Help with Broadcaster/Freestuff virus

Thanks. I am going to wait a day or so to delete all the restore points...I still have a feeling, or maybe i'm just paranoid, that there is still something amiss.

many thanks for your help, your group provides an invaluable service.

 

You're most welcome. Happy to help!

 

Thanks again for all your help.

This morning I wake up to find that Windows Live Onecare "successfully cleaned or stopped the unwanted software "

"OneCare took the steps below to prevent the unwanted software from running. "

Program Name: Virus:WM/Wazzu.X
Action: Quarantine Failed

This is the same warning I was getting before my machine really got infected. I don't have any symptoms yet, but do you have any advice on this, or know why the quarantine process always fails with this virus?

 

From what little I can find about it, unless OneCare is using an inappropriate name, that infection is a macro virus that resides in Word Templates.

Please do the following so I can see what OneCare is flagging.

Mail that zip file to me here with a subject line of RE: smitrem

 

this is done...

 

Got it ...... thanks! I'll look it over and let you know something.

 

It's the Old Gateway Email files that are being tagged as Virus:WM/Wazzu.X, well, one in particular. (I edited to insert the Xs)

Path: file:\\?\C:\Documents and Settings\Podcast Manager\My Documents\Email PST files\Older Gateway dump.pst->Message.42092: "XXXX, XXXX [RE: XXXX XXXX conversation]" [2000/04/28 01:25:35]: Attachment.47022: "Online Communities.doc "

If you use WinRar to extract the contents of that zip file to it's own folder, then open the SystemOneCareMP.txt file, you will see it listed toward the bottom of the page. The other option would be to just dump the entire Older Gateway dump.pst file located in C:\Documents and Settings\Podcast Manager\My Documents\Email PST files. Are they really needed?

 

How's it going drewp2? Everything OK now?

 

Hi Noahdfear,

Thanks for checking in with me, much appreciated.

My virus blues have subsided...at least I think they have. but my machine is really performing poorly, and I have to suspect OneCare Live since it all started after that install, and most of the issues seem directly related.

I have been in contact with Microsoft Product Support Services, but they have not provided any useful guidance. For what it's worth and in case you have any guidance, here is the note I sent her yesterday morning in response to her inquiry:

Hi Vivian,

Just going through my new morning routine since installing OneCare:

Open hybernating laptop and log on
Notice that the cpu is running at 100% and that I'm not connected to the home wifi network (previously I never had a problem connecting)
Wait to see if it calms down, it doesn't
I go into Task Manager and manually stop msmpeng.exe
Onecare gives me a warning
Msmpeng.exe is still running, must be another instance of it
I stop the second msmpeng.exe manually
OneCare gives me another warning, is now Off
IntelPro Wireless utility says there was a problem connecting, click the bubble to diagnose
Click the bubble
CPU now running 100%, note that it is DrWiFi.exe that is running 98-99%. the diagnostic utlity does not launch.
Manually quit DrWifi.exe
System conntecs to the home network
I click on OneCare in the system tray to turn it back on
SEcurity Center comes up, says that Virus Protection is Off but does not give me an option to turn it back on
Virus protection turns on by itself
Outlook is running
Hit send receive
Get exclamation points for all the processes (errors)\
Quit Outlook
Relaunch Outlook
Nothing happens
Relaunch Outlook again
Get an Operation Failed warning
Relaunch Outlook 3rd time, Outlook launches normally

The events in this and the preceding email now happen *regularly*.

 

Found this in regards to msmpeng.exe causing problems like yours.

I don't see that you have Windows Defender, so maybe you can apply the same to OneCare, similar to below.