registry virus

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I have Windows Xp and service pack one. being I have Verizon DSL
and had nothing but problems when downloading service pk 2. the
problem is that my antivirus Zone alarm keeps saying that windows system
32:/ R systems.. It also came up in Spybot when I run that but will not allow
me to delete from either and after uninstalling zone alarm I put on Panda and
this to also shows this same error. It disables my firewall and will not
allow windows updates. Does anyone know how to fix this error please post.

thanks a million
GL
3 answers Last reply
More about registry virus
  1. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    From: "GL" <GL@discussions.microsoft.com>

    | I have Windows Xp and service pack one. being I have Verizon DSL
    | and had nothing but problems when downloading service pk 2. the
    | problem is that my antivirus Zone alarm keeps saying that windows system
    | 32:/ R systems.. It also came up in Spybot when I run that but will not allow
    | me to delete from either and after uninstalling zone alarm I put on Panda and
    | this to also shows this same error. It disables my firewall and will not
    | allow windows updates. Does anyone know how to fix this error please post.
    |
    | thanks a million
    | GL

    GL:

    There are no Registry viruses. A virus or other malware may modify the settings of the
    Registry but the Registry does not get infected.

    Zone Alarm is not anti virus, it as a FireWall application. If you bought the bundle, then
    it is Computer Associates eTrust anti virus and if eTrust was installed, I hope you removed
    it before you installed Panda anti virus software as they may conflict with each other.

    You indicated ZoneAlarm gave an error "windows system 32:/ R systems " You left out
    pertinent text as that makes no sense. It could be a folder or it could be a name of a
    virus or Trojan. I can't tell.

    I may have a solution for you, albeit I can't fathom what exactly you have. Many modern
    viruses do indeed; disable anti virus, disable FireWall applications and block the ability
    to access the Windows Update web site ( malware writers love vulnerable systems ). There
    are too many to take a guess which one.


    Download MULTI_AV.EXE from the URL --
    http://www.ik-cs.com/programs/virtools/Multi_AV.exe

    It is a self-extracting ZIP file that contains the Kixtart Script Interpreter {
    http://kixtart.org Kixtart is CareWare } three batch files, five Kixtart scripts, one Link
    (.LNK) file, a PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE. It will
    simplify the process of using; Sophos, Trend and McAfee Anti Virus Command Line Scanners to
    remove viruses, Trojans and various other malware.

    C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
    This will bring up the initial menu of choices and should be executed in Normal Mode. This
    way all the components can be downloaded from each AV vendor’s web site.
    The choices are; Sophos, Trend, McAfee, Exit the menu and Reboot the PC.

    You can choose to go to each menu item and just download the needed files or you can
    download the files and perform a scan in Normal Mode. Once you have downloaded the files
    needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
    during boot] and re-run the menu again and choose which scanner you want to run in Safe
    Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

    When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
    file.

    To use this utility, perform the following...
    Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
    Choose; Unzip
    Choose; Close

    Execute; C:\AV-CLS\StartMenu.BAT
    { or Double-click on 'Start Menu' in C:\AV-CLS }

    NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
    FireWall to allow it to download the needed AV vendor related files.

    * * * Please report back your results * * *


    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
  2. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Hi David
    Thank you for responding to my posting. I am sorry I did not have the
    correct information. I tried again to copy info correctly. Zone Alarm (when
    it was installed) was just saying a virus find, and now in Panda virus
    software it keeps popping up hackertool C:/ Windowssystem32 R drive.sys. Each
    time I click to close it- it reappears. Then when spybot is ran it says that
    this same file has stopped Windows updates and turned off Firewall. I did
    remove etrust before installing Panda. I hope this is better information for
    you to take a shot at for me. I appreicate it. I also have printed out the
    following links you posted prior do you think these are still helpful?
    Thank you again
    GL

    "David H. Lipman" wrote:

    > From: "GL" <GL@discussions.microsoft.com>
    >
    > | I have Windows Xp and service pack one. being I have Verizon DSL
    > | and had nothing but problems when downloading service pk 2. the
    > | problem is that my antivirus Zone alarm keeps saying that windows system
    > | 32:/ R systems.. It also came up in Spybot when I run that but will not allow
    > | me to delete from either and after uninstalling zone alarm I put on Panda and
    > | this to also shows this same error. It disables my firewall and will not
    > | allow windows updates. Does anyone know how to fix this error please post.
    > |
    > | thanks a million
    > | GL
    >
    > GL:
    >
    > There are no Registry viruses. A virus or other malware may modify the settings of the
    > Registry but the Registry does not get infected.
    >
    > Zone Alarm is not anti virus, it as a FireWall application. If you bought the bundle, then
    > it is Computer Associates eTrust anti virus and if eTrust was installed, I hope you removed
    > it before you installed Panda anti virus software as they may conflict with each other.
    >
    > You indicated ZoneAlarm gave an error "windows system 32:/ R systems " You left out
    > pertinent text as that makes no sense. It could be a folder or it could be a name of a
    > virus or Trojan. I can't tell.
    >
    > I may have a solution for you, albeit I can't fathom what exactly you have. Many modern
    > viruses do indeed; disable anti virus, disable FireWall applications and block the ability
    > to access the Windows Update web site ( malware writers love vulnerable systems ). There
    > are too many to take a guess which one.
    >
    >
    > Download MULTI_AV.EXE from the URL --
    > http://www.ik-cs.com/programs/virtools/Multi_AV.exe
    >
    > It is a self-extracting ZIP file that contains the Kixtart Script Interpreter {
    > http://kixtart.org Kixtart is CareWare } three batch files, five Kixtart scripts, one Link
    > (.LNK) file, a PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE. It will
    > simplify the process of using; Sophos, Trend and McAfee Anti Virus Command Line Scanners to
    > remove viruses, Trojans and various other malware.
    >
    > C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
    > This will bring up the initial menu of choices and should be executed in Normal Mode. This
    > way all the components can be downloaded from each AV vendor’s web site.
    > The choices are; Sophos, Trend, McAfee, Exit the menu and Reboot the PC.
    >
    > You can choose to go to each menu item and just download the needed files or you can
    > download the files and perform a scan in Normal Mode. Once you have downloaded the files
    > needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
    > during boot] and re-run the menu again and choose which scanner you want to run in Safe
    > Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.
    >
    > When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
    > file.
    >
    > To use this utility, perform the following...
    > Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
    > Choose; Unzip
    > Choose; Close
    >
    > Execute; C:\AV-CLS\StartMenu.BAT
    > { or Double-click on 'Start Menu' in C:\AV-CLS }
    >
    > NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
    > FireWall to allow it to download the needed AV vendor related files.
    >
    > * * * Please report back your results * * *
    >
    >
    >
    > --
    > Dave
    > http://www.claymania.com/removal-trojan-adware.html
    > http://www.ik-cs.com/got-a-virus.htm
    >
    >
    >
  3. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    From: "GL" <GL@discussions.microsoft.com>

    | Hi David
    | Thank you for responding to my posting. I am sorry I did not have the
    | correct information. I tried again to copy info correctly. Zone Alarm (when
    | it was installed) was just saying a virus find, and now in Panda virus
    | software it keeps popping up hackertool C:/ Windowssystem32 R drive.sys. Each
    | time I click to close it- it reappears. Then when spybot is ran it says that
    | this same file has stopped Windows updates and turned off Firewall. I did
    | remove etrust before installing Panda. I hope this is better information for
    | you to take a shot at for me. I appreicate it. I also have printed out the
    | following links you posted prior do you think these are still helpful?
    | Thank you again
    | GL


    Again, you post has incomplete/malformed information. It does need to be EXACT to get the
    *best* help...

    The term "hackertool" does not show in the Panda AV library.

    C:/ Windowssystem32 R drive.sys
    looks like a folder and it should be something like...

    C:\Windows\system32\

    But can't be sure of the rest nor assume what it really is...
    C:\Windows\system32\ R drive.sys
    or
    C:\Windows\system32\Rdrive.sys

    I do want to to download the Multi AV and run it as a prescribed..

    Download MULTI_AV.EXE from the URL --
    http://www.ik-cs.com/programs/virtools/Multi_AV.exe

    To use this utility, perform the following...
    Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
    Choose; Unzip
    Choose; Close

    Execute; C:\AV-CLS\StartMenu.BAT
    { or Double-click on 'Start Menu' in C:\AV-CLS }

    Start with "1. Sophos" on the menu.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
Ask a new question

Read More

Windows XP