in 4 days....what is wrong????? :pullhair: Never in 4 years, have i ever had a single problem running the test :mrsgreen: Edited by Wademan

Share this post


Link to post
Share on other sites

Wademan, I'm going to go with 'false/positive' findings...could be from virus definitions on one of the programs you use and MWAV is picking them up.

 

Now, if your computer is running smoothly and not one online scanner, or any of your own programs detect anything, I would forget about it.

 

If you feel it is necessary to post about your problem to another forum, be sure to tell them ALL the scans you've run and nothing was found except by MWAV. Include your HJT log so no ones time is wasted.

Share this post


Link to post
Share on other sites

Wademan, I'm going to go with 'false/positive' findings...could be from virus definitions on one of the programs you use and MWAV is picking them up.

 

Now, if your computer is running smoothly and not one online scanner, or any of your own programs detect anything, I would forget about it.

 

If you feel it is necessary to post about your problem to another forum, be sure to tell them ALL the scans you've run and nothing was found except by MWAV. Include your HJT log so no ones time is wasted.

 

Well Jacee, Kasperky finds some ( in this thread i told about it ), panda did as well, told in this thread, panda wont run now, hasnt since Feb 3rd 2pm EST, Nortons online scanner wont load either, says "active x prohibited by adminstarter"...so 3 online scanners failed on feb 3rd,..so there ARE scanners , which In FACT, DO, show "virus".., my own onbaord scanner, Failed on Feb3rd, as well, took 2 days to get it to work, all this IS in this Thread, so bottom line, Numerous scanners DO show "virus" an now 3 wont even run at all, neither does teh pcpitstop test here, hangs for like 1 FULL hour at interent uplaod test, i use High speed Dsl, so cant be that, tested 6 times today at dslreports.com, speed is 1700 kbs....so.... :thud:

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...