Author Topic: Help removing worm (Read 1400 times)

NDZ · « **Reply #20 on:** July 17, 2006, 07:54:11 AM »

That didn't work.. I get the same message again and i'm unable to click ok in the settings window. By the way, i was not able to find the "Application Data" on my computer. I got 15,6 GB left.

When i try to scan my computer with XoftSpy it gives me a message before scans starts that my browser may have been hijacked. I don't know if this has anything to do with the firefox problem... IE Browser is still working normal and i tried to install Opera but it wouldn't let me run the browser. I get the message "Error initializing Opera"

guestolo · « **Reply #21 on:** July 17, 2006, 08:58:33 AM »

I'm just on my way to work

Quote

i was not able to find the "Application Data"

You must have Show hidden files and folders selected as I posted earlier
Actually, this is the folder I most wanted to remove

I'm not sure if the folder Application Data will show as I posted
In your language it may show different, can you take another look for
the below folder
C:\Documents and Settings\sørbø\Application Data\Mozilla\Firefox <-this folder

If found, redo All the steps I posted to remove Firefox and then reinstall it
Again, Application Data folder may be under another name

Can you also remove this folder if found after uninstalling firefox
C:\Documents and Settings\sørbø\Local Settings\Application Data\Mozilla\Firefox <-folder

NDZ · « **Reply #22 on:** July 17, 2006, 09:04:07 AM »

I found the folder now. Deleted it and reinstalled firefox. Now firefox works normal again. Now i get a problem when i try to open outlook. It says that i don't have permisson to access C:\Documents and Settings\sørbø\Lokale instillinger\Programdata\Microsoft\Outlook\Outlook.pst

guestolo · « **Reply #23 on:** July 17, 2006, 11:12:36 PM »

Can you check in User Accounts in the Control Panel, are you set as Adminstrator on the computer?

What are you running XP HOME OR PRO
We may have to check your permissions your user name
C:\Documents and Settings\sørbø

If your running HOME
Can you reboot into safe mode
Right click on C:\Documents and Settings\sørbø <-this folder

Click the Security tab
Highlight your user account
Under Permissions for sørbø
Is everything selected under ALLOW?
Excluding Special permissions

If you are running PRO
You can remain in Normal mode
Open MyComputer>>Click on TOOLS>>Folder options>>VIEW
Scroll down and uncheck "Disable simple file sharing"
apply and ok

Then check the sørbø folder

NDZ · « **Reply #24 on:** July 18, 2006, 04:49:48 AM »

Yes I am set as administrator. I run Xp Pro and i did what u said. It still doesn't work. I get the same message

guestolo · « **Reply #25 on:** July 18, 2006, 08:15:59 AM »

Not sure what you mean, you did what I said?
What did you do?

Navigate to
C:\Documents and Settings\sørbø <-this folder

Right click the folder and select properties
Click the Security tab
Highlight your user account
Under Permissions for sørbø
Is everything selected under ALLOW?
Excluding Special permissions

Check this folder also
C:\Documents and Settings\sørbø\Lokale instillinger\Programdata\Microsoft\Outlook

NDZ · « **Reply #26 on:** July 18, 2006, 08:19:40 AM »

Everything is selected under allow.
It comes a new error when i open Outlook

"Can't open standard folder for e-mail. No access to the file. No sufficient access to the file"
This isn't the same message i got yesterday, but it's the same directory

guestolo · « **Reply #27 on:** July 18, 2006, 08:23:08 AM »

Even Special permissions?

NDZ · « **Reply #28 on:** July 18, 2006, 08:28:08 AM »

Special permisson is unchecked, i also edited my last post.

guestolo · « **Reply #29 on:** July 18, 2006, 08:46:56 PM »

I'm trying to figure out what permissions got changed on your account

Can you Creating a new user account with Admin privileges
Here's some more info
http://support.microsoft.com/kb/811151/

Let me know if you have any problems with that

NDZ · « **Reply #30 on:** July 19, 2006, 05:33:49 AM »

Outlook worked on the new account. Do u think that the worm/trojan damaged my Outlook files?

guestolo · « **Reply #31 on:** July 19, 2006, 06:44:06 PM »

If you are the only account on the computer, besides the new one you just created
I would bet it would be more than just Outlook that is having problems

Try the following, of course backup important files and documents beforehand, just in case
You have the corrupt user account, the one that gives you the Outlook error

You have the new account you just created
If you have no other user accounts with admin privileges
Create one more admin account

So now you have these accounts
#1. Corrupt profile
#2. Profile you created earlier, which will be your new profile
#3. Another new profile
This is the account you will be doing the transferring from

Log off other users and sign into account #3
Then follow the instructions at this link and transfer your folders needed
http://support.microsoft.com/kb/811151/

From account #3 you want to tranfer from #1 to #2
Take Note at the link, You DO NOT want to transfer
• Ntuser.dat
• Ntuser.dat.log
• Ntuser.ini

The instructions at the link also show how to transfer data from Outlook Express
I haven't used Outlook, OE is fine for my needs

Take a look at the following link to help you in backing data and settings in Outlook
http://support.microsoft.com/?kbid=287070

Log off profile #3 and log into your new profile
which will be #2

If your happy with the way everything is running in #2, you should be able to go ahead and delete profile #3 and the corrupt user profile #1

I hope that helps

NDZ · « **Reply #32 on:** July 19, 2006, 08:22:30 PM »

No need to do this. I fixed it in another way. I can now enter outlook and it seems to work ok. What i did was to run the Inbox Repair tool. This tool found things in the files that was wrong and fixed them. I also unchecked the first box in Properties>General. You can find more information here:

http://techrepublic.com.com/5100-1035_11-1052339.html

I also scanned my computer with Kaspersky and it found two more files of the Worm.Win32.VB.an
It's the first time i use Kaspersky so i wonder what i do next...

guestolo · « **Reply #33 on:** July 19, 2006, 08:27:04 PM »

Good work
I thought you were having more problems than just Outlook, I guess not

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

Did you save the log from Kapersky's?
Can you post it here

NDZ · « **Reply #34 on:** July 19, 2006, 08:38:46 PM »

For now, I've just noticed problems with my browsers and outlook.

And here's the Kaspersly log:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, July 20, 2006 3:32:02 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 20/07/2006
Kaspersky Anti-Virus database records: 196022
-------------------------------------------------------------------------------

Scan Settings:
   Scan using the following antivirus database: standard
   Scan Archives: true
   Scan Mail Bases: true

Scan Target - My Computer:
   A:\
   C:\
   D:\
   E:\
   F:\
   H:\

Scan Statistics:
   Total number of scanned objects: 72170
   Number of viruses found: 1
   Number of infected objects: 2 / 0
   Number of suspicious objects: 0
   Duration of the scan process: 01:19:00

Infected Object Name / Virus Name / Last Action \

C:\System Volume Information\MountPointManagerRemoteDatabase   Object is locked   skipped

C:\System Volume Information\_restore{D6FF2B06-AC6B-43B3-AD87-98ACD5A1E68F}\RP63\A0072628.exe   Infected: Worm.Win32.VB.an   skipped

C:\System Volume Information\_restore{D6FF2B06-AC6B-43B3-AD87-98ACD5A1E68F}\RP64\A0073190.exe   Infected: Worm.Win32.VB.an   skipped

C:\System Volume Information\_restore{D6FF2B06-AC6B-43B3-AD87-98ACD5A1E68F}\RP652\change.log   Object is locked   skipped

Scan process completed.

Now how will i delete them from my computer? I scanned my computer with avast but it didn't find these files.

guestolo · « **Reply #35 on:** July 19, 2006, 09:44:55 PM »

Those entries that Kaspersky's found are not to worry about
Those are in your system restore folders, they won't do no harm unless you restore back to the infected point

If everything is running better
We should flush all your restore points

msconfig
Click OK
Click the "Launch System Restore" button
On the Left hand side click on "System Restore Settings"
Put a Check in "Turn off System Restore"
Apply it and OK out of there>>Reboot your computer
[/list]
Back in Windows, Go back and take the check out of "Turn off system restore"
This will reenable the System Restore feature and creates a new restore point

[indent][color=\"#CC0000\"]Protect yourself against Future Attacks[/color][/i][/b][/indent]
*Install SpywareBlaster 3.5.1 by JavaCool

After installation, Check for updates and then click the "Enable all protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"

*Keep up to date on Windows updates (High Priorities)
This is the most important step in keeping your system secure
Make sure you check for updates at least once a month and/or set to Autoupdate

*Make sure your Anti-Virus software is always kept up to date and actively running in the background

*Keep your Firewall protection enabled
A Firewall is also very important
This provides a line of defense against someone who might try to access your computer without your permission

+Any files you download from file sharing programs,
before opening should be scanned with your updated AntiVirus software
Right click the file and scan

NDZ · « **Reply #36 on:** July 20, 2006, 03:21:51 AM »

Is there a good free firewall you would recommend?

guestolo · « **Reply #37 on:** July 20, 2006, 09:41:27 PM »

Windows SP2 comes with a firewall that is enabled
You can ensure it's enabled by checking in the Windows Control panel

Of course, I prefer a better firewall that Microsoft provides
I recommend either
Sunbelt Kerio Personal Firewall
Full version becomes free limited after 30 days
OR

Zone Alarm by Zonelabs
Free version at the link provided

You ONLY want to run one software firewall on your computer
Choose which you prefer, either will disable the SP2 firewall on installation, which is preferred when running either of the above
At the moment I'm running Sunbelt's, but you decide

NDZ · « **Reply #38 on:** July 21, 2006, 07:43:23 AM »

I decided to go for the Sunbelt Kerio Firewall

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

Looks like my computer is running fine now. I very much appreciate that you took your time to help me out with my computer problems.

Keep up the good work!

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

guestolo · « **Reply #39 on:** July 23, 2006, 03:02:22 PM »

I'll lock this topic as your problems appear resolved
Take care

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

News:

Author Topic: Help removing worm (Read 1400 times)