Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Lingering Virus Effects?

  • Please log in to reply
1 reply to this topic

#1 j.biddy


  • Members
  • 2 posts
  • Local time:09:28 PM

Posted 24 January 2006 - 06:08 AM

Windows XP Professional SP2
AVG Free Edition
Ad-aware SE Personal
Spybot S&D
Microsoft AntiSpyware

It was late a few nights ago when I was browsing the web looking for a file to help fix a friend of mine's PC (he had been having some problems after he ordered a new Motherboard from NewEgg) when I downloaded and opened an infected file.

Imediately Windows told me I was "infected with spyware." The effects of the virus are as follows:
Upon booting into Windows a "terminated services.exe shutdown in 60 seconds message pops up, though the error code is a -number rather than the 128 from sasser (I think it was 128). I run shutdown -a, but the system still lags and hangs completely when I do certain things (try to run any kind of Windows application, RegEdit, MSConfig, Control Pannel). It also does this when I browse certain websites in Firefox (www.dailyvanguard.com, my school newspaper's website), IE will open up but it opens up about:blank and nothing happens when you try to connect to any other address. Initial there was a pop up that said SpySherrif or something of the sort. Scanned with Ad-aware and nothing was found. Scanned with Spybot and a few things were found, not all of them cleaned. After a few more scans with SpyBot in Safe-Mode and a scan with AVG, it appeared to have gotten rid of all traces of the infection. I also downloaded the MS beta of AntiSpyware and found two more things.

I can run scans from here to over there and nothing is found, but my system is still acting wucky. It is still hanging all the time and freezes up in all sorts of programs. Could the virus have done damage that I need to repair (registry or something?)

Here is a list of viruses/trojans/malware that the various scans found:
Downloader.Generic.NSA (ibm0001.exe)
PSW.Agent.AMR (toolbar.exe)
Generic.NRI (tool2.exe)
PSW.Generic.PWA (kl.exe)
Fo course, there were multiple instances of a few of these.

Instances of these files were found in system resore files and then removed. After that I turned off system restore and ran everything again a couple times.

Any ideas?

BC AdBot (Login to Remove)


#2 -David-


  • Members
  • 10,603 posts
  • Gender:Male
  • Location:London
  • Local time:06:28 AM

Posted 24 January 2006 - 12:25 PM

Hi j.biddy

Imediately Windows told me I was "infected with spyware."

I would imagine this was a fake virus warning, and was not actually from Windows :thumbsup: You will need a specialist tool to remove what might be the infection. I think it would be wise for you to post a HijackThis log for an expert to review. I bet you are wondering what HijackThis is. Well it's a program that is simply able to show others what's going on inside your computer, in terms of infection etc..

I recommend you follow the HijackThis preparation guide which can be found here. It is important that you follow the guide closely. A number of scans will be run which may well fix your problem.

As the guide says, after you have completed the scans that are recommended, please post your "HijackThis" log in a new topic in the forum found here. Please add your system infomation and also what problems you are having. Please wait for a few days and one of our experts will get onto fixing your computer for you.

In addition run Panda scan, and post the log that is created in the topic you will create later on:

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report in the new topic as i said.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users