Windows Explorer Pop Up Virus
I've managed to get infected with a really annoying virus involving a Windows Explorer Pop Up Message.
When the desktop start a pop window appears
"Windows Explorer has encountered a problem and needs to close. We are sorry for the inconveniece." You have the option to choose don't send or send and when you close the window it refreshes the desktop and pop ups again about 10 seconds later. It is almost impossible to use the computer as the computer keeps needing to be refreshed.
I have run Spybot, Trojan Hunter and AVG and nothing has picked the virus up - attached is my highjack log. I'm hoping someone can help me get rid of it!.
Logfile of HijackThis v1.99.1
Scan saved at 4:59:12 PM, on 15/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\soundman.exe
C:\WINDOWS\system32\carpserv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\dwwin.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.nelsonbay.com:8080
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Intel system tool] C:\WINDOWS\system32\hookdump.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O20 - Winlogon Notify: style2 - C:\WINDOWS\q204253_disk.dll
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
Thanks in advance.
When the desktop start a pop window appears
"Windows Explorer has encountered a problem and needs to close. We are sorry for the inconveniece." You have the option to choose don't send or send and when you close the window it refreshes the desktop and pop ups again about 10 seconds later. It is almost impossible to use the computer as the computer keeps needing to be refreshed.
I have run Spybot, Trojan Hunter and AVG and nothing has picked the virus up - attached is my highjack log. I'm hoping someone can help me get rid of it!.
Logfile of HijackThis v1.99.1
Scan saved at 4:59:12 PM, on 15/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\soundman.exe
C:\WINDOWS\system32\carpserv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\dwwin.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.nelsonbay.com:8080
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Intel system tool] C:\WINDOWS\system32\hookdump.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O20 - Winlogon Notify: style2 - C:\WINDOWS\q204253_disk.dll
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
Thanks in advance.
0
This discussion has been closed.
Comments
Has anyone out there figured this one out....