MSUpdate/Virus Issues

[Caden]

Background info:
About a week ago on my Windows 98 pc, my real time virus protection alerted me that it found the w32.Protoride.Worm on my MSUpdate.exe file. It could not clean it, so threw it in quarantine then I went in deleted it. I made sure my definitions were up-to-date and ran a new virus scan. It did not find anything else so I went about my business.

A few days ago, I received the same real-time alert and I followed the same process. Yesterday, I received an alert for a different file same virus. This time I delved deeper into the Symantec solution (

http://securityresponse.symantec.com/avcenter/venc/data/w32.protoride.worm.html)

and went in to check my registry. My registry value was the exact same the instructions said it should be, however I updated it anyway. I rebooted and rescanned and it still didn't detect anything. (Mind you I wasn't able to scan in safe mode - it keeps blue screening as it it has been doing as well with defrag and scandisk for the past few weeks only.) I also then went in and cleaned out my Temp files and cookies that never seemed to disappear even after I ran the clean up program.

Current Issues:
- When I try to open or run various things such as Add/Remove Programs, Uninstall some programs, use the help icon in my start menu and try tp reboot or shut down the computer does not respond. It starts thinking for a few seconds but never preforms the requested tasks. (I can use many if not most of my programs including Office)

-When I'm connected to the internet my bytes sent just keeps going and going. When I end task for MSUpdate it stops. MSUpdate seems to run every time I open or start various programs/applications.

I think that's all at this time. Can anyone offer any insight into my current issues? Thanks!

 

[micker377]

Have you run any "spyware" programs? Ad-Aware, Pest Patrol, etc.?

 

[Caden]

Yes I did. I ran Ad-Aware and this actually did take care of that constant flow of bytes out.

However I'm still having the larger issue with not being able to restart, shut down or access various things like add/remove programs.

Thanks.

 

[micker377]

Download and run "Spybot". Ad-Aware finds what Spybot doesn't, and vice versa.

 

[tsuji]

Hello Caden,

Re-do the cleanup. MSUpdate should not restart every time you run a program. It shows that you've done so thoroughly. Read carefully the instructions (from Symantec for instance as you refer). There are these essential elements.

[1] Make a copy regedit.com being the exact copy of regedit.exe, just changing the extension.
[2] Boot to safe mode and run regedit.com from dos window.
[3] Clean up the registry [HKCR\exefile\shell\open\command] default value and give it the desired value.
[4] I would say search the run and/or runonce etc keys see if there are any suspicious program running from there when startup. If yes, clean them up.
[5] Reboot to safe mode again, and run virus scan. (If there is any copy of MSUpdate.exe, it should alert you and remove!?)

regards - tsuji

 

[Caden]

Thank you all for your responses thus far.

Tsuji - I'm going to try to go through the motions again this evening. I was wondering if you could clarify step 4 in your response:

[4] I would say search the run and/or runonce etc keys see if there are any suspicious program running from there when startup. If yes, clean them up.

I guess I'm not sure on how/where to search "run and/or runonce" keys.

Thanks again,

Caden

 

[tsuji]

Caden,

Those keys are very similar in their functionality (but, different in detail of course). They appear legitimately under both HKLM\ and HKCU\. So look for those two roots.

[...\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[...\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[...\SOFTWARE\Microsoft\Windows\CurrentVersion\RunEx]
[...\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[...\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

regards - tsuji