Help
Not sure if it this is the best forum, but it is problems from a trojan which has been
quarantined.
I do not have internet access so this is being sent from a friend's computer.
Am running a Desktop, Windows XP SP3 with 2gig RAM.
Anvira AntiVir said:
The file 'C:\WINDOWS\system32\ble.dll'
contained a virus or unwanted program 'TR/Agent.osnw.1' [trojan]
Action(s) taken:
The registration entry
<HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\
NameSpace_Catalog5\Catalog_Entries\000000000004\LibraryPath> was successfully
repaired.
An error has occurred and the file was not deleted. ErrorID: 26003.
The file could not be deleted!
Attempting to perform action using the ARK library.
The file was moved to the quarantine directory under the name '549309d1.qua"
I ran Malwarebytes and that took over an hour, Event Viewer reporting it had timed out about
30 times. It showed a clean result. I then rebooted (which took much longer than usual) and
find I have now lost my Internet Connection and all sound.
Ran Spybot search & Destroy and that came up with a clean result. Ran scannow without any
problems.
Looking at the Internet connection Network Diagnostics says that there was an error in the
Winsock provider catalog and the TCP/IP protocol had not been set properly plus an error in
detecting offline status of IE with error in InternetOpen call 12159. It offers to fix the
problem, but nothing changes.
From a previous visitation I have rkill.scr; FixExe.reg; and unhide.exe still on my desktop. I
also have an old copy of Hijack This and attach a log of my system now. ( I normally would
not do this, but am using a neighbour's computer).
Logfile of Trend Micro HijackThis v2.0.2
Log removed. ~ OB
Sorry about the amount of information. Have already spent an hour on the phone to my ISP
in India. Would be very grateful for any assistance from the more knowledgeable.
This post has been edited by Orange Blossom: 21 August 2011 - 02:11 PM
Back to top
