sirklw
asked on
Trojan horse put HideWindow cmd in my system. How do I get rid of it
I put a DSL modem on my machine last weekend. I found I'd gotten a trojan horse which McAfee was able to heal. However, a HideWindow command apparently came in with it which McAfee didn't do anything about. No desktop, icons, task bar, or Start button. Running Windows 2000 NT. I can get to all the programs and files through the New Task button on the Task Manager. How do I return Windows to it's normal state?
Try opening CMD.exe from the task manager and run SFC /SCANNOW this will check all windows files are the correct versions and intact.
I'm interested in knowing if explorer.exe is correctly loading, run explorer.exe and see if everything appears.
(if explorer is already running it should kick up a windows explorer window)
What all loads at start up? you can find out by traversing the registry:
hklm/software/microsoft/wi
There are other places as well,
(Startup folder, services etc, but most dll executions [rundll and the like) and many one-time simple progs run here)
(if explorer is already running it should kick up a windows explorer window)
What all loads at start up? you can find out by traversing the registry:
hklm/software/microsoft/wi
There are other places as well,
(Startup folder, services etc, but most dll executions [rundll and the like) and many one-time simple progs run here)
ASKER
To explain a bit further about what is happening, when my system first starts up, a window labelled 'update' opens up and inside it is another window labeled 'status'. In the status window is the following message:
* / run: unable to open ‘svchost32.exe’ (line 2, iiscache.dll)
-
if I click in the window or try to select the text in the window, this next message appears and continues to reappear everytime I click again in the window:
* /msg: not connected to server (line 154, iiscache.dll)
I close this window, open the task manager and have found that by getting to explorer.exe and running it, the desktop and all the normal icons and bars will appear and be fully functional.
* / run: unable to open ‘svchost32.exe’ (line 2, iiscache.dll)
-
if I click in the window or try to select the text in the window, this next message appears and continues to reappear everytime I click again in the window:
* /msg: not connected to server (line 154, iiscache.dll)
I close this window, open the task manager and have found that by getting to explorer.exe and running it, the desktop and all the normal icons and bars will appear and be fully functional.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
It sounds like you may have the Backdoor.IRC.Zcrew backdoor/trojan.
Here are the details and removal instructions:-
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.zcrew.html
Here are the details and removal instructions:-
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.zcrew.html
ASKER
I did go to the website, ran through a bunch of the links, downloaded i'm-not-sure-whatall, let it do stuff to my system and when all was done, my desktop was restored and could boot up and shut down more-or-less normally. However, my system is so riddled with viruses which McAffee does nothing for, that I've decided to take the extreme step of reformatting my hard drive. I'm finding reformatting to be as difficult to accomplish as correcting the desktop problem. Thanks all.
http://download.com.com/3120-20-0.html?qt=spybot&tg=dl-2001