If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Display Modes |
#11
|
|||
|
|||
Windows explorer
I have tried stinger and spybot which did work until i ran
my system again. I am using norton 2004 but when i ran a scan it froze. i am going to run the cwshredder and norton again. i will le you know. Dwayne -----Original Message----- First run Stinger and BHODemon again to see what they catch; this at least will identify the problem, which apparently is pestware of some sort. A couple more pest-control programs which should cover what the 2 you have don't ... free for personal use antivirus tool: http://www.grisoft.com/us/us_dwnl_free.php free for personal use spybot/adware detection & removal tools: http://www.safer-networking.org/ http://www.lavasoftusa.com/ But do check using your original programs to see what's returned. (to satisfy my curiousity if nothing else g) Rick Dwayne wrote: I really don't remember doing anything different. I ran stinger and BHODemon, that fixed the problem but when i turned the computer on later to use again the problem was back?? Dwayne -----Original Message----- Dwayne wrote: Hi. When i try to run explorer it tells me"attempted to access memory that does not exist" is this a common problem? windows explorer works in safe mode. I cant run anything that uses explorer. example "My Computer" That's a very uncommon problem. What changes did you make to your system around the same time you started getting those messages. Rick . . |
#12
|
|||
|
|||
Windows explorer
Why don't you use HijackThis as I suggested? You can run stinger and SpyBot
as many times as you like but they clearly aren't going to help. Stinger is simply a tool to remove certain viruses so as to allow a user to then use a proper AV program, nothing more, and if SpyBot didn't solve the problem first time it is hardly likely to on a second or third time unless the malware concerned is targeted by an updated set of reference files. -- Mike Maltby MS-MVP Dwayne wrote: I have tried stinger and spybot which did work until i ran my system again. I am using norton 2004 but when i ran a scan it froze. i am going to run the cwshredder and norton again. i will le you know. |
#13
|
|||
|
|||
Windows explorer
I ran cwshredder and i was able to open windows explorer
but the same thing happened when i booted up again. I ran hijackthis but i wasnt sure about any of it. I sent an e- mail to you with the log file. explorer works when i run in safe mode so it must be something that loads with windows. Dwayne -----Original Message----- Why don't you use HijackThis as I suggested? You can run stinger and SpyBot as many times as you like but they clearly aren't going to help. Stinger is simply a tool to remove certain viruses so as to allow a user to then use a proper AV program, nothing more, and if SpyBot didn't solve the problem first time it is hardly likely to on a second or third time unless the malware concerned is targeted by an updated set of reference files. -- Mike Maltby MS-MVP Dwayne wrote: I have tried stinger and spybot which did work until i ran my system again. I am using norton 2004 but when i ran a scan it froze. i am going to run the cwshredder and norton again. i will le you know. . |
#14
|
|||
|
|||
Windows explorer
Dwayne,
I'm sorry but I don't offer support by e-mail. As I mentioned in my earlier post either post your HijackThis log to the thread where I mentioned it of better to the HijackThis forum. OK, I've just had a quick look at the log and one program that worries me is the BHO Kazaa Download Accelerator Updater (KDP12D9.DLL) but you've got so much else loading including loads of ActiveX controls that it difficult to know the root cause of your problems. Another obvious piece of malware is [9YKCKJ.EXE] C:\WINDOWS\TEMP\9YKCKJ.EXE and another [SysUpd] C:\WINDOWS\SYSUPD.EXE (either TSCash http://www.pestpatrol.com/pestinfo/t/tscash.asp or worse Adware.VirtuMonde (http://securityresponse.symantec.com...virtumonde.htm l). I'm also not happy with all the websearch.drsnsrch.com entries but don't know what these are. There are several other startup items you could happily remove including LVComS.exe (installed but not required by your web cam), motmon.exe (used by HP, Dell & Compaq for support), realsched.exe, PCHealth, possibly not ssdpsrv.exe unless you use UPnP devices, etc. etc. --? Mike Maltby MS-MVP Dwayne wrote: I ran cwshredder and i was able to open windows explorer but the same thing happened when i booted up again. I ran hijackthis but i wasnt sure about any of it. I sent an e- mail to you with the log file. explorer works when i run in safe mode so it must be something that loads with windows. |
#15
|
|||
|
|||
Windows explorer
I removed the kazaa BHO and the motive and the malware,=20
now i can open explorer again. i have not rebboted as yet=20 so i dont know if the problem will return. I know that i=20 have alot loaded but i dont know what the stuff is like=20 loadqm and delayrun pchealth systray. i see them when i=20 ctrl alt del but have no idea what they are. opensite=20 rxmon hkcmd???? Is this junk i have downloaded? Thanx for=20 the help. Dwayne -----Original Message----- Dwayne, I'm sorry but I don't offer support by e-mail. As I=20 mentioned in my earlier post either post your HijackThis log to the thread where=20 I mentioned it of better to the HijackThis forum. OK, I've just had a quick look at the log and one program=20 that worries me is the BHO Kazaa Download Accelerator Updater (KDP12D9.DLL)=20 but you've got so much else loading including loads of ActiveX controls=20 that it difficult to know the root cause of your problems. Another obvious=20 piece of malware is [9YKCKJ.EXE] C:\WINDOWS\TEMP\9YKCKJ.EXE and another=20 [SysUpd] C:\WINDOWS\SYSUPD.EXE (either TSCash http://www.pestpatrol.com/pestinfo/t/tscash.asp or worse=20 Adware.VirtuMonde (http://securityresponse.symantec.com...r/venc/data/ad ware.virtumonde.htm l). I'm also not happy with all the=20 websearch.drsnsrch.com entries but don't know what these are. There are several other startup items you could happily=20 remove including LVComS.exe (installed but not required by your web cam),=20 motmon.exe (used by HP, Dell & Compaq for support), realsched.exe, PCHealth,=20 possibly not ssdpsrv.exe unless you use UPnP devices, etc. etc. --=81 Mike Maltby MS-MVP Dwayne wrote: I ran cwshredder and i was able to open windows explorer but the same thing happened when i booted up again. I=20 ran hijackthis but i wasnt sure about any of it. I sent an=20 e- mail to you with the log file. explorer works when i run in safe mode so it must be something that loads with windows. . |
#16
|
|||
|
|||
Windows explorer
it looks like its the bho kazaa. i run hijack and delete=20
it but it keeps coming back. Dwayne -----Original Message----- Dwayne, I'm sorry but I don't offer support by e-mail. As I=20 mentioned in my earlier post either post your HijackThis log to the thread where=20 I mentioned it of better to the HijackThis forum. OK, I've just had a quick look at the log and one program=20 that worries me is the BHO Kazaa Download Accelerator Updater (KDP12D9.DLL)=20 but you've got so much else loading including loads of ActiveX controls=20 that it difficult to know the root cause of your problems. Another obvious=20 piece of malware is [9YKCKJ.EXE] C:\WINDOWS\TEMP\9YKCKJ.EXE and another=20 [SysUpd] C:\WINDOWS\SYSUPD.EXE (either TSCash http://www.pestpatrol.com/pestinfo/t/tscash.asp or worse=20 Adware.VirtuMonde (http://securityresponse.symantec.com...r/venc/data/ad ware.virtumonde.htm l). I'm also not happy with all the=20 websearch.drsnsrch.com entries but don't know what these are. There are several other startup items you could happily=20 remove including LVComS.exe (installed but not required by your web cam),=20 motmon.exe (used by HP, Dell & Compaq for support), realsched.exe, PCHealth,=20 possibly not ssdpsrv.exe unless you use UPnP devices, etc. etc. --=81 Mike Maltby MS-MVP Dwayne wrote: I ran cwshredder and i was able to open windows explorer but the same thing happened when i booted up again. I=20 ran hijackthis but i wasnt sure about any of it. I sent an=20 e- mail to you with the log file. explorer works when i run in safe mode so it must be something that loads with windows. . |
#17
|
|||
|
|||
Windows explorer
As I have mentioned in two previous posts either post your HijackThis log to
(this) thread or _even_ _better_ to the HijackThis forum. You appear to have so much junk being loaded and running that it is easy to overlook one or more of the vectors that are causing you your problems. -- Mike Maltby MS-MVP Dwayne wrote: it looks like its the bho kazaa. i run hijack and delete it but it keeps coming back. |
|
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Microsoft Security Bulletin MS04-024 - Vulnerability in Windows Shell Could Allow Remote Code Execution (839645) | Gary S. Terhune | General | 2 | July 14th 04 05:06 AM |
Microsoft Security Bulletin MS04-024 - Vulnerability in Windows Shell Could Allow Remote Code Execution (839645) | Gary S. Terhune | General | 2 | July 14th 04 05:06 AM |
Start up problems | Bev mulcahy | General | 5 | June 28th 04 07:56 PM |
Zero-byte D: drive should not show, C: missing from Device Manager | *Vanguard* | General | 8 | June 12th 04 04:19 AM |
can get past MS Windows 98 screen when I turn on the 'puter | henry ostendorf | General | 6 | June 7th 04 08:32 PM |