trojan virus in my computer

Hi Mary

I guess it is info overload while in a Senior Moment (day)!

But please tell me what don't work now.

Confine to only what don't work or is missing.


Mike

 

Just checked in to see what you had to say. Am about to start the process of doing the EasyClean and Reg Clean. Just followed the instructions from Mark and hope that the things are back in the startup the way they should be. I need to check on the printer now that that is done to see if that was its problem and will run the reg cleaners in the safe mode as instructed. At first I couldn't get the EasyClean to install but now that the work has been done on the startup things it installed for me. I will finish the work I am doing and give you a final report as soon as I am done. Thanks again for not giving up on me.

 

10-4 Mary.

Mike

 

Mike,
I ran EasyClean as directed in Safe Mode. I have one question, it warns you not to delete everything because the system may need some of the listings. I had about 325 and I deleted what I thought might not be needed, but it does not tell you what is deleteable as does the RegCleaner. Can I safely delete what is listed or what do I look for? Also have another annoying problem. When I used BackTrack, it put back a "pointer" in the startup that was associated with the Symantec/Norton Anti-virus trial version I had downloaded to check for viruses, which I have un-installed. It says the SYSTEM.INI file still is looking for the file and it is not there. On startup I get many sentences telling me to re-install the file so that startup SYSTEM.INI can find it and run it. I have searched for every file I can in the computer to delete so this does not show up when I start the computer, but it is still happening. Can you tell me how to find the one that is causing the problem? I really appreciate all of your help. When I hear from you I will proceed and fix the rest of the files in EasyClean and then re-install the Works Suite 2001.

 

Good morning Mary

If your are refering to EasyClean startmenu cleanup then leave anything it wants to keep.

If it is unnessesary files then you can and should delete them all. There are a couple of ME files that are protected so do not force them. These are part of system restore.

General info about temps.
The c:\windows\temp folder is totally safe to clear after a reboot to safe or full mode. Some of these files will be recreated when needed. This does not apply to other temp folders in other folders.

General info on registry.
In its simplist form a registry link has to have a beginning and an end. Has to point to something! That is what a registry cleaner does, looks for links pointing to nowhere. These are safe to delete.

You can still have errors in the registry if they point to an incorrect file or value, the regcleaner has no way of knowing that you did not explicidely chose that. So will not bother it.

If you use any kind of goback ghost back track etc while you are doing this it will put all or some bad entries right back.

Your goal is to get the system stabalized and clean and then set a restore point.

As for your error in the system.ini.
Go to start run
sysedit
look carefully at each file it shows and delete any lines referring to this especially the system.ini.

Also look at RegCleaners startup list to see if it is listed there, if so delete it.

Mike

 

A lot of times when you get the error message on startup telling you a file is missing the system.ini refers to is actually being called from the registry. Regcleaner will find those entries for you.
Here is a little tip about using Regleaner, first delete the Symnatec/Norton entries under the Software tab, and any other software no longer installed. Then, run the registry cleaner.

 

Again Mark hits the mark! I wax poetic! Smile!

Yes not only that but Symantec also! Unless you use some of these products besides Virus scanner which you don't use.

As I mentioned before look thru the RegCleaner list for any residues of old programs you have long since uninstalled,

Mike

PS Mary after this give us a report of the remaining problems.

 

Mark & Mike,
Letting you know what is happening with the computer after I have done all that you have suggested. I ran sysedit and there was nothing in the system.ini that identified the norton/symantec file so I didn't want to delete anything I was not sure of. I have tried RegCleaner and EasyCleaner several times and have deleted everything having to do with Symantec/Norton and programs I no longer have, but having the same problem at startup. Any other suggestions? As for un-installing Word 2000 and Winmx. I have done that and deleted all of the winword files I could find. Re-installed Word 2000 after doing all of the registry cleaning and still having the same error messages on trying to open the program. Have not re-installed the WinMx program yet. Waiting to hear from you on what to do next. Thanks guys for all of your help.

 

Hello Mary

After you uninstalled Office did you reboot while office was uninstalled? And did the errors occur even then?

Mike

 

Mary

It just hit me that these are windows files! Geezz I was asleep!
When you related them only to Office/Word then I locked onto that. This is our problem.

MARK! Knuckle me in the head next time I go into a senior moment online! Smile!

It is not Office/Word but windows itself!

start-find user32.dll

then

start-find gdi32.dll

let me know if they exist

then

Go to start-run and type

sfc /scannow

If it finds these files are corupted or have been replace by othe files then it will fix them.

Mike

 

Mike,
I found both files and there are two of each of them dated the same day in 5/98. Then I tried the sfc/scannow using run and I got a message with a red "X" pop up that said "Cannot find the file 'sfc/scannow'(or any one of its components). Make sure the path and filename are correct and that all required libraries are available." Is there another way to get to it?

 

Space between sfc and the "/ "

Mike

 

Mary I have found these files. Get me the properties on both.

If sfc can not fix then get me:

Date, size and revision number!

Mike

 

Mary!

Think you have problems?

http://www.uq.edu.au/education/extra/all.html

LOL!!!!

Mike

 

I have tried every combination of the sfc /scannow and nothing works. Now I am getting a message "The command line parameters are not valid. The following parameters were not recognized: "scannow "." I tried spacing before and after the / and even all caps and still got the messages. I re-did the find user32.dll and gdi32.dll. The information it pulled up was:
user32.dll C:\windows\system 68KB application extension 5/11/98 8:01 p.m. Version 4.10.1998
user32.dll C:\windows\helpdesk\SFC 68KB application extension 5/11/98 8:01 p.m. Version 4.10.1998
gdi32.dll C:\windows\system 152KB application extension 5/11/98 8:01 p.m. Version 4.10.1998
gdi32.dll C:windows\helpdesk\SFC 152KB application extension 5/11/98 8:01 Version 4.10.1998

Is this what you need? The version I got by using the properties selection.

 

I noticed the version number of those files, are you running 98 or 98SE? If you are running 98SE, the version number should be 4.10.2222 for User32.Dll, Gdi32.Dll would be 4.10.1998.
Try just using 'sfc' , nothing else. Then choose to scan for corrupted files.

 

Hi Mary

I noticed that all 4 are dupes so if they are incorrect you will need to get them from the cd or!

Here is the place to find and download the correct 2 files.

http://www.dll-files.com/

Mark try to help finish if possible as I am leaving on a 2 day trip and may not get to log back in untill I return.

Thanks

Mike

PS Mary

After you uninstalled Office did you reboot while office was uninstalled? And did the errors occur even then? Or only when you try to access Office/word?

 

I noticed the version number of those files, are you running 98 or 98SE? If you are running 98SE, the version number should be 4.10.2222 for User32.Dll, Gdi32.Dll would be 4.10.1998.

markp62

I think we are seeing different version of Windows here.

We are possibley looking at a case of VERSIONITUS ?

From the Retail versions that I have.

Win98 files are dated 5/11/98
Win98 SP1 files are dated 6/10/99
Win98 SE UPGRADE files are dated 9/23/99. with version # 4.10.2222a. The dates on the files in question are the same. ( all SE dates from my HD )

May we also be looking at an OEM version of Windows ?

Another * possibility * is that the Win98 SE UPDATE version of SE may have been used. And that will ( or may and DID for me ) skrew things up BADLY.

I can not check the dates on the SE UPDATE CD as it is now resting ( not peacefully I hope ) in the local land fill.

BillyBob

 

OR

During some house cleaning and/or removing software some much needed fles were removed.

When removing things like Office it will ( or may ) take out some much needed SHARED files. Especially if we are not carefull.

I had Office installed once. And when I un-installed it, it dam near KILLED Win98. At left me without much choice other than re-install Win98.

BillyBob

 

I am running windows98 that originally came with the computer. To answer Mike's question, when I uninstalled Word I had to restart the computer to make the changes come into effect. I had also uninstalled WinMx during the same session so I had no way to check to see if I was still getting the error messages as those were the two programs it happened to. They would not start because of the error message. Mark, I ran sfc only in Run and it did locate some files to be restored. They are: unwise.exe and quitremote.exe both in c:\windows\system\macromed\shockwave8, FP4AUTL.DLL in c:\program files\common files\microsoft shared\web server extensio and ragent.dll in c:\program files\common files\microsoft shared\web folders. None of the disks I have would work to restore any of the files. I have a Windows98 disk and a couple of Gateway Restoration disks that have hardware drivers, online documentation, and limited software applications on them. If I go to the website that Mike was sending me to could I download all of the above files to replace?