Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.
1 - 18 of 18 Posts

·
Registered
Joined
·
10 Posts
Discussion Starter · #1 ·
I recently developed this problem on my computer. Whenever I send an E-mail I am notified that it had a virus when I send it through my Yahoo E-mail account. It has also happened that when an E-mail was sent through microsoft outlook the person on the recieving end was told that the E-mail had a virus, and the file was corrupt. On top of that recently I have not been able to install anyhting on my computer! It just gives me an error message. The error message syae ::
This program has performed and illegale operation and will be shut down.
This is the text under DETAILS (button) when I tryed to install audio galexy for example.

AGSETUP0608 caused an invalid page fault in
module <unknown> at 0000:00000007.
Registers:
EAX=0040eea4 CS=0177 EIP=00000007 EFLGS=00010a03
EBX=00000000 SS=017f ESP=0064fa48 EBP=00000000
ECX=000110e7 DS=017f ESI=00000000 FS=68e7
EDX=0064fcac ES=017f EDI=000110e7 GS=0000
Bytes at CS:EIP:
00 16 00 2e cb 65 04 70 00 65 04 70 00 54 ff 00
Stack dump:
0040193b 0064fcac 000110e7 0040eea4 00000000 0064fba8 0064faa4 00005c17 00011000 00000008 00401d32 0064fcac 000110e7 0040eea4 00000000 0064fba8

Please send help soon!
 

·
Registered
Joined
·
46,025 Posts
Welcome to the board parryfg, and Happy Thanksgiving.

The first thing you need to do is determine what virus infections you may have. I'm assuming you have not run an updated antivirus scan and don't know.

You can do an online one at either of the two sites below:

http://housecall.antivirus.com/pc_housecall/

http://security2.norton.com/us/home.asp

When you have identified the virus, post back with the identification information and we will try to provide any additional removal advice you may need.

I'm going to move the thread to the Security/Antivirus forum for follow-up.
 

·
Registered
Joined
·
10 Posts
Discussion Starter · #3 ·
I used the virus scanner from the website http://housecall.antivirus.com/pc_housecall/
although I couldn't clean any of the files (for some reason it wouldn't let me even thoug they were all listed as "cleanable")

It seems I have two different viruses. one is
PE SPACES.1445
the other is
W97M GROOVIE
What is interesting is that "groovie" is the name of my hard drive.
Also here is the page on the info of the virus PE SPACES.1445

http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=PE_SPACES.1445
 

·
Registered
Joined
·
10 Posts
Discussion Starter · #5 ·
ok so I got that program rog suggested and copyed it to my computer through some floopy disks. I got the program up and running, and it found a bunch of the nasty little buggers. For some reason I can't seem to kill em'. I keep re-starting windows after InnoculateIT has done its sweep so it can finish "cleaning" but when i run it again when I re-start I still have a zillion files still infected. I read up on some of those other cases, and from what I under stand is that it effects the MBR, but what I dont get is what I have to do. I am very confused. How do I clean the already infected .exe files?
 

·
Registered
Joined
·
114 Posts
You mentioned you think it maybe infecting your MBR. So it could be a BOOT virus, one that sits in the boot strap of your hard drive and re-infects all your exe's every time you reboot.

I'm guessing here

It won't do any harm to boot to dos from floppy and run the following

fdisk /mbr <return>

This command rewrites the Master Boot Record on the first track of your Hard Drive, restoring all your FAT but overwriting any extraneous files that should not be there. Unless this particualr virus can dump itself to memory while you run fdisk and then write back to Boot Strap when you reboot.

This works OK if you have no more than 4 partitions and you don't have multi-boot running.

Any doubts email me: [email protected]
 

·
Registered
Joined
·
10 Posts
Discussion Starter · #7 ·
I went into dos and ran the "rescue" program from inaculateIT, It said the master boot record was clean~~ haven't tried fdisk/mbr yet but, I've been told that I'm just asking for trouble when I use it. hmmmmmm... what to do...
 

·
Registered
Joined
·
10 Posts
Discussion Starter · #8 ·
Well-- something else, MY inaculateIT program seems to detect the same files every time then asks to re-boot to clean those files, when I do reboot and I run the virus scan again, It shows the same files as still haveing the virus and asks me to reboot>> I dont know If it shows all the same files but it does show the same number of files, which is 320 infected files. I also noticed one of the infected files was windows itself. Argh~.....
 

·
Registered
Joined
·
221 Posts
Hi parryfg...there's no need to fdisk the MBR if InoculateIT says it's clean. It only infects the MBR on June 1st anyway.

Next time you run the scan, instead of rebooting, power down the system completely for at least 30 seconds to flush the bugger out of memory.
 

·
Registered
Joined
·
10 Posts
Discussion Starter · #11 ·
ok I checked and It is not set to report only, it is set to clean the files automaticly. I also tryed running it then shuting down for 45 sec. that didn't work either. I just thought of something. to get InaculateIT on my computer I coppyed it from a computer I already installed it on that used windows 95, I use 98, wouldthat mater at all. What else... o yes, It still scans the same files every time! how do you get into safe mode? lets see...I think thats about it.

By the way, Thanks a lot for the help! With out you guys I'd be totally lost. sorry I don't seem to be getting anywhere fast. Hopefully soon, something will go right.
 

·
Registered
Joined
·
46,025 Posts
The fact that it was on a Win95 machine wouldn't matter, however the version might. I have ver. 5.2.9 and I think this is the one which I've seen successfully clean spaces.

http://cws.internet.com/virus-inoculate.html

You might want to get the latest virus update from this site as well.

To start in safe mode, press and hold the ctrl key as soon as the computer begins booting. Then choose safe mode from the Boot Menu.

There is another av utility that is supposed to be able to clean spaces here:

http://www.sophos.com/support/faqs/spaces.html

I don't know if the sophos antivirus is required to be installed first though.
 

·
Registered
Joined
·
10 Posts
Discussion Starter · #13 ·
I checked the InaculateIT version. It is 5.2.9.0 so I'm guessing thats not it. Something weird happens when I boot up, it says I'm missing the file Vet9x... It is associated with InaculateIT. I tryd Sophos, and you do need the anti-virus program, I signed up got the program, and now I have it. Unfortunatly much to my surprise, the program is messed up. Every where where there should be type (like "file" or "save" etc) there is jibberish. Its like someone took all the words on the actual program itself, and replaced them with random characters and jibberish. So I don't know how well this Sophos thing is going to work out. Any suggestions?
 

·
Registered
Joined
·
46,025 Posts
If the Sophos program downloaded like that on a good pc, try another download.

When you installed InnoculateIT, did you run the install program or just copy files? I believed those who ran it successfully ran the install file after setting it to "read only" in its properties page.

From work I downloaded InoculateIT as suggested by POPPY4. I burned it onto a CD.
I made the .EXE file 'read only'. I took it back home. Booted up my computer, and ran the read only executable from the CD. I held my breath as I clicked the .exe just waiting for the dreaded error message or virus messages to pop up. Much to my amazement, the program installed. I ran the virus scan. It not only found and cleaned all of the infected files, the Inoculate Anti-virus software picked up another 30+ infected files that McAfee never found.
You might want to try the same with Sophos, but only have one of them running at the same time.
 

·
Registered
Joined
·
10 Posts
Discussion Starter · #15 ·
I finally am rid of the stupid VIRUS!!!

I used floppy disks to transfer the files (a read only floppy) to the computer where I accesed them through DOS (I skipped windows entirely). I just zipped the files to one disk, then opened them in DOS. I ran the anti-virus program where it cleaned up my hard- drive of the stupid thing.

Thanks for the help!
Bye now!
 
1 - 18 of 18 Posts
Status
Not open for further replies.
Top