Computer boots up with Spirals going round and round.

A friend of mine just called me and asked for help. I never heard of this before so I would like some advice if possible.

He said when he turns on his computer, he can't get windows to come up, instead he gets like a spiraling picture that just spirals around and around. He would get dizzy or hypotized if he watched it long. He turned off his computer and when he turned it on, the same thing.

Any ideas of what could be wrong? Is it a virus? Where do I go to start helping him fix this problem?

Thank you.

Jean

 

It appears his virus definitions are not up to date. This is an old virus.

W95.Hybris.Plugin

An extract:

NOTE: There are numerous plug-ins available, and they have different characteristics. The most common one displays a large spiral that covers the Windows desktop and prevents you from using Windows. Another plug-in has similar behavior, but displays a solid black circle.

 

Snowhite and the Seven Dwarfs - The REAL story!

 

Once you get him wiped, give him one or more of the following;

HOUSECALL http://housecall.antivirus.com/ (free scan)

SYMANTEC http://security2.norton.com/ssc/home.asp?j=1&langid=us&venid=sym&plfid=23&pkj=HQFQBMRSJRFSKLUKUMX (free scan)

GRISOFT http://www.grisoft.com/html/us_index.htm (free AV software and updates)

TROJANS TAUSCAN http://www.agnitum.com/download/ (free trial)

PANDA http://www.pandasoftware.com/ (free scan)

I recommend Grisoft for residency on his drive. They're all freebies!

 

aleekat - I downloaded the tool to fix the W95.Hybris.Plugin and followed all the information but it didn't find any infected files.

I'm back home again trying to download the information that brett sent on the Snowwhite & Seven Dwarfs because I couldn't download the files on his computer as the spiral takes up 3/4 of the screen and it is impossible to see the good windows.

If any other help other than my trying to download Sophos Enterprise Manager is available, I would love to have it, as I don't understand what they are talking about.

Thanks,
Jean

 

Follow the instructions part way down this page to delete the plug-in (this'll stop the spiral). Then run the Housecall scan linked to by Daizy.

 

Unkindest of "cuts" brett

 

brett - I don't thnk I understand the instructions on how to disable the spiral.

It says:
Removal instructions for the black and white spiral or black circle:
The spiral or circle loads from the run= line of the Win.ini file. In most cases, because the spiral will prevent you from opening programs, you need to:

1. Run LiveUpdate and run a full system scan.

I can't Run Live Update because the spiral is in the way.

4. Remove the reference to the plug-in from the Run line of the Win.ini file.

How do I remove the reference to the plug-in from the Run line of the Win.ini file.

How do I get the Win.ini file showing?
When I do, will the reference say:
W95.Hybris?

6. Extract the Wsock32.dll file from the Cab files.

Do not understand step 6.

Help please before I try anything.

Jean

 

Boot up with a win98 start up floppy and boot up with cdrom support. Have the windows cd handy and note the drive letter given to the cd at bootup. It will appear in a message on the screen. Leave the floppy in.

At the a:\prompt type in:
edit c:\windows\win.ini <enter>

At the beginning of the file you will see two lines, one is load= , the other is run= , there should not be anything after the = sign, if there is use the arrow keys and backspace it out. To exit, hold down the ALT key and press F, use the arrow keys to highlight save, or exit if nothing was done. Hit enter.

Then do this at the a:\ prompt exactly:
c: <enter> (will be c:\ prompt now)
cd\windows\system <enter> (will be c:\windows\system)
extract /y x:\win98\precopy1.cab wsock32.dll <enter> (x being the drive letter of cd)
It should answer back 1 file extracted.

Take out the floppy and boot up and see what happens.

 

Hi,
I was able to go into Windows, msconfig, and turn off the run=C:system (etc) and that seemed to stop the spiral. Then I tried to download Norton Virus 2002, after uninstalling his very old McAfee Virus Protector.

It took me to a (dos) screen that said it was scanning for a virus and took several hours to complete but said that it found the W32/Hybris and that now the Wsock32.dll file was repaired

When this was done, I tried again to install Norton and I get the Install screen and it goes to maybe two more screens but then it stops and refuses to load.

I then tried as suggested to boot with a 98 floppy and edit C:/windows/win.ini . I found the load= but there was no run = so I promptly got out of this screen.

Right now I brought the computer home with me and I'm trying to download Housecall Scan to see if I can make any progress.

Any other suggestions will be most helpful.

Jean

 

Just an update to my last post.

Housecall found 50 infected files with the W32 virus, and also the Worm Klez.

I deleted all the infected files except one, it said it was in use. How do I delete this one: C:\Windows\System\winknv.exe?

Looks like we are making progress.

Jean

 

I can't find any reference to the file you couldn't delete as it was in use.

You can use the boot instructions from above to get to a DOS prompt and then

Del c:\windows\system\winknv.exe

which will make it go away. It won't be in use since windows hasn't been started.

May I also suggest that you tell your friend that if his/her system gets trashed by viri in the future (and especially really old ones) that he/she is on his/her own.

Ignorance might be a reasonable excuse once for letting a system get eaten. Twice though would be just plain careless. And in that case, your friend would in effect be saying to you, "Hey there buddy, pal, friend. I was careless again and I want you to spend lots of time rescuing me from my carelessness. "

 

After you delete the winknv.exe, run another virus scan. That file was klez and it was running. The computer may have a couple of more infected files. This page discusses wink plus random charactors to get the name winknv.

 

They should rename the Klez virus to the Wink virus. This is at least the fourth or fifth time someone has asked what the file winkxx.exe is doing on their computer.

It is getting easier to find but just a few weeks ago, typing "wink" into the search field at any of the AV centers wouldn't get you a single hit. It does now.

Regards

 

Oh boy, I'm really getting frustrated with this virus problem. I think I may have gotten rid of the viruses but I can't seem to install a virus checker to the system. I tried installing Norton 2000 and it goes through a couple of screens and then just stops and won't go any further. No message, I just hit NEXT, and it doesn't do anything.

I then downloaded PC-cillin 2002 to try to run a full system scan. It gave me this error message: Setup has detected that McAfee VirusScan is already installed. Please uninstall it and start Setup again.

I uninstall McAfee yesterday before I tried anything as it was 2 years old and never updated. I searched the hard drive for McAfee and there is nothing on the system. I just don't know where it is hiding.

Right now as I'm typing I am downloading the free AVG Anti-Virus and I'll see if I can install that.

If not, I just don't know what to do.

I'll keep you posted.

Jean

 

I have no doubt that MacAffee left some entries in your registry at Hkey_Classes_Root\CLSID and at Hkey_Local_Machine\Software and these were detected. Go here and get Regcleaner. After installing and running Regcleaner, I would delete the MacAffee entries under the Software tab, the program will start at this tab already selected. Then go to Tools\Registry Cleanup\Do Them All. It will find old and obsolete keys for you.

 

Thank you for all your help. I have AVG virrus working and it says that there are no viruses. Also that Registry Cleaner really did the trick. The computer seems to be working OK now so I will tell him to keep his virus definitions up to date but if he doesn't and gets another virus, he will have to take it somewhere else.

This was too much of a pain.

Thanks everyone for all the help you provided. It was much appreciated.

Jean