im.worm

Hi, I spoke with an admin on a site that has nothing to do with computer malware/viruses, and he recommended you guys - hoping you can help.


I was on my school's computer, nd I must have downloaded something to my flash drive. When I opened my flash drive earlier today, I noticed several weird things - "New Folder" , and copies of folders weighing in at about 384KB were on my flash drive. Extensions were screwed up.

So, like...

Folder name Artwork
~Pic 1
~Pic 2
~Pic 3
~Artwork (folder, about 384 KB)

Folder name School work
~Spring 2007
~Summer 2007
~~Text 1
~~Text 2
~~Summer 2007 (folder, 384 KB)
~School Work (folder, 384 KB)

So, I loaded it all onto my computer which has an anti-virus, and was able to retrieve most of the text documents. I pulled out all of the documents from the folders, and deleted it.

It took me about 10 tries and 2 restarts of my computer to actually format the screwey thing. Finally did, and its working fine.

I knew it was too easy.

I got onto IE7, and it slowed down on me as usual, followed by "Not responding". I press ctrl alt del, and it tells me that this has been disabled by the administrator. However, I have administrator powers.

Went onto the microsoft website, and it told me how to do it. I put it into the Run, and it said regedit has been disabled by an admin.

So, I start my comp in safe mode, and attempted to use regedit from there.
It said the administrator has turned this feature off.

I ahve used as many of the command prompts as I could find - long, short, I even tried that thing where you create a reg file through notepad but to no avail.

In should mention at this point that I have run my anti-virus at least a dozen times, if not 2. It says I have an "IM worm" , and that it couldn't be quarantined, so my only options were ignore or delete on reboot. It didn't delete, so I'm stuck with it.

My information...
SONY VAIO, running Windows XP Home Service pack 2
Antivirus/Antispyware - ZoneAlarm and Spyware Doctor.
Willing to - go through my antivirus/antispyware, enter in various command prompts.
Not willing to - download programs (unless you can pretty much guarantee with your life that it has no spyware and will help), format my computer (too much stuff to back up), or do something that is impossible.

Thanks in advance.
Oh, and take your time - I know you're all busy, but I really do appreciate the help.

 

Welcome to MajorGeeks.com!

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

Read & RUN ME FIRST Before Asking for Support

 

Sorry if this is considered a bump, but just a few questions at the end of the post please.

1.) House Cleaning
~Attempted to uninstall, but not in add/Remove programs
~Had no sun java, I don't even know what it is
~msconfig was set for normal startup
~nothing was in quarantine or the recycle bin
~I don't have norton
~Coouldn't get CCleaner, as my father said not to (he's a bit scared, and didn't want me remoing things)

2.) I was able to view hidden files and extensions

3.) Win XP Home - couldn't download any programs, as per parents' request.

Also, I didn't know which logs.


Anyway, I'll give as much info as I can...
Zone Alarm Security suite (Firewall, antivirus)
SpyWare Doctor was installed (Spyware removal, Zone Alarm is set to only virus removal)

Anyway, I was finally able to see the security report and copy down what it said:

Memory: IM-Worm.Win32.Sohanad.t identified as virus
Path: c:\windows\system32\ssvichosst.exe


So, I go into my c drive, windows,system 32, and I find a folder (not a program) that went by the name ssvichosst. I click on it once, and it disappeared. It didn't open, didn't even tell me what was going on.

So, anyway, thinking the virus is deleted, I double check with another virus scan, come to find out that its still there.
I said delete on reboot.

I reboot, and run another virus scan - still says its there. Selected delete on reboot, and it says "deleted on reboot"

Rebooted, and then ran another antivirus. This time, I select "delete on reboot", and its in the middle of doing so when I choose "Shut Down". I restart it, and run a virus check, and its finally gone.


So, now that the virus is gone, I still can't access regedit, and my task manager is still screwed up. Furthermore, ssvchosst is still gone, and its giving me that error screen when I start up my computer.

Should I just format my computer? My files are backed up.
Also, after I format the computer, the virus should no longer have an impact on the computer, and I can edit my registries, right? What if I just use the recovery cds that came with my sony vaio desktop?