Program Windows Closing By Themselves

[TheGame2K3]

Not sure if anyone can help me, but when I open up certain windows ... such as, if I do a MSCONFIG on my computer, or a REGEDIT, or even open up Norton Systemswork, the windows will close by themselves. I haven't noticed this with any of my other programs. I opened up REGEDIT to remove a worm from the registry. But I can't even get to it because the REGEDIT windows closes on its own after a few seconds. It's very frustrating. Any ideas on what is causing this? It could be spyware, but I have spybot.

 

[TSSTechie]

You say you're trying to get into REGEDIT to remove a worm. I would suspect that the worm is causing this problem, to stop you removing it. If you notice, these are all tools that could assist in the removal of worms and virii so it could be affecting them.

What worm is it?

May The Force Be With You

 

[linney]

From your comments in this thread I take it you have removed the virus/worm and fixed the problem?

registry will not stay open
thread779-726771

 

[TheGame2K3]

Blaster

Second time it infected my system in the past year. I know I removed it completely the first time around.

 

[linney]

Do you have a firewall?

 

[TSSTechie]

When you removed it, did you apply the Microsoft patch for it ??

http://download.microsoft.com/downl...F-7A61B46B23BF/WindowsXP-KB824146-x86-ENU.exe

TSSTechie

May The Force Be With You

 

[TheGame2K3]

I do have a firewall.

I haven't downloaded the patch. I'll try that.

Thanks.

 

[TheGame2K3]

The patch didn't help.

I did a hijack, though ... can someone help out?

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security\PCClient.exe
C:\Program Files\Trend Micro\Internet Security\pccguide.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\WINDOWS\System32\svchos1.exe
C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Daniel Casciato\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Configuration Loading] svchos1.exe
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe" -l
O4 - HKLM\..\RunServices: [Norton Live Updater] Cavapsvc.exe
O4 - HKLM\..\RunServices: [Configuration Loading] svchos1.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Control Pad (HKLM)
O9 - Extra 'Tools' menuitem: Control Pad (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -

http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -

http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} -

http://a1540.g.akamai.net/7/1540/52...pple.com/abarth/us/win/QuickTimeInstaller.exe

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -

http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{D2E8BE34-13EA-4DEE-B243-E5BEE8D54514}: NameServer = 151.201.0.39 151.201.0.38

 

[bcastner]

O4 - HKLM\..\Run: [Configuration Loading] svchos1.exe

O4 - HKLM\..\RunServices: [Configuration Loading] svchos1.exe

Let Hijack remove these two entries. These are the registry entries for this virus.

Additional instructions:

http://www.sophos.com/virusinfo/analyses/w32agobotbf.html

 

[TheGame2K3]

I have the Spybot Worm. That's different than Blaster isn't it? Anyway, still having problems. I have to fix this in Safe Mode.

 

[bcastner]

If Task Manager shows svchos1.exe running, you have not removed the problem.

If you made the Hijack This! entries earlier, it will not run. You can then disable system restore and delete the file (use Search to find all instances).

Two online virus scans would then be a good idea: see smah's FAQ faq760-3862

Finally, reboot and re-enable system restore.