Sounds like the battery that backs the CMOS (BIOS) settings needs replacing.
Dave
| Since I posted the last, my computer wouldn't boot when I returned
| from work. No bios, nada. Rebooted several times, tried jiggling all
| connections on motherboard and then was able to get the bios intro
| screen and nothing else. I was able to get into the bios and all
| sorts of settings had been changed (hard disks labled "disabled"
| etc.). I changed what I could see was wrong and was able to get into
| my hard drive but not my partitioned secondary drive. Ran ad-aware
| from windows and it only found one bug. Ran SysClean which apparently
| from the log could not delete what it wanted to delete, could not
| move, etc. Ran both repeatedly. and that .dll file is still there.
| BTW, I have a 1.8g thunderbird AMD chipset so it's not really slow.
| Thanks for your help, think I'll try that Kaspernsky program and AVG
| with Ad-aware and see what happens...
| bumblebee
|
|
| On Thu, 18 Nov 2004 23:56:08 GMT, "David H. Lipman"
|
| >26 hours is a log time. However, slow computers with large hardisks give this result.
| >
| >All I can say is you have to do this in a few cycles.
| >
| >Before you scan in Safe Mode, make sure all programs have been shutdown or use
MSCONFIG.EXE
| >to not have programs start when rebooted.
| >
| >Dave
| >
| >
| >
| >
| >| >| OK, David if you're still with me...
| >| I cut off system restore, did a SAFE MODE boot, selected
| >| administrator, ran Sysclean (which took 26 hours BTW) and gave me a
| >| log with a bunch of info. Then I ran Adaware and it found 133
| >| bugs/viruses, I looked over the list (none of which was the file I
| >| asked about originally =wincvs1.dll) and quarantened then deleted the
| >| files.
| >| Then I rebooted, went to regular boot and ran AdAware (couldn't keep
| >| the computer offline another 26 hours for sysclean at this time) and
| >| it found another 84 files, two of which were wincvs1.dll at the same
| >| location. I quarantened those and deleted, rebooted and re-ran
| >| adaware and nothing showed up. I went to the internet and immediately
| >| wincvs1.dll was flagged by norton. I disabled norton and reran
| >| adaware and nothing showed up. In the mean time I rebooted and even
| >| though norton was disabled, it was still screaming ALERT! regarding
| >| wincvs1.dll.
| >| That's where I stand now. BTW, my computer ran faster after the
| >| session with Safe mode until norton flagged ALERT! on the wincvs1.dll
| >| file and then the system slowed down.
| >| Any Ideas what is going on?
| >| BTW, it took 26 horus because I have the largest Hard drive made
| >| partitioned into the largest partitions windows would recognize and
| >| another hard drive with the largest size windows would recognize and
| >| all are 90% full.
| >| thanks, for any advise!!!
| >| bumblebee
| >|
| >|
| >|
| >| On Sat, 13 Nov 2004 22:12:52 GMT, "David H. Lipman"
| >|
| >| >1) Download the following three items...
| >| >
| >| > Trend Sysclean Package
| >| >
http://www.trendmicro.com/download/dcs.asp
| >| >
| >| > Latest Trend signature files.
| >| >
http://www.trendmicro.com/download/pattern.asp
| >| >
| >| > Adaware SE (free personal version v1.05)
| >| >
http://www.lavasoftusa.com/
| >| >
| >| >Create a directory.
| >| >On drive "C:\"
| >| >(e.g., "c:\New Folder")
| >| >or the desktop
| >| >(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")
| >| >
| >| >Download SYSCLEAN.COM and place it in that directory.
| >| >Dowload the Trend Pattern File by obtaining the ZIP file.
| >| >For example; lpt246.zip
| >| >
| >| >Extract the contents of the ZIP file and place the contents in the same directory as
| >| >SYSCLEAN.COM.
| >| >
| >| >2) Update Adaware with the latest definitions.
| >| >3) If you are using WinME or WinXP, disable System Restore
| >| >
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
| >| >4) Reboot your PC into Safe Mode
| >| >5) Using both the Trend Sysclean utility and Adaware, perform a Full Scan of your
| >| > platform and clean/delete any infectors/parasites found.
| >| > (a few cycles may be needed)
| >| >6) Restart your PC and perform a "final" Full Scan of your platform using both the
| >| > Trend Sysclean utility and Adaware
| >| >7) If you are using WinME or WinXP,Re-enable System Restore and re-apply any
| >| > System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
| >| >8) Reboot your PC.
| >| >9) If you are using WinXP, create a new Restore point
| >| >
| >| >* * * Please report back your results * * *
| >| >
| >| >Dave
| >| >
| >| >
| >| >
| >| >
| >| >
| >| >| >| >| Norton just downloaded the latest refresh with LiveUpdate and
| >| >| immediately flagged a file called wincvs0.dll as a backdoor trojan,
| >| >| couldn't quarantine, couldn't repair and couldn't delete. Upon
| >| >| reboot, it's now detecting a file called wincvs1.dll and wincvs0 has
| >| >| disappeared. It behaves as above with no delete possible. Norton
| >| >| "knowledge base" doesn't show anything about that file and a search on
| >| >| the internet doesn't reveal anything about any file called "wincvs".
| >| >| a search of the registry finds it in 2 places under userkey. In one
| >| >| location it is listed along with several other files that were
| >| >| downloaded off the internet and at the other location it is listed at
| >| >|
| >|
|V
| >e
| >| >rsion\Explorer\ComDlg32\OpenSaveMRU\dll
| >| >| with the entries:
| >| >| Name: a
| >| >| Type REG_SZ
| >| >| Data: C:\WINDOWS\wincvs1.dll
| >| >|
| >| >| and
| >| >| Name: MRUList
| >| >| Type: REG_SZ
| >| >| Data: a
| >| >|
| >| >| Anybody know what is going on and how to delete this beastie? Any
| >| >| suggestions??
| >| >| thanks,
| >| >| bumblebee
| >| >|
| >| >
| >|
| >
|
