Solved

Virus in Windows XP Home Edition SP3

Posted on 2008-06-14
8
800 Views
Last Modified: 2013-12-09
Hi -
I am running Windows XP Home Edition SP3.  (Stop laughing)
I believe I have a trojan or virus but cannot see any issues with my pc.  In MSCONFIG I have a blank startup item, blank command, location in Software/Microsoft/Windows/CurrentVersion/Run.

I unchecked this item in MSCONFIG/startup, but now get the stupid popup to change from Selective Startup to Normal Startup even though I check do not show this again.  

I tried to Run SDfix but the computer froze before it ran in safe mode.  I think the OS has to be Windows XP Pro for this utility to work.  Is there another utility that can run on windows home edition?  I know how to run Hijackthis but do not know how to interpret the data.  (attached hijackthislog)  I also saw a file in the registry named ffffffff.  I'm thinking registry scan/clean but need some instruction on how to do this.  Currently also running McAfee or (macacrap) security center.

Any help? Thx...
hijackthis.log
0
Comment
Question by:nyisls
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 21787414
Download Spybot to run a scan on the computer to make sure you don't have an existing virus or spyware. There are also free registry cleaners out there but run the Spybot first because it will remove registry items that have been created by a virus. I have used this registry cleaner before and it works good for being a free program.

http://www.download.com/Spybot-Search-Destroy/3000-8022_4-10122137.html?tag=lst-1&cdlPid=10804822

http://www.download.com/Wise-Registry-Cleaner/3000-2086_4-10605508.html?tag=lst-9&cdlPid=10846994
0
 
LVL 6

Expert Comment

by:Nyah247
ID: 21787476
I would also try Trend Micro's online scanner.  I have used this in the past when my workstation anti-virus failed to detect an infection.  You can find it at:  http://housecall.trendmicro.com/  If it cannot remove the infection perhaps it can at least identify it to help with some removal research.  I am sure Trend will have some info on their site but I find the removal tools at www.sarc.com to be the best (my opinion).  They also have an online scanner.

If you are still having problems you can go to http://technet.microsoft.com/en-us/sysinternals/default.aspx > Process Utilities > Process Explorer.  This utility will give you an idea of everything that is running and what files/dlls/reg entries are being called.  Use the google for anything out of the ordinary.    

Dariusg is right though...  Spybot should be your first stop.
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 21787892
SDFix runs in XP Home.
Try re-downloading SDFix and renaming it before saving it to your desktop and see if it works.

An online scan with TrendMicro is also a good idea as suggested.
Can't see any malicious entries in the hijackthis log but a lot of nasties can hide from the scan. And any entries that you unchecked in msconfig won't show up in the Hijackthis log.


You can also try this scanner, it will not delete anything, it will just scan the pc.(will only delete files if we input them in the script.
Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
http://download.bleepingcomputer.com/oldtimer/OTScanIt.exe

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.

Close ALL OTHER PROGRAMS.
Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
In the Drivers section click on Non-Microsoft.
Under Additional Scans click the checkboxes in front of the following items to select them:

Reg - BotCheck
File - Additional Folder Scans

Do not change any other settings.
Now click the "Run Scan" button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:nyisls
ID: 21788460
posting new hijackthis log with msconfig not blocking anything.
hijackthiswithoutmsconfigblocks.txt
0
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 500 total points
ID: 21788576
I don't see any malicious entries in the log, but then that doesn't guarantee a clean system.
It is possible that the blank entry in msconfig is just a leftover of a bad uninstall(some programs that has buggy uninstall)
or could be a leftover of some malware that are no longer there. If it doesn't have any command then nothing will ever happen.

Try checking in the registry.
Go Start > Run > type in:

regedit

Press Enter, and navigate to this subkey below:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
With the "Run" selected/highlighted look in the right pane.
In the right-hand pane you should see a list of Name, Type and Data.
Scroll down, and find one has a name, but no data, and that will be the culprit.
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 21788600
Also check this link out:
Why is there a blank entry in my msconfig startup entries?
http://ask-leo.com/why_is_there_a_blank_entry_in_my_msconfig_startup_entries.html
0
 
LVL 24

Expert Comment

by:Mohammed Hamada
ID: 21794740
Blank Start up Items could be any other programs that are loading them, a wrong installation of a certain program would do so..

Combofix might solve your problem but we probably won't know whats the cause of this issue esp if there was no deleted files or registries in the CF Log.

I suggest that you try to scan your computer with Secunia website, a very useful tool there to check if your pc is secure and you have original version of each software installed on your system.

# Goto
http://secunia.com/software_inspector/

# Click Start Now
# Wait for the tool to be downloaded and click Allow if any ActiveX message or box appears.
# Also Check "Enable thorough system inspection" Box.
# The Click Start.
This tool will access your Files and check if the installed applications on your pc are safe and you have the latest windows updates, and software patches...etc

Finally you will have a report, Post it here by copy and paste.
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 21810975
Thanks!
0

Featured Post

RoboForm Secure Password Management System

RoboForm Everywhere - Superb Browser Support
Windows / Apple / IOS / Android / Linux / Chrome OS
Use different complex passwords everywhere
Best Secure Password Management by far
Synchronize all of your devices instantly
Safe, Secure & Highly Recommended!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As more computers now shipped with 64-bit version of Windows, more users are now using this Operating System.  So it's important to be aware how some 32-bit diagnostic tool works on these systems, so we know what to expect when analyzing the logs an…
I recently had to create a utility which aim is to update McAfee's Virusscan and that had to be launched from a command line. I thought I’d share my experience with you. Why is it useful to be able to update an Antivirus from the command line?…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question