On my site (Link Below) try the AV section and one of the online virus checkers, such as housecall.
If that does not work try the malware route.
Use these to remove Malware (Spyware and Adware).
1)
SpyBot Search and Destroy After installing SpyBot Search & Destroy, first press Online, and search for, put a check mark at, and install all updates.
Next, close all Internet Explorer windows, hit 'Check for Problems', and have SpyBot remove all the items it marks in red.
2)
Get Ad-Aware After installing Ad-Aware, and before running the program, first press “check for updates now".
Click "Connect" and install all updated components available. Click 'Finish'.
Press "Scan Now", then 'next', and let Ad-Aware scan your drives.
It will find a number of "bad" files and registry keys. Click 'Next' again.
Check all found items, and click 'next' once more.
It will ask you whether you'd like to remove all checked items. Click OK.
Always reboot the computer between each program - both of these may find things that they need to have a reboot of the machine to clear - please reboot and let them finish .
Important: Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT.
Unzip HijackThis into this folder. When you run HijackThis from this folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary. Then run, scan, save log, then in notepad copy the FULL log by copy and paste as a reply to this post and an expert with HijackThis Knowldge, will have a go at giving advice. Please note the list of experts names below, very few forum regulars here have had this training.
DO NOT FIX ANYTHING WITH HIJACKTHIS WITHOUT EXPERT ADVICE, most of what it finds you need for normal MS Windows tasks.
Known Spyware HijackThis fighters in DellTalk - If you are, and are not on the list please PM Me.
I, and the other hijack experts mentioned above, are in all those sites (and more) with the same login names. You might get one of us at those sites also to anwser your log, but other experts will also be available.
I can't seem to get rid of this virus. In the past month Norton has popped up at lease 4 times telling me that I have the w32.welchia.b.worm and it cannot be deleted. I have gone to Symantec's site and downloaded the removal tool and the update patch. When I run the removal tool it tells me I have no virus. When I run NAV it tells me I have no virus. I believe it is located in an internet file because when I do a search for the wkspatch file it shows it as being found in the c:\windows\system32\config\systemprofile\localsettings\temporary internet files\content.ie5\OT2JQP0H. It says is is a 0KB application created or modified on 3/12/04. I deleted this file but in a few days it comes back again. I have checked the registry for the items that were supposed to be added to the registry and there are no signs. of the modifications. Any ideas? This is annoying. I want to get rid of this!!! Please don't tell me to go to symantec's website and follow a link. Been there... done that.
Please unzip Hijackthis.zip into a new folder you create in the root level of the C: drive. Name this folder C:\HJT for best and safest results. (don't put in a temp folder, or the desktop, etc...as it needs a safe folder to keep backup logs). Also when people post here and place it on the Desktop the log usually shows their full name since their Windows user profile is commonly named with their full name. We try not to disturb your privacy. *;-)
Run Hijackthis, click on the 'scan' button and then 'save log' button. Copy and paste the contents of the text file you save into a reply to this message. A lot of posters make mistakes here in copying and pasting so reread the left info sidebar called Copy and Paste at http://www.tomcoyote.com/hjt
Do not fix anything in HJT log screen without assistance. Many items are normal for Windows operation. It should identify the vast majority of your problems and enable us to help you clean them off your system.
Stay in this thread for continuity. Reply to this message.
pskelley
933 Posts
0
March 2nd, 2004 13:00
http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.b.worm.html
Make sure you view tis information:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?OpenDocument&src=sec_doc_nam
Windows Xp Professional
5.1.2600 Service Pack Build 2600
Dimension 4550 X-86 based PC
Bios A03, 11/12/2002
Pentium 4 2.0Ghz
256MB RAM
IE 6.0
ChrisRLG
3.9K Posts
0
March 3rd, 2004 11:00
If that does not work try the malware route.
Use these to remove Malware (Spyware and Adware).
1) SpyBot Search and Destroy
After installing SpyBot Search & Destroy, first press Online, and search for, put a check mark at, and install all updates.
Next, close all Internet Explorer windows, hit 'Check for Problems', and have SpyBot remove all the items it marks in red.
2) Get Ad-Aware
After installing Ad-Aware, and before running the program, first press “check for updates now".
Click "Connect" and install all updated components available. Click 'Finish'.
Press "Scan Now", then 'next', and let Ad-Aware scan your drives.
It will find a number of "bad" files and registry keys. Click 'Next' again.
Check all found items, and click 'next' once more.
It will ask you whether you'd like to remove all checked items. Click OK.
Always reboot the computer between each program - both of these may find things that they need to have a reboot of the machine to clear - please reboot and let them finish .
Failing those solving your problems a post of a hijackthis log for the experts to advise.
HijackThis From Here
or one of these other links:-
http://www.merijn.org/files/hijackthis.zip
http://www.aluriasoftware.com/tools/hijackthis.zip
http://mjc1.com/mirror/hjt/
Important: Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT.
Unzip HijackThis into this folder. When you run HijackThis from this folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary. Then run, scan, save log, then in notepad copy the FULL log by copy and paste as a reply to this post and an expert with HijackThis Knowldge, will have a go at giving advice. Please note the list of experts names below, very few forum regulars here have had this training.
DO NOT FIX ANYTHING WITH HIJACKTHIS WITHOUT EXPERT ADVICE, most of what it finds you need for normal MS Windows tasks.
Known Spyware HijackThis fighters in DellTalk - If you are, and are not on the list please PM Me.
TomCoyote (of http://tomcoyote.org/forums/index.php fame)
YoKenny (Accredited Expert at TomCoyotes)
baskar1234 (Teaching Assistant at TomCoyotes, Trusted Advisor Spywareinfo)
ChrisRLG (Teaching Assistant at TomCoyotes, Trusted Advisor Spywareinfo)
Tuxedo Jack (Teaching Assistant at TomCoyotes, Trusted Advisor Spywareinfo)
Yellowhammer (Trusted Advisor at Net-Integration, First Responder at Computer Cops)
therock247uk (In Training at TomCoyotes)
irelynmisses (In Training at TomCoyotes)
You could also go to one of the more specalist forums where more experts will be able to help.
http://www.net-integration.net/cgi-bin/forum/ikonboard.cgi (Home of Spybot S&D)
http://boards.cexx.org/index.php
http://www.wilderssecurity.com/index.php
http://tomcoyote.org/forums/index.php
http://forums.spywareinfo.com/index.php
Do read the sites FAQ before posting, and advise your problem and what steps you have already done to try to cure your problem.
I, and the other hijack experts mentioned above, are in all those sites (and more) with the same login names. You might get one of us at those sites also to anwser your log, but other experts will also be available.
skmerrow
91 Posts
0
March 12th, 2004 11:00
brian815
41 Posts
0
May 2nd, 2004 11:00
hi
this was happing to me also, what i did was switch off norton's connection keep alive the next time i loged on it stoped
Texruss
3.4K Posts
0
May 2nd, 2004 15:00
Chris gave you the idea. *;-)
....We need you to download and install an analysis and repair tool called Hijackthis.
Go here and download the file: http://tomcoyote.com/hjt
Please unzip Hijackthis.zip into a new folder you create in the root level of the C: drive. Name this folder C:\HJT for best and safest results. (don't put in a temp folder, or the desktop, etc...as it needs a safe folder to keep backup logs). Also when people post here and place it on the Desktop the log usually shows their full name since their Windows user profile is commonly named with their full name. We try not to disturb your privacy. *;-)
See this link for graphical instruction: http://russelltexas.com/spywareinfo/createhjtfolder.htm
Run Hijackthis, click on the 'scan' button and then 'save log' button. Copy and paste the contents of the text file you save into a reply to this message. A lot of posters make mistakes here in copying and pasting so reread the left info sidebar called Copy and Paste at http://www.tomcoyote.com/hjt
Do not fix anything in HJT log screen without assistance. Many items are normal for Windows operation. It should identify the vast majority of your problems and enable us to help you clean them off your system.
Stay in this thread for continuity. Reply to this message.
HTH (Hope that Helps)
Texruss