|
Posted by =?Utf-8?B?UGFuZGFfbWFu?= on September 10, 2006, 6:35 am
If you were Registered and logged in, you could reply and use other advanced thread options
My reply is at the bottom of your message :
"spgandau" wrote:
> Windows XP home edition SP2
> IE 6.0.2900
> AVG free edition
> Spybot S&D
>
> My daughter clicked on a link and I got infected with this virus.
> I discovered the problem when I used Spybot S&D to scan my machine.
> I used AVG free edition to scan the entire computer. There were four
> instances of the virus in the System Volume Information\_restore.... location.
> I was able to get into the System Volume Information and used AVG to move
> the infected files into the Virus Vault.
>
> Next, I re-ran Spybot S&D to get the exact message information related to
> the problems discovered.
> The registry has been changed by the trojan, and this is where my
> question(s) lie:
>
> 1. HKLM\System\CurrentControlSet\Services\wscsvc\Start!=W=2
> SpyBot S&D shows that the above line is a security breach, and it directs me
> to this line in the registry.
>
> Anyone know where I can get exact information? I have read the MS security
> related to a similar version (Generic3.BGG), but the registry keys that
> Microsfot refers to are called "wgavm" and "wgareg".... and apparently they
> are bogus keys and need to be deleted...??
>
> Question: Is wscsvc a legitimate entry? It would appear that wscsvc was an
> added entry created by the trojan, but I am not sure. Can I delete the
> entire "wscsvc" key?
>
> 2. There are changes made in the antivirus, firewall, and SP2update settings
> that shut them down. Any advice on how to correct the registry entries would
> be appreciated. I used Control Panel / Security settings, but the firewall
> was "locked OFF", and it would appear that I have lost administrator
> privileges to reset the firewall to "ON". Is it possible that the mscsvc key
> controls these settings?
>
> See below for relevant entries made by Spybot S&D:
>
>
Hello ! Slow things down , your computer is still not clean to touch the
registry.
Perform stricktly the instructions here to remove all the malware you have :
http://pandaman.my.contact.bg
http://pandaman.my.contact.bg/Gen_MRI.htm
Leave Spybot S&D fix what is has found , the same applies to all other
applications offered.
After that , if you have problems with starting Windows Firewall from
Control Panel -> Windows Firewall , try and read these:
Due to an unidentified problem, Windows cannot start Windows Firewall error,
try:
Start->Run
type:
regsvr32 hnetcfg.dll
and press ENTER
Also read these:
http://support.microsoft.com/default.aspx?kbid=875357
http://support.microsoft.com/kb/920074/en-us
--
Panda_man
Bronze level Contributor
| 
XML site map