virus on system

I just upgraded to xp, installed all the updates now i find i have a virus in msconfg.exe and winole.exe my antivirus cannot do anything and i cant exactly delete them what do i do?

I apologise for the last post of wrong type of subject i am stressed no need to shut the thread down m8! was just looking for help no need to get rid of the message..

 

coolwaters,

What virus do you have?

 

Hello coolwaters,

From the Links http://www.windowsbbs.com/links.php
Run these on-line virus scans:

eTrust Online Virus Scan

HouseCall online Virus scan

Regards - Charles

 

win32

12/10/2004 20:26
Scan of all local drives
File C:\System Volume Information\_restore{314E8981-0630-48ED-9D25-490794F051E3}\RP21\A0005254.exe is infected by Win32:SdBot-545 [Trj]
File C:\WINDOWS\system32\winole.exe is infected by Win32:Rbot-EE [Trj]

Number of searched folders: 1040
Number of tested files: 22058
Number of infected files: 2

It said before that it was msconfg.exe now its winole.exe??

 

Save this page to text where you can access it in safe mode.

Download The Killbox from here: http://tools.zerosrealm.com/killbox.zip

Unzip the files to a folder.

Right click My Computer and choose properties. On system restore tab, check the box to turn off. OK out.

Go to start>run and type msconfig, hit enter. On the boot.ini tab, check the box next to /safeboot and OK. Yes to restart. This will restart your computer in safe mode. Logon to you user account.

Open the Killbox folder and double-click on Killbox.exe to run it. In the "Paste Full Path of File to Delete " box, copy and paste the following:

C:\WINDOWS\system32\winole.exe

Don't click any of the buttons though, instead please click on the Action menu and choose "Delete on Reboot ". On the next screen, click on the File menu and choose "Add File ". The filename and path should show up in the window. If that's successful, choose the Action menu and select "Process and Reboot ". Click back on the Killbox and paste the following:

C:\WINDOWS\system32\msconfg.exe

Repeat the above steps to add and process. Then close all for now. Do NOT reboot yet.

Show hidden files and folders, as well as system files.

Open C:\Temp if present, select all and delete.
Open C:\Windows\Temp, select all and delete.
Open C:\Windows\Prefetch, select all and delete.
Open C:\Documents and settings\username\Local Settings\temp, select all and delete. Do this for all usernames.
Open My Computer, right click Local disk C: and choose properties, then disk cleanup. Check all boxes except compress old files and OK.
Uncheck the /safeboot box in msconfig and ok to reboot.

Back in Windows, you can re-enable system restore. Do another online scan to verify the system is clean.

Post a HijackThis log.

 

stinger

Hi thanks for all that I managed to get rid of it easier than that the answer was staring me in the face i couldnt believe it I ran that stinger from mcafee and it found some sort of worm/trojan virus and It deleted it i turned off system restore that deleted the other one and got avast to do a boot scan after restart and noe its clean

 

Great to hear! Thanks for the update.

Mike

 

re

no bother and thanks