From: <
[email protected]>
| I am running Win2k, sp4. Lately, i've been getting messages saying
| that i have 55 registry errors, and to go download software that will
| get rid of the errors. I have another registry checking tool and it
| identified only 2 errors, and zapped both of those, yet i still get the
| 55 error msg. I used Kaspersky online virus scanning, and identified 2
| files which are in the system32 folder. I tried to delete them, but
| was given the old, "access denied" msg. How do i delete those files?
| One is called "Performance32.exe", the other is called "Stmb32.exe".
|
| thanx for any help, in advance!
The question is is the Mesenger Service oer the Messenger program !
If the Pop-Up border has "Messenger Service" in it it is a Con Job sent via a NetBIOS
Pop-Up.
This means you are not using a FireWall. A simple NAT Router such as the Linksys BEFSR41
will block this kind con/spam. As always I suggest specifically blocking both TCP and UDP
ports 135 ~ 139 and 445 on any SOHO router. If you don't have a FireWall application and/or
use a NAT Router than other protocols can be exploited.
You should also disable the "Messenger Service"
Go to; Start -- Run
Enter; services.msc
Hit the enter key.
Go through the list and find "Messenger". Double-Click on; Messenger
Stop the Service.
Then set the "Startup Type" to "Disabled".
You should have asked yourself "How did they know I have these problems ?" and should have
been wary. However, it seems like you fell for the con and you downloaded a file and
subsequentlu infected your computer.
What is the URL you were sent to and the file you were asked to download ?
In the mean time, you can use the following to help clean your Win2K PC...
Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe
To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close
Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }
NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.
C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.
You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.
When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file.
http://www.ik-cs.com/multi-av.htm
Additional Instructions:
http://pcdid.com/Multi_AV.htm
* * * Please report back your results * * *
