Virus Found Norton Missed-2

Hello again ! Well I must tell you all that reading these threads here has given me a lot more info that I can use in the future. Thanks Everyone !

Here is my problem : I am running XP on my pc, I installed Norton 2003 and have kept it updated sense day one. I run Free Ram Pro to monitor my ram, and noticed my memory usage was much greater than it should be normally, as to logical thinking. I kept running Norton, System Restore off, but it didn't come up with any virus. I tried to find info in other forums on the web with no satisfaction. My ram was really low most of the time, and I knew I had a problem but didn't know just what it might be. Someone finally contacted me from a Microsoft forum and told me to get SpyBot and load it with Teatimer activated. I did and it helped to remove several problems which helped somewhat. But I was having my settings changed from time to time on ZoneAlarm, and Norton's auto Protect would be would be disabled as well. This was happening for no reason I could find. So I knew that someone was getting access to my pc. But Norton couldn't find the source of the bug. I am also running Ad-aware SE Plus, and have sense installed SpyBlaster. I installed AntiVir as of finding this site, and guess what ?
AntiVir found the bugs, Yes bugs! Two backdoor trojans, one worm, and another virus. It removed them okay I guess. But after reading the report I found this in it.

Boot record of hard disc HD0 Ok
Boot record of hard disc HD1
The record could not be read!
Error code 0x0015
Boot record of drive C: Ok

C:\
hiberfil.sys
Access denied! Error during file opening!
Error code 0x000D
Warning! Access error/file locked!
pagefile.sys
Access denied! Erroe during file opening!
This is a swap file. This file is locked by Windows
Error code 0x000D
Warning! Access denied! error/file locked!
C:\ Documents and settings\All users\Application Data\SpyBot-S&D\Recovery
Note! The whole archive is password protected

My question is this : Has SpyBot got this HD1 locked ?
or is it Windows itself ? Or has someone else who had access to my pc placed a password in my system to keep me from figuring it out and removing the access ?

Is that enough info for someone to tell me what's up with this ?
Please help me understand what is happening here.
Thanks Again carl_tapp

 

Hi Carl,

I don't have an answer for your big question regarding Spybot & HD1, though I doubt the error is Spybot related. You might want to check the AntiVir support forum on their SITE. With any luck, they'll have some English speaking support!

Regarding hiberfil.sys - if it is really bugging you then you should be able to delete it and create a new one.
Try:
Start the Control Panel Power Options applet.
Select the Hibernate tab.
Clear the "Enable hibernation" check box, then click OK to delete the hiberfil.sys file.
Run your virus scan, then start the Control Panel Power Options applet.
Select the Hibernate tab.
Select the "Enable hibernation" check box, then click OK to create the hiberfil.sys file. Personally, I wouldn't worry about it. If you need more info, here's a LINK .

Pagefile.sys is not something I'm comfortable messing with. It deals with virtual memory and I would doubt there is anything in there for you to worry about.
However, if you want AntiVir to be able to scan it you have to make it visible.

The Spybot Recovery is also hidden and most likely where the backups of the fixed bad items are - in case you need to reinstate them. You shouldn't worry about these if they show up on AntiVir or Ad-aware.

Paranoia is good in small doses Sorry I couldn't be of more help.

PP

 

Okay sounds good, I'll do that as soon as find out how to restart XP in safe mode. Also, I have an earlier version of McAfee Professional 6.0 I bought when I fist started messsing with computers. I am in the process now of installing and updating it, I got away from McAfee when I got a virus on my first pc after using McAfee. Maybe between AntiVir and McAfee, I can clean my system. But if you can tell me a simple way to reboot XP in safe mode that will help also. Thanks Carl

 

Removed. Dont tell people to post Hijack This log files unless you personally can analyze and have exhausted all steps.

 

Okay tell me this please, once I am in safe mode and run sysclean will it allow me to save the log file before fixing it and without fixing it ? And where in xp do you find sysclean ? Thanks for all your help
Carl

 

i was just suggesting that seeing that he has run all his other spyware that he can run the above and some of us can look at it while he is getting help still. as far as

i can. some of us have learnt a GREAT DEAL from the geeks here. i usually run it before and after i do a clean out and compare the 2 clean log to the 1 log

 

Well I am reloading my software in a C: drive folder. Guess I hadn't learn't as much as I thought I had. I didn't know the desktop and my documents and settings were temp folders. Duh ! But I should had figured that out by now. So as I really don't know how to move what I have already loaded, I am just re-doing what I did, then I guess it will be safe to delete the ones in my temp folders right ? I have "suredelete" here on my pc also. Should be okay to use that to remove those files right ? I am not a wiss at this stuff, I am just learning. So forgive my ignorance and mistakes, I'll get there one day. Hopefully pretty soon. Thanks for your help..... Carl

 

Can someone tell me where to find the patern file for sys clean ? I have been looking and looking, but I don't see it. Help please once again.... Carl

 

I should have made my id for this site Duhme or something like that. I am so use to seeing links in html that I missed the link you gave me. Sorry ! I hope I can get through this with my head still on. I may lose it along the way before I am fininshed with this. Maybe I should quit while I am ahead and let my friend frix this. But he trashed a pc just last week so that may not be wise either. Dern if you do, dern if you don't.
One more question please, I need to save the patern file in the same folder as sysclean, I got that. But what I do with it after that ? It doesn't need to be installed within sysclean itself ? Does it do that automatically ? And do I need sysclean in a seperate folder than the rest of these tools, or is that not important ? I just don't want to make a worse mess than I already have. Thanks Carl

 

Thank You Mastertech, I was reasonally sure that what I was reading and comprehending was just that. But I wanted to make double sure before proceding with it. I know that with many or maybe most programs like Ad-aware and so forthe the refrence files go into the program itself. I didn't want to take a chance and mess up what I have had to re-do twice now. Thanks Again. CT

 

I understand, I just didn't know forsure, 100% that saving to the same folder would be what they wanted in the instruction. But I am beginning to understand more now. I just like to be sure of what I do when I do something. That's why I write down everything I do if I can't print it. So if I get off somewhere I am not sure of, I have a path to follow later to make any corrections I may need. I am use to dealing with engineers and I have found that whether they are Electrical or Mechanical or Design, just because something says one thing on one application, doesn't always mean it is the same on another application. So I find myself guessing a lot of time, did this mean that ? Anyway Thanks for your help...... bye for now.

 

I hadn't yet because I am waiting to follow Chaslang's instruction on fixing my problems. But I can tell you this, I have some wierd things going on with my pc, I have programs reloaded that I have removed in the past, and a program folder in my original C: program folder, called AUTOEXE.BAT. I tried to remove AV6.0 again and it own't let me. Seems I mulitple copies of several different programs, and maybe even a copy of my C: drive program folder. Here is a txt log of what Hijack this came up with, just for your amusement, should give you a good laugh I guess. I am thinking that maybe this has been on my pc for a while, because of all the problems I believe it has created. Either that or this thing is very fast. LOL
Got to smile, nothing to do but that. Have a Great Day ! CT
Have to edit the name so I can load them here. brb, nope didn't work either, guess if you want to see them you can check the other post I submitted in Chaslang's area under "services.msc help ?" ....

 

One more question Mastertech please, maybe you can tell me this, maybe I am getting too deep into Windows for the anserw. Maybe there is no way other than what I have found to do what I want to know, and will mention here. But in hope that I can get what I am seeking, I'll ask this.... If someone got into a pc running XP from the net, is there a way they could change Windows core files and set a program like System Restore to display a disabled value, while the program was actually active ? Could they have set something in Windows to reinstall removed programs again ? And I am correct arn't I about that autoexe.bat folder in my program folder being incorrectly placed there ? If not why has it never shown up before now ? The only thing I have changed in my folder settings is to show extentions. As instructed by Chaslang so hijackthis can sead them. I am wondering what to do about this ? How deep can system clean go to correct these thype of problems or can it do anything at all about this stuff. Could a program like a regestry repair correct this ? I guess that ended up in more than just one question huh ..... When you get time, no rush, share your knowldge with me on this stuff please..... Thanks CT

 

you need to follow the help that is given to you by mastertech . otherwise you will be running around in circules and sort 1 problem out at a time. let us knowif you get it sorted

 

bern, I fully intend to follow the instructions you all give me. And I do appreciate all the help that is given me. Believe me, I am just curious and as for my questions, it may be a week or more before I can get backn into this site, I never know because I travel a lot. If I ask my questions now I come accross, then if I cannot get back for a while, I will hopefully have some anserwes and solutions when I do get back. I am not meaning to be impatient or rude, or appear as if I cannot follow the instructions. I am only trying to figure this stuff out. And save myself a lot of time.
would seem to me that if something is reloading my sys restore, not showing the correct value in restore. And this problem is just restored with it, how can I get beyond this stage anyway ? I hope you all understand my sittuation and me myself. But I'll shut down the questions now.