I'm using WinXP Home , all updates installed, recently I have been getting
an error when I shut down.
It's just a flash on the screen that says something about HKLMU.exe and
that .DLL initialization failed.
The file is located in Windows\System32\Driver, no other file in this
folder and I can not get any identidication on this file.
This file is also mentioned in the Prefetch foler as well.

I do have another another folder in Windows\System32\Drivers which is well
populated.

Any info or help would be appreciated.

TIA
ICU

"ICU" <ICU@Nowhere.com> wrote in message
news:Xns9CA580B7399C9ICU@74.209.131.10...
> I'm using WinXP Home , all updates installed, recently I have been getting
> an error when I shut down.
> It's just a flash on the screen that says something about HKLMU.exe and
> that .DLL initialization failed.
> The file is located in Windows\System32\Driver, no other file in this
> folder and I can not get any identidication on this file.
> This file is also mentioned in the Prefetch foler as well.
>
> I do have another another folder in Windows\System32\Drivers which is well
> populated.
>
> Any info or help would be appreciated.
>
> TIA
> ICU

There is no Windows system file called hklmu.exe. This is probably a residue
from some cleaned-up virus or malware. Run msconfig.exe, then locate this
file under the Startup tab and prevent it from starting by unticking it.

You are seeing the effects of a hijackware infection!

NB: If you had no anti-virus application installed or the subscription had
expired *when the machine first got infected* and/or your subscription has
since expired and/or the machine's not been kept fully-patched at Windows
Update, don't waste your time with any of the below: Format & reinstall
Windows. A Repair Install will NOT help!

1. See if you can download/run the MSRT manually:
http://www.microsoft.com/security/ma...e/default.mspx

NB: Run the FULL scan, not the QUICK scan! You may need to download the
MSRT on a non-infected machine, then transfer MRT.EXE to the infected
machine and rename it to SCAN.EXE before running it.

2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan (only!)
in Safe Mode with Networking, if need be:
http://onecare.live.com/site/en-us/center/howsafe.htm

2b. Vista or Win7=> Run this scan instead:
http://onecare.live.com/site/en-us/center/whatsnew.htm

3. Run a /thorough/ check for hijackware, including posting requested logs
in an appropriate forum, not here.

Checking for/Help with Hijackware:
• http://aumha.net/viewtopic.php?f=30&t=4075

• http://mvps.org/winhelp2002/unwanted.htm
• http://inetexplorer.mvps.org/tshoot.html
• http://www.mvps.org/sramesh2k/Malware_Defence.htm
• http://www.elephantboycomputers.com/...moving_Malware

**Chances are you will need to seek expert assistance in
http://spywarehammer.com/simplemachi...php?board=10.0,
http://www.spywarewarrior.com/viewforum.php?f=5,
http://www.dslreports.com/forum/cleanup,
http://www.bluetack.co.uk/forums/index.php,
http://aumha.net/viewforum.php?f=30 or other appropriate forums.**

If these procedures look too complex - and there is no shame in admitting
this isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Client - since 2002
www.banthecheck.com


ICU wrote:
> I'm using WinXP Home , all updates installed, recently I have been getting
> an error when I shut down.
> It's just a flash on the screen that says something about HKLMU.exe and
> that .DLL initialization failed.
> The file is located in Windows\System32\Driver, no other file in this
> folder and I can not get any identidication on this file.
> This file is also mentioned in the Prefetch foler as well.
>
> I do have another another folder in Windows\System32\Drivers which is well
> populated.
>
> Any info or help would be appreciated.
>
> TIA
> ICU

"Pegasus [MVP]" <news@microsoft.com> wrote in
news:uV$rspbTKHA.5052@TK2MSFTNGP06.phx.gbl:

>
> "ICU" <ICU@Nowhere.com> wrote in message
> news:Xns9CA580B7399C9ICU@74.209.131.10...
>> I'm using WinXP Home , all updates installed, recently I have been
>> getting an error when I shut down.
>> It's just a flash on the screen that says something about HKLMU.exe
>> and that .DLL initialization failed.
>> The file is located in Windows\System32\Driver, no other file in this
>> folder and I can not get any identidication on this file.
>> This file is also mentioned in the Prefetch foler as well.
>>
>> I do have another another folder in Windows\System32\Drivers which is
>> well populated.
>>
>> Any info or help would be appreciated.
>>
>> TIA
>> ICU
>
> There is no Windows system file called hklmu.exe. This is probably a
> residue from some cleaned-up virus or malware. Run msconfig.exe, then
> locate this file under the Startup tab and prevent it from starting by
> unticking it.

I've tried that, as a matter of fact it's in the startup twice, unticked
them both but it ends up back there when I check again after rebooting.

Thanks for the reply.

ICU

"ICU" <ICU@Nowhere.com> wrote in message
news:Xns9CA5B329EF1E1ICU@74.209.131.10...
> "Pegasus [MVP]" <news@microsoft.com> wrote in
> news:uV$rspbTKHA.5052@TK2MSFTNGP06.phx.gbl:
>
>>
>> "ICU" <ICU@Nowhere.com> wrote in message
>> news:Xns9CA580B7399C9ICU@74.209.131.10...
>>> I'm using WinXP Home , all updates installed, recently I have been
>>> getting an error when I shut down.
>>> It's just a flash on the screen that says something about HKLMU.exe
>>> and that .DLL initialization failed.
>>> The file is located in Windows\System32\Driver, no other file in this
>>> folder and I can not get any identidication on this file.
>>> This file is also mentioned in the Prefetch foler as well.
>>>
>>> I do have another another folder in Windows\System32\Drivers which is
>>> well populated.
>>>
>>> Any info or help would be appreciated.
>>>
>>> TIA
>>> ICU
>>
>> There is no Windows system file called hklmu.exe. This is probably a
>> residue from some cleaned-up virus or malware. Run msconfig.exe, then
>> locate this file under the Startup tab and prevent it from starting by
>> unticking it.
>
> I've tried that, as a matter of fact it's in the startup twice, unticked
> them both but it ends up back there when I check again after rebooting.
>
> Thanks for the reply.
>
> ICU

This means that your machine is not clean just yet. There is another
executable that recreates or re-enables this entry after you have deleted
it. This is normal behaviour for malicious software, and is of concern.

Thanks for the reply.

Well I do have a virus program running and kept up to date and I do keep
WinXP uptodate and yes the procedures sound long and complex,
unfortunately a local or independant computer repair shop visit is not
just not in the cards for a number of reasons.
Thanks for the reply.

ICU


"PA Bear [MS MVP]" <PABearMVP******.com> wrote in
news:eKMQNbcTKHA.5052@TK2MSFTNGP05.phx.gbl:

> You are seeing the effects of a hijackware infection!
>
> NB: If you had no anti-virus application installed or the subscription
> had expired *when the machine first got infected* and/or your
> subscription has since expired and/or the machine's not been kept
> fully-patched at Windows Update, don't waste your time with any of the
> below: Format & reinstall Windows. A Repair Install will NOT help!
>
> 1. See if you can download/run the MSRT manually:
> http://www.microsoft.com/security/ma...e/default.mspx
>
> NB: Run the FULL scan, not the QUICK scan! You may need to download
> the MSRT on a non-infected machine, then transfer MRT.EXE to the
> infected machine and rename it to SCAN.EXE before running it.
>
> 2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan
> (only!) in Safe Mode with Networking, if need be:
> http://onecare.live.com/site/en-us/center/howsafe.htm
>
> 2b. Vista or Win7=> Run this scan instead:
> http://onecare.live.com/site/en-us/center/whatsnew.htm
>
> 3. Run a /thorough/ check for hijackware, including posting requested
> logs in an appropriate forum, not here.
>
> Checking for/Help with Hijackware:
> • http://aumha.net/viewtopic.php?f=30&t=4075
>
> • http://mvps.org/winhelp2002/unwanted.htm
> • http://inetexplorer.mvps.org/tshoot.html
> • http://www.mvps.org/sramesh2k/Malware_Defence.htm
> • http://www.elephantboycomputers.com/...moving_Malware
>
> **Chances are you will need to seek expert assistance in
> http://spywarehammer.com/simplemachi...php?board=10.0,
> http://www.spywarewarrior.com/viewforum.php?f=5,
> http://www.dslreports.com/forum/cleanup,
> http://www.bluetack.co.uk/forums/index.php,
> http://aumha.net/viewforum.php?f=30 or other appropriate forums.**
>
> If these procedures look too complex - and there is no shame in
> admitting this isn't your cup of tea - take the machine to a local,
> reputable and independent (i.e., not BigBoxStoreUSA) computer repair
> shop.

YW.

Obviously your AV app isn't up to snuff and it's totally disable now.

Microsoft PCSafety provides home users (only) with no-charge support to deal
with malware infections such as viruses, spyware (including unwanted
software), and adware.
https://support.microsoft.com/oas/de...prid=7552&st=1


ICU wrote:
> Thanks for the reply.
>
> Well I do have a virus program running and kept up to date and I do keep
> WinXP uptodate and yes the procedures sound long and complex,
> unfortunately a local or independant computer repair shop visit is not
> just not in the cards for a number of reasons.
> Thanks for the reply.
>
> ICU
>
>
> "PA Bear [MS MVP]" <PABearMVP******.com> wrote in
> news:eKMQNbcTKHA.5052@TK2MSFTNGP05.phx.gbl:
>
>> You are seeing the effects of a hijackware infection!
>>
>> NB: If you had no anti-virus application installed or the subscription
>> had expired *when the machine first got infected* and/or your
>> subscription has since expired and/or the machine's not been kept
>> fully-patched at Windows Update, don't waste your time with any of the
>> below: Format & reinstall Windows. A Repair Install will NOT help!
>>
>> 1. See if you can download/run the MSRT manually:
>> http://www.microsoft.com/security/ma...e/default.mspx
>>
>> NB: Run the FULL scan, not the QUICK scan! You may need to download
>> the MSRT on a non-infected machine, then transfer MRT.EXE to the
>> infected machine and rename it to SCAN.EXE before running it.
>>
>> 2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan
>> (only!) in Safe Mode with Networking, if need be:
>> http://onecare.live.com/site/en-us/center/howsafe.htm
>>
>> 2b. Vista or Win7=> Run this scan instead:
>> http://onecare.live.com/site/en-us/center/whatsnew.htm
>>
>> 3. Run a /thorough/ check for hijackware, including posting requested
>> logs in an appropriate forum, not here.
>>
>> Checking for/Help with Hijackware:
>> • http://aumha.net/viewtopic.php?f=30&t=4075
>>
>> • http://mvps.org/winhelp2002/unwanted.htm
>> • http://inetexplorer.mvps.org/tshoot.html
>> • http://www.mvps.org/sramesh2k/Malware_Defence.htm
>> • http://www.elephantboycomputers.com/...moving_Malware
>>
>> **Chances are you will need to seek expert assistance in
>> http://spywarehammer.com/simplemachi...php?board=10.0,
>> http://www.spywarewarrior.com/viewforum.php?f=5,
>> http://www.dslreports.com/forum/cleanup,
>> http://www.bluetack.co.uk/forums/index.php,
>> http://aumha.net/viewforum.php?f=30 or other appropriate forums.**
>>
>> If these procedures look too complex - and there is no shame in
>> admitting this isn't your cup of tea - take the machine to a local,
>> reputable and independent (i.e., not BigBoxStoreUSA) computer repair
>> shop.

On 15 Oct 2009 21:49:04 GMT, ICU <ICU@Nowhere.com> wrote:

>
> Thanks for the reply.
>
> Well I do have a virus program running


Then you are in serious trouble. It's far better to have an
*anti*-virus program running.

Or if you meant you had an anti-virus program running, please tell us
which one it is. They are far from being equally good, and the two
most well-known, Norton and McAfee, are the worst of them.

It sounds very much like you are infected.



> and kept up to date and I do keep
> WinXP uptodate and yes the procedures sound long and complex,
> unfortunately a local or independant computer repair shop visit is not
> just not in the cards for a number of reasons.
> Thanks for the reply.
>
> ICU
>
>
> "PA Bear [MS MVP]" <PABearMVP******.com> wrote in
> news:eKMQNbcTKHA.5052@TK2MSFTNGP05.phx.gbl:
>
> > You are seeing the effects of a hijackware infection!
> >
> > NB: If you had no anti-virus application installed or the subscription
> > had expired *when the machine first got infected* and/or your
> > subscription has since expired and/or the machine's not been kept
> > fully-patched at Windows Update, don't waste your time with any of the
> > below: Format & reinstall Windows. A Repair Install will NOT help!
> >
> > 1. See if you can download/run the MSRT manually:
> > http://www.microsoft.com/security/ma...e/default.mspx
> >
> > NB: Run the FULL scan, not the QUICK scan! You may need to download
> > the MSRT on a non-infected machine, then transfer MRT.EXE to the
> > infected machine and rename it to SCAN.EXE before running it.
> >
> > 2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan
> > (only!) in Safe Mode with Networking, if need be:
> > http://onecare.live.com/site/en-us/center/howsafe.htm
> >
> > 2b. Vista or Win7=> Run this scan instead:
> > http://onecare.live.com/site/en-us/center/whatsnew.htm
> >
> > 3. Run a /thorough/ check for hijackware, including posting requested
> > logs in an appropriate forum, not here.
> >
> > Checking for/Help with Hijackware:
> > • http://aumha.net/viewtopic.php?f=30&t=4075
> >
> > • http://mvps.org/winhelp2002/unwanted.htm
> > • http://inetexplorer.mvps.org/tshoot.html
> > • http://www.mvps.org/sramesh2k/Malware_Defence.htm
> > • http://www.elephantboycomputers.com/...moving_Malware
> >
> > **Chances are you will need to seek expert assistance in
> > http://spywarehammer.com/simplemachi...php?board=10.0,
> > http://www.spywarewarrior.com/viewforum.php?f=5,
> > http://www.dslreports.com/forum/cleanup,
> > http://www.bluetack.co.uk/forums/index.php,
> > http://aumha.net/viewforum.php?f=30 or other appropriate forums.**
> >
> > If these procedures look too complex - and there is no shame in
> > admitting this isn't your cup of tea - take the machine to a local,
> > reputable and independent (i.e., not BigBoxStoreUSA) computer repair
> > shop.

--
Ken Blake, Microsoft MVP (Windows Desktop Experience) since 2003
Please Reply to the Newsgroup

On Oct 15, 5:49*pm, ICU <I...@Nowhere.com> wrote:
> Thanks for the reply.
>
> Well I do have a virus program running and kept up to date and I do keep
> WinXP uptodate and yes the procedures sound long and complex,
> unfortunately a local or independant computer repair shop visit is not
> just not in the cards for a number of reasons.
> Thanks for the reply.
>
> ICU
>
> "PA Bear [MS MVP]" <PABear...******.com> wrote innews:eKMQNbcTKHA.5052@TK2MSFTNGP05.phx.gbl:
>
>
>
> > You are seeing the effects of a hijackware infection!
>
> > NB: If you had no anti-virus application installed or the subscription
> > had expired *when the machine first got infected* and/or your
> > subscription has since expired and/or the machine's not been kept
> > fully-patched at Windows Update, don't waste your time with any of the
> > below: Format & reinstall Windows. *A Repair Install will NOT help!
>
> > 1. See if you can download/run the MSRT manually:
> >http://www.microsoft.com/security/ma...e/default.mspx
>
> > NB: Run the FULL scan, not the QUICK scan! *You may need to download
> > the MSRT on a non-infected machine, then transfer MRT.EXE to the
> > infected machine and rename it to SCAN.EXE before running it.
>
> > 2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan
> > (only!) in Safe Mode with Networking, if need be:
> >http://onecare.live.com/site/en-us/center/howsafe.htm
>
> > 2b. Vista or Win7=> Run this scan instead:
> >http://onecare.live.com/site/en-us/center/whatsnew.htm
>
> > 3. Run a /thorough/ check for hijackware, including posting requested
> > logs in an appropriate forum, not here.
>
> > Checking for/Help with Hijackware:
> > •http://aumha.net/viewtopic.php?f=30&t=4075
>
> > •http://mvps.org/winhelp2002/unwanted.htm
> > •http://inetexplorer.mvps.org/tshoot.html
> > •http://www.mvps.org/sramesh2k/Malware_Defence.htm
> > •http://www.elephantboycomputers.com/...moving_Malware
>
> > **Chances are you will need to seek expert assistance in
> >http://spywarehammer.com/simplemachi...php?board=10.0,
> >http://www.spywarewarrior.com/viewforum.php?f=5,
> >http://www.dslreports.com/forum/cleanup,
> >http://www.bluetack.co.uk/forums/index.php,
> >http://aumha.net/viewforum.php?f=30or other appropriate forums.**
>
> > If these procedures look too complex - and there is no shame in
> > admitting this isn't your cup of tea - take the machine to a local,
> > reputable and independent (i.e., not BigBoxStoreUSA) computer repair
> > shop.

Reduce the chances of malicious software by running some scans.

Download, install, update and do a full scan with these free malware
detection programs:

Malwarebytes (MBAM): http://malwarebytes.org/
SUPERAntiSpyware: (SAS): http://www.superantispyware.com/

These can be uninstalled later if desired.

Thanks for the reply, will check out your suggestion.

ICU


"PA Bear [MS MVP]" <PABearMVP******.com> wrote in
news:u70e9kfTKHA.504@TK2MSFTNGP06.phx.gbl:

>
> YW.
>
> Obviously your AV app isn't up to snuff and it's totally disable now.
>
> Microsoft PCSafety provides home users (only) with no-charge support
> to deal with malware infections such as viruses, spyware (including
> unwanted software), and adware.
> https://support.microsoft.com/oas/de...prid=7552&st=1
>
>
> ICU wrote:
>> Thanks for the reply.
>>
>> Well I do have a virus program running and kept up to date and I do
>> keep WinXP uptodate and yes the procedures sound long and complex,
>> unfortunately a local or independant computer repair shop visit is
>> not just not in the cards for a number of reasons.
>> Thanks for the reply.
>>
>> ICU
>>
>>
>> "PA Bear [MS MVP]" <PABearMVP******.com> wrote in
>> news:eKMQNbcTKHA.5052@TK2MSFTNGP05.phx.gbl:
>>
>>> You are seeing the effects of a hijackware infection!
>>>
>>> NB: If you had no anti-virus application installed or the
>>> subscription had expired *when the machine first got infected*
>>> and/or your subscription has since expired and/or the machine's not
>>> been kept fully-patched at Windows Update, don't waste your time
>>> with any of the below: Format & reinstall Windows. A Repair Install
>>> will NOT help!
>>>
>>> 1. See if you can download/run the MSRT manually:
>>> http://www.microsoft.com/security/ma...e/default.mspx
>>>
>>> NB: Run the FULL scan, not the QUICK scan! You may need to download
>>> the MSRT on a non-infected machine, then transfer MRT.EXE to the
>>> infected machine and rename it to SCAN.EXE before running it.
>>>
>>> 2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan
>>> (only!) in Safe Mode with Networking, if need be:
>>> http://onecare.live.com/site/en-us/center/howsafe.htm
>>>
>>> 2b. Vista or Win7=> Run this scan instead:
>>> http://onecare.live.com/site/en-us/center/whatsnew.htm
>>>
>>> 3. Run a /thorough/ check for hijackware, including posting
>>> requested logs in an appropriate forum, not here.
>>>
>>> Checking for/Help with Hijackware:
>>> • http://aumha.net/viewtopic.php?f=30&t=4075
>>>
>>> • http://mvps.org/winhelp2002/unwanted.htm
>>> • http://inetexplorer.mvps.org/tshoot.html
>>> • http://www.mvps.org/sramesh2k/Malware_Defence.htm
>>> • http://www.elephantboycomputers.com/...moving_Malware
>>>
>>> **Chances are you will need to seek expert assistance in
>>> http://spywarehammer.com/simplemachi...php?board=10.0,
>>> http://www.spywarewarrior.com/viewforum.php?f=5,
>>> http://www.dslreports.com/forum/cleanup,
>>> http://www.bluetack.co.uk/forums/index.php,
>>> http://aumha.net/viewforum.php?f=30 or other appropriate forums.**
>>>
>>> If these procedures look too complex - and there is no shame in
>>> admitting this isn't your cup of tea - take the machine to a local,
>>> reputable and independent (i.e., not BigBoxStoreUSA) computer repair
>>> shop.
>

Yes I shoud have said Anti-virus, the problem has me slightly flustereded
hence the error.
The program I have running is AVG Free antivirus , and it is kept up to
date automatically.
I have experienced the Norton and McAfee merry-go-round a number of years
ago and have not wanted to go back there ever again.(G)

Thanks for the reply.

ICU



"Ken Blake, MVP" <kblake@this.is.an.invalid.domain> wrote in
news:ftjfd5l9pebf6le8ci1rigo2rbq2dass30@4ax.com:

>
> On 15 Oct 2009 21:49:04 GMT, ICU <ICU@Nowhere.com> wrote:
>
>>
>> Thanks for the reply.
>>
>> Well I do have a virus program running
>
>
> Then you are in serious trouble. It's far better to have an
> *anti*-virus program running.
>
> Or if you meant you had an anti-virus program running, please tell us
> which one it is. They are far from being equally good, and the two
> most well-known, Norton and McAfee, are the worst of them.
>
> It sounds very much like you are infected.
>
>
>
>> and kept up to date and I do keep
>> WinXP uptodate and yes the procedures sound long and complex,
>> unfortunately a local or independant computer repair shop visit is not
>> just not in the cards for a number of reasons.
>> Thanks for the reply.
>>
>> ICU
>>
>>
>> "PA Bear [MS MVP]" <PABearMVP******.com> wrote in
>> news:eKMQNbcTKHA.5052@TK2MSFTNGP05.phx.gbl:
>>
>> > You are seeing the effects of a hijackware infection!
>> >
>> > NB: If you had no anti-virus application installed or the
subscription
>> > had expired *when the machine first got infected* and/or your
>> > subscription has since expired and/or the machine's not been kept
>> > fully-patched at Windows Update, don't waste your time with any of
the
>> > below: Format & reinstall Windows. A Repair Install will NOT help!
>> >
>> > 1. See if you can download/run the MSRT manually:
>> > http://www.microsoft.com/security/ma...e/default.mspx
>> >
>> > NB: Run the FULL scan, not the QUICK scan! You may need to download
>> > the MSRT on a non-infected machine, then transfer MRT.EXE to the
>> > infected machine and rename it to SCAN.EXE before running it.
>> >
>> > 2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan
>> > (only!) in Safe Mode with Networking, if need be:
>> > http://onecare.live.com/site/en-us/center/howsafe.htm
>> >
>> > 2b. Vista or Win7=> Run this scan instead:
>> > http://onecare.live.com/site/en-us/center/whatsnew.htm
>> >
>> > 3. Run a /thorough/ check for hijackware, including posting
requested
>> > logs in an appropriate forum, not here.
>> >
>> > Checking for/Help with Hijackware:
>> > • http://aumha.net/viewtopic.php?f=30&t=4075
>> >
>> > • http://mvps.org/winhelp2002/unwanted.htm
>> > • http://inetexplorer.mvps.org/tshoot.html
>> > • http://www.mvps.org/sramesh2k/Malware_Defence.htm
>> > • http://www.elephantboycomputers.com/...moving_Malware
>> >
>> > **Chances are you will need to seek expert assistance in
>> > http://spywarehammer.com/simplemachi...php?board=10.0,
>> > http://www.spywarewarrior.com/viewforum.php?f=5,
>> > http://www.dslreports.com/forum/cleanup,
>> > http://www.bluetack.co.uk/forums/index.php,
>> > http://aumha.net/viewforum.php?f=30 or other appropriate forums.**
>> >
>> > If these procedures look too complex - and there is no shame in
>> > admitting this isn't your cup of tea - take the machine to a local,
>> > reputable and independent (i.e., not BigBoxStoreUSA) computer repair
>> > shop.
>

I share your feelings about NAV and McAfee. I have used CA's ETrust for
several years on a few dozen machines, with excellent results. Licences come
in lots of three and are aggressively priced.

"ICU" <ICU@Nowhere.com> wrote in message
news:Xns9CA666D7E60C4ICU@74.209.131.10...
> Yes I shoud have said Anti-virus, the problem has me slightly flustereded
> hence the error.
> The program I have running is AVG Free antivirus , and it is kept up to
> date automatically.
> I have experienced the Norton and McAfee merry-go-round a number of years
> ago and have not wanted to go back there ever again.(G)
>
> Thanks for the reply.
>
> ICU
>
>
>
> "Ken Blake, MVP" <kblake@this.is.an.invalid.domain> wrote in
> news:ftjfd5l9pebf6le8ci1rigo2rbq2dass30@4ax.com:
>
>>
>> On 15 Oct 2009 21:49:04 GMT, ICU <ICU@Nowhere.com> wrote:
>>
>>>
>>> Thanks for the reply.
>>>
>>> Well I do have a virus program running
>>
>>
>> Then you are in serious trouble. It's far better to have an
>> *anti*-virus program running.
>>
>> Or if you meant you had an anti-virus program running, please tell us
>> which one it is. They are far from being equally good, and the two
>> most well-known, Norton and McAfee, are the worst of them.
>>
>> It sounds very much like you are infected.
>>
>>
>>
>>> and kept up to date and I do keep
>>> WinXP uptodate and yes the procedures sound long and complex,
>>> unfortunately a local or independant computer repair shop visit is not
>>> just not in the cards for a number of reasons.
>>> Thanks for the reply.
>>>
>>> ICU
>>>
>>>
>>> "PA Bear [MS MVP]" <PABearMVP******.com> wrote in
>>> news:eKMQNbcTKHA.5052@TK2MSFTNGP05.phx.gbl:
>>>
>>> > You are seeing the effects of a hijackware infection!
>>> >
>>> > NB: If you had no anti-virus application installed or the
> subscription
>>> > had expired *when the machine first got infected* and/or your
>>> > subscription has since expired and/or the machine's not been kept
>>> > fully-patched at Windows Update, don't waste your time with any of
> the
>>> > below: Format & reinstall Windows. A Repair Install will NOT help!
>>> >
>>> > 1. See if you can download/run the MSRT manually:
>>> > http://www.microsoft.com/security/ma...e/default.mspx
>>> >
>>> > NB: Run the FULL scan, not the QUICK scan! You may need to download
>>> > the MSRT on a non-infected machine, then transfer MRT.EXE to the
>>> > infected machine and rename it to SCAN.EXE before running it.
>>> >
>>> > 2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan
>>> > (only!) in Safe Mode with Networking, if need be:
>>> > http://onecare.live.com/site/en-us/center/howsafe.htm
>>> >
>>> > 2b. Vista or Win7=> Run this scan instead:
>>> > http://onecare.live.com/site/en-us/center/whatsnew.htm
>>> >
>>> > 3. Run a /thorough/ check for hijackware, including posting
> requested
>>> > logs in an appropriate forum, not here.
>>> >
>>> > Checking for/Help with Hijackware:
>>> > . http://aumha.net/viewtopic.php?f=30&t=4075
>>> >
>>> > . http://mvps.org/winhelp2002/unwanted.htm
>>> > . http://inetexplorer.mvps.org/tshoot.html
>>> > . http://www.mvps.org/sramesh2k/Malware_Defence.htm
>>> > . http://www.elephantboycomputers.com/...moving_Malware
>>> >
>>> > **Chances are you will need to seek expert assistance in
>>> > http://spywarehammer.com/simplemachi...php?board=10.0,
>>> > http://www.spywarewarrior.com/viewforum.php?f=5,
>>> > http://www.dslreports.com/forum/cleanup,
>>> > http://www.bluetack.co.uk/forums/index.php,
>>> > http://aumha.net/viewforum.php?f=30 or other appropriate forums.**
>>> >
>>> > If these procedures look too complex - and there is no shame in
>>> > admitting this isn't your cup of tea - take the machine to a local,
>>> > reputable and independent (i.e., not BigBoxStoreUSA) computer repair
>>> > shop.
>>
>

Jose <jose_ease******.com> wrote in
news:c92c7409-24bf-49c8-9e03-a5e066b8f604@m38g2000yqd.googlegroups.com:

> On Oct 15, 5:49*pm, ICU <I...@Nowhere.com> wrote:
>> Thanks for the reply.
>>
>> Well I do have a virus program running and kept up to date and I do
>> keep WinXP uptodate and yes the procedures sound long and complex,
>> unfortunately a local or independant computer repair shop visit is
>> not just not in the cards for a number of reasons.
>> Thanks for the reply.
>>
>> ICU
>>
>> "PA Bear [MS MVP]" <PABear...******.com> wrote
>> innews:eKMQNbcTKHA.5052@TK
> 2MSFTNGP05.phx.gbl:
>>
>>
>>
>> > You are seeing the effects of a hijackware infection!
>>
>> > NB: If you had no anti-virus application installed or the
>> > subscription had expired *when the machine first got infected*
>> > and/or your subscription has since expired and/or the machine's not
>> > been kept fully-patched at Windows Update, don't waste your time
>> > with any of the below: Format & reinstall Windows. *A Repair
>> > Install will NOT help!
>>
>> > 1. See if you can download/run the MSRT manually:
>> >http://www.microsoft.com/security/ma...e/default.mspx
>>
>> > NB: Run the FULL scan, not the QUICK scan! *You may need to
>> > download the MSRT on a non-infected machine, then transfer MRT.EXE
>> > to the infected machine and rename it to SCAN.EXE before running
>> > it.
>>
>> > 2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan
>> > (only!) in Safe Mode with Networking, if need be:
>> >http://onecare.live.com/site/en-us/center/howsafe.htm
>>
>> > 2b. Vista or Win7=> Run this scan instead:
>> >http://onecare.live.com/site/en-us/center/whatsnew.htm
>>
>> > 3. Run a /thorough/ check for hijackware, including posting
>> > requested logs in an appropriate forum, not here.
>>
>> > Checking for/Help with Hijackware:
>> > •http://aumha.net/viewtopic.php?f=30&t=4075
>>
>> > •http://mvps.org/winhelp2002/unwanted.htm
>> > •http://inetexplorer.mvps.org/tshoot.html
>> > •http://www.mvps.org/sramesh2k/Malware_Defence.htm
>> > •http://www.elephantboycomputers.com/...moving_Malware
>>
>> > **Chances are you will need to seek expert assistance in
>> >http://spywarehammer.com/simplemachi...php?board=10.0,
>> >http://www.spywarewarrior.com/viewforum.php?f=5,
>> >http://www.dslreports.com/forum/cleanup,
>> >http://www.bluetack.co.uk/forums/index.php,
>> >http://aumha.net/viewforum.php?f=30or other appropriate forums.**
>>
>> > If these procedures look too complex - and there is no shame in
>> > admitting this isn't your cup of tea - take the machine to a local,
>> > reputable and independent (i.e., not BigBoxStoreUSA) computer
>> > repair shop.
>
> Reduce the chances of malicious software by running some scans.
>
> Download, install, update and do a full scan with these free malware
> detection programs:
>
> Malwarebytes (MBAM): http://malwarebytes.org/
> SUPERAntiSpyware: (SAS): http://www.superantispyware.com/
>
> These can be uninstalled later if desired.

Thanks for the reply and the suggestions.
I've downloaded both and run them, Malware found the files I already
thought were the culprits, removed them , but I found them back again, so
I tried a scan again, found them again and removed, hopefully the are
gone for good now but I somehow doubt it.

ICU

On Oct 16, 1:47*pm, ICU <I...@Nowhere.com> wrote:
> Jose <jose_e...******.com> wrote innews:c92c7409-24bf-49c8-9e03-a5e066b8f604@m38g2000yqd.googlegroups.com:
>
>
>
>
>
> > On Oct 15, 5:49*pm, ICU <I...@Nowhere.com> wrote:
> >> Thanks for the reply.
>
> >> Well I do have a virus program running and kept up to date and I do
> >> keep WinXP uptodate and yes the procedures sound long and complex,
> >> unfortunately a local or independant computer repair shop visit is
> >> not just not in the cards for a number of reasons.
> >> Thanks for the reply.
>
> >> ICU
>
> >> "PA Bear [MS MVP]" <PABear...******.com> wrote
> >> innews:eKMQNbcTKHA.5052@TK
> > 2MSFTNGP05.phx.gbl:
>
> >> > You are seeing the effects of a hijackware infection!
>
> >> > NB: If you had no anti-virus application installed or the
> >> > subscription had expired *when the machine first got infected*
> >> > and/or your subscription has since expired and/or the machine's not
> >> > been kept fully-patched at Windows Update, don't waste your time
> >> > with any of the below: Format & reinstall Windows. *A Repair
> >> > Install will NOT help!
>
> >> > 1. See if you can download/run the MSRT manually:
> >> >http://www.microsoft.com/security/ma...e/default.mspx
>
> >> > NB: Run the FULL scan, not the QUICK scan! *You may need to
> >> > download the MSRT on a non-infected machine, then transfer MRT.EXE
> >> > to the infected machine and rename it to SCAN.EXE before running
> >> > it.
>
> >> > 2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan
> >> > (only!) in Safe Mode with Networking, if need be:
> >> >http://onecare.live.com/site/en-us/center/howsafe.htm
>
> >> > 2b. Vista or Win7=> Run this scan instead:
> >> >http://onecare.live.com/site/en-us/center/whatsnew.htm
>
> >> > 3. Run a /thorough/ check for hijackware, including posting
> >> > requested logs in an appropriate forum, not here.
>
> >> > Checking for/Help with Hijackware:
> >> > •http://aumha.net/viewtopic.php?f=30&t=4075
>
> >> > •http://mvps.org/winhelp2002/unwanted.htm
> >> > •http://inetexplorer.mvps.org/tshoot.html
> >> > •http://www.mvps.org/sramesh2k/Malware_Defence.htm
> >> > •http://www.elephantboycomputers.com/...moving_Malware
>
> >> > **Chances are you will need to seek expert assistance in
> >> >http://spywarehammer.com/simplemachi...php?board=10.0,
> >> >http://www.spywarewarrior.com/viewforum.php?f=5,
> >> >http://www.dslreports.com/forum/cleanup,
> >> >http://www.bluetack.co.uk/forums/index.php,
> >> >http://aumha.net/viewforum.php?f=30orother appropriate forums.**
>
> >> > If these procedures look too complex - and there is no shame in
> >> > admitting this isn't your cup of tea - take the machine to a local,
> >> > reputable and independent (i.e., not BigBoxStoreUSA) computer
> >> > repair shop.
>
> > Reduce the chances of malicious software by running some scans.
>
> > Download, install, update and do a full scan with these free malware
> > detection programs:
>
> > Malwarebytes (MBAM): *http://malwarebytes.org/
> > SUPERAntiSpyware: (SAS): *http://www.superantispyware.com/
>
> > These can be uninstalled later if desired.
>
> Thanks for the reply and the suggestions.
> I've downloaded both and run them, Malware found the files I already
> thought were the culprits, removed them , but I found them back again, so
> I tried a scan again, found them again and removed, hopefully the are
> gone for good now but I somehow doubt it.
>
> ICU

Are we supposed to guess what the culprit files are and what do you do
between the time they are removed and the time they come back?

If you remove the culprit files and visit a WWW site (or do something)
that reinfects your machine, you should not go there, or expect to be
infected when you do. I have heard there are some WWW sites that will
infect your system with just a visit.

ICU wrote:
> Jose <jose_ease******.com> wrote in
> news:c92c7409-24bf-49c8-9e03-a5e066b8f604@m38g2000yqd.googlegroups.com:
>
>> On Oct 15, 5:49 pm, ICU <I...@Nowhere.com> wrote:
>>> Thanks for the reply.
>>>
>>> Well I do have a virus program running and kept up to date and I do
>>> keep WinXP uptodate and yes the procedures sound long and complex,
>>> unfortunately a local or independant computer repair shop visit is
>>> not just not in the cards for a number of reasons.
>>> Thanks for the reply.
>>>
>>> ICU
>>>
>>> "PA Bear [MS MVP]" <PABear...******.com> wrote
>>> innews:eKMQNbcTKHA.5052@TK
>> 2MSFTNGP05.phx.gbl:
>>>
>>>
>>>> You are seeing the effects of a hijackware infection!
>>>> NB: If you had no anti-virus application installed or the
>>>> subscription had expired *when the machine first got infected*
>>>> and/or your subscription has since expired and/or the machine's not
>>>> been kept fully-patched at Windows Update, don't waste your time
>>>> with any of the below: Format & reinstall Windows. A Repair
>>>> Install will NOT help!
>>>> 1. See if you can download/run the MSRT manually:
>>>> http://www.microsoft.com/security/ma...e/default.mspx
>>>> NB: Run the FULL scan, not the QUICK scan! You may need to
>>>> download the MSRT on a non-infected machine, then transfer MRT.EXE
>>>> to the infected machine and rename it to SCAN.EXE before running
>>>> it.
>>>> 2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan
>>>> (only!) in Safe Mode with Networking, if need be:
>>>> http://onecare.live.com/site/en-us/center/howsafe.htm
>>>> 2b. Vista or Win7=> Run this scan instead:
>>>> http://onecare.live.com/site/en-us/center/whatsnew.htm
>>>> 3. Run a /thorough/ check for hijackware, including posting
>>>> requested logs in an appropriate forum, not here.
>>>> Checking for/Help with Hijackware:
>>>> •http://aumha.net/viewtopic.php?f=30&t=4075
>>>> •http://mvps.org/winhelp2002/unwanted.htm
>>>> •http://inetexplorer.mvps.org/tshoot.html
>>>> •http://www.mvps.org/sramesh2k/Malware_Defence.htm
>>>> •http://www.elephantboycomputers.com/...moving_Malware
>>>> **Chances are you will need to seek expert assistance in
>>>> http://spywarehammer.com/simplemachi...php?board=10.0,
>>>> http://www.spywarewarrior.com/viewforum.php?f=5,
>>>> http://www.dslreports.com/forum/cleanup,
>>>> http://www.bluetack.co.uk/forums/index.php,
>>>> http://aumha.net/viewforum.php?f=30or other appropriate forums.**
>>>> If these procedures look too complex - and there is no shame in
>>>> admitting this isn't your cup of tea - take the machine to a local,
>>>> reputable and independent (i.e., not BigBoxStoreUSA) computer
>>>> repair shop.
>> Reduce the chances of malicious software by running some scans.
>>
>> Download, install, update and do a full scan with these free malware
>> detection programs:
>>
>> Malwarebytes (MBAM): http://malwarebytes.org/
>> SUPERAntiSpyware: (SAS): http://www.superantispyware.com/
>>
>> These can be uninstalled later if desired.
>
> Thanks for the reply and the suggestions.
> I've downloaded both and run them, Malware found the files I already
> thought were the culprits, removed them , but I found them back again, so
> I tried a scan again, found them again and removed, hopefully the are
> gone for good now but I somehow doubt it.
>
> ICU

If a Rootkit, or a program running in the background rewrites the
registry entries, and reinserts the files, you might want to do the
following:

Burn BitDefender, or another program listed at the link below, to a CD
(using a working machine) and test the infected machine with it.
BitDefender also has a Rootkit checker on the Linux Desktop; run it if
you think that's the problem:

http://www.techmixer.com/free-bootab...download-list/

Download the executable rather than the .iso image, if one is
available.. it prompts you to insert a CD and burns the file, no problem.

-Or- place the hd in an unaffected machine and run a scan from the
working machine.

Then run these again:

Malwarebytes© Corporation
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

SuperAntispyware
http://www.superantispyware.com/supe...freevspro.html


--
Joe =o)