If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
virus vs, hardware
Sorry this is along one
Dear J J=20 AVG Technical Support Thank you for your quick response. The information from autorun you requested follows (I don't know what the NT login is about) see below HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce\ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnceEx\ HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\ + RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp + C:\PROGRA~1\GRISOFT\AVG7\AVGCC.EXE /STARTUP + C:\PROGRA~1\GRISOFT\AVG7\AVGAMSVR.EXE HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run\ + C:\TOOLS_95\REGRUN2\REGRUN2.EXE /c C:\WINDOWS\All Users\Start Menu\Programs\StartUp C:\Windows\Start Menu\Programs\StartUp HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServices\= + RUNDLL32.EXE TWEAKUI.CPL,TweakLogon HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServicesO= nce\ HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\RunServices\ HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\RunServicesOn= ce\ HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\RunOnce\ HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\RunOnceEx\ C:\WINDOWS\win.ini + +=20 I run regrun2 from GreatisSoft on startup, which lets me know if any of the startup files have changed. Good utility. Here is the info. from the registry regarding the WindowsNT=20 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "AutoAdminLogon"=3D"0" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"=3D"APITRAP.DLL" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\aeDebug] "Debugger"=3D"" "Auto"=3D"" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Drivers32] "msacm.lhacm"=3D"lhacm.acm" "msacm.msaudio1"=3D"msaud32.acm" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\drivers.desc] "lhacm.acm"=3D"Lernout And Hauspie Codecs" "msaud32.acm"=3D"Windows Media Audio" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\Currentverion] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\Currentverion\Winlogon] "DontDisplayLastUserName"=3D"0" The following information as you requested operationg system version Microsoft Windows 98 4.10.2222 A=20 AVG program version 7.0.253 AVG file version 7.0.0234=20 Virus database of AVG version virus base 263.3.8 =20 Release 6/30/2004 =20 I agree that I am divided about hardware vs. virus, just as people I solicit opinions from are. The following examples of error messages I received while hanging repeatedly while forming this reply make me wonder about virus.=20 One was for AVG hanging with the following message verbatim V aVsdVagVn VIpVoeVtoV aVI The second only had the following no title: W_u_d_y_u Yes No Cancel The third is that when I get the shell of Outlook express to start there is a long string of intelligible garbage on the splash screen (garbage in garbage out?) I don't think so because it is there everytime. These are just some examples from today I have noted. 1. When restarting after hang when scandisk runs in Dos mode it checks and fixed C: drive and always quits on D:, displays following error then opens windows or hangs Error 35: General protection fault in c:windows\command\scandisk.alt at 0E88:35BD Code ...... 2. On several occasions when trying to execute an .exe file (especially anti-virus software) the following error code is displayed. Restrictions This operation has been cancelled due to restrictions on this computer. Please contact your system administrator. I am the only one who uses this computer and I have double checked that restrictions have not been set up sureptiously (sp?) 3. On several occasions folders in Outlook express were wiped out. 4. Outlook Express started not being able to load dll's such as msoe.dll no amount of reinstalling, uninstalling and restoring would appease it and it is no longer operable. 5. Internet explorer the same thing. I can only get the shell up and I can't access windows update without it. 6. So I switched to Netscape which I have only had to reinstall once due to mail settings dissapearing and the same types of problems as above. 7. Files I download are often corrupted. 8. Restarts on it's own with no provacation. 9. Explorer hangs constantly and always at least once at shutdown of windows. Cannot use anything associated with explorer. For example I cannot access control panel. I have got around this by finding .cpl files & shortcutting them to desktop. 10 . Trying to open some .exe files especially virus software Access violation at address 00440069. Read of address 4DF8AB0C 11. Constant: A fatal exeception OE occurred at 0028:c0014E88 =20 at 0028:C025832B in VXD Shell (11) + 00000BE7 =20 at 0028:C009188A in VXD SYMEVENT(02) + 0000422E =20 at 0028:C0005257 in VXD VMM(02) + 00004257 =20 called from 0028:C02528C8 in VX3Shell(10) 12. Explorer caused an invalid page fault in module kernel32.dll and other .dll files. 13. I switched to AVG when Pctools started using up too many resources. Now I cannot even get a trial version of PCTOOLS to load. I can not use AVG trial version if I want to open ANY other programs due to hangs. The free version seems OK. If I only open one program at a time. I have saved this file at least 20 times because I never know when I am going to be cut off. I hang everytime I try to initiate virus scans from companys on the internet. 14. I have found no viruses except once from accross the room I saw a virus found dialogue box behind other error messages. By the time I got over to the monitor it had rebooted. 15. My modem receive and send buttons are constantly flashing when the only program running is AVG in the background even when in DOS at startup. My Regards :-)=20 Ms. Tracy Poole =20 AVG Technical Support wrote: Dear Sir/Madam, Thank you for your email. The problem description does not seem like a virus problem at all, this seems like a hardware problem. But just for sure, there is an Autoruns utility attached to this message. The attachment is an archive, that can be extracted by WinZip or WinRar programs. After thath run Autoruns.exe. The utility displays a list of applications that are launched on Windows startup. Please copy this list to Windows Clipboard by a "Copy" button then reply this e-mail and insert the contents of the clipboard to the body of message (you can use Ctrl+V shortcut to get Paste function quickly). Please, describe also the problem that appears on your PC in detail and mention the operationg system version, AVG program version and a Virus database of AVG version, too. Best regards, J J=20 AVG Technical Support |
#2
|
|||
|
|||
virus vs, hardware
If not using any spyware removal tools start here now.
IMPORTANT: Before trying to remove spyware, download a copy of LSPFIX from the URL below - some malware may kill your internet connection when it is removed, this program will enable you to regain your connection. http://www.cexx.org/lspfix.htm http://www.spychecker.com/program/winsockxpfix.html (if your OS is Win2k or XP) Internet Explorer Ver. 6. Try this: Tools Internet Options Advanced Browsing Uncheck the Enable 3rd party browser extensions If this clears your problem then find out who the culprit(s) is/are with these tools. Let AD-Aware Scan your system for advertising Spyware http://www.lavasoftusa.com and: SpyBot-S&D http://security.kolla.de/ p.s Reset the 3rd party browser setting. Mo This may be caused by a third-party program (adware, spyware, parasite). Get AdAware and SpyBot and run them both. Keep them up to date. Dealing with Unwanted Spyware, Parasites, Toolbars and Search Engines http://mvps.org/winhelp2002/unwanted.htm Additional link: http://aumha.org/a/quickfix.htm You may need this removal tool. Mo Complete list by variant with up-to-date information. http://www.spywareinfo.com/~merijn/cwschronicles.html Mo Removal tool: http://www.spywareinfo.com/~merijn/files/CWShredder.exe CWShredder - Tutorial http://www.bleepingcomputer.com/foru...howtutorial=47 -- Hidden malware can be identify in the registry. Go to http://www.spywareinfo.com/downloads.php#det Download "Hijack This!" [freeware] or download direct (below): http://www.merijn.org/files/hijackthis.zip If you get a 404 error or Access denied, try: http://216.180.252.218/~spywareinfo....hijackthis.zip Unzip the Download file in a NEW FOLDER that you can create before you start the download. DO NOT install in your Desktop folder. DO NOT use any of the TEMP folders that are presently in your computer. Double-click "HijackThis.exe" and Press "Scan". When the scan is finished, the "Scan" button will change into a "Save Log" button. Click: "Save Log" (generates "hijackthis.log") Next, HijackThis | Config [button] | Misc Tools [button] Click: Generate StartupList log [button] (generates "startuplist.txt") Next, go to the below location: http://www.spywareinfo.com/forums/ Sign in, then copy and paste both files in your message. HijackThis Quick Start Help http://www.tomcoyote.org/hjt/ The Tutorial if you want to know more about the results or the .log file. http://www.merijn.org/htlogtutorial.html Henri Leboeuf Web page: http://www.colba.net/~hlebo49/index.htm === "Tracy Poole" wrote in message ... Sorry this is along one Dear J J AVG Technical Support Thank you for your quick response. The information from autorun you requested follows (I don't know what the NT login is about) see below HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce\ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnceEx\ HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\ + RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp + C:\PROGRA~1\GRISOFT\AVG7\AVGCC.EXE /STARTUP + C:\PROGRA~1\GRISOFT\AVG7\AVGAMSVR.EXE HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run\ + C:\TOOLS_95\REGRUN2\REGRUN2.EXE /c C:\WINDOWS\All Users\Start Menu\Programs\StartUp C:\Windows\Start Menu\Programs\StartUp HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServices\ + RUNDLL32.EXE TWEAKUI.CPL,TweakLogon HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServicesOnce \ HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\RunServices\ HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\RunServicesOnce\ HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\RunOnce\ HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\RunOnceEx\ C:\WINDOWS\win.ini + + I run regrun2 from GreatisSoft on startup, which lets me know if any of the startup files have changed. Good utility. Here is the info. from the registry regarding the WindowsNT [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "AutoAdminLogon"="0" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="APITRAP.DLL" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\aeDebug] "Debugger"="" "Auto"="" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Drivers32] "msacm.lhacm"="lhacm.acm" "msacm.msaudio1"="msaud32.acm" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\drivers.desc] "lhacm.acm"="Lernout And Hauspie Codecs" "msaud32.acm"="Windows Media Audio" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\Currentverion] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\Currentverion\Winlogon] "DontDisplayLastUserName"="0" The following information as you requested operationg system version Microsoft Windows 98 4.10.2222 A AVG program version 7.0.253 AVG file version 7.0.0234 Virus database of AVG version virus base 263.3.8 Release 6/30/2004 I agree that I am divided about hardware vs. virus, just as people I solicit opinions from are. The following examples of error messages I received while hanging repeatedly while forming this reply make me wonder about virus. One was for AVG hanging with the following message verbatim V aVsdVagVn VIpVoeVtoV aVI The second only had the following no title: W_u_d_y_u Yes No Cancel The third is that when I get the shell of Outlook express to start there is a long string of intelligible garbage on the splash screen (garbage in garbage out?) I don't think so because it is there everytime. These are just some examples from today I have noted. 1. When restarting after hang when scandisk runs in Dos mode it checks and fixed C: drive and always quits on D:, displays following error then opens windows or hangs Error 35: General protection fault in c:windows\command\scandisk.alt at 0E88:35BD Code ...... 2. On several occasions when trying to execute an .exe file (especially anti-virus software) the following error code is displayed. Restrictions This operation has been cancelled due to restrictions on this computer. Please contact your system administrator. I am the only one who uses this computer and I have double checked that restrictions have not been set up sureptiously (sp?) 3. On several occasions folders in Outlook express were wiped out. 4. Outlook Express started not being able to load dll's such as msoe.dll no amount of reinstalling, uninstalling and restoring would appease it and it is no longer operable. 5. Internet explorer the same thing. I can only get the shell up and I can't access windows update without it. 6. So I switched to Netscape which I have only had to reinstall once due to mail settings dissapearing and the same types of problems as above. 7. Files I download are often corrupted. 8. Restarts on it's own with no provacation. 9. Explorer hangs constantly and always at least once at shutdown of windows. Cannot use anything associated with explorer. For example I cannot access control panel. I have got around this by finding .cpl files & shortcutting them to desktop. 10 . Trying to open some .exe files especially virus software Access violation at address 00440069. Read of address 4DF8AB0C 11. Constant: A fatal exeception OE occurred at 0028:c0014E88 at 0028:C025832B in VXD Shell (11) + 00000BE7 at 0028:C009188A in VXD SYMEVENT(02) + 0000422E at 0028:C0005257 in VXD VMM(02) + 00004257 called from 0028:C02528C8 in VX3Shell(10) 12. Explorer caused an invalid page fault in module kernel32.dll and other .dll files. 13. I switched to AVG when Pctools started using up too many resources. Now I cannot even get a trial version of PCTOOLS to load. I can not use AVG trial version if I want to open ANY other programs due to hangs. The free version seems OK. If I only open one program at a time. I have saved this file at least 20 times because I never know when I am going to be cut off. I hang everytime I try to initiate virus scans from companys on the internet. 14. I have found no viruses except once from accross the room I saw a virus found dialogue box behind other error messages. By the time I got over to the monitor it had rebooted. 15. My modem receive and send buttons are constantly flashing when the only program running is AVG in the background even when in DOS at startup. My Regards :-) Ms. Tracy Poole AVG Technical Support wrote: Dear Sir/Madam, Thank you for your email. The problem description does not seem like a virus problem at all, this seems like a hardware problem. But just for sure, there is an Autoruns utility attached to this message. The attachment is an archive, that can be extracted by WinZip or WinRar programs. After thath run Autoruns.exe. The utility displays a list of applications that are launched on Windows startup. Please copy this list to Windows Clipboard by a "Copy" button then reply this e-mail and insert the contents of the clipboard to the body of message (you can use Ctrl+V shortcut to get Paste function quickly). Please, describe also the problem that appears on your PC in detail and mention the operationg system version, AVG program version and a Virus database of AVG version, too. Best regards, J J AVG Technical Support |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Virus?? | General | 4 | June 30th 04 10:27 PM | |
virus | Eric | General | 5 | June 22nd 04 01:26 PM |
Virus scanning issues | Childsplay | General | 14 | June 19th 04 01:27 AM |
Winlogon.exe infected with Virus | Dave | General | 1 | June 9th 04 08:59 PM |