1. We have added a Gift Upgrades feature that allows you to gift an account upgrade to another member, just in time for the holiday season. You can see the gift option when going to the Account Upgrades screen, or on any user profile screen.
    Dismiss Notice

[Fixed]Virus detected, please help this computer illiterate member

Discussion in 'Computer Talk' started by Scratcher, Aug 9, 2006.

  1. Scratcher

    Scratcher Emperor

    Joined:
    Jan 14, 2003
    Messages:
    1,450
    Location:
    Deep in the Jungle
    Guys (or Gals), I am completely computer illiterate and I seriously need some advice and instructions on what to do. I have not "played around" with my computer due to the fear of completely messing things up.

    I have windows XP and I run AVG anti-virus free edition. I update the anti virus every time I connect to the internet, which is almost every day. This morning it detected a virus called "Trojan horse Downloader.Agent.ETP" and I was prompted to repair the file, which I did (I think!). I then ran an AGV computer scan where the same virus in a different location was found, and again I pressed the "repair file" option. However, I received a message saying (something along the lines of) Windows has detected files from an unknown souce and for system stability the original files should be reinstalled, please insert windows XP disc. So I inserted the disc but nothing seemed to happen, no file exchange, or file installation took place. I then restarted my computer.

    But, when I try to open Microsoft Outlook I get the following error message:
    dwwin.exe - unable to locate component
    This application has failed to start because WININET.DLL was not found. Re-installing the application may fix this problem.

    In my AVG virus vault the Trojan horse..... is found at these 2 locations:
    D:\WINDOWS\system32\wininet.dll
    D:\WINDOWS\system32\dllcache\wininet.dll

    When using windows explorer I can not find the file wininet.dll in D:\WINDOWS\system32 and I can not find the folder D:\WINDOWS\system32\dllcache

    But I have found the file WININET.DLL on the windows XP disc.

    So please, computer wizards, what should I do now? (apart from cry in frustration).

    Thanks
     
  2. Scratcher

    Scratcher Emperor

    Joined:
    Jan 14, 2003
    Messages:
    1,450
    Location:
    Deep in the Jungle
    I am now getting a little concerned. I keep getting pop ups saying:

    Messanger Service - Message from SECURITY to ALERT on date.... time...
    Stop!
    Registry Cleaner Recommended

    To fix the errors please do the following:
    1 Download Registry Repair from: web address regdoc.32.com
    2 Install registry Repair
    3 Run Registry Repair
    4 Reboot your computer

    FAILURE TO ACT NOW MAY LEAD TO DATA LOSS AND CORRUPTION


    I have also received similar messages telling me I have 55 critical errors and my computer is going to crash soon so go to msreg.com, gegfixit,com and another message informing me there is a woman called Romana waiting for me to contact her.

    What are these pop ups? So far I have ignored them all. What is this messanger service? I have never seen this before.

    Advice desperately needed.

    Thanks,
    Scratcher
     
  3. Turner

    Turner Deity Retired Moderator

    Joined:
    Apr 17, 2002
    Messages:
    28,169
    Location:
    Randomistan
    The second post looks like adware. Did it pop up in an IE window, or a dialog box? If it was a dialog box, this link might be useful for you.

    Go and download the spyware cleaner programs, links in my sig. Run those every couple of days, it'll help keep your system clean. Be sure to update them! Don't think that'll be a problem with you, tho.

    You also might try reinstalling Office/Outlook.
     
  4. Scratcher

    Scratcher Emperor

    Joined:
    Jan 14, 2003
    Messages:
    1,450
    Location:
    Deep in the Jungle
    @Turner, I will now go and DL the spyware thingy. I hope it is not too big as I have a very very slow dial up connection.

    The pop ups appear in a text block entitled "Messanger Service", not in a IE window (maybe, due to the fact I have not run IE for about 6 months now, I only use Mozilla firefox). It is very wierd that these messages would start literally minutes after the virus was detected. I had never received such pop ups in the 6 or more years of owning my computer.

    But thanks for your advice,

    Scratcher

    Edit, the pop up was exactly the type shown in your link. I have now disabled the Messanger service, and set it to manual execution. As I never knew it was there or what it is good for...I probably won't miss it, right?

    Any advise on the virus, my missing DLL file, with easy to follow step by step instructions would be highly appreciated.

    Again, thanks,
    Scratcher
     
  5. Turner

    Turner Deity Retired Moderator

    Joined:
    Apr 17, 2002
    Messages:
    28,169
    Location:
    Randomistan
    Yeah, you'll want to go to that first link I provided. Without looking at your system, it does sound like the virus/trojan started the pop ups.

    I don't recall the filesizes for d/ls, but they're not too large. A couple megs each. Maybe an hour or two total download time.

    I know, it's a long time. But those files really help keeping spyware to a minimum.
     
  6. Scratcher

    Scratcher Emperor

    Joined:
    Jan 14, 2003
    Messages:
    1,450
    Location:
    Deep in the Jungle
    @ Turner,

    I am currently DL'ing Spybot S&D. As you can imagine, at 5kB per sec it is taking a while!

    Do you recommend one of the spyware programs over the others or do you recommend running all three?

    Thanks,
    Scratcher
     
  7. Turner

    Turner Deity Retired Moderator

    Joined:
    Apr 17, 2002
    Messages:
    28,169
    Location:
    Randomistan
    Unfortunately, all three. Spybot will pick thinks up that AdAware will miss, and vice versa. Spyware Blaster is a different kind of program, which blocks certain things. Kinda seperate from the other two, but useful nonetheless.

    A pain, I know. But it'll be worth it.
     
  8. Scratcher

    Scratcher Emperor

    Joined:
    Jan 14, 2003
    Messages:
    1,450
    Location:
    Deep in the Jungle
    Thanks for the reply. I was hoping you would reply quickly as I didn't want to close all applications and disconnect from the internet to launch spybot if I had to DL the others.

    So back to my super swift DL. I think I'll take the dogs for a walk while waiting!
     
  9. Scratcher

    Scratcher Emperor

    Joined:
    Jan 14, 2003
    Messages:
    1,450
    Location:
    Deep in the Jungle
    Further info,

    jusched.exe (whatever that is!) and ituneshelper.exe will not run due to WININET.DLL was not found.

    Furthermore, spybot has been DL'ed and installed but will not run for the same reason.

    What should I do about this Virus, and wininet.dll file?

    Help appreciated.

    Scratcher
     
  10. Turner

    Turner Deity Retired Moderator

    Joined:
    Apr 17, 2002
    Messages:
    28,169
    Location:
    Randomistan
    jusched is the java update scheduler.

    Can you do a system restore to a point before you got this virus? Better burn off those programs to a cd if possible, because systemrestore will delete them.
     
  11. Scratcher

    Scratcher Emperor

    Joined:
    Jan 14, 2003
    Messages:
    1,450
    Location:
    Deep in the Jungle
    @Turner, I have no idea what is, or how to perform, a system restore.

    How would I know a time when the virus was not present? I do not even know what kind of Virus it is and how the hell I got it. The AGV heal and restore options do not seem to get rid of the virus or enable my programs to work. After supposedly healing and restoring I get:

    dwwin.exe - Application error (or different file name for different applications)
    The application failed to initialize properly (0xc0000022). Click on OK to terminate the application.


    I have since found that other programs (QuickTime Player) are not working due to the same dll file issue.

    I saw on one of your spyware DL sites programs for removing Trojan and worm viruses. Do you think I should try one of these, and could this interfere with my already installed AGV?

    God, I feel so out of my depth at the moment.
     
  12. Turner

    Turner Deity Retired Moderator

    Joined:
    Apr 17, 2002
    Messages:
    28,169
    Location:
    Randomistan
    Times like this it really helps to have my hands on your computer. Ah well.

    You can try AdAware. Or you could try to find a specific removal tool for that virus. Symantec should have something like that for you. Give me a few and I'll look for it.

    You could also try another free virus program, like Avast! Avast! is a decent program that I use. (And my wife has AVG on her laptop, so we use both.) I don't know how big the d/l package is, but it's probably about 4 or 5 megs. So thats, what? 30 minutes on dialup? I know, I know....a pain.

    To use the system restore, click on Start -> Programs -> Accessories -> System Tools -> System Restore. Then pick a restore point before you started seeing the virus and restore to that point. This is an XP feature, and I'm not sure what OS you're on. So if you started seeing the virus on Monday, restore to Sunday or before Monday. You will have to reinstall any new software since that restore point, because the systemrestore will remove anything new. It's kind of a pain, but it can be a lifesaver.
     
  13. Scratcher

    Scratcher Emperor

    Joined:
    Jan 14, 2003
    Messages:
    1,450
    Location:
    Deep in the Jungle
    @ Turner, I hope I am not being too much of a pain in the ass (especially with my simple questions....but I am not used to doing these types of things with computers.....I played unpatched civ for years because I couldn't get the patches to work). :blush:

    The system restore sounds quite easy to undertake. The only new software recently installed or DL'ed are the spyware programs you recomended to me today. If I was to put these onto my memory stick, I can transfer them back after the system restore right?

    What about any game saves in the time frame between now and my chosen system restore date/time? Would these disappear?
    What about any emails received / sent between now and my chosen system restore date/time? Would these disappear?

    I connect to the internet maybe twice a day, but this morning was the first time I had any indication of a virus. Would going back to a time and date prior to my last all clear AGV system check (3rd August) be recommended?

    and again, your help is appreciated,
    Scratcher
     
  14. Turner

    Turner Deity Retired Moderator

    Joined:
    Apr 17, 2002
    Messages:
    28,169
    Location:
    Randomistan
    Don't worry about it. I was once the same way myself. :)
    Yes, you can transfer them back. The system restore should only affect files on your hard drive. But be sure and remove the stick. Then it won't be able to affect it at all.
    I'm thinking yes, they would disappear too. Saving those off would be a good idea too.
    Only those on your local computer. You did say you're using Outlook, right? So anything that you've downloaded and not kept on the server would be deleted.
    That would probably be best, but you might get away with yesterday, or the day before. But going back to before the last system check would make sure.
    You're quite welcome.

    I'm gonna be honest here...I'm not too familiar with restore points. It's been a long time since I've messed with them, so some of my answers may not be entirely accurate. But backing up any information you want to save is a good idea regardless of whether or not I'm right. It certainly won't hurt, take nothing but time. Assuming you don't have a lot of save files, it could be done pretty quickly as well.
     
  15. Scratcher

    Scratcher Emperor

    Joined:
    Jan 14, 2003
    Messages:
    1,450
    Location:
    Deep in the Jungle
    @ Turner, I didn't really understand that stuff about the emails. But as I can not open the program I can't save anything. :p

    I will take a deep breath, and have a go. Wish me luck! If I have not resurfaced within a day or two, I am probably searching for professional help. :D

    Thanks again,

    Scratcher
     
  16. Turner

    Turner Deity Retired Moderator

    Joined:
    Apr 17, 2002
    Messages:
    28,169
    Location:
    Randomistan
    Well, if I were to send you an email (let's say scratcher@yahoo.com) first it would go to your mail provider, in this case, yahoo. It's on their server. Then you start outlook, and it goes out to the server and downloads it. Now, Outlook can either keep it on the server, or delete it.

    So if you have it set up to keep the emails on the server and not delete them, then you'll still have your emails on your mail's server. But if you delete them off the server when downloading, they they'll be gone. It all depends on how you set them up.

    Good luck! Feel free to post more questions here, or you can PM me as well. (better to post them here, as other people probably know better than I how to help.)
     
  17. Scratcher

    Scratcher Emperor

    Joined:
    Jan 14, 2003
    Messages:
    1,450
    Location:
    Deep in the Jungle
    @ Turner,

    Me again :D

    Okay, I went to Start, Settings, Control Panel, Administative tools, Computer management, system restore service, and I now have a panel called system restore services properties (local computer), with 4 tabs, General, Log on, Recovery and Dependencies. I do not understand anything written on the 4 tabs, I do not have a clue how to activate, nor can I see an obvious place to insert a time and date to restore to. To be honest I am not even sure I am in the right place :(

    My OS is Windows XP Professional Version 2002, if that is any help.

    I am glad I don't have any beer in the house, because I would be hammered by now :mischief:
     
  18. Turner

    Turner Deity Retired Moderator

    Joined:
    Apr 17, 2002
    Messages:
    28,169
    Location:
    Randomistan
    You're in the wrong place. What you're doing is starting/stopping the service, and we want to run the program.

    Like I said a couple of posts up, go to Start -> Programs -> Accessories -> System Tools -> System Restore. Then select 'Restore my computer to an earlier time', and it should give you a calendar with available choices.
     
  19. Scratcher

    Scratcher Emperor

    Joined:
    Jan 14, 2003
    Messages:
    1,450
    Location:
    Deep in the Jungle
    @Turner

    Okay, I'm back :D

    System has been restored to a week ago. Who said time travel is impossible :crazyeye:

    Now my programs are running again. I have also installed the recommended spyware stuff and found that quite a lot of espionage was being undertaken. This has been immediately stamped out :lol:

    But....AGV has now found another virus (called: Virus Identified worm / Lovsan.A.) This is located in
    D:\System Volume Information\_restore{....lots and lots of numbers and letters. ..} more munbers and letters.exe with a file size of 6kb. AGV says that this file can not be repaired. Should I just delete it?

    What sould I do with the previously infected with Trojan files still in the AGV virus vault. Should I now delete these files too?

    Thanks,
    Scratcher
     
  20. Turner

    Turner Deity Retired Moderator

    Joined:
    Apr 17, 2002
    Messages:
    28,169
    Location:
    Randomistan
    Looks like it's in your system restore folder. I wouldn't worry about it. And yeah, I'd delete those in the AVG vault as well. And if you can't, it sounds like they're quarantined as well.

    :thumbsup: Glad it worked out for you!
     

Share This Page