shrike Posted April 30, 2004 Share Posted April 30, 2004 It seems that I have yet another virus, but this time there's no information on the net about it. I just updated Norton 2004, and yet still nothing. In my MSCONFIG, these things are running that shouldn't be there: C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT" C:\Program Files\ATI Multimedia\\Program Files\ATI Multimedia\main\ATIDtct.EXE There's also another entry that is blank. No label for "startup item" or "command". It says that it's located in the same place that the rest of the run commands are being stored: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run The only problem is, when I go there, there's nothing. No entry. SOMEBODY HELP ME. I ONLY JUST FORMATTED BECAUSE OF ANOTHER STUPID VIRUS Link to comment Share on other sites More sharing options...
Frank Posted April 30, 2004 Share Posted April 30, 2004 Well, do you have a firewall installed? Are you completly patched up? Go to http://housecall.antivirus.com and run a full scan. Also, have you tried scanning for spyware with an UPDATED version of Spybot S&D and Adaware? Link to comment Share on other sites More sharing options...
shrike Posted April 30, 2004 Author Share Posted April 30, 2004 yes, yes, and yes. Link to comment Share on other sites More sharing options...
+BeLGaRaTh Subscriber¹ Posted April 30, 2004 Subscriber¹ Share Posted April 30, 2004 cfgwiz.exe appears to be ok, its to do with Norton internet security. as for ATIDtct.EXE you are using Omega drivers for your ATi card and thats why its running, or you wont be able to use the drivers. All of this information was found on google and all within the first search link found :( Link to comment Share on other sites More sharing options...
Joswin Posted April 30, 2004 Share Posted April 30, 2004 C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT" C:\Program Files\ATI Multimedia\\Program Files\ATI Multimedia\main\ATIDtct.EXE Hmm well they look normal to me?? If you are 100% sure they should not be there then i suggest you maybe take a look inside the EXE with a notepad. I have also had a simular experience really and no virus scanner could detect the 'trojan/virus' but upon looking inside the file with notepad it was obvious what it was. Link to comment Share on other sites More sharing options...
Frank Posted April 30, 2004 Share Posted April 30, 2004 So you went to http://housecall.antivirus.com and ran a full system scan already?? I just looked at the files you stated were viruses. ATIDtct.EXE is something to do with ATI's control panel. Do you have an ATI Video Card installed? Also, it looks like CfgWiz.exe has something to do with norton, but I am not sure why the commands are after it. Have you deleted these files out of msconfig, and they keep coming back? Link to comment Share on other sites More sharing options...
shrike Posted April 30, 2004 Author Share Posted April 30, 2004 I have both Norton and and ATI video card.. it's just the command that's made me think virus. NEVER have these items been in my startup, and I've had the same config for a long long time. It's impossible to browse to C:\Program Files\ATI Multimedia\\Program Files\ATI Multimedia\main\, so I can't open that .exe. I'm not using the Omega drivers, since I like to only use the official ones. Currently I'm using 4.4 the top one, cfgwiz.exe: That makes me wonder, because of the /cmdline "reboot" once again, none of these commands have ever been on my startup list. I'm going to give my computer another format tomorrow, just because I'm not satisfied with my current installation. Lets just hope I don't get the virus again Link to comment Share on other sites More sharing options...
Frank Posted April 30, 2004 Share Posted April 30, 2004 I do not think it is a virus. and why is it impossible to browse to "C:\Program Files\ATI Multimedia\\Program Files\ATI Multimedia\main\"? Did you run the online scan like I posted? Link to comment Share on other sites More sharing options...
shrike Posted May 1, 2004 Author Share Posted May 1, 2004 It's impossible to browse to that folder because it simply doesn't exist. The whole "ATI Multimedia\\Program Files" thing doesn't help, either. Link to comment Share on other sites More sharing options...
kjordan2001 Posted May 1, 2004 Share Posted May 1, 2004 It's impossible to browse to that folder because it simply doesn't exist. The whole "ATI Multimedia\\Program Files" thing doesn't help, either. Maybe because it's just C:\Program Files\ATI Multimedia\main? I don't know how you're getting the extra \Program Files Link to comment Share on other sites More sharing options...
shrike Posted May 1, 2004 Author Share Posted May 1, 2004 I was getting the extra part from MSCONFIG, Regedit, and every other program that lists your startup stuff. That's why I decided that was a virus, because it's not normal. I formatted, and don't have the virus anymore. Maybe it'll pop up again another day. Link to comment Share on other sites More sharing options...
panicswitched Posted May 1, 2004 Share Posted May 1, 2004 New virus out guys http://www.microsoft.com/security/incident/sasser.asp http://windowsupdate.microsoft.com or http://207.46.134.62 to update your pc the ip goes to http://v4.windowsupdate.microsoft.com/en/default.asp but since sasser messes up dns u have to use ip http://securityresponse.symantec.com/avcen...asser.worm.html more info here Link to comment Share on other sites More sharing options...
Recommended Posts