Archived from groups: microsoft.public.windowsxp.security_admin (
More info?)
Hi David
Thank you for responding to my posting. I am sorry I did not have the
correct information. I tried again to copy info correctly. Zone Alarm (when
it was installed) was just saying a virus find, and now in Panda virus
software it keeps popping up hackertool C:/ Windowssystem32 R drive.sys. Each
time I click to close it- it reappears. Then when spybot is ran it says that
this same file has stopped Windows updates and turned off Firewall. I did
remove etrust before installing Panda. I hope this is better information for
you to take a shot at for me. I appreicate it. I also have printed out the
following links you posted prior do you think these are still helpful?
Thank you again
GL
"David H. Lipman" wrote:
> From: "GL" <GL@discussions.microsoft.com>
>
> | I have Windows Xp and service pack one. being I have Verizon DSL
> | and had nothing but problems when downloading service pk 2. the
> | problem is that my antivirus Zone alarm keeps saying that windows system
> | 32:/ R systems.. It also came up in Spybot when I run that but will not allow
> | me to delete from either and after uninstalling zone alarm I put on Panda and
> | this to also shows this same error. It disables my firewall and will not
> | allow windows updates. Does anyone know how to fix this error please post.
> |
> | thanks a million
> | GL
>
> GL:
>
> There are no Registry viruses. A virus or other malware may modify the settings of the
> Registry but the Registry does not get infected.
>
> Zone Alarm is not anti virus, it as a FireWall application. If you bought the bundle, then
> it is Computer Associates eTrust anti virus and if eTrust was installed, I hope you removed
> it before you installed Panda anti virus software as they may conflict with each other.
>
> You indicated ZoneAlarm gave an error "windows system 32:/ R systems " You left out
> pertinent text as that makes no sense. It could be a folder or it could be a name of a
> virus or Trojan. I can't tell.
>
> I may have a solution for you, albeit I can't fathom what exactly you have. Many modern
> viruses do indeed; disable anti virus, disable FireWall applications and block the ability
> to access the Windows Update web site ( malware writers love vulnerable systems ). There
> are too many to take a guess which one.
>
>
> Download MULTI_AV.EXE from the URL --
>
http://www.ik-cs.com/programs/virtools/Multi_AV.exe
>
> It is a self-extracting ZIP file that contains the Kixtart Script Interpreter {
>
http://kixtart.org Kixtart is CareWare } three batch files, five Kixtart scripts, one Link
> (.LNK) file, a PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE. It will
> simplify the process of using; Sophos, Trend and McAfee Anti Virus Command Line Scanners to
> remove viruses, Trojans and various other malware.
>
> C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
> This will bring up the initial menu of choices and should be executed in Normal Mode. This
> way all the components can be downloaded from each AV vendor’s web site.
> The choices are; Sophos, Trend, McAfee, Exit the menu and Reboot the PC.
>
> You can choose to go to each menu item and just download the needed files or you can
> download the files and perform a scan in Normal Mode. Once you have downloaded the files
> needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
> during boot] and re-run the menu again and choose which scanner you want to run in Safe
> Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.
>
> When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
> file.
>
> To use this utility, perform the following...
> Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
> Choose; Unzip
> Choose; Close
>
> Execute; C:\AV-CLS\StartMenu.BAT
> { or Double-click on 'Start Menu' in C:\AV-CLS }
>
> NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
> FireWall to allow it to download the needed AV vendor related files.
>
> * * * Please report back your results * * *
>
>
>
> --
> Dave
>
http://www.claymania.com/removal-trojan-adware.html
>
http://www.ik-cs.com/got-a-virus.htm
>
>
>