trojan has infected my laptop my laptop

hey ive posted a couple of time's in reference to my laptop being infected
with a trojan preventing me from accessing the following:
1. i cant access the microsoft update's website
2. i cant go to any antivirus website or even install a program- the window
will flicker or the program will start installing then disappear...
3. the process's window in my task manage is completely greyed out...
4 i cant access the security center or windows firewall via the control
panel- again when i double click the window will open and then disappear...
5. when i choose start-run and type: regedit to check the registry nothing
happens... will not pull so i can look at the registry settings...
6 when i choose -start and type in the messenger services nothing pulls as
well...

i recently was told to go to the " aumha " forums and did post and someone
told me to download cws shredder and adware se... ran the fix on cws
shredder and it get's stuck on the " cws - therealsearch " telling me it had
to shutdown... i have run adware se and it tells me ive got 2 registry
issue's which are below...something has altered my registry...

Vendor:Windows
Category:Vulnerability
Object Type:RegData
Size:34 Bytes
Location:software\microsoft\windows nt\currentversion\winlogon "Shell"
(explorer.exe,drvinit16.exe -shell)
Last Activity:1-23-2005
Risk Level:Low
TAC index:3
Comment:Shell Possibly Compromised
Description:General Windows Security Issue. Your system security may be
compromised. The specifics of the possible compromised item are listed in the
comments section.

Vendor:Windows
Category:Vulnerability
Object Type:RegData
Size:4 Bytes
Location:...\software\microsoft\windows\currentver sion\policies\system
"DisableRegistryTools" ()
Last Activity:1-23-2005
Risk Level:Low
TAC index:3
Comment:Possible unintended lockout from Registry Editor (Regedit access
disabled)
Description:General Windows Security Issue. Your system security may be
compromised. The specifics of the possible compromised item are listed in the
comments section.

please help...
thanks
trey

Most viruses are designed to perform irreparable damage
to your computer's system files. I would suggest reformatting
your drive and reinstalling your Windows operating system.
Afterward, install a good antivirus program.

Clean Install Windows XP
http://www.michaelstevenstech.com/cleanxpinstall.html

Symantec's Norton AntiVirus 2005
http://www.symantec.com/nav/nav_9xnt/

3 Simple Steps to Help Ensure the Protection of Your PC
http://www.microsoft.com/athome/secu...t/default.aspx

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

Be Smart! Protect Your PC!
http://www.microsoft.com/athome/secu...t/default.aspx

----------------------------------------------------------------------------

"trey braid" wrote:

| hey ive posted a couple of time's in reference to my laptop being infected
| with a trojan preventing me from accessing the following:
| 1. i cant access the microsoft update's website
| 2. i cant go to any antivirus website or even install a program- the window
| will flicker or the program will start installing then disappear...
| 3. the process's window in my task manage is completely greyed out...
| 4 i cant access the security center or windows firewall via the control
| panel- again when i double click the window will open and then disappear...
| 5. when i choose start-run and type: regedit to check the registry nothing
| happens... will not pull so i can look at the registry settings...
| 6 when i choose -start and type in the messenger services nothing pulls as
| well...
|
| i recently was told to go to the " aumha " forums and did post and someone
| told me to download cws shredder and adware se... ran the fix on cws
| shredder and it get's stuck on the " cws - therealsearch " telling me it had
| to shutdown... i have run adware se and it tells me ive got 2 registry
| issue's which are below...something has altered my registry...
|
| Vendor:Windows
| Category:Vulnerability
| Object Type:RegData
| Size:34 Bytes
| Location:software\microsoft\windows nt\currentversion\winlogon "Shell"
| (explorer.exe,drvinit16.exe -shell)
| Last Activity:1-23-2005
| Risk Level:Low
| TAC index:3
| Comment:Shell Possibly Compromised
| Description:General Windows Security Issue. Your system security may be
| compromised. The specifics of the possible compromised item are listed in the
| comments section.
|
| Vendor:Windows
| Category:Vulnerability
| Object Type:RegData
| Size:4 Bytes
| Location:...\software\microsoft\windows\currentver sion\policies\system
| "DisableRegistryTools" ()
| Last Activity:1-23-2005
| Risk Level:Low
| TAC index:3
| Comment:Possible unintended lockout from Registry Editor (Regedit access
| disabled)
| Description:General Windows Security Issue. Your system security may be
| compromised. The specifics of the possible compromised item are listed in the
| comments section.
|
| please help...
| thanks
| trey

1) Download the following four items...

McAfee Stinger
http://vil.nai.com/vil/stinger/

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend Pattern File.
http://www.trendmicro.com/download/pattern.asp

Adaware SE (free personal version v1.05)
http://www.lavasoftusa.com/

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download SYSCLEAN.COM and place it in that directory.
Download the Trend Pattern File by obtaining the ZIP file.
For example; lpt369.zip

Extract the contents of the ZIP file and place the contents in the same directory as
SYSCLEAN.COM .

2) Update Adaware with the latest definitions.
3) Disable System Restore
http://vil.nai.com/vil/SystemHelpDoc...SysRestore.htm
4) Reboot your PC into Safe Mode [F8 key during boot]
and shutdown as many applications as possible.
5) Using Trend Sysclean, Stinger and Adaware, perform a Full Scan of your
platform and clean/delete any infectors/parasites found.
(a few cycles may be needed)
6) Restart your PC and perform a "final" Full Scan of your platform using the three
utilities; Trend Sysclean, Stinger and Adaware
7) Re-enable System Restore and re-apply any System Restore preferences,
(e.g. HD space to use suggested 400 ~ 600MB),
8) Reboot your PC.
9) Create a new Restore point


* * * Please report your results ! * * *

Dave
http://www.claymania.com/removal-trojan-adware.html





"trey braid" <> wrote in message
news:9AA37CB6-583D-4137-848F-...
| hey ive posted a couple of time's in reference to my laptop being infected
| with a trojan preventing me from accessing the following:
| 1. i cant access the microsoft update's website
| 2. i cant go to any antivirus website or even install a program- the window
| will flicker or the program will start installing then disappear...
| 3. the process's window in my task manage is completely greyed out...
| 4 i cant access the security center or windows firewall via the control
| panel- again when i double click the window will open and then disappear...
| 5. when i choose start-run and type: regedit to check the registry nothing
| happens... will not pull so i can look at the registry settings...
| 6 when i choose -start and type in the messenger services nothing pulls as
| well...
|
| i recently was told to go to the " aumha " forums and did post and someone
| told me to download cws shredder and adware se... ran the fix on cws
| shredder and it get's stuck on the " cws - therealsearch " telling me it had
| to shutdown... i have run adware se and it tells me ive got 2 registry
| issue's which are below...something has altered my registry...
|
| Vendor:Windows
| Category:Vulnerability
| Object Type:RegData
| Size:34 Bytes
| Location:software\microsoft\windows nt\currentversion\winlogon "Shell"
| (explorer.exe,drvinit16.exe -shell)
| Last Activity:1-23-2005
| Risk Level:Low
| TAC index:3
| Comment:Shell Possibly Compromised
| Description:General Windows Security Issue. Your system security may be
| compromised. The specifics of the possible compromised item are listed in the
| comments section.
|
| Vendor:Windows
| Category:Vulnerability
| Object Type:RegData
| Size:4 Bytes
| Location:...\software\microsoft\windows\currentver sion\policies\system
| "DisableRegistryTools" ()
| Last Activity:1-23-2005
| Risk Level:Low
| TAC index:3
| Comment:Possible unintended lockout from Registry Editor (Regedit access
| disabled)
| Description:General Windows Security Issue. Your system security may be
| compromised. The specifics of the possible compromised item are listed in the
| comments section.
|
| please help...
| thanks
| trey

"Trey Braid",

I remember your earlier posts. I agree with "Carey Frisch [MVP] with one
alternate distinction. I'll explain.
You have probably spent way more than 2 hours working and diagnosing this
issue. I suggest that you save the data off of your drive somewhere that
will infect noone else. Options here might be: Burn it onto a CD-R, a DVD-R
if you have one of those, or a secondary or external drive that has room.

Next, format your drive, destroying all information on that drive, and
re-install Windows XP. Once that is done, follow the next steps in order,
making sure that you DO NOT visit any websites other than Windows Update or
the Microsoft download sites I will point to, until these procedures are
finished:

1. Install Windows XP Service Pack 2, unless your Windows installation
included that by default. If you do not have this on CD, establish your
connection to your Internet Service Provider (ISP), and click on the
following link: http://tinyurl.com/3qrhg (long link:
http://www.microsoft.com/downloads/d...5-9e368d3cdb5a)
2. Save the file.
3. Open the file and execute. Follow the prompts.
4. After installation, reboot the machine.
5. Now that you have Windows XP Service Pack 2, go directly to this link:
http://windowsupdate.microsoft.com
6. Scan for updates
7. Install all critical updates, and reboot when required by Windows.
Repeat steps 5-7 until after a scan there are no new critical updates.
8. Once this is done, install your antivirus program. VERIFY that it will
scan all incoming files from copying or transfer. This will come in handy
in step 12 below. Perform a scan of your "new" drive.
9. Once this is done, install your adware monitoring software.
10. Once this is done, install your firewall software, and configure it.
11. Now, install the programs you used to have on the machine that are not
there now.
12. Only then, pull back your data that was saved from the last
configuration.
13. Perform another scan of your "new" drive, and verify that your data
copied onto the drive is not infected.

Let us know how this goes!

Sincerely,


Pat Walters [MSFT]

"Carey Frisch [MVP]" <> wrote in message
news:...
> Most viruses are designed to perform irreparable damage
> to your computer's system files. I would suggest reformatting
> your drive and reinstalling your Windows operating system.
> Afterward, install a good antivirus program.
>
> Clean Install Windows XP
> http://www.michaelstevenstech.com/cleanxpinstall.html
>
> Symantec's Norton AntiVirus 2005
> http://www.symantec.com/nav/nav_9xnt/
>
> 3 Simple Steps to Help Ensure the Protection of Your PC
> http://www.microsoft.com/athome/secu...t/default.aspx
>
> --
> Carey Frisch
> Microsoft MVP
> Windows XP - Shell/User
>
> Be Smart! Protect Your PC!
> http://www.microsoft.com/athome/secu...t/default.aspx
>
> --------------------------------------------------------------------------
--
>
> "trey braid" wrote:
>
> | hey ive posted a couple of time's in reference to my laptop being
infected
> | with a trojan preventing me from accessing the following:
> | 1. i cant access the microsoft update's website
> | 2. i cant go to any antivirus website or even install a program- the
window
> | will flicker or the program will start installing then disappear...
> | 3. the process's window in my task manage is completely greyed out...
> | 4 i cant access the security center or windows firewall via the control
> | panel- again when i double click the window will open and then
disappear...
> | 5. when i choose start-run and type: regedit to check the registry
nothing
> | happens... will not pull so i can look at the registry settings...
> | 6 when i choose -start and type in the messenger services nothing pulls
as
> | well...
> |
> | i recently was told to go to the " aumha " forums and did post and
someone
> | told me to download cws shredder and adware se... ran the fix on cws
> | shredder and it get's stuck on the " cws - therealsearch " telling me it
had
> | to shutdown... i have run adware se and it tells me ive got 2 registry
> | issue's which are below...something has altered my registry...
> |
> | Vendor:Windows
> | Category:Vulnerability
> | Object Type:RegData
> | Size:34 Bytes
> | Location:software\microsoft\windows nt\currentversion\winlogon "Shell"
> | (explorer.exe,drvinit16.exe -shell)
> | Last Activity:1-23-2005
> | Risk Level:Low
> | TAC index:3
> | Comment:Shell Possibly Compromised
> | Description:General Windows Security Issue. Your system security may be
> | compromised. The specifics of the possible compromised item are listed
in the
> | comments section.
> |
> | Vendor:Windows
> | Category:Vulnerability
> | Object Type:RegData
> | Size:4 Bytes
> | Location:...\software\microsoft\windows\currentver sion\policies\system
> | "DisableRegistryTools" ()
> | Last Activity:1-23-2005
> | Risk Level:Low
> | TAC index:3
> | Comment:Possible unintended lockout from Registry Editor (Regedit access
> | disabled)
> | Description:General Windows Security Issue. Your system security may be
> | compromised. The specifics of the possible compromised item are listed
in the
> | comments section.
> |
> | please help...
> | thanks
> | trey