Guest ellas Posted December 31, 2002 Report Share Posted December 31, 2002 if you right click on the ones you are not sure about in regcleaner it will give you a advanced info tab,open that to get more details about reg entries. Link to comment Share on other sites More sharing options...
mark2 Posted December 31, 2002 Report Share Posted December 31, 2002 These 2 are a result of virus infectionSystray = c:\windows\system32\kernel32.exenetcode = C:\WINDOWS\System32\kernel32.dlI, tkBell is a nag screen for realplayer and can be disabled on start up possibly a few more in there that you can start from programs rather than have them running in the background all the time Link to comment Share on other sites More sharing options...
mark2 Posted December 31, 2002 Report Share Posted December 31, 2002 Wait for the scan to finish then run Spybot S& D (updated 1st) followed by Hijackthis and then we can have another look at the start up list log from hijack this.Be aware tho that anything that needs the spyware will not run after running Spybot but there are freeware versions of most Link to comment Share on other sites More sharing options...
mark2 Posted December 31, 2002 Report Share Posted December 31, 2002 The 2 viruses should be gone after a full A/V scan and clean Link to comment Share on other sites More sharing options...
Guest ellas Posted December 31, 2002 Report Share Posted December 31, 2002 info here at symantec http://securityresponse.symantec.com/avcen...r.optix.04.html Link to comment Share on other sites More sharing options...
Guest ellas Posted December 31, 2002 Report Share Posted December 31, 2002 looks like it. Link to comment Share on other sites More sharing options...
Guest ellas Posted December 31, 2002 Report Share Posted December 31, 2002 you will have to type regedit in run and delete the entries yourself. Link to comment Share on other sites More sharing options...
Guest ellas Posted December 31, 2002 Report Share Posted December 31, 2002 it is xp you are using is'nt it,you dont need dos commands,if you click on the start button and put regedit in RUN you can then follow the symantec instuctions,if you want to start in safe mode type msconfig in run and click on BOOT INI then chose safe mode. Link to comment Share on other sites More sharing options...
Guest ellas Posted December 31, 2002 Report Share Posted December 31, 2002 if you get stuck theres always remote assistance but you need messanger. Link to comment Share on other sites More sharing options...
Guest ellas Posted December 31, 2002 Report Share Posted December 31, 2002 maybe regcleaner deleted it,try this click on edit at the top of regedit then scroll down to find,click on that and put EES in ,see what it finds. Link to comment Share on other sites More sharing options...
Guest ellas Posted December 31, 2002 Report Share Posted December 31, 2002 mark2 fancy doing a remote assistance :D Link to comment Share on other sites More sharing options...
mark2 Posted December 31, 2002 Report Share Posted December 31, 2002 I don't have XP Pro which I think you need for remote assistance Link to comment Share on other sites More sharing options...
Guest ellas Posted December 31, 2002 Report Share Posted December 31, 2002 no you can do remote on home edition also. Link to comment Share on other sites More sharing options...
mark2 Posted December 31, 2002 Report Share Posted December 31, 2002 Have you done this stage 1stWindows NT/2000/XPTo stop the Trojan process:1. Press Ctrl+Alt+Delete one time.2. Click Task Manager.3. Click the Processes tab.4. Double-click the Image Name column header to sort the processes alphabetically.5. The Task Manager truncates the process name so that only 15 characters are displayed. Therefore, look for Yahoo updater.c by scrolling through the list.6. If you find the file, click it, and then click End Process.7. Exit the Task Manager. Link to comment Share on other sites More sharing options...
Guest Gladiator Posted December 31, 2002 Report Share Posted December 31, 2002 You have more backdoors on your PC i guess.And some of the Backdoors can shut down AV Software.Download GAV and make a Default System Scan.There is no Backdoor (yet) which shut down GAV.download it here:http://www.gladiator-antivirus.com/downloa...up/download.php Link to comment Share on other sites More sharing options...
mark2 Posted December 31, 2002 Report Share Posted December 31, 2002 That perhaps suggests that it is no longer active,Run regedit then just double check for HKEY_LOCAL_MACHINE\SOFTWARE\EES once more if it isn't there do the next stepgo toHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell FoldersWindows NT/2000/XP: In the right pane, update the valueCommon Startupwith the following data:%ALLUSERSPROFILE%\Start Menu\Programs\StartupThanks for popping in gladiator need a lot of help here :o Link to comment Share on other sites More sharing options...
Guest Gladiator Posted December 31, 2002 Report Share Posted December 31, 2002 Ahyes... and post her here the scan report --> AND THE PACKER INFO (tabulator runtime packed) AND the warnings.Means all 4 pages from the scan report - You can do that with Copy + Paste Link to comment Share on other sites More sharing options...
Guest ellas Posted December 31, 2002 Report Share Posted December 31, 2002 does it not say in the symantec results that its in you system restore files,if so delete all of them. Link to comment Share on other sites More sharing options...
mark2 Posted December 31, 2002 Report Share Posted December 31, 2002 you will also have to delete all your system restore points to clear it out completely. Link to comment Share on other sites More sharing options...
Guest CalamityJane Posted December 31, 2002 Report Share Posted December 31, 2002 Looking at the screen shot p2ccolo posted a page or two back, you need to disable system restore in Win XP while trying to get rid of the infected files. Did you do that?I am glad to see Gladiator in here helping :D Link to comment Share on other sites More sharing options...
Guest Gladiator Posted December 31, 2002 Report Share Posted December 31, 2002 And please delete the Backdoor "Netdevil.15" too - i see him without a AV Software :)Because i am just including him in GAV - it's the File kernel32.dlI <--- I instand of L Link to comment Share on other sites More sharing options...
mark2 Posted December 31, 2002 Report Share Posted December 31, 2002 One step at a time, but the virus will also be stored in your restore points , if you ever had to restore it would come back, Link to comment Share on other sites More sharing options...
Guest CalamityJane Posted December 31, 2002 Report Share Posted December 31, 2002 Looking at your screen shot after the Symantec scan - looks like it is located in your System Restore. Link to comment Share on other sites More sharing options...
mark2 Posted December 31, 2002 Report Share Posted December 31, 2002 I'll let gladiator take over here he's LOTS better at this than me, so I can't get in the way and confuse the issue Link to comment Share on other sites More sharing options...
Guest ellas Posted December 31, 2002 Report Share Posted December 31, 2002 turn it off in system properties,delete old restores by running disc clean,pick the more options tab and the option is there to delete s/restore files. Link to comment Share on other sites More sharing options...
Recommended Posts