I've got Alcan.A as Well..Having trouble removing

[KennyD]

OK, I am about to do the scan.  As for what I deleted using Killbox, I took a list from a solution posted for another user:

C:\Program Files\MsConfigs\MsConfigs.exe
C:\WINDOWS\system32\p2pnetwork.exe
C:\WINDOWS\system32\CMD.COM
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\taskmgr.com
C:\WINDOWS\system32\tracert.com
C:\Program Files\winupdate\winupdate.exe
C:\Program Files\winupdates\a.zip[Setup.exe]C:\WINDOWS\System32\bt.exe
C:\WINDOWS\System32\z.tmp
C:\WINDOWS\System32\temp.zip
C:\WINDOWS\System32\bszip.dll

If that doesn't work for you, please do the following
Enter this path to the file name into Killbox and then select the Delete on Reboot option
C:\Program Files\MsConfigs\MsConfigs.exe

That was from this thread:

http://www.thetechguide.com/forum/lofivers...php/t18992.html

I realized after that this user has Windows XP whereas I am Windows 2000.

[KennyD]

The only thing Panda found was a few cookies, which I deleted.  Here is the latest Hijack This:

-----------
Logfile of HijackThis v1.99.1
Scan saved at 5:33:24 PM, on 26/02/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\system32\stisvc.exe
C:\WINDOWS\System32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\System32\mspmspsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wwSecure.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\PROGRA~1\Adaptec\DirectCD\directcd.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\internat.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\TUT0104\TUT0104-LocPrtPDFAgent.EXE
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\Adaptec\DirectCD\directcd.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Local Print PDF Agent.lnk = C:\Program Files\TUT0104\TUT0104-LocPrtPDFAgent.EXE
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://dl.filekicker.com/send/file/128985-NZIL/PhPSetup.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1122954643331
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\System32\ZoneLabs\vsmon.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

[KennyD]

Bump  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'\' />

[guestolo]

Your log looks good, are you still having problems
If so, give me details please

[KennyD]

Thanks so much for sticking with me...the only problem I am having is that ever since removing the Alcan worm, Windows bootup has a very long pause (like 2-3 minutes) in between putting the icons on the quicklaunch and taskbar, and the icons showing up on the desktop.  There is no hard drive activity during this time, it's like the computer is hung, then suddenly all is OK.

Earlier I mentioned that I took advice given to another user, prior to making my own post here, and used Killbox to remove the following:

C:\Program Files\MsConfigs\MsConfigs.exe
C:\WINDOWS\system32\p2pnetwork.exe
C:\WINDOWS\system32\CMD.COM
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\taskmgr.com
C:\WINDOWS\system32\tracert.com
C:\Program Files\winupdate\winupdate.exe
C:\Program Files\winupdates\a.zip[Setup.exe]C:\WINDOWS\System32\bt.exe
C:\WINDOWS\System32\z.tmp
C:\WINDOWS\System32\temp.zip
C:\WINDOWS\System32\bszip.dll

If that doesn't work for you, please do the following
Enter this path to the file name into Killbox and then select the Delete on Reboot option
C:\Program Files\MsConfigs\MsConfigs.exe

Maybe I deleted something I shouldn't have, I don't know...

[guestolo]

As a test, can you go to START>>RUN>>Type in
msconfig
Hit OK

Under the STARTUP tab>>Disable ALL
Under the SERVICES tab>>Put a tick IN "Hide all Microsoft Serices"
Then select Disable ALL
Apply it and Close out
Reboot when prompted, does the computer load quicker?
If so, you will have to, by trial and error find which one is causing the problem with the delay in startup

Don't have everything disabled when online, this will also disable your AV and quite possibly ZoneAlarm too
If you are an Always on connection to the Internet, you should enable XP's firewall before doing this

[KennyD]

Hmm, well here's the first problem...I cannot run "msconfig" because it says it cannot find the file!  How do I get it back?

I'm running Windows 2000 by the way.

Ken

[guestolo]

Woops, sorry about that, forgot that you were running 2000
It doesn't come with msconfig
But you can download a copy from
HERE

[KennyD]

OK, boot-up is normal now!  The culprit service was "ewido security suite control".  After I disabled it, my desktop icons came up nice and quick.  When I re-enabled it, the problem returned -- about 3 minutes of idling before my icons came up.  So I have now left this service disabled.

Thanks so much for your help!

[guestolo]

Good work, never thought Ewido would be the culprit
Hold onto Msconfig for troubleshooting purposes
Here's what I recommend
Go back into msconfig and reenable the Ewido service

You can disable the service in Services configuration
   1. Hit your Start button and through the Settings, reach your Control Panel.
   2. In your Control Panel folder, select Administrative Tools.
   3. In your Administrative Tools folder, select Services.
   4. In your Services, select ewido security suite control
   5. Click the Stop button to stop the service if running
   6. Then flip through the drop-down box in the Startup Type area to select Disabled.

[indent][color=\"#CC0000\"]Protect yourself against Future Attacks[/color][/i][/b][/indent]
*Install  SpywareBlaster 3.5.1 by JavaCool[/url]  

*Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer

After installation, Check for updates and then click the "Enable all protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"

                   
*Make sure your Anti-Virus software is always kept up to date and actively running in the background
Now would be a good time to try AVG I linked you too earlier if you don't have your own to install

*Check for updates with your anti-spyware programs and run a scan on a regular basis
In addition>>Open Spybot 1.4
Click the "Immunize" button on the left>>>OK at the prompt>>Immunzine at the top green cross
Please Immunize after every update

*Make sure your Firewall is enabled and running
A Firewall is also very important>>You have ZoneAlarm which is a good choice
This provides a line of defense against someone who might try to access your computer without your permission

I would opt to hold onto Ewido and run it once a month
After updating it may inform that the service needs running
It actually seems to run ok without that service running anyways, I've tried it myself

Stay safe  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'\' />

[guestolo]

Since these problems appear resolved
I'll lock this topic
Take care  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'\' />