Virus Removal

[Matthew]

I found this virus the other day on my computer
(http://securityresponse.symantec.com/avcenter/venc/data/w3
2.kwbot.c.worm.html). As Norton could not remove it at
the time, I went in and manually deleted the virus, and
all the keys I could find that pertained to the virus.

But when I start my computer I get a Windows error
message: Cannot find the file 'C:\WINNT\system32
\cmd32.exe' (or one of its components). Make sure the path
and filename are correct and that all required libraries
are available.

I cannot find any more keys in the registry, but am sure
that it is in there somewhere, as Norton finnally deleted
all the instances of the virus.

Does anyone know where the startup areas are for programs
in the registry? Any help would be GREATLY appreciated.

 

[Jim Byrd]

Hi Matthew - There are several approaches you can use to make
controlling the Startup process easier in Win2k.

1) If you still have access to it, you can move a copy of the Win98
msconfig to your \System\ folder and it will work - just ignore any
complaints it makes.

2) Much better, you can go here:

http://www.thetechguide.com/downloads.html (XP Version which works in
Win2k just fine) or here:

http://www.3feetunder.com/files/win2K_msconfig_setup.exe (stated to be a
Win2k Version - probably the same as the XP) or here:

http://www.techadvice.com/win2000/m/msconfig_w2k.htm and download
msconfig.

3) As good, but different, is to go here:
http://www.mlin.net/StartupCPL.shtml and get Mike Lin's Startup Control
Panel applet. A somewhat more difficult to use but more extensive
program to do the same thing is StartupList from here:
http://www.lurkhere.com/~nicefiles/index.html, or even better, Autoruns
from here:
http://www.sysinternals.com/ntw2k/source/misc.shtml#autoruns. Be very
careful about doing any Registry modifications directly unless you're
comfortable with this, and be sure that you BACKUP your Registry before
making any changes, so that you can recover if something goes wrong.
Changes made with StartUpCPL are less likely to cause problems, and are
usually a matter of just re-enabling the particular program. Another
program of this type that I can recommend is StartMan, free, here:
http://www.forrestandassociates.co.uk/pcforrest/index.html. If you
have problems with suspected hijackers, you can look up and investigate
suspect programs in your StartUp lists here:
http://www.pacs-portal.co.uk/startup_pages/startup_full.htm
(Recommended)
http://www.3feetunder.com/krick/startup/list.html (Recommended)
http://www.answersthatwork.com/Tasklist_pages/tasklist.htm (Recommended)


All work fine for controlling startups, however, I would recommend
getting both of the last two. They're both free, and each has some
advantages. For example, the XP msconfig also gives you some
visibility/control over services, while Mike's applet offers much better
startup control.

Also, you should read and print out/save for future reference mskb
article Q179365 here:

http://support.microsoft.com/default.aspx?scid=kb;EN-US;q179365 which
will tell you the order in which things get loaded.

Two additional resources which have useful information relating to
startup issues are:

How to Delay Loading of Specific Services
http://support.microsoft.com/default.aspx?scid=kb;en-us;193888

HOWTO: Control Device Driver Load Order
http://support.microsoft.com/support/kb/articles/Q115/4/86.asp


Perhaps this will help.


--
Regards, Jim Byrd, MS-MVP
Please respond in original thread in Newsgroup.




In [email protected], Matthew typed:

 

[Jim Byrd]

Hi Matthew - There are several approaches you can use to make
controlling the Startup process easier in Win2k.

1) If you still have access to it, you can move a copy of the Win98
msconfig to your \System\ folder and it will work - just ignore any
complaints it makes.

2) Much better, you can go here:

http://www.thetechguide.com/downloads.html (XP Version which works in
Win2k just fine) or here:

http://www.3feetunder.com/files/win2K_msconfig_setup.exe (stated to be a
Win2k Version - probably the same as the XP) or here:

http://www.techadvice.com/win2000/m/msconfig_w2k.htm and download
msconfig.

3) As good, but different, is to go here:
http://www.mlin.net/StartupCPL.shtml and get Mike Lin's Startup Control
Panel applet. A somewhat more difficult to use but more extensive
program to do the same thing is StartupList from here:
http://www.lurkhere.com/~nicefiles/index.html, or even better, Autoruns
from here:
http://www.sysinternals.com/ntw2k/source/misc.shtml#autoruns. Be very
careful about doing any Registry modifications directly unless you're
comfortable with this, and be sure that you BACKUP your Registry before
making any changes, so that you can recover if something goes wrong.
Changes made with StartUpCPL are less likely to cause problems, and are
usually a matter of just re-enabling the particular program. Another
program of this type that I can recommend is StartMan, free, here:
http://www.forrestandassociates.co.uk/pcforrest/index.html. If you
have problems with suspected hijackers, you can look up and investigate
suspect programs in your StartUp lists here:
http://www.pacs-portal.co.uk/startup_pages/startup_full.htm
(Recommended)
http://www.3feetunder.com/krick/startup/list.html (Recommended)
http://www.answersthatwork.com/Tasklist_pages/tasklist.htm (Recommended)


All work fine for controlling startups, however, I would recommend
getting both of the last two. They're both free, and each has some
advantages. For example, the XP msconfig also gives you some
visibility/control over services, while Mike's applet offers much better
startup control.

Also, you should read and print out/save for future reference mskb
article Q179365 here:

http://support.microsoft.com/default.aspx?scid=kb;EN-US;q179365 which
will tell you the order in which things get loaded.

Two additional resources which have useful information relating to
startup issues are:

How to Delay Loading of Specific Services
http://support.microsoft.com/default.aspx?scid=kb;en-us;193888

HOWTO: Control Device Driver Load Order
http://support.microsoft.com/support/kb/articles/Q115/4/86.asp


Perhaps this will help.


--
Regards, Jim Byrd, MS-MVP
Please respond in original thread in Newsgroup.




In [email protected], Matthew typed: