Please help with virus

I'm having a bit of trouble removing a virus from my kid's computer.

It is a Dell Dimension 4500 with Windowx XP.
I get the following message displayed both in safe mode and regular mode:

This system is shutting down. Please save all work in progress and log off. Any unsaved changes will be lost. Initiated by NT AUTHORITY \ SYSTEM

Message: Windows must now restarted because the Remote Procedure Call (RPC) service terminated unexpectedly.


Interestingly enough this virus appeared immediately after I installed the SBC-Yahoo suite of tools, including anti-virus and parental controls.

2nd level at SBC- Yahoo pointed me to some links from google in which it appears I have a variant of the MSBlaster virus. See this link:

http://ucce.ucdavis.edu/datastore/detailreport.cfm?usernumber=36&surveynumber=244

(Note the system with the virus is unable to connect with the internet but I have another system available with internet connectivity.)

I downloaded the FixBlast.exe which is a file from Symantec for W32.Blaster Fix Tool and this did not find the virus.

I then reformatted the hard drive, loaded the operating system, upgraded with Windows fixes, installed SP2, installed office, and also installed the Yahoo suite.

When I started the computer in the morning, my friend the virus was back.

Fortunately, I found your website and your document on Basic Spyware, trojan and Virus Removal.

I went thru the steps as indicated, except that the machine in question, the virus has crippled my access to the internet. IE or Firefox result in errors when I launch them, and so I could not perform the online scans or obtain updates. I had the update for Adaware since I installed it in the time between my refreshing the system and the virus showing up again.

This is what I did:

Getting Prepared:
1. Disable System Restore
3. Enable viewing of hidden files
4. Downloaded tools on a different machine and installed them on the virus infected machine.

Scanning and Cleaning Steps
1. Virus and Trojan Scanning. No link to internet with virus. - Booted in safe mode and ran McAfee AVERT Stinger.
2. Ran CCLeaner as directed.
3. Ran Ad-Aware SE (with 8-10-05 definitions) with VX2 Cleaner
Ran Spybot with immunize (could not update definitions - no internet)
4. Secondary Spyware Scan and Removal - Ran CWShredder with fix, Kill2me
I also ran avast! Virus Cleaner Tool.

So far, none of the tools has been able to identify, locate or find the virus.

I ran HiJackThis and the only thing I identified as suspicious was:
O10 Broken Internet access because of LSP Provider 'ypclsp.dll' missing

I did not was to run the LSP fix tool before checking with the folks here. This would seem to be a "symptom" of the virus, and not the virus itself.

ANY help you can provide me would be GREATLY appreciated.

 

chaslang,

Thanks for the quick reply. I did run Spybot with the updates with no luck.

I downloaded HiJaak again (same version I had) from your link and re-ran with as little running on the system as possible. I have attached the log file.

 

I ran LSP fix (the item ws already in the Remove section).
I then tried to access the internet with no luck.
I rebooted machine, and on reboot I got a Win XP popup window with a message that "Generic Host Process for Win32 Services encountered a problem and needed to close" . In the Error signature box, it mentioned the szAppName as svchost.exe.
But the good news is that I am able to connect to the internet.

What do I do now? Run on-line scans for viruses?

 

Also, now with internet connection, I got the shield from Windows Update to download some critical fixes. Of course I will load these immediately.

 

Now with my internet connection, I ran thru all the required tests and a few optional ones and no viruses are found.

I wonder what caused the breakage in my internet as a result of the SBC Yahoo install. (Maybe faulty install files on server?).

Anyway, also the first time around before I fixed my internet, I had to continuously type in "shutdown -a" command to keep my system from shutting down. Since we fixed the internet, I have NOT had that problem once.

I plan to download windows updates (SP2 was already installed before I ran into problems) and then I think I'm OK.

Also, one more question. Your site lists a few freeware antivirus tools. Is there any particular one you recommend? I did notice the SBC Yahoo antivirus tool (Computer Associates tool) takes up much less overhead than my Norton Antivirus did, and so like the idea of an alternative.

 

Chaslang,
I wanted to thank you for all your help. Is there a way I can donate to this site to support the great efforts you and your team perform for those of us less geeky.