Trojen virus- file called pipes 6

[Guest_imported]

I am running windows me, and have got a virus which basically prevents me from running any .exe files. I can still open some programs by opening the files which have been created in them e.g. I can open word by clicking on a .doc file. I found the virus with norton(2001) but couldn't delete it. I then accidently excluded from all norton virus scans. The file it came in was called "pipes."
As soon as opend it, this thing has been preventing me from funning any programs. When I ran the scan I saw the name of the virus, i unfortunately didn't write it down and have forgotten what it was called. But I do remember it was a trojan. If anyone could help me out please do, anything would really helpfull and greatly appreciated.
Thank you.

 

[Guest_imported]

by the way, I get this error messege whenever I click on an icon for outlook express, or any other program
"Windows cannot not find 'C:\Program Files\Outlook express\.mssmin.EXE' You may have typed the name in incorreclty in the dialog box or another open program cannot find a system file. To search for a file click the start button, and then click search

 

[ChrisHirst]

You have the SirCam virus, There are removal instructions on all the AV Vendors websites

Chris.

 

[Kento]

ChrisHirst, how do you know it's sircam?

zoffmonkey, download exefix08.com from the link below and run it. It'll fix your problem of not being able to run programs. It reverses the change the trojan made to the registy that disabled the ability to run programs.

http://home.earthlink.net/~rmbox/Reticulated/Only_IE.html

After doing that run another scan with Norton and tell us what virus it is. You can do an online scan here if need be:

http://housecall.antivirus.com/

 

[Guest_imported]

thank you sooooooooo much Kento!!!!!
the exe problem is fixed. the virus is called Netbus.W95.trojan

Thanks both of u guys, for helping me out, it really is greatly appreciated

 

[ChrisHirst]

Hi Kento,

I had the same scenario (unable to run any exe files etc) with one of our employees PC,s after a SirCam infection. It alters the registry entries to point to itself for .exe commands which leaves you unable to run regedit.exe to change it back. Obviously you have had different experiences to know about the solution you offered and I will take a look at the link myself. Anything that can assist with virus problems is very welcome.

Chris.

 

[Kento]

Yes sircam does disable programs but so do alot of other viruses and trojans. The sub7 trojan is notorious for doing that too.

zoffmonkey, are you still infected or did Norton remove the trojan? Are you getting any errors now? If you think Norton removed it restart the computer and run another scan to be sure it's gone. Let us know the scan results.

Also, go to that first link I gave before and download Startlog.com and run it. It'll create 2 text files on your desktop. Copy and paste the contents of Startlog (not Stubpaths) to your reply here so we can have a look. There may or may not be a couple of things you'll need to do to fully cleanup the trojan.

 

[Guest_imported]

Im in an early stage of infection(5 days)by the netbus.170.w95.trojan Trojan and netbus.160.w95.trojan. I scanned with norton 2002 and it cant be repaired/quarantined nor deleted...
after reading the forum im becoming anxious about my exes...

Any help about how to remove this virus would be apreciated!

By the way im also infected by Netbus.w95.trojan
Help!

 

[Guest_imported]

By the way im using windows XP professional soexefix08 dont work...

 

[Kento]

The reason why it can't be quarantined or deleted is probably because the trojan is running. So do a ctrl + alt + del and end task on everything you don't recognize or everything except explorer and system tray and then run the scan again. Or do the scan in safe mode and see what happens there. Here's some info and removal instructions to read:

http://securityresponse.symantec.com/avcenter/venc/data/netbus.160.w95.html

When you do the ctrl + alt + del you may see Hacker411.exe or MyComputer.exe there. That's one of the trojans. You may also see them in msconfig under the startup tab. Uncheck them from there and remove them from the registry as the directions at that link show.

For more help, what files did Norton say were infected? What all is listed when you do a ctrl + alt + del and what is checked in msconfig under the startup tab? Do this. Click start--programs--accessories--system tools--system information--doubleclick on software environment then doubleclick on startup programs--then at the top click edit--select all--edit--copy--then come here and right click in your reply window and select paste. That will let us see what's loading at startup.

But run the scan in safe mode and see if Norton will remove the trojan from there.

 

[Yazizam]

My PC has been infected by NetBus.w95.trojan and unfortunately I can do nothing about it.:-( I mean every time I scan with Norton Antivirus, it can not repair the infected file which, by the way, is KeyHook.dll. I cant delete the file either.
I was trying to look up at MsConfig but as it turned out, there is no MsConfig in my PC. And now I dont know what the heck to do.
I would really appreciate any help or tip.

 

[Kento]

Yazizam, download and run The Cleaner which is free to try and see if it removes the trojan.

http://www.moosoft.com

Also see the info I posted above in this thread. Try starting your pc in safe mode and run the scan there.

And if you have win95 you won't have msconfig. An alternative is to use startup control panel which is free.

http://www.mlin.net/StartupCPL.shtml

 

[Kento]

By the way, try running The Cleaner from safe mode also. To get to safe mode turn on your computer and keep tapping the F8 key. You should get a startup menu with some options to choose from. Using the arrow keys choose safe mode from the menu and press enter. Once in safe mode run The Cleaner and see if it'll remove the trojan. When you're done just restart the computer to get back into normal mode. Another way to get to safe mode is to turn on the pc and hold down the ctrl key and it should go to safe mode automatically. And in case you've never been in safe mode before your colors will look different there so don't be alramed about that.

 

[Kento]

Hi JabadaJobu, if your reply was directed at me then yeah i'm well aware of that thanks.

Just a note for anyone who might want to help in this thread. These problems, Yazizam's imparticuliar, were solved. The moderator pruned this thread because it was getting way too long (45 replies) and others were posting unrelated problems here rather than starting new threads for them.

For anyone with a virus problem: you should start your own thread in this forum rather than replying to this one. Thanks!

 

[Guest_imported]

Hi Kento I am replying to what you said on May 12,2002.I have the same trojan and this is what is loading up
1A:Stardock TrayMonitor "c:\program files\common files\stardock\trayserver.exe" All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
CMESys "c:\program files\common files\cmeii\cmesys.exe" All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Configuration Loader syscfg31.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe c:\windows\system32\ctfmon.exe JOSHUA\Joshua Bayan HKU\S-1-5-21-1935655697-507921405-854245398-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
desktop desktop.ini NT AUTHORITY\SYSTEM Startup
desktop desktop.ini JOSHUA\Joshua Bayan Startup
desktop desktop.ini .DEFAULT Startup
desktop desktop.ini All Users Common Startup
GStartup c:\progra~1\common~1\gmt\gmt.exe /startup All Users Common Startup
IMONTRAY c:\program files\intel\intel(r) active monitor\imontray.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NAV Agent c:\progra~1\norton~1\navapw32.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
nwiz nwiz.exe /install All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Smapp c:\program files\analog devices\soundmax\smtray.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

 

[Kento]

You have netbus? What operating system? Did you see the links in this thread? Get and run The Cleaner which is free to try and see if it'll remove the trojan.

http://www.moosoft.com

syscfg31.exe may be part of the trojan but i'm not positive. what files did your scan say were infected?

 

[Kento]

Also, you have Gator right? CMESys is spyware installed by it. I would suggest that you get rid of it and it's spyware. If you like that program you can use Roboform instead which is free and has no spyware. They even have a Gator converter to convert all your Gator data to Roboform. Of course you would do that before removing Gator.

http://www.roboform.com

After removing gator run Ad-aware (free) to get rid of the spyware if the uninstall didn't remove it.

http://www.lsfileserv.com/index.html

 

[Guest_imported]

when booting the computer i receive a message stating that DW.EXE it states to restart my computer and that will fix the problem but that never seems to work. What is this and how do i get rid of it?

 

[Guest_imported]

Hey Kento,
you seem to know the most about this could you help me out,

I have windows XP installed and all of a sudden couldnt run any .exe files, Even in safe mode they dont work, the laptop just runs really slow and the harddrive spins in the same cycle, and then after a long wait an initialization error comes up, is there any way to fix this is this even a virus?
any help would be greatly appreciated

regards
freak
PS. if i dont run safe mode computer just runs slow from startup really reallllly slow, safe mode at least allows for basic file shiftin etc. until i run an exe file

 

[Kento]

sonnypruit, the dw.exe error is caused by some garbage called downloadware. Click start--run--type msconfig--ok--open the startup tab and uncheck the entry for something called 'media load installer' then click ok and restart and the error should be gone. Then get and run Ad-aware which is free. I think it now removes downloadware's garbage.

http://www.lsfileserv.com/index.html

-----------

ninnja, it could be a virus so run an online virus scan here and let us know the results:

http://housecall.antivirus.com/

I don't have any experience with XP but what's the initialization error say exactly? Programs won't run from safe mode either? I suppose you could have a hard drive problem which could explain the slow performance. Have you run scandisk on it? You could run it from dos mode.