1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

very annoying virus

Discussion in 'Windows - Virus and spyware problems' started by kenio8185, Apr 21, 2007.

  1. kenio8185

    kenio8185 Regular member

    Joined:
    Oct 12, 2006
    Messages:
    441
    Likes Received:
    0
    Trophy Points:
    26
    I have this virus (atleast i think its a virus) thats on my computer that keeps restarting it. You know that window that comes up and says i have 60 seconds then it restarts, well that comes on every time i open up the internet. My kaspersky antivirus can't seem to find it but i think its this thing in my system32 folder called explorer.exe My kaspersky blocks explorer.exe if i say to deny it (because if i allowed it my computer lags like hell so i deny it) but the window for restarting won't come up if i do that. I wanna get rid of this virus and this explorer.exe file (assuming they are different but they could be the same).

    Oh i have already tried reformatting and repairing my computer and those didn't work, its still here. I even tried deleting my windows xp then putting HDloader on the HDD then reformatting it windows xp (that got rid of 2 other really pissing viruses but theres still the 3rd one left to get rid of).

    As one more side note. I keep getting this window that says i should download stuff to repair my registry or something like that. The window is called Messenger Service.

    Some1 plz help.
     
  2. Morph416

    Morph416 Active member

    Joined:
    Jan 14, 2004
    Messages:
    1,861
    Likes Received:
    0
    Trophy Points:
    66
    I haven't seen problems like that since XP, or XP SP1.

    Explorer.exe is your shell....icons, start menu, taskbar...etc.

    To stop the shutdown, just go to start, run and type in:

    shutdown /a

    If you plan on starting over...at least have your XP disk slipstreamed with SP2.

    Messenger Service is on by default in XP and XP SP1...but is off by default in SP2. To shut it off, go to start, run, type in:

    services.msc

    Run down the list...you'll find Messenger. Double click, and choose Disable from the pull down menu.
     
  3. kenio8185

    kenio8185 Regular member

    Joined:
    Oct 12, 2006
    Messages:
    441
    Likes Received:
    0
    Trophy Points:
    26
  4. kenio8185

    kenio8185 Regular member

    Joined:
    Oct 12, 2006
    Messages:
    441
    Likes Received:
    0
    Trophy Points:
    26
    oh, at first i didn't think it would work but now i see how to do it. Is there a more permanent way of doing it?
     
  5. sjb007

    sjb007 Member

    Joined:
    Mar 10, 2007
    Messages:
    23
    Likes Received:
    0
    Trophy Points:
    11
    Just a word of note, the location you mentioned for explorer.exe is not the correct location for the genuine file, Explorer.exe is normally found in the C:\WINDOWS folder. You can verify this by right clicking on the genuine file and looking at the file properties then select the version tab, the genuine file will say Company - Mircosoft Corporation.


    The best advice for you I feel would to be to post a HJT log and post it for analysis in the Windows - Virus and spyware problems section of this forum.

    Edit: Also it sounds very much like your system is not up to dates with updates, the messenger service (if I am correct) was not active after installing SP2, Installing SP2 would help keep the system free and close up other vital security holes but note that only ever install it on a clean system, if you install it on an infected computer your problems will be magnified.
     
    Last edited: Apr 22, 2007
  6. kenio8185

    kenio8185 Regular member

    Joined:
    Oct 12, 2006
    Messages:
    441
    Likes Received:
    0
    Trophy Points:
    26
    Ok thx for letting me know where the original explorer.exe file is but i do have another one in my system32 folder. I guess the one in my system32 folder is a virus. So how does this HJT thing work. I dunno what u mean by it.
     
  7. kenio8185

    kenio8185 Regular member

    Joined:
    Oct 12, 2006
    Messages:
    441
    Likes Received:
    0
    Trophy Points:
    26
    Ok this is what i found



    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 8:05:00 PM, on 4/22/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    G:\WINDOWS\System32\smss.exe
    G:\WINDOWS\system32\winlogon.exe
    G:\WINDOWS\system32\services.exe
    G:\WINDOWS\system32\lsass.exe
    G:\WINDOWS\System32\svchost.exe
    G:\WINDOWS\system32\spoolsv.exe
    G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    G:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    G:\WINDOWS\System32\nvsvc32.exe
    G:\WINDOWS\Explorer.EXE
    G:\WINDOWS\System32\WgaTray.exe
    G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    G:\Program Files\Mozilla Firefox\firefox.exe
    G:\WINDOWS\System32\wuauclt.exe
    G:\WINDOWS\System32\wuauclt.exe
    G:\WINDOWS\System32\wuauclt.exe
    G:\Documents and Settings\Nek\Desktop\HiJackThis_v2.0.0.0.exe
    G:\WINDOWS\system32\NOTEPAD.EXE
    G:\WINDOWS\SoftwareDistribution\Download\2caf60f9f7c0d52d92848e52e67748bb\update\update.exe

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [AVP] "G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
    O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - G:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\System32\nvsvc32.exe

    --
    End of file - 1437 bytes
     

Share This Page