Sign in with
Sign up | Sign in
Your question

registry virus

Last response: in Windows XP
Share
Anonymous
September 15, 2005 6:33:02 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I have Windows Xp and service pack one. being I have Verizon DSL
and had nothing but problems when downloading service pk 2. the
problem is that my antivirus Zone alarm keeps saying that windows system
32:/ R systems.. It also came up in Spybot when I run that but will not allow
me to delete from either and after uninstalling zone alarm I put on Panda and
this to also shows this same error. It disables my firewall and will not
allow windows updates. Does anyone know how to fix this error please post.

thanks a million
GL

More about : registry virus

Anonymous
September 15, 2005 10:19:25 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

From: "GL" <GL@discussions.microsoft.com>

| I have Windows Xp and service pack one. being I have Verizon DSL
| and had nothing but problems when downloading service pk 2. the
| problem is that my antivirus Zone alarm keeps saying that windows system
| 32:/ R systems.. It also came up in Spybot when I run that but will not allow
| me to delete from either and after uninstalling zone alarm I put on Panda and
| this to also shows this same error. It disables my firewall and will not
| allow windows updates. Does anyone know how to fix this error please post.
|
| thanks a million
| GL

GL:

There are no Registry viruses. A virus or other malware may modify the settings of the
Registry but the Registry does not get infected.

Zone Alarm is not anti virus, it as a FireWall application. If you bought the bundle, then
it is Computer Associates eTrust anti virus and if eTrust was installed, I hope you removed
it before you installed Panda anti virus software as they may conflict with each other.

You indicated ZoneAlarm gave an error "windows system 32:/ R systems " You left out
pertinent text as that makes no sense. It could be a folder or it could be a name of a
virus or Trojan. I can't tell.

I may have a solution for you, albeit I can't fathom what exactly you have. Many modern
viruses do indeed; disable anti virus, disable FireWall applications and block the ability
to access the Windows Update web site ( malware writers love vulnerable systems ). There
are too many to take a guess which one.


Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

It is a self-extracting ZIP file that contains the Kixtart Script Interpreter {
http://kixtart.org Kixtart is CareWare } three batch files, five Kixtart scripts, one Link
(.LNK) file, a PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE. It will
simplify the process of using; Sophos, Trend and McAfee Anti Virus Command Line Scanners to
remove viruses, Trojans and various other malware.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode. This
way all the components can be downloaded from each AV vendor’s web site.
The choices are; Sophos, Trend, McAfee, Exit the menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file.

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

* * * Please report back your results * * *



--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
Anonymous
September 16, 2005 8:27:06 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Hi David
Thank you for responding to my posting. I am sorry I did not have the
correct information. I tried again to copy info correctly. Zone Alarm (when
it was installed) was just saying a virus find, and now in Panda virus
software it keeps popping up hackertool C:/ Windowssystem32 R drive.sys. Each
time I click to close it- it reappears. Then when spybot is ran it says that
this same file has stopped Windows updates and turned off Firewall. I did
remove etrust before installing Panda. I hope this is better information for
you to take a shot at for me. I appreicate it. I also have printed out the
following links you posted prior do you think these are still helpful?
Thank you again
GL

"David H. Lipman" wrote:

> From: "GL" <GL@discussions.microsoft.com>
>
> | I have Windows Xp and service pack one. being I have Verizon DSL
> | and had nothing but problems when downloading service pk 2. the
> | problem is that my antivirus Zone alarm keeps saying that windows system
> | 32:/ R systems.. It also came up in Spybot when I run that but will not allow
> | me to delete from either and after uninstalling zone alarm I put on Panda and
> | this to also shows this same error. It disables my firewall and will not
> | allow windows updates. Does anyone know how to fix this error please post.
> |
> | thanks a million
> | GL
>
> GL:
>
> There are no Registry viruses. A virus or other malware may modify the settings of the
> Registry but the Registry does not get infected.
>
> Zone Alarm is not anti virus, it as a FireWall application. If you bought the bundle, then
> it is Computer Associates eTrust anti virus and if eTrust was installed, I hope you removed
> it before you installed Panda anti virus software as they may conflict with each other.
>
> You indicated ZoneAlarm gave an error "windows system 32:/ R systems " You left out
> pertinent text as that makes no sense. It could be a folder or it could be a name of a
> virus or Trojan. I can't tell.
>
> I may have a solution for you, albeit I can't fathom what exactly you have. Many modern
> viruses do indeed; disable anti virus, disable FireWall applications and block the ability
> to access the Windows Update web site ( malware writers love vulnerable systems ). There
> are too many to take a guess which one.
>
>
> Download MULTI_AV.EXE from the URL --
> http://www.ik-cs.com/programs/virtools/Multi_AV.exe
>
> It is a self-extracting ZIP file that contains the Kixtart Script Interpreter {
> http://kixtart.org Kixtart is CareWare } three batch files, five Kixtart scripts, one Link
> (.LNK) file, a PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE. It will
> simplify the process of using; Sophos, Trend and McAfee Anti Virus Command Line Scanners to
> remove viruses, Trojans and various other malware.
>
> C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
> This will bring up the initial menu of choices and should be executed in Normal Mode. This
> way all the components can be downloaded from each AV vendor’s web site.
> The choices are; Sophos, Trend, McAfee, Exit the menu and Reboot the PC.
>
> You can choose to go to each menu item and just download the needed files or you can
> download the files and perform a scan in Normal Mode. Once you have downloaded the files
> needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
> during boot] and re-run the menu again and choose which scanner you want to run in Safe
> Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.
>
> When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
> file.
>
> To use this utility, perform the following...
> Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
> Choose; Unzip
> Choose; Close
>
> Execute; C:\AV-CLS\StartMenu.BAT
> { or Double-click on 'Start Menu' in C:\AV-CLS }
>
> NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
> FireWall to allow it to download the needed AV vendor related files.
>
> * * * Please report back your results * * *
>
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
>
Anonymous
September 16, 2005 11:50:33 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

From: "GL" <GL@discussions.microsoft.com>

| Hi David
| Thank you for responding to my posting. I am sorry I did not have the
| correct information. I tried again to copy info correctly. Zone Alarm (when
| it was installed) was just saying a virus find, and now in Panda virus
| software it keeps popping up hackertool C:/ Windowssystem32 R drive.sys. Each
| time I click to close it- it reappears. Then when spybot is ran it says that
| this same file has stopped Windows updates and turned off Firewall. I did
| remove etrust before installing Panda. I hope this is better information for
| you to take a shot at for me. I appreicate it. I also have printed out the
| following links you posted prior do you think these are still helpful?
| Thank you again
| GL


Again, you post has incomplete/malformed information. It does need to be EXACT to get the
*best* help...

The term "hackertool" does not show in the Panda AV library.

C:/ Windowssystem32 R drive.sys
looks like a folder and it should be something like...

C:\Windows\system32\

But can't be sure of the rest nor assume what it really is...
C:\Windows\system32\ R drive.sys
or
C:\Windows\system32\Rdrive.sys

I do want to to download the Multi AV and run it as a prescribed..

Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

Start with "1. Sophos" on the menu.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
!