Virus Warning!!

Just found this.

http://www.happy-messaging.com/messenger/virus/cute.html

Just goin through it now to see if it does the job.

Should do, as long as the virus isn't fucking around with your java

AVG free edition is top-notch for the future though for virus protection.

If no joy at all let me know and I'll burn that bootable cd with the av progs for ya.

millers got it n'all

millers got a disease off cook and he's waving it in my direction.

yeah i got it aswell

pic of me drunk at sea haha

I cant even open that Housecall link.

I tried that link i posted above, and that doesnt seem to have ridded it.

So if u could sort that cd out, that would be great Mike. Ta.

Will burn it for the weekend and try and get it over to you, pm me your mob no

Sorry lads! Blame it on Cyber Gee, he give it to me, I didn't have a clue wtf was going on!

Just been rummaging around, and came up with a couple of things:

It's the Kelvir worm that get's downloaded, once ran it downloads a Spybot worm and then you're pretty fucked. If any of you haven't removed this with ur virus scanners, the following may work:

Reboot into safe mode (start-->run, type "msconfig" without the quotes, ok, click boot.ini tab, check /SAFEBOOT, click ok or apply, close window, restart)

Go to C:\Windows\System, delete hotkeysvc.exe

Delete c:\patch.exe if it's there

Then go to Start-->run, type "regedit", ok, navigate to the following keys:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\System\CurrentControlSet\Control\Lsa
HKEY_CURRENT_USER\Software\Microsoft\Ole
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\Software\Microsoft\Ole
HKEY_USERS\.default\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_USERS\.default\System\CurrentControlSet\Control\Lsa
HKEY_USERS\.default\Software\Microsoft\Ole

In all of them, delete the value
"CPQHotkeys - hotkeysvc.exe" that shows on the right-hand side

Then go to
HKEY_LOCAL_MACHINE\Software\Microsoft\Ole
and change the value of EnableDCOM to Y

Then start-->run-->msconfig, boot.ini, uncheck /SAFEBOOT, restart. Once you've restarted, ctrl+alt+delte, see if hotkeysvc.exe process is running, if not =

The only problem is the file that it downloads with the Spybot worm, no idea what it is. The above might be enough to get ur av scanners up and running anyway to get rid of it.

Let me know if this works, no-one tried to send me the file but trillian pro isn't as vulnerable so blocks anything like that

GEEK

But a good one

It's my pillow talk.

LMFAO! Cheeky sod! Graham gave it to me and Stephen ya little bugger!!

I bow down to your immense GEEEEK status :worship:

Il give it a try in a bit Mike. Just about to go out now tho.

Do i still need that cd off you aswell?

That should hopefully sort it out enough to get housecall or avg up and running. If the Spybot worm's been active your machine will be clogged to shit with spyware, so I recommend using all three of these: Spybot , Adaware and Microsoft Anti-Spyware. After downloading, installing and updating them close your net connection before running them.

The cd will be a bit useless against Kelvir as it's not up to date enough, unfortunately. If you're still having probs I could do u a cd with the above progs and some other stuff too that might blast it if needs be

Done everything you suggested Mike, then tried Housecall. It scanned my computer, found 61 infections, then made a clicking noise several times and went to "This page cannot be displayed". Tried again from the start, but same thing happened.

With AV it said my security setting dont allow me to download it.

So im still as riddled as a Bigg Market slut im afraid.

Bugger. Try this:

Repeat the steps for booting into safe mode above. Delete C:\windows\system\hotkeysvc.exe (or possibly C:\windows\system32\) and c:\patch.exe if they have re-appeared

Look in the C:\windows\system (or system32) folder for any of these: Bling.exe; Netwmon.exe; Wuamgrd.exe - find em, delete em. It may be called summinck else, any suspicious exe's, write them down and google them (You'll have to repeat everything here again though)

The n go to regedit, check for the registry keys I posted earlier just in case. Then go to the following:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
RunServices
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
RunServices
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\OLE

and delete any keys that have reference to the names you found in the system folder (eg Bling.exe)

Exit regedit, then go to Start-->search-->all files and folders, type "tftp*.*" without the quotes, make sure c drive is selected, click more advanced options, check search system folders and search subfolders, then click search. If any files are found in any folder called startup, check to see if they have a size of zero bytes. If so, delete them.

Then reboot normally as posted earlier.

My reputation shalt be diminished if that don't work a little.

Try using Firefox to download avg (if you can download firefox that is), I've just been remotely helping my mate sort out summinck similar and she had no probs downloading in Firefox, only ie.

I've burned off a cd for ya with anti-virus, spyware and trojan stuff, but don't know when I'll be getting out, i could poss drop it thru your door monday morning, shall let you know.

Good luck again