-
January 17th, 2004, 06:41 PM
#1
Deleted virus still trying to start
Ok, I have norton antivirus, I scanned my comp last week, and it found a virus, cant remember the name, but it was deleted. Now when I boot windows I get a popup saying "Windows cannot find 'virushere' Make sure you typed the name correctly... blah blah blah. See attachment for the name (attachment didn't seem to upload...), it's odd charicters. Anyway, I checked my registry, startup folder, and MSConfig. I find no reference to this file ANYWHERE. Is there somewhere else I should be looking? I"m running winxp Pro, sp1.
Thanks in advance!
-
January 17th, 2004, 06:45 PM
#2
here is the attachment, i hope...
-
January 17th, 2004, 07:02 PM
#3
check your win.ini file for anything in the load or run sections
[windows]
load=
run=
NullPort=None
-
January 17th, 2004, 07:04 PM
#4
there is no load or run in win.ini in windows XP...
-
January 17th, 2004, 07:08 PM
#5
It's attached to another process....probaby a bogus copy of svchost or a new service. Type services.msc at the run line and look for anything out of the ordinary. After that, run the system information utiliy (start>all programs>accessories>system tools>system information) Go to tools>file verification utility and run a scan. Last, open a command prompt and type sfc /SCANNOW to scheck for missing/altered files. Hope this helps.
jenjen is right...type sysedit at the run line....yes it's still in XP. Go through each page.
"It is a shame that stupidity is not painful" - Anton LaVey
-
January 17th, 2004, 07:08 PM
#6
Also check your registry for whatever windows can't find.
For instance, if your error is "can not find R32.dll", search the registry for R32.dll, and delete any keys that call for it. (back up your registry first in case of a boo-boo)
-
January 17th, 2004, 07:10 PM
#7
Send another screen shot of the task manager.... but this time show the processes tab. I think Wazz is on to something here with the process thing.
-
January 17th, 2004, 07:15 PM
#8
thing is groovicus.. is that it's some wierd characters.. look at his attachment.
cross.. do you remember what norton called this thing ?
edit : it'd be interesting to see what hijackthis reports.. download that and post a log.
http://www.tomcoyote.org/hjt/
-
January 17th, 2004, 07:21 PM
#9
The characters are ASCII. Don't mean much to me, though. I'm more interested in the processes that are running. Also, I agree that it would help greatly if we knew what norton called it. Can you look at or post your scan log?
-
January 17th, 2004, 07:24 PM
#10
I must be blind.. I didn't see that cross said he forgot what norton had called it..
But good call, 5768........ norton's log should still have it.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|