Have Trojans, Surf Sidekick, and other problems...

[Jodigirl]

Ok, well this time it didnt go as well. I got a Windows Script Host Error
Script: C:\Documents and Settings\AwesomeMachine1\Desktop\RegSrch.vbs
Line: 43
Char: 3
Error: Permission Denied
Code: 800A0046
Source: Microsoft VBScript Runtime Error

However the RegSrch did complete:


REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "Word Process" 01/04/2006 5:38:55 PM

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MSPROC\0000]
"DeviceDesc"="Word Process"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msproc]
"DisplayName"="Word Process"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msproc]
"Description"="Word Process"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MSPROC\0000]
"DeviceDesc"="Word Process"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\msproc]
"DisplayName"="Word Process"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\msproc]
"Description"="Word Process"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSPROC\0000]
"DeviceDesc"="Word Process"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msproc]
"DisplayName"="Word Process"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msproc]
"Description"="Word Process"


How does it look? Thanks Again, Jodi

[LonnyRJones]

Either edit check bat or make another

Copy the contents of the quote box below into a new notepad document (not wordpad).
Click file> save as...> call it check2.bat > file types *all files*> and save it to desktop.

(Echo %DATE% %TIME%
swsc delete msproc
)>logit.txt 2>&1
start notepad logit.txt

Run check2.bat and post back with the text that will open

Is winpad.exe present anywhere ?

[Jodigirl]

When using the Start>Search for winpad.exe I cant get any results and I went through my C:\ drive and couldn't see it. I also checked Services and cant find any thing there that points to it. Am I missing something- some other way to find it?


Sat 01/04/2006 18:02:49.89
[SWSC] DeleteService SUCCESS

[LonnyRJones]

Your AV probaly deleted it long ago.

I think your good to go, Any other problems or questions ?

[Jodigirl]

A million thanks to you Lonny!! I cant find any trace of the infections and my system is running well. Thanks again, Jodi

[LonnyRJones]

Prevention:
Put in place a good hosts file
http://www.mvps.org/winhelp2002/hosts.htm
How To Download and Extract the HOSTS file:
http://www.mvps.org/winhelp2002/hosts2.htm
Replace it about once monthly to keep it updated
There are some notes on win 2k, basicly rename hosts to hostsold try the new hosts file, if problems use the old hosts...


To help avoid reinfection see "So how did I get infected in the first place?"
http://forums.spybot.info/showthread.php?t=279

Surf Safe
Lonny

[tashi]

As the problem appears to be resolved this topic will be archived.

If you need it re-opened please send me a pm and provide a link to the thread.

Glad we could help Jodigirl.