Need help on my computer

Viruses and worms
21

File has already been analyzed:
MD5: bb8bd0d7171d13b06dedce57997a4b09
Date: 02.15.2008 14:59:08 (CET) [>7D]
Results: 0/32
Permalink: analisis/7f112cb8ba327daf8786847d5335a034

http://www.virustotal.com/analisis/7f112cb8ba327daf8786847d5335a034

May it’s not analyzed yet… results: 0/32. I’m reanalyzing it, but taking sometime.

22

Good. Go into windows explorer the this folder c:\windows\system32

In the right hand panel find winsys.exe.vir

right click it, select rename, type

winsys.exe

click anywhere near it and make sure the file was renamed.

Download and Install Microsoft’s TweakUI: http://www.microsoft.com/windowsxp/downloads/powertoys/xppowertoys.mspx

Scroll down and find it in the right hand panel, 147kb in size, download it and then start TweakUI.

Expand the My Computer branch, then the AutoPlay branch, and then select Drives.

Turn off the checkbox next to every drive letter to disable AutoPlay – except your CD/DVD drive letters

You will have to insert your thumbdrive for this next part.

Re-run Clean Autoruns with the thumb drive inserted.

Please post the logs.

Please download
OTMoveIt2 by OldTimer.

Save it to your desktop.

Please double-click OTMoveIt2.exe to run it. Make sure the thumbdrive is still inserted.

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

[b]
C:\sxs.exe /s
D:\sxs.exe /s
E:\sxs.exe /s
F:\sxs.exe /s
G:\sxs.exe /s
C:\oufddh.exe /s
D:\oufddh.exe /s
E:\oufddh.exe /s
F:\oufddh.exe /s
G:\oufddh.exe /s
C:\copy.exe
D:\copy.exe
E:\copy.exe
F:\copy.exe
G:\copy.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{e81952a7-ae32-11dc-b222-0019db66a464}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{cf7078e8-85a5-11dc-b1c2-0019db66a464}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{91d37fe2-ad7f-11dc-b221-0019db66a464}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F

[/b]

Return to OTMoveIt2, right click in the “Paste List Of Files/Patterns To Search For and Move” window (under the yellow bar) and choose Paste.

Click the red Moveit! button.

Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.

Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

NOTE: If OTMOVEITE reboots, before you can get the ruslts they can be found here
C:_OTMoveIt\MovedFiles**_.log
(where “**_” is the “date_time”)