Solved Virus \ spyware?

[Resolved] Virus \ spyware?

Keep getting this popup with reference to different applications.

"Application Error - userInit.exe" - "The instruction at "0x7c901010 "
reference memory at "0x052f273C ". The memory could not be "read ".
Click on OK to terminate the program."

Posted this post in WinXP forum.

Did the Kaspersky scan last night and got the following result. Quite a few files are locked, is this normal ? Only three files are 'infected'. What should I do with these files?

Here is HijackThis log. A number of entries here I have a no clue what are doing?
Should I perhaps perform some sort of cleanup or is everything ok?

What do you guys think?

 

Hi laasunde

Locked objects are quite normal, and I see none of them that appear to be malicious.

Are you using the BluesPortScanner? It's detected as malicious due to it's behavior and abilities.

You appear to have a couple of unknowns though ........ tied to your Winsock stack.

O10 - Unknown file in Winsock LSP: ptmp2004.dll
O10 - Unknown file in Winsock LSP: ws2lspx.dll


Please see if you can locate those two dll files, then upload them to my submission channel for analysis. Leave a link back to this topic. Thanks!

 

Both files have been uploaded.

Much appreciated

 

One of those files references xuebrothers. Did you install MyWeb from xuebrothers?
http://www.xuebrothers.net/myweb/myweb.htm

The other mentions Socket Spy, which implies part of a tool that monitors TCP and UDP port connections. Have you got any such application?

 

Fairly certain I had IP & Socket Monitor from xuebrothers and also Socket Spy installed at some point. Both have been uninstalled some time ago.

Do you reckon they have left some garbage on computer?

How do I 'fix' this ?

Thanks for your help.

 

Yes, they have left files in the Winsock stack. The Winsock stack is what enables data transmission in and out of your computer. If the stack gets broken you will lose internet connectivity and connectivity to any networked computers. We can remove them from the stack with a tool.

• Download LSPFix.exe
• Save it to the desktop.
• Close all open browser windows.
• Open LSPFix, check the box 'I know what I'm doing'.
• Select each entry for the following two files and use the >> button to move them to the Remove column.
• Click Finish.
• Reboot the machine.

How many memory modules (sticks of RAM) does your computer have?

 

Followed your instructions and it appears the popups have gonna away.

Cheers

 

That's good news!

Please post a fresh HijackThis log for me, if you don't mind.

 

Sorry for the delay

 

Looks good. Scan with HijackThis and fix the following entry.

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)


Everything seem to be working as it should now?

 

Everything is working now

 

Glad to hear it.