locked
HELP viruses may be a trozan..... RRS feed

  • Question

  • yesterday when i restarted my adobe reader and powerpoinr were not working......

    when i clicked on the icon on desktop, it started installation, then gave an error about windows installer saying the service cannot be started......

    strangely my taskmanager closes as soon as it opens... same with regedit....

    i ran a scan with "windows malicious software removal tool"........

    it removed some worms named W32/Bagle@mm.....

    but no improvement......

    I had norton installed now it is also nor working..

    I have seen the same problem on many windows in my hostel....

    I m the only computer enthusiast here ...... plz help to rectify the problem....

    PLZZZZZZ............

    Thanks....
    Anuj Choudhary
    Monday, February 12, 2007 7:12 PM

Answers

  •  hula_samvaad wrote:
    yesterday when i restarted my adobe reader and powerpoinr were not working......

    when i clicked on the icon on desktop, it started installation, then gave an error about windows installer saying the service cannot be started......

    strangely my taskmanager closes as soon as it opens... same with regedit....

    i ran a scan with "windows malicious software removal tool"........

    it removed some worms named W32/Bagle@mm.....

    but no improvement......

    I had norton installed now it is also nor working..

    I have seen the same problem on many windows in my hostel....

    I m the only computer enthusiast here ...... plz help to rectify the problem....

    PLZZZZZZ............

    Thanks....
    Anuj Choudhary

    You computer has been affected by W32/Bagle@mm worm. This is a mass mailer worm and since you have updated your Noton now, you do do not have to worry about it in future. There are meny virus which target msconfig, regedit, task manager (check it, msconfig would also not work for you). If you have an original bootable XP, you can try recovering using recovery console. If that didnt work and you donot want to format your system, use this tool http://www.dougknox.com/xp/utils/xp_emergencyutil.zip. This small VB 6 utility will create a usable backup copy of Taskmgr.exe, MSConfig.exe and Regedit.EXE in a new folder, called C:\EmergencyUtils.  The new copies will be named Copy_of_Taskmgr.exe, Copy_of_MSConfig.exe and Copy_of_Regedit.com. You can then run regedit, task manager & msconfig can then be accessed by running these files.

    Prathul Prabhakar
    Microsoft Student Partner
    http://student-partners.com/members/prathul.aspx
    http://xplore.wordpress.com

    Monday, February 12, 2007 8:11 PM

All replies

  •  hula_samvaad wrote:
    yesterday when i restarted my adobe reader and powerpoinr were not working......

    when i clicked on the icon on desktop, it started installation, then gave an error about windows installer saying the service cannot be started......

    strangely my taskmanager closes as soon as it opens... same with regedit....

    i ran a scan with "windows malicious software removal tool"........

    it removed some worms named W32/Bagle@mm.....

    but no improvement......

    I had norton installed now it is also nor working..

    I have seen the same problem on many windows in my hostel....

    I m the only computer enthusiast here ...... plz help to rectify the problem....

    PLZZZZZZ............

    Thanks....
    Anuj Choudhary

    You computer has been affected by W32/Bagle@mm worm. This is a mass mailer worm and since you have updated your Noton now, you do do not have to worry about it in future. There are meny virus which target msconfig, regedit, task manager (check it, msconfig would also not work for you). If you have an original bootable XP, you can try recovering using recovery console. If that didnt work and you donot want to format your system, use this tool http://www.dougknox.com/xp/utils/xp_emergencyutil.zip. This small VB 6 utility will create a usable backup copy of Taskmgr.exe, MSConfig.exe and Regedit.EXE in a new folder, called C:\EmergencyUtils.  The new copies will be named Copy_of_Taskmgr.exe, Copy_of_MSConfig.exe and Copy_of_Regedit.com. You can then run regedit, task manager & msconfig can then be accessed by running these files.

    Prathul Prabhakar
    Microsoft Student Partner
    http://student-partners.com/members/prathul.aspx
    http://xplore.wordpress.com

    Monday, February 12, 2007 8:11 PM
  • hi man as for now u wil have to reinstall ur O.S coz the changes the virus has caused the sys. files are irreversible so u ll have to do things all over again and after that use the  software called deep freeze...it will freeze the content of the O.S. drive and after that every time when u restart the computer it wil be as it was before doing net......any other process its worth tryiing
    Monday, February 12, 2007 8:15 PM
  • I wouldnt recommend reinstalling your OS if you have lots of applications like VS 2005, Windows SDK etc installed. In such case it is advisable to use the tool I mentioned above.

    Prathul Prabhakar
    Microsoft Student Partner
    http://student-partners.com/members/prathul.aspx
    http://xplore.wordpress.com

    Monday, February 12, 2007 8:17 PM
  • thanks yaar....
    but i just don't want to reinstall the damn system back again and again.........

    Tuesday, February 13, 2007 3:57 AM
  • Hope that solved your problem :D

    Thanks & Regards,
    Prathul Prabhakar
    Microsoft Student Partner
    http://student-partners.com/members/prathul.aspx
    http://xplore.wordpress.com

    Tuesday, February 13, 2007 12:08 PM
  • thanks prathul...
    it really solved most of my problems.......
    cheers,
    Anuj Choudhary.
    Wednesday, February 14, 2007 11:58 AM