Dangerous viruses & Helkern worm

Hi,

My Kaspesky scan has detected these 2 files underneath which its says are very dangerous and I can't seem to quarantine them.
I'd be very grateful if someone could help me get rid of them.

C\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\ (file name is msxml6.dll)
C\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da\ (file name is msxml4.dll)

This is the details of them per Kaspersky
http://www.viruslist.com/en/advisories/23655
I've no idea if I've even got any of these Microsoft XML Core Services installed on my computer that they say would make my computer vunerable

I tried downloading this patch but I'm not really sure if it was the right one.
When I installed it my computer saved a system restore point so the virus might be backed up now.
http://www.microsoft.com/downloads/...3c-5261-4f69-83d0-932c430abd14&displaylang=en

I've worked my way through your helpsheets and I've attached the 4 logs
http://forums.majorgeeks.com/showthread.php?t=35407
http://forums.majorgeeks.com/showthread.php?t=139313

The other worry I've got is I've been getting a lot of messages lately where Kaspersky says its blocking a worm called Intrusion.Win.MSSLQL.worm.Helkern
Yesterday though I stupidly turned Kaspersky off by mistake for a minute. Is there a way of checking that this worm hasn't installed itself?

Many thanks

 

Hi,
Here's the the other file

Thanks

 

Hi,
I don't think my Kaspersky 2009 can save a log file. At least I can't see any option to do it. Sorry, I'm maybe being dense but how is it done?

This is all the details its says -

Highly dangerous active threats.
C\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\ (file name is msxml6.dll)
C\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da\ (file name is msxml4.dll

Next to both of them is gives this as details of the vunerability. If you look this up it might help hopefully.
http://www.viruslist.com/en/advisories/23655

Thanks

 

Hi,
There wasn't any programs there called msxml4 or 6
All that was there was the patch I downloaded to see if that would work called MSXML 4.0 SP2 (KB954430) which I've now removed.

I don't know how to do a windows search for remnants
How do I know what updates I need?

Thanks

 

Hi,
The msxml6 search detected just 2 files- the one up above and another one with an extra 'R' in the name. I deleted both files OK

The msxml4 also had a 2nd file with an 'R'.
I couldn't delete either of them. When I tried it would seem to work but then Kasperky would flash saying ''MSI19.tmp place in restricted''
Then the pc would close down and reopen and the files were back

There were also a few other files eg. System 32 files to do with msxml4 that when I tried to delete them seemed to copy themselves as 'Recyler' files.
They also went back to their original names when the pc rebooted itself.

I also got a message when the pc logged back on ''WKUfind.exe unable to locate component. The application failed to start because MSVCR70.dll was not found. Reinstalling the application may fix it.''

Thanks

 

Hi,
The microsoft website says my updates are upto date apart from SP3, as my pc seems to be set on auto update. I didn't realise that.

I had a go downloading SP3 it but it failed - error code 0x8024200d.

What will I try now?

Thanks

 

Thanks for your help, I'll do that