You are invited to Log in or Register a free Frihost Account!

Virus leftover :)

I use windows XP with SP2, but i have a little probleM:
I use panda internet security 2005 with the last definition files.
A few days ago, panda found a virus that was succesfully removed, but since then, everytime windows starts, i get a strange message, (symbols not letter can't read it)
i press ok, and everything works fine.The only thing that i can make out is something about a file that wasn't found.I believe that this is a part of the virus that wasn't removed.Panda finds nothing....Any ideas???How can i possibly remove this thing?
Go into your start menu and select PROGRAMS > STARTUP and right-click, delete anything thats in there that you either don't need or don't recognise.

Then, go into START > RUN > msconfig and select the "startup" tab. If you recognise any of the programs in this menu as having the symbols etc, deselect the check-box next to it then restart your computer. If that fixes it, great! If not, let me know by posting here and I'll try to help some more. After you restart, you will get a warning message about changed Windows startup parameters. Check the box and hit OK and it won't open again.
You might also want to copy those symbols and google it. Google is your friend most of the time.
See if the Event Viewer gives any information.

Right Click My Computer.

Click Manage

When the app opens, Click on the + sign just to the left of Event Viewer.

Now click on the Application menu item. A list will open in the Right Pane. If there are any Red error icons by an event, Right click on the event, then click properties.

Do the same thing with the System menu item.

That may or may not tell you anything. But it's a good first start.

As the poster above mentioned, something in the startup list is probably screwed up. It could be that panda removed the files, but left the registry entry that tells windows to open the files. Windows, when starting, sees the instruction to open file A, but file A isn't there and you get a message telling you that.

This is what I usually do:

Go here:

to download Mike Lin's startup control panel. After you install it there will be an icon in the control panel called Startup. When you click on that you get a nice GUI of what's starting where. Carefully look at each tab. Uncheck the ones that really look fishy, although it is hard to tell sometimes.

Startup CPL will tell you the directory where a program is starting from, so you can check to see if the directory actually exists.

MSCONFIG does the same thing, but Startup Control Panel has a less intimidating GUI IMHO.

The other thing to do is download Regseeker from here:

Extract the zip file into the Program Files directory, then go to the new directory to start Regseeker. You may want to make a shortcut of that, too, to put on the Desktop.

When you open Regseeker, click the 'Clean the Registry' menu item, then OK at the Dialog page that appears next.

Regseeker will search for missing links. In your case, it will hopefully find the registry item that is pointing to a deleted directory. Delete everything it finds, it backs them up to be able to restore later, but I've never had an issue with Regseeker in thousands of uses.

Restart and see what happens.


I entered the msconfig, but and i left everything that i knew of, and removed everything else, fro the Boot/start button(i don't know the exact translation in english).At the services tab, i unchecked everything that didn't say microsoft corporation, and that i didn't know.Unfortunately these steps didn;t help Sad.I went at the manage tab, and i found many red crosses, saying application hang.When i opened the properties, they had some information( i wouldn't be able to translate what it said) but it was something with the explorer...i don't know if this help, but here are the noumbers it wrote:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 65 78 70 6c 6f 72 explor
0018: 65 72 2e 65 78 65 20 36 er.exe 6
0020: 2e 30 2e 32 39 30 30 2e .0.2900.
0028: 32 31 38 30 20 69 6e 20 2180 in
0030: 68 75 6e 67 61 70 70 20 hungapp
0038: 30 2e 30 2e 30 2e 30 20
0040: 61 74 20 6f 66 66 73 65 at offse
0048: 74 20 30 30 30 30 30 30 t 000000
0050: 30 30 00
hang-up adress:0x00000000
With the startup control panel, i found nothing, although i found something interesting.These are the programs that start:
Soundman (i know it)
NvcpDaemon (i know it)
nwiz (nvidia)
nvmediacenter (i think that i know it)
CARPservice (i don't know this, but i believe that i has always been there)
Scaninicio (panda)
APVXDWIN (panda)
Bluetooth athentication agent (i know it)
Panda anti spam center service(panda
CTFMON.exe (it is not wrong, it is 2 times the same things,i think that this is kinda interesting.They have the same path, but the one is Capitalised and the other one isn't.Is this something?)
MSMSGS (messenger).
The regseeker cleaned my registry Smile.But the problem insists...
Please help...
After this, and after a few restarts, for an unknow reason, the strange letter at the message became normal.No i have the adress:
C:\program files\common files\microsoft shared\web folders\ibm00001.exe
It says that it can't find it...(i believe that this was the virus).Anyone has any idea how can possibly fix it???Plz?
im not sure whether this message is displaying when you are in windows just as its going through the startup or during the windows loading screen. try start->run
type: regedit
goto edit->find and type in the name of that file.
delete any traces of it that it finds.
It found some keys, which were very "general" and i was afraid to delete them.Probably i will have to delete a part of them, and not the whole key...I have some other info that might be usefull.It doesn't only starts when the computer starts, but sometimes, when a program stops functioning, and i force it to shut down, then, as the whole desktop "reloads" the message pop's-up again...I hope that this is kinda helpfull....
Can you post a screenshot of the message and or type in word for word what it says.

As for the registry, never take someones suggestion in deleting things in the registry anyways. Not right of the bat and espeically if you don't even understand the registry. It can be a very dangerous place. If you ever do delete, be sure to back up your registry completely. Their is ways to recover the registry (fat or nt) if you screw it up but only if you made a copy of it before making changes.

When exactly does this message popup need more of a description to better tell you where the problem lies.
Related topics
Reply to topic    Frihost Forum Index -> Computers -> Computer Problems and Support

© 2005-2011 Frihost, forums powered by phpBB.