virus attached to Nero Showtime 6.0?

Hi, I'm a novice, so I hope this isn't too much info (or too little) I followed the instructions.

My computer was really slow and I seemed to be getting redirected a lot in Internet Explorer. Things are better with most of the spyware removed, but IE has been crashing a lot the last few days and wants me to send error reports to Microsoft. I have these Video CD Movie files everywhere in the directory attached to Nero Show Time--when I open them up to see what they are I get this message. "Cannot play this media file. The process cannot access the file because it is being used by another process. (0x80070020)" These files also reappear eventually after I delete them. A lot of these same Video CD Movie files are quarantined in Earthlink's spyware blocker, which is a service I used to use, but stopped to save money. These files don't seem to be detected by Adaware, Spybot or CounterSpy. When I found and removed the Alexa BHO it said something in the registry about Persistent Handler, which I don't know if it's a virus or a part of a real program.

Windows 98SE, IE 6.0, 600Mhz Intel Celeron processor, 319 MB RAM, 40 GB hard drive, no DVD player. This is a Compaq 5000 series computer. I have dial-up and use Earthlink. I use ZoneAlert's firewall. I've been using RegistryFix which eliminated the unstable system and blue screens. Had one major IE related crash a few months ago and couldn't even boot in safe mode to fix it. (Someone lent me Win 98, so I could reinstall--which fixed it...but I had the Nero problem before the crash.)

I couldn't run the Bitdefender and Panda scans in safe mode due to the dial up, and Panda froze up when I tried to use the fix problems option. Otherwise, followed the instructions. Also, used CWShredder and Kill2me programs.

Earthlink had a free Symantec scan that says port 1025 an unused Windows services block is open and I'm vulnerable to hackers.

I also removed Microsoft Java to make the system more secure, but think that maybe that some programs probably need it and don't know if there's a way to reinstall it....

 

Welcome to Major Geeks.

Sorry for teh late reply, your thread inadvertently got overlooked.

Alexa Toolbar has an uninstaler, depending on teh version that is installed on your computer:

To uninstall Alexa Toolbar 7 or Alexa Toolbar 6, click on the small down arrow by the Alexa logo on the toolbar and select Uninstall Alexa from the drop down menu.

To uninstall Alexa Toolbar 5, click on the round ‘?’ button on the Alexa toolbar and select Uninstall Alexa from the drop down menu.

To uninstall Alexa Toolbar 4, open the Alexa sidebar, click on Help, and select Uninstall Alexa.

Alexa Toolbars 4, 5, and 6 may also be uninstalled using your computer’s Add/Remove Programs feature. Open your Windows Start menu, go to Settings, click on Control Panel, and then double click on Add/Remove Programs. Click on Alexa and then click the remove button. The next time you open a new browser window, the toolbar should be gone.

To uninstall Alexa Toolbar 1.4.1 (the version for Netscape Navigator), click on Start > Programs > Alexa > Uninstall. Then follow the on-screen steps.

To remove the Alexa Snapshot link from your links bar, simply delete it.

Scan with HijackThis and fix teh following:

REBOOT to Safe Mode.

Open Windows Explorer, navigate to and Delete the following.

REBOOT to Normal Mode.

Do a full scan with CounterSpy.

Post the CounterSpy log and a fresh HijackThis log.

{EDIT} Nero Showtime automatically associates DAT files with Showtime. Most DAT files are not movie files. Many programs create DAT files. Most of the time they are harmless.

 

CounterSpy found the Alexa toolbar prior to my post. I had it in quarantine, but have now removed it. There seems to be an Alexa Snapshot attached to Adobe 6.0, but wasn't sure if it should be removed so I left it alone.

Fixed the stuff in HiJackThis.

Deleted C:\WINDOWS\SYSTEM\intrigue.dll, but couldn't locate c:\windows\system\extract.exe...might it be elsewhere?

Embarassed to admit that I don't know what a DAT file is...Logs attached--couldn't upload the HiJackThis as a log, it's in txt.

thanks!

 

Your logs are clean.

This is an earlier message that an associate of mine, Chaslang posted, but he removed after he had seen I had posted.

Many different programs create DAT files, they are just as the name implies data files. If you have several unknown DAT files appearing in your Nero Showtimes directory, you'll have to determine where they are coming from or who is making VCD compliant movie files.

 

Thanks, HiJackThis fixed my port 1025 problem!

But...Internet Explorer keeps crashing. I tried the fix IE tool, which didn't work, then reinstalled IE 6.0 all over again, which didn't work. Then the Earthlink taskpanel started crashing (there was a C++ error message) and even Adobe Reader crashed. I reinstalled the Earthlink software. I restored a registry back up from a few months ago, hoping that would stop it but I still keep getting the "sorry for the inconvienence, but IE must close" error message. Looked at the details in the report which says something about msvcrt.dll. Also, the computer is so slow it is driving me insane.

I ran all the spyware tests over. Counterspy turned up nothing. Bitdefender was unable to update virus detection--same thing happened with Symantec virus scan--in fact, it says I don't have an AV installed, but I run the most current AVG.

I got this result from bitdefender...BehavesLike:Win32.AV-Killer

Logs attached. I'm baffled.

 

BehavesLike:Win32.AV-Killer not much to go on since BitDefender doesn't report what or where.

Uninstall CounterSpy. Your logs show no other signs of malware. You may want to post in the software forum with this.

 

Thanks...I appreciate all your time--you've been a lot of help

I'll try the software forum. Although, I am tempted to throw the whole thing out the window...lol