Hi all !!!
I got my computer infected with w32.spybot.worm and backdoor.trojan yesterday. My Norton AntiVirus found 4 backdoor.trojans and 1 w32.spybot.worm, it quarantined it and later I deleted it permanently.
However, every time now I have system error notifications usually when Windows starts ( unable to open.dll file + Windows can't start c://...//Pragrams/Startup/win32.exe)
I found nothing by this name in Windows registry, I tried scanning in safe mode and I ran all kinds of adware programs incl. AVG, search and destroy, Ad-aware.
I don't notice any other problems except these system error notifications.
What should I do?
Thank you very much in advance and Happy Holidays to all !!
2006-12-13 05:45:50 · 12 answers · asked by Mira 2 in Computers & Internet ➔ Security
Also, I cannot restore the computer to an earlier date (i.e. no restore dates)
2006-12-13 05:51:08 · update #1
among the programs that load on startup - I saw smth suspicious: win32, its locations pops up when Windows starts. Should I uncheck the box?
(I'm confused because I read somewhere win32 is Windows XP)
Thank you everyone for your answers. ))
2006-12-13 06:14:48 · update #2
Hi, At the risk of sounding arrogant, None of the people above know what they are talking about!! (Well, "Great One"above, has the right idea with the file system check....but no instructions)
Sometimes when malware (viruses, trojans,worms, whatever) installs itself on your computer, it embeds itself deeply into system files & modifies registry paths. What that message is telling you is that there is a registry start-up path to a file that doesnt exist any longer (as it was malware & has been removed) but the registry still "points" to this location as a file that should be loaded at start-up. This is how malware authors ensure their programs start with Windows every time.
The file path you listed, " c://...//Pragrams/Startup/win32.exe" is a little out of syntax. So Im not positive exactly which malware (most likely a W32.KWBot.C.Worm variant) was deleted. However, I am going to give you step by-steps instructions to repair the registry regardless. I have two fixes here, If you have a restore cd or copy of windows, try this first;
Click Start
Click Run
Type sfc /scannow
This command will immediately initiate the Windows File Protection service to scan all protected files and verify their integrity, replacing any files with which it finds a problem. As this scan finds files that need to be replaced due to corruption/ missing, it will ask you to insert your windows/ repair(most repair/restore cds will contain these files as well) and read and replace the missing files off the disk and replace them. This will also repair damaged sections of the registry.
This should do it, However if it does not, or you (or any friends) don't have a windows/ restore cd, you will need to manually edit the registry.
***Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system.***
Click Start, click Run, type regedit in the Open box, and then click OK.
For each of the following registry keys, locate the key, click the key, on the Edit menu, click Delete, and then click Yes to confirm the deletion:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SystemSAS system32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CMD cmd32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\SystemSAS system32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\CMD cmd32.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\SystemSAS system32.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\CMD cmd32.exe
HKEY_Local_Machine\Software\Krypton
Locate, and then click the following key in the registry:
HKEY_Local_Machine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
On the Edit menu, click Modify.
Type Explorer.exe, and then press ENTER.
Locate, and then click the following key in the registry:
HKEY_CURRENT_USER\SOFTWARE\Kazaa\LocalContent
Delete any values that refer to the C:\%Windir%\UserTemp or the C:\%Windir%\User32 folders.
Locate, and then click the following key in the registry:
HKEY_CURRENT_USER\SOFTWARE\iMesh\Client\LocalContent
Delete any values that refer to the C:\%Windir%\UserTemp or the C:\%Windir%\User32 folders.
Quit Registry Editor.
Restart your computer.
No more problems : ) Happy Holidays!
2006-12-13 06:37:59 · answer #1 · answered by gnobody 3 · 1⤊ 1⤋
If windows is telling you it can't start a certain program after removing the virus/spyware...the virus or spyware may have installed a small program to run when windows starts and it may still be listed as a Startup program.
Go to START, then click RUN. In the window that opens type MSCONFIG and hit ENTER. A new window will open. Find the STARTUP tab and click it. You'll see a list of programs set to run when windows starts. Go down the list and look for the program that Windows is telling you it cannot start. When you find it, uncheck the box next to it and click OK. A new window will open asking you to restart.
Restart the computer and after Windows loads, a window will come up telling you that you basically stopped that program from starting with Windows. Check/Uncheck the box that tells Windows to notify you about it every time you start Windows so you don't get that alert again.
If you get the same error later, you may need to format and Install Windows again.
Hope that helps!
** Win32 is not a normal program that runs at Windows startup and is most likely the problem. Uncheck it etc. and restart.
2006-12-13 06:04:06 · answer #2 · answered by furiousfoe 2 · 0⤊ 1⤋
Try to Repair your Windows Install using the Windows XP CD. Just pop it in and boot from the CD (Usually, it will say something like "Press any key to boot from CD...". If it does not, press delete multiple times right after you pressed the on-button on your computer, untill you get a screen that's called the BIOS. Look for something called the Boot Sequence and move the CD-ROM drive to the top. Save settings and reboot, and then you can boot from the CD). I've never had to use the Windows Repair function, but I'm pretty sure it will restore a missing .dll file, and everything should be done automatic once you select the repair process. If that doesn't help, try running Windows update, it too might restore the missing .dll.
2006-12-13 05:57:51 · answer #3 · answered by jalexxi 3 · 0⤊ 1⤋
Due to the nature of your problem, a fresh reinstall of Windows is your best option. Those trojans and worm definitely made changes to your registry, and without knowing their exact names I can't help you pinpoint the correct reg values to change or delete.
Reinstall Windows and install all of your antivirus/anti spyware programs before connecting to the internet. I would keep System Restore on, but remember:
System restore only backs up files stored in My Documents. Files on your desktop or any other location are not recovered if you backup from a restore point.
2006-12-13 06:11:04 · answer #4 · answered by cornpie jones 4 · 0⤊ 1⤋
This is almost caused by the virus you just deleted,,,they change the registry,, so this messege appear,, even after removal of the virus,, as its effect is still present,,, try the restore point option,, but to a very old time,, before this infection happen,,, if this problem is still present,,, try msconfig option to see what program work on start up and uncheck any program you think it is not of use,,, if this does not dolve the problem,,,, you may use registry repair program,,, or reinstall windows
2006-12-13 05:54:42 · answer #5 · answered by hard_cane0 5 · 0⤊ 1⤋
I would reformat your computer and reinstall windows. Don't connect to the internet until you have good security software, avg is fine as is spybot ad-aware, would also get a decent firewall program such as ashampoo. Or can also try doing an online virus scan. But some only scan and do not clean. I think mircotrend does clean but you have to check for yourself, don't use panda it only scans.
2006-12-13 05:49:52 · answer #6 · answered by micaso1971 5 · 0⤊ 1⤋
a reistall is a last option and should be avoided if possible.
get norton up todate and do a full scan in safe mode
should get everything cleaned up and problems should than stop
may also want to look at what it found and see what files or folders they may infect or damage.
a file check should help if needed (need your install cd-rom)
2006-12-13 06:16:24 · answer #7 · answered by great one 6 · 0⤊ 0⤋
That's way too strict, if you act like that you might loose him. Just be happy he told you happy birthday instead of not telling you at all. Yes every girl dreams that her boyfriend should be the first to say happy birthday but in real life, it doesn't always work out perfectly. Just don't create a big fuss over it, you don't want to loose him over something like this.
2016-05-23 19:14:45 · answer #8 · answered by Anonymous · 0⤊ 0⤋
If you have XP, use system restore to return your computer to a previous time, before the virus hit.
2006-12-13 05:48:03 · answer #9 · answered by Rick 4 · 0⤊ 1⤋
Maybe reinsall, it always good to keep documents on a USB HD to avoid loss of important files when formatting, I have all my files on a USB HD and mapped the my Documents folder there: ex:
X:\files\mke [X is the letter of my USB HD]
2006-12-13 05:51:29 · answer #10 · answered by RealG187 [a/k/a MPG] 3 · 0⤊ 1⤋