Once again I need some help from you guys-Virus

[Pythagorean]

The last day or so I began having problems with writing emails using Juno. The comp would lock up and when I would cont/alt/delete, I would get messages saying that resources were dangerously low. I saw something called "svchosts" running twice on the task finder.

Then I went to trend micro for a online virus scan (housecall). Something was detected, message during the scan was: clean failed BKDR_TOADCOM.A
at the completion of the scan I got:
Virus TROJ SMALL.AR
non-cleanable
file C:\x.exe

The housecall had a button for "delete" which I did but I am wondering it that was the right thing to do and if it is really gone. (seemed too simple)

Also, on a different note, is there any way I can delete some or all windows temporary internet files or cookies? those files take so long to scan and I was wondering if there was any good reason to keep them on the computer.

Thanks for your help,
Sue

[HAL9000]

Yes... if the file is uncleanable.. 99% of the time, it's a file created by the virus and is safe to delete. Sometimes it's actually a Windows file, so in that case, you need to do a repair installation if your windows refuses to start afterwards.

To delete your TEMP files, just go into the C:\WINDOWS\TEMP folder, hit CTRL-A then DEL.

You can then go into Control Panel, Internet settings, and clear temp files and cookies.

[Pythagorean]

Can I delete the files under 'Temp' and 'Temporary Internet Files'? I have both?

[Pythagorean]

I deleted files under 'Temp' but these would not delete:
~df460b.tmp
~df460e.tmp
~df5268.tmp

what's up with these?

Also the task manager still shows these 2 things running:
Svchosts
Svchostc

I have not seen those before that's why I think they are related to this virus. Can anyone identify what these are?

[pillainp]

svchost: http://www.liutilities.com/products/...brary/svchost/

svchosts: http://www.liutilities.com/products/...rary/svchosts/

svchostc: http://www.sophos.com/virusinfo/anal...ojtofgerb.html

[Pythagorean]

Ok, so I have a trojan and sophos can get rid of it, but I am not a business so buying that program is not an option.

Can anyone give me a hand here? I pretty much feel like I'm making stabs in the dark.

[Redo40]

Try booting into safe mode and deleting the files, then do another virus scan, try Housecall's online scanner, be sure to write down where and what file the virus is if one is found.

You might also want to try The Cleaner.

[Pythagorean]

Quote:

Originally posted by Redo40 Try booting into safe mode and deleting the files, then do another virus scan, try Housecall's online scanner, be sure to write down where and what file the virus is if one is found. You might also want to try The Cleaner.

My first post on this thread indicates the files found by housecall.
I did download "the cleaner" but it did not detect any trojans. I guess this one is not in their database?

[Pythagorean]

I downloaded and ran the Trend Micro Sysclean Package, still BKDR_TOADCOM.A was found and NOT cleaned even though on the (Log states "virus clean failed").

I also tried to manually remove using trend micro instructions but did not find "COMCFG" = "%WINDOWS%\COMCFG.EXE" in the registry.

Still need some help here...

[GaryRouth]

If you've deleted all that you can so far, try the housecall scan again, & see if the TrendMicro tool removed most of it already.

If you are still seeing virus clean failed, does it give you a location for the file? If so, try Roger's idea & remove it in Safe Mode, if you can't when booting normally. Then scan again.

If you have no full-time anti-virus program, AVG has a version free for personal use that has had some positive feedback from users here on the forum. http://www.grisoft.com/us/us_index.php
. . . Gary

[Pythagorean]

housecall gave:
C:\x.exe
as the infected file
I didn't find this file but I did see a C:\y.exe file which was modified the same time as the svchosts and svchostc files were modified which was 2/3/04 at 4:48
I deleted that file while in safe mode, but I still am having problems. What now?

[Pythagorean]

I did rescan with housecall and still got the 'clean failed' message but this time at the end no virus was reported nor any file indicated.

[Mac Medic]

turn off system restore and rescan.

[GaryRouth]

I like oem's idea = turning off System Restore & then rescanning. In WinMe, the details are in Help & Support, but I think it's a simple as right clicking on My Computer - then select Properties - then select System & disable System Restore from the menus there.
. . . Gary

[p.s. ...are you still having system lockups? if so, are they still only in email? ]

[Pythagorean]

Seems to be getting worse, locking up anytime I am on the web. Too many programs running, overloading the comp.

I tried to find this restore under "my computer" "properties", but didn't see anything indicating a system disable or restore.
is it under
'general'
'device manager'
'hardware profile'
'performance'?

[Redo40]

In Win ME:

Right-click on the 'My Computer' icon, and click properties

Click the performances tab

Click the file system button

Now click the repair tab and check the 'Disable System Restore' checkbox

[GaryRouth]

Thank you Roger for the details. I rarely get to see WinMe systems, so I'm a bit rusty on those.

Seems like a combination of antivirus and spyware scanning should eventually get your system cleaned up OK. But I'd still recommend using a real-time antivirus scanner (whether retail or the free-for-personal-use downloads).

But the system lockups while on the web seem strange. I wouldn't attribute it to an overloaded system, usually. That might slow things down badly, but not usually crash the whole works. It can't hurt to look through and identify what's running on your pc at startup and in the background generally. To see what's running at Startup, you can look in your System Information tool, Software environment, Startup. In Windows 98, this is in Start/Programs/Accessories/System Tools/System Information. From the "Tools" menu, you can also select the System Configuration Tool (msconfig) and in one convenient program inspect your ".ini" files, as well as startup items. Not sure exactly where these are in the WinMe menus, but I imagine that with a little looking you'll find them. Two good sites for helping understand background processes, and also great for identifying them, are http://www.pacs-portal.co.uk and http://www.answersthatwork.com

If the system is still hanging while on the web, you have two more repairs you can try: a repair install of IE, and if that doesn't help, an over-the-top reinstall of Windows (you have to disable System Restore for a WinMe over-the-top, & re-enable it after). Over the top details are in http://forum.pcmech.com/showthread.p...threadid=70846

If you were locking up in all kinds of different programs, I'd suspect a hardware problem. But since so far you're only having troulble on the web, start with the cleaning, then go on to some repairing.
. . . Gary