Jump to content
Sign in to follow this  
Dee

Help I Have Major Problems Here :(

Recommended Posts

Hi Guys

 

Wondering could someone try and help me or at least point me in the right direction of where to even start clearing this total mess.

 

I have identified the following on my computer and urgently need to get things sorted. With the list below, I am wondering should I just throw the computer out the window at this stage :(........I cannot believe this mess.

 

C\winnt\system32\msblast.exe >>>>>> W32\lovsan.worm.a

.............................\rcfg.ini >>>>>> IRC/Flood.bi

.............................\msrpc.bat >>>>>> IRC/Flood.bi

.............................\navdb.dbx >>>>>> IRC/Flood.am

.............................\inst.exe >>>>>> Backdoor - ARG.dr

.............................\msapp.exe >>>>>> Backdoor - ASE

.............................\web.swf >>>>>> IRC/Flood.bi

.............................\dvldr32.exe >>>>>> w32Deloder worm

.............................\secure.bat >>>>>> IRC/Flood.bi

.............................driver.bat >>>>>> IRC/Flood.ba

.............................\rconnect.exe >>>>>> SlimFTP

.............................\iiscache.dll >>>>>> IRC/Flood.i

.............................\explorer.exe >>>>>> IRC/Flood.mirc

.............................\explore.EXE >>>>>> IRC/Flood.K.dr

.............................\rconnect.conf >>>>>> IRC/Flood.bi

.............................\STDE9.exe >>>>>> IRC - sdbot

.............................\api32.exe >>>>>> Backdoor - ASX

.............................\msiexec16.exe >>>>>> Backdoor - ACH

 

c\Winnt\fonts\explorer.exe >>>>>> Backdoor - ARG

......................\rundll32.exe >>>>>> IRC Pitchfork

......................\~GLH0003.TMP >>>>>> IRC Pitchfork

......................\~GLH0004.TMP >>>>>> IRC Pitchfork

......................\~GLH0005.TMP >>>>>> IRC Pitchfork

......................\~GLH0006.TMP >>>>>> IRC Pitchfork

 

C\winnt\svchost.exe >>>>>> ServU - Daemon

 

 

 

I really would appreciate any help or advise you could give me

 

Many Thanks

 

De

Share this post


Link to post
Share on other sites

Go here and run the virus scan, once it finishes, it will give you fixes to get rid of them, follow instruction carefully and you'll be fine: http://www.symantec.com/avcenter/

 

Also see this post and follow links: http://pcpitstop.ibforums.com/index.php?ac...=ST&f=9&t=20008

Edited by Xtreme_Computing

Share this post


Link to post
Share on other sites

Hi Guys

 

Wondering could someone try and help me or at least point me in the right direction of where to even start clearing this total mess.

 

I have identified the following on my computer and urgently need to get things sorted. With the list below, I am wondering should I just throw the computer out the window at this stage :(........I cannot believe this mess.

 

C\winnt\system32\msblast.exe >>>>>> W32\lovsan.worm.a

.............................\rcfg.ini >>>>>> IRC/Flood.bi

.............................\msrpc.bat >>>>>> IRC/Flood.bi

.............................\navdb.dbx >>>>>> IRC/Flood.am

.............................\inst.exe >>>>>> Backdoor - ARG.dr

.............................\msapp.exe >>>>>> Backdoor - ASE

.............................\web.swf >>>>>> IRC/Flood.bi

.............................\dvldr32.exe >>>>>> w32Deloder worm

.............................\secure.bat >>>>>> IRC/Flood.bi

.............................driver.bat >>>>>> IRC/Flood.ba

.............................\rconnect.exe >>>>>> SlimFTP

.............................\iiscache.dll >>>>>> IRC/Flood.i

.............................\explorer.exe >>>>>> IRC/Flood.mirc

.............................\explore.EXE >>>>>> IRC/Flood.K.dr

.............................\rconnect.conf >>>>>> IRC/Flood.bi

.............................\STDE9.exe >>>>>> IRC - sdbot

.............................\api32.exe >>>>>> Backdoor - ASX

.............................\msiexec16.exe >>>>>> Backdoor - ACH

 

c\Winnt\fonts\explorer.exe >>>>>> Backdoor - ARG

......................\rundll32.exe >>>>>> IRC Pitchfork

......................\~GLH0003.TMP >>>>>> IRC Pitchfork

......................\~GLH0004.TMP >>>>>> IRC Pitchfork

......................\~GLH0005.TMP >>>>>> IRC Pitchfork

......................\~GLH0006.TMP >>>>>> IRC Pitchfork

 

C\winnt\svchost.exe >>>>>> ServU - Daemon

 

 

 

I really would appreciate any help or advise you could give me

 

Many Thanks

 

De

 

Thanks a million for your help

Share this post


Link to post
Share on other sites

Go here and run the virus scan, once it finishes, it will give you fixes to get rid of them, follow instruction carefully and you'll be fine: http://www.symantec.com/avcenter/

 

Also see this post and follow links: http://pcpitstop.ibforums.com/index.php?ac...=ST&f=9&t=20008

 

 

Hi :(

 

I oh this is driving me crazy....I have tried to download the patch for windows 2000 and it will not install for me as it keeps saying I need to have the Windows Pack of 2 or more. I have pack 3 installed. Is there a reason it is not reading that it is there??

 

Any hints :blushing:

 

De

Share this post


Link to post
Share on other sites

I read on another forum that a person couldn't get the patch to install. She got the same message as you and she also stated she had SP3. She didn't have SP2.... went back and installed it, and then the patch installed :blink:

Share this post


Link to post
Share on other sites

I read on another forum that a person couldn't get the patch to install. She got the same message as you and she also stated she had SP3. She didn't have SP2.... went back and installed it, and then the patch installed :blink:

 

Hi Jacee

 

I thought of that when I posted my last message ....so off I went and installed 2 but when I try to download the patch it is not recognising that 2 or 3 is installed still :angry:

 

Gheezz I am beginning to LOVE to HATE computers

 

Regards

 

De

Share this post


Link to post
Share on other sites

What have you done so far, how have you removed Blaster, removal tool or online scanner?

 

Hi Inprofile

 

I have removed one infected file using the blaster tool. That part seemed to work fine.

 

De :rolleyes:

Share this post


Link to post
Share on other sites

What have you done so far, how have you removed Blaster, removal tool or online scanner?

Inprofile,

 

Some thing else that I did not mention....when I start up my system to log on I HAVE to gain access via the administration functions....eg ctrl/alt/delete functions and then pick task master and then program files.....this is the only way I can access to even begin to get on line.

 

:blink:

Share this post


Link to post
Share on other sites

I don't think you have removed it all.

 

WORM_RPCSDBOT.A

 

That link will give you the choice to remove it yourself or see if it can be removed using the online scanner.

 

Here is the link for the scanner to save you looking for it:

 

Online scanner

 

I will post another patch download location here later.

 

We'll get rid of it yet! ;)

 

EDIT:

 

Patch For Win2000

Edited by Inprofile

Share this post


Link to post
Share on other sites

I don't think you have removed it all.

 

WORM_RPCSDBOT.A

 

That link will give you the choice to remove it yourself or see if it can be removed using the online scanner.

 

Here is the link for the scanner to save you looking for it:

 

Online scanner

 

I will post another patch download location here later.

 

We'll get rid of it yet!  ;)

 

Okey Dokey

 

Let me try that.....thanks for the help....hey I see you are from Scotland :woot: ....I'm a bit of scottish and Irish .

 

I'm gonna try that now.

 

Thanks

 

De

 

 

 

 

Hummm I have tried to download the Trend Micro Cleaner and it has just come back with a message saying that "Pattern file "LPT$VPN.*" is missing, please download a copy. :help: :huh:

Edited by Dee

Share this post


Link to post
Share on other sites

hey I see you are from Scotland :woot: ....I'm a bit of scottish and Irish .

 

A bit of a mongrel then. :mrgreen:;)

 

I'll hang around here incase you need any help - If i don't reply, i've fell asleep! ;)

Share this post


Link to post
Share on other sites

hey I see you are from Scotland :woot: ....I'm a bit of scottish and Irish .

 

A bit of a mongrel then. :mrgreen:;)

 

I'll hang around here incase you need any help - If i don't reply, i've fell asleep! ;)

 

 

 

yeah lol :) and I think by now even a rocket scientist would guess that computers are not exactly my thing :mrsgreen:

Share this post


Link to post
Share on other sites

hey I see you are from Scotland :woot: ....I'm a bit of scottish and Irish .

 

A bit of a mongrel then. :mrgreen:;)

 

I'll hang around here incase you need any help - If i don't reply, i've fell asleep! ;)

 

 

Hi

 

I am not sure if you have gone to the land of :snooze::snooze: for to-night but if you are still there, I have just got to the stage where I have done the worm RPSCdbot.a and it has come back saying that the deloder/ mblast worm is there. Right now I am now doing the scan......

 

Cheers :beer: :choco:

 

Thanks for your time and experience

Share this post


Link to post
Share on other sites

Take five inprofile :beer:  :beer:  :beer:  :beer:  :beer:  :mrgreen:

Well then you are obvioussly drunk already :mrgreen:

Share this post


Link to post
Share on other sites

:funny:

 

That WAS sneaky!! :lol::tup:

 

Hi

 

Scan is done, and tried to download patch again and it is still saying needs minimum of sp2 :( ....I had downloaded that and also sp3 before/

 

Any ideas what I should try next?????.......good answers might qualify for another free drink for the two of you lol lol :lol:

 

tee hee

Share this post


Link to post
Share on other sites

You did the scan, what did it say, are you clean?

Here is the end of the report..................yes it seems deloder and Mblast are found

I have downloaded sp2 again and I just need to restart the system, I will then try the patch again

 

:blink:

 

 

WORM_KAZMOR.A[virus not found]

WORM_DELODER.A[virus found]

-->delete process("C:\WINNT\Fonts\rundll32.exe","","") success

-->delete file("C:\WINNT\Fonts\rundll32.exe","","") success

-->delete process("C:\WINNT\Fonts\explorer.exe","","") success

-->delete file("C:\WINNT\Fonts\explorer.exe","","") success

-->delete file("C:\WINNT\FONTS\omnithread_rt.dll","","") success

-->delete file("C:\WINNT\FONTS\VNCHooks.dll","","") success

-->delete registry key("HKEY_LOCAL_MACHINE","SOFTWARE\ORL","") success

-->delete registry key("HKEY_CURRENT_USER","SOFTWARE\ORL","") success

WORM_BIBROG.C[virus not found]

PE_PARITE.A[virus not found]

WORM_LOVGATE.F[virus not found]

WORM_LOVGATE.G[virus not found]

WORM_OROR.AI[virus not found]

TROJ_SPEEDIA.C[virus not found]

WORM_CULT.A[virus not found]

WORM_WANOR.A[virus not found]

WORM_AGOBOT.E[virus not found]

WORM_LOVGATE.A[virus not found]

WORM_NICEHELLO.A[virus not found]

BKDR_IROFFER.A[virus not found]

TROJ_APHER.H[virus not found]

TROJ_KILLAV.P[virus not found]

BKDR_SDBOT.05.AX[virus not found]

TROJ_INNENET.A[virus not found]

WORM_DEBORM.R[virus not found]

VBS_LOVELORN.A[virus not found]

WORM_DEBORM.Q[virus not found]

VBS_ATOMIC.A[virus not found]

BKDR_OPTIXPRO.12[virus not found]

BKDR_IRCFLOOD.GI[virus not found]

WORM_FIZZER.A[virus not found]

WORM_SOBIG.B[virus not found]

PE_HEZHI.A[virus not found]

WORM_MELARE.A[virus not found]

WORM_SOBIG.C[virus not found]

BAT_SPYBOT.A[virus not found]

PE_BUGBEAR.B[virus not found]

WORM_MOFEI.B[virus not found]

WORM_MOFEI.A[virus not found]

TROJ_CHECKIN.B[virus not found]

WORM_NARIK.A[virus not found]

WORM_SPYBOT.GEN[virus not found]

BKDR_IROFFER12.A[virus not found]

WORM_SOBIG.D[virus not found]

WORM_SOBIG.E[virus not found]

WORM_MUMU.B[virus not found]

WORM_KLEXE.A[virus not found]

TROJ_ZASIL.B[virus not found]

WORM_RANDEX.C[virus not found]

BKDR_SLAS.A[virus not found]

PE_VALLA.A[virus not found]

BKDR_SDBOT.P[virus not found]

WORM_MYLIFE.M[virus not found]

IRC_SERVU.A[virus not found]

WORM_SOBIG.A[virus not found]

WORM_MOFEI.C[virus not found]

WORM_GRAPS.A[virus not found]

PE_GIWIN.C[virus not found]

TROJ_QQSENDMSG.A[virus not found]

WORM_MOUSELOM.A[virus not found]

WORM_MOFEI.D[virus not found]

WORM_YAHA.T[virus not found]

BKDR_REBBEW.A[virus not found]

BKDR_KOTN.A[virus not found]

WORM_RANDEX.D[virus not found]

WORM_JANTIC.B[virus not found]

WORM_SACHIEL.F[virus not found]

WORM_JANTIC.F[virus not found]

BKDR_SDBOT05.A[virus not found]

WORM_WARPIGS.A[virus not found]

BKDR_SDBOT.A[virus not found]

BKDR_FLUXAY.A[virus not found]

BKDR_LANFILT.B[virus not found]

TROJ_SINIS.A[virus not found]

WORM_WINUR.C[virus not found]

WORM_FIBOT.022[virus not found]

WORM_MALDAL.D[virus not found]

BKDR_Y3KRAT.02[virus not found]

BAT_IROFFER12.A[virus not found]

TROJ_CLICKER.B[virus not found]

BKDR_RUSSKI.A[virus not found]

WORM_MIMAIL.A[virus not found]

WORM_ZOKRIM.A[virus not found]

WORM_TZET.A[virus not found]

BKDR_CIREBOT.A[virus not found]

WORM_FRANRIV.A[virus not found]

WORM_MSBLAST.A[virus found]

-->delete registry data("HKEY_LOCAL_MACHINE","Software\Microsoft\Windows\CurrentVersion\Run","msblast.exe") success

-->delete file("C:\WINNT\system32\msblast.exe","","") success

BKDR_SDBOT.05[virus not found]

WORM_RPCSDBOT.A[virus not found]

TROJ_SLIME.A[virus not found]

WORM_MSBLAST.B[virus not found]

WORM_MSBLAST.C[virus not found]

 

Complete time : Sat Aug 16 00:53:32 2003

 

Execute pattern count(487), Virus clean count(2), Clean failed count(0)

Share this post


Link to post
Share on other sites

Keep trying to get the patch d/loaded.

 

Do you have a firewall installed? If so which one?

 

Nope the patch will still not download, still coming up the same Sp2 or minimum required :blank::(

 

No I don't have a firewall installed, but I am right now also trying to download Zone Alarm which was in an earlier post of yours ;)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...