trojan virus in my computer

For about two months now have had problems with my computer. Most are solved for the time. I was directed to Housecalls who found a Start Page A trojan which they told me to delete, but some of the problems are still there. I get error messages such as Winword has performed an illegal action ... concerning USER32.DLL, also GDI32.DLL. Computer won't let me open Word 2000 and shuts it down. Has anyone come across this problem and is there a solution or do I have to save everything and start over with installing the operating system?

 

mary651,

Welcome to the board! If all your messages relate to Word, I would suggest backing up your Word files and reload Word 2000. Make sure to uninstall the program first, reboot, then reload. Hopefully, that will get you going again.

By the way, I could not find any reference to a Start Page A virus at the Norton site. Did Housecalls give another name for the trojan?

Mike

 

I would guess that "Start Page Trojan" is simply a generic referral to some form of homepage hijacking - have you had any problems with your homepage changing?

Follow the steps described in the link above, run Spybot and see whether things go back to normal.

If not, post back with details of the full and complete error message(s).

 

The Start Page A is an alias for TROJAN.WINREG.START according to Housecalls. Sorry should have put that in. They told me what to do to fix the Registry, but didn't find the OPQ file to delete in the Registry. The path to take was start>run>, type REGEDIT andenter.HKEY_LOCAL_MACHINE>Software>Microsoft>Windows>CurrentVersion>Run. In the right panel, locate and delete the registry entry: OPQFile. Gateway has been working with me on this, which is who brought me to Housecalls. I have AVG anti-virus which is always up to date. Thinking that the free version might have let a virus through, I downloaded a free trial of Norton which I ran and it found one infected file and told me it fixed it, so Norton did not detect the virus either. Only Housecalls. I have tried to uninstall and reinstall Word 2000 with no solution. Computer is touchy still and will give me the error messages if I try to rush it, same error message for shutdown in different modules. This morning in KERNEL32.dll, which I know is not a good place to have a problem. Does anyone have a solution for me? I thank you for all of your quick responses.

 

Can you post the full error message?

 

trojan in my computer

Sorry Brett, I should have thought of that. The actual message was: This program has performed an illegal operation and will be shutdown. If the problem persists, contact the program vendor. When you click on "details" you get. Winword has caused a page fault in module GDI32.DLL. Depending on the situation it could be in module USER32.DLL and this morning as I said I was kind of rushing the computer it was in module KERNEL32.DLL caused by Iexplore instead of Winword. It is always the same message as above only with the different modules that it occurring in and it always shuts the program down and won't let it open. I have tried to replace the portion of Windows 98 by using the option to replace one file. I have done this with the GDI32.DLL and USER32.DLL but it hasn't helped. I just keep getting the same error messages. I am hoping that I can fix it somehow without having to reformat the harddrive as has been suggested by a close friend who has told me I would have to reformat it twice to get it completely cleared and then would have to start loading back in all of my programs. He said it is quite a chore. Thanks for your help.

 

Mary you never said if you downloaded and ran SpyBot as Brett directed.

Please do so! You should also clean all windows and internet temps.

Additionally download and run Adaware

http://www.lavasoftusa.com/downloads.html

These 2 programs can clean things from the internet that can do the things you describe! Delete all they find!

Additionally you can do an online Trojan/Worm scan at

http://www.anti-trojan.net/at.asp?l=en&t=onlinecheck

Do these things and let us know the results.

Mike

 

This Trojan?

I'd run a free ONLINE virus scanner, such as Housecall (Who you got sent to?) Do run another scan?

If you're running Windows ME... you'll have to disable the system restore?

Daizy

 

trojan effects still there

I have done the whole thing guys. Hijackthis, Spybot, Ad-aware. Tried to run the Trojan scan, but must not have had the right IP number as it wouldn't run. I have deleted all you have told me to, but the computer is doing the same thing. Same error messages trying to open Winword 2000, also have a program called WinMx that I couldn't get to work before and it still doesn't, also with the same error messages. In the registry, I used "msconfig" to see what was selected and was upset to find there are no "Scan Registry, Taskmonitor, or Systemtray" anywhere even to select. What happened to them? How do I get them back. The computer is starting really sluggish. According to the tech I spoke to at Gateway that the only things I actually needed to select for the registry were them and "Load Power Profile" which before there were two of, so only one was deleted. Help!!!!!!!!

 

Ok! Mary you are probably correct, these are the effects left from the trojan!

If you want to continue, then do the following!

Since the online trojan scan did not work D/L and run the following trogan/worm scanner

http://www.agnitum.com/download/tauscan.html

It is possible that the trojan was still there when you last reinstalled winword!

And mabe you only reinstalled over winword instead of a full uninstall before a full new install.

But to be sure do the above tau scan then do the following steps do these iregardless of the results of the trojan scan:

1 D/L and install, but do not run these 2 registry cleaners

RegCleaner http://www.vtoy.fi/jv16/shtml/regcleaner.shtml

EasyClean1.7 <http://gswi.com/downloads.htm>

2. Boot to safe mode.

3. Run all of Easyclean except duplicate files. On the Start menu cleaner of Easyclean do not force any item it does not want to delete.

4 Run Regcleaner look in the 1st & 2nd cols for any thing to do with this start page thingie if any and delete. While here you may see references to programs you are sure you have uninstalled in the past. If you are sure then you may delete these also.

Still in RegCleaner look in Startup list and clean if nessesary, then go to Tools-registry-do them all.

Reboot to full mode.

Uninstall the problem program probably should be full office suite if that is what you have.

Reboot to complete the uninstall, then reinstall!

mike

 

You do need both load power entries on the startup. Here is an somewhat easy way to restore both of the loadpowerprof and the systray. Copy and paste the following lines exactly as they are into Notepad. Have the wordwrap unchecked under Edit on the Toolbar. It will not appear correctly in this post, however each line must be on it's own line. A line begins and end with a [ ], or " " . When you save it, Save As all file types and name it Anyname.Reg . Then double click the saved file, you get a confirmation window asking you to merge this file into the registry. Select Yes.

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
"LoadPowerProfile "= "Rundll32.exe powrprof.dll,LoadCurrentPwrScheme "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ScanRegistry "= "C:\\WINDOWS\\scanregw.exe /autorun "
"SystemTray "= "SysTray.Exe "
"LoadPowerProfile "= "Rundll32.exe powrprof.dll,LoadCurrentPwrScheme "

The Taskmon is not a requirement, it is there to monitor which programs for gets used the most for optimizing by Defrag.

This WinMX may be your problem. You have stated that it has not worked, yet. If the problems started arising after installing this program, I would ininstall it. I have the feeling that it may have installed a system file that is of a previous version, or versionitis. You haven't mentioned your operating system, but have you run System File Checker [sfc.exe]?

 

Mary Mark is correct!

Uninstall the WiMX also. I have several friends that use this, it seems when some new versions of this program come out some old ones quit working??

When you reinstall make sure to get the latest version.

However only install winmx after correcting your winword problem.

I don't think it caused this problem.

On the loadpowerprofile, it normally will not cause this type of problem.

Additionally you do not need them if you have power management turned off in the BIOS!

Mike

 

I do not think that your remaining problems are linked to the Trojan infection. The Trojan is question is nothing more than a harmless annoyance (hence the fact that it isn't detected by Norton et al) which does nothing other than change some of IE's default options. It would not be responsible for the problems you are currently experiencing with Word.

I'd suggest that you remove any programs which you installed immediately prior to the onset of the problem, backup your documents, unistall Word, reboot and then reinstall.

 

If those items are actually missing form the Start up tab in msconfig, then combined with the kernel32, user32 and GDI32 errors, I think what we have here is possibley a corrupted OS. ( VERSIONITUS )

Maybe even some regcleaner has done a little too much.

I would use the suggestion by mflynn and un-install WiMX ( he knows what the program is, I don't ) and then re-install the OS.

How you would do this on a Gateway I have no Idea.

But before doing same. Make sure the C:\Windows\temp folder is empty. Make sure the recycle bin is empty. And as someone else suggested and your are using ME make sure the System Restore is shut down. Then run a scandisk set to do a through check.

At least this is my assement of what the problem(s) might be.

BillyBob

 

Hi BB

No I would not reinstall the OS yet!

Just the WinMx and Office (winword) and reinstall Office 1st after completeing the proceedures in my last message!

If this does not correct it then maybe.

Brett is correct this is a pretty harmless virus but it (or an attempt to clean it) could cause a few small problems.

I don't think they have run any regcleaners yet before my suggestions. Don't know if they have even run them yet.

Hey BB things got rough here in NC. I was without power for only an hour or 2 but there are 20,000 without power in Lexington where I live, 50,000 in Winston Salem 20 miles away, 30,000 here in High Point where I work. I am at work now just found out several of my coworkers have been without power for 2 days now.

I hope it is warm and sunny there! Smile!

Mike

 

I hope it is warm and sunny there! Smile!

It is not warm but it is and then it is not sunny. Can't seem to make up its mind.

We did not get hit as hard as you did cause I believe that down that way you had more than just snow,

We got about 8" but 10 miles South West of us got about 12 "

Just the WinMx and Office (winword) and reinstall Office 1st after completeing the proceedures in my last message!

The idea I agree with. But is that going to replace the missing items in msconfig ? If those are missing there could be other things missing ( or corrupted ) also.

BillyBob

 

Well Mark gave her the instructions for what is needed!

What I am a little concerned about is that they may have another Trojan that has not shown up yet. They tried an online and it would not run. Hence my reccomendation that they download and run TAU first.

We for sure don't want to reinstall untill clean!

I was going to deal with the missinsg itiems in startup after confirming no Virus/Trojan and the Winword was repaired. But they can be added now!

Mike

10-12 inches. Mmmm We only had a couple but it turned into rain which then turned into ice. All trees look like Weeping Willows. Tree limbs broke every where. I saw some trees that fell over and uprooted.

 

650,000 lost power in the Charlotte area. Best guess now is next Wednesday to have everyone back to normal.

 

Am grateful for all of the replies I have received. I keep referring back to them to follow up on solutions. I have Windows 98 OS. I think I have made things worse by using a feature called backtrack from the initial Gateway installation in the Help Spot that uses a picture of your harddrive taken on an earlier day to restore it back to that date. I thought if I did this I could get the Scan Registry, LoadPowerProfile, Systray, and Task Monitor back. I brought the listings back, but I am sure the files are not there as it is not working well. So before doing as Mark said about restoring these using Notepad I should go back and delete these phony files so I have the real ones in there. Does the systray, loadPowerProfile, or Scan Registry have anything to do with my printer not working. It just seems to be one thing after another. Can't get it to print any of the instructions from you guys to have as hard copy to follow when working on anything, so have to write them down in longhand. If these new suggestions don't work I will have to look into how to save all of my information on the computer and try to re-install the OS. I hope one of you will walk me through that if it is needed. I am a little apprehensive about wiping out everything as I have Family Tree Maker installed and have several hundred entries which I would not want to re-enter. I will need a lot of help if this turns out to be the case. I have not run the registry cleaners as of yet. I need to get back my loadpower, systray. and what about the "Scan Registry "? How do I get that back or is it not needed? It says on some of the disks that some of the information has been installed at the factory and is not on the disks that came with my computer. If that is the case and I have to re-install the OS would I have everything I need to use on the Windows 98 disk?

 

trojan in my computer

Sorry, I had to do this in two parts because I clicked on how long my message was and it wouldn't tell me. That is messed up, too. I can't use my normal IP page for searching on the internet as it won't work, so have to use the default of MSN.com for searching. Hopefully, if I get this startup repaired these things will again work. I did run the last trojan scan you sent me to, Mike, and it didn't find anything. I then went to the housecalls site and ran that one again as it did find the initial trojan and that one didn't find anything either. I am working on the solutions today so I will keep checking in with this site to see if you have added anything new for me.