Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[snapperocks]

Hi 
I'm pretty sure its a virus behind MC  crashing and displaying this message.

I have looked up the suggested info Interact has provided but what it hasn't told me is how to root out this virus. Thats what I need assistance with. I have had Klone virus but AVG found that and stored it and a trojan generic32 ETW in the virus vault. I have tried othe anti virus programme 'Bit Defender' but when it gets so far through the scan my hard drive crashes.

Has anyone else had success in locating and banishing this nasty?
 
Is there anyway of downloding a MC 11.1 build that is not missing a vital part and isn't corrupted as this message informs me my copy is? I have tried uninstalling the registry files and even the library files then reinstalling but no joy. And of course it knocks out my registration and leaves me with a unregistered version.

Any help would be very much appreciated.

Regards
snapperocks  

Media Center 11.1.191 -- C:\Program Files\J River\Media Center 11\

Microsoft Windows XP  Workstation 5.1 Service Pack 2 (Build 2600)
Intel Pentium 4 2812 MHz MMX / Memory: Total - 523 MB, Free - 246 MB

Internet Explorer: 6.0.2900.2180 / ComCtl32.dll: 5.82.2900 / Shlwapi.dll: 6.0.2900 / Shell32.dll: 6.0.2900 / wnaspi32.dll: N/A
Ripping /   Drive E:   Mode:Normal  Type:Auto  Speed:Max
  Drive F:   Mode:Normal  Type:Auto  Speed:Max
  Digital playback: Yes /  Use YADB: Yes /  Get cover art: No /  Calc replay gain: Yes /  Copy volume: 32767
  Eject after ripping: Yes /  Play sound after ripping: No 

Burning /  Drive E: ASUS     DRW-1608P3S        Addr: 1:0:0  Speed:48  MaxSpeed:48  BurnProof:Yes
  Test mode: No /  Eject after writing: Yes /  Direct decoding: Yes /  Write CD-Text: Yes
  Use playback settings: No /

[Matthew]

It looks like your infected with a serious virus.
Have you tried System Restore?
Start>all programs>Accessories>System Tools>System Restore
If this does not help I'll provide more options.

[snapperocks]

Hi Matthew

Thanks for replying. Yes I have tried System Restore without any joy.
I installed the latest MC 11.1.201 as well but no change. 

[Matthew]

Try Msconfig to stop the virus from executing again.
Run "Msconfig.exe" and uncheck anything suspect.
If this does not help, try creating another account with a different Name and reinstall MC. If all accounts are infected. I highly recommend Formating the computer and reinstalling Windows XP again.

[marko]

you kidding right?

Sure, a reformat is one solution, but not the first port of call.

Snapper, go to google. I just seached on Klone virus and got many hits. The thing is removable without a reformat.
If there's something attaching itself to, or otherwise altering .exe files on your computer, you have to deal with thar first befor reinstalling MC. You're getting error#30 because of this interference.

From the brief reading I did on the subject, you need to boot into safe mode to deal with the problem. If you can't track the answers down, shout back and I'll see what I can dig up for you, if no-one else has chimed in by then, of course.
I wouldn't reformat just now, unless you're due one and really want to do it.

-marko.

[snapperocks]

Hi Marko
I have been searching Google and although its not specific for Klone virus Hijackthis seems to be what is preferred. I'm not keen playing around with that though. very technical and scary

http://www.mvps.org/winhelp2002/unwanted.htm
This site offered great advice but once again not Klone specific.

If you can't track the answers down, shout back and I'll see what I can dig up for you, if no-one else has chimed in by then, of course.

Yes Please I need Help and instructions.

[marko]

I think glynor will probably agree with me here, that while hijackthis is probably a wonderful little tool for listing things running on a PC, enabling a remote technician to give right and proper advice on a case by case basis, all those full logs posted here there and everywhere don't half queer the pitch of "what's running" type of searches. I've learned the value of the -hijackthis switch

So, I've found a range of pages that go through the entire spectrum, from "you're fooked, reformat" through, we can help, do this, post back, then download this, do that, do the next thing etc. etc." to remove klone? follow this..."

It would seem there's not much conclusive out there atm. A bit like going for "ask the audience" and getting 25% on all four answers!!

It appears that it's has close links with something called "vundo" and an out of date version of the Sun Java runtime environment, so, consider getting that up to date if you use it.

I was unable to find a removal tool.

Virtually all results containing hijack this logs relate to fixes for that specific computer rather than general fix rules that everyone can follow.

try this for starters:
http://www.precisesecurity.com/computer-virus/klone-oct09.htm
their "Step 5" is my only concern there, that really is the mother of all vague instructions!!!

Read here: http://forums.techguy.org/security/512499-solved-klone-virus-help.html
and here: http://miataru.computing.net/security/wwwboard/forum/19747.html

to see that successful removal is possible, my apologies for not having the know-how to take you through the use of those tools in that manner. perhaps the same people could help you too? There is definately help out there, and I think you're already aware that it's as important for you to understand how your PC became infected in the first place as it is for you to get it sorted out.

Interestingly, the only result a search on "generic32 ETW" returns, is this thread here at interact!!
The steps on cleaning out system restore are important (and simple) to follow. The system restore system does not know good from bad files, so it's very common for virii to be backed up in the system  restore system, ready to be restored into action at a later date.

Apologies for not being able to personally walk through the removal steps, hopefully I've at least been able to set you off in a more positive direction. Let us know how you get on.

regards, marko.

[JimH]

Have you tried restoring your license?

[snapperocks]

Sorry For not replying sooner. I have been on holiday.

Yes Jim I have tried restoring my licence till I now have only 5 restores left.
I followed the links and employed the programmes recommended in Marko's post. (Thanks Marko) Although my computer is running better Sadly Media Center still crashes without warning.
I was wondering if I was to install and register MC 12 would that possibly overcome my dilema?

[snapperocks]

Bump

[marko]

J River will need to confirm this, but my understanding is that you get that error message because something is altering critical MC program files, most likely media center 11.exe

If you still have gremlins, they will attack MC12 in the same way, and with the same result.

Ideally, you need two things:
a) to be sure you system is now virus free
b) to understand how you caught the virus in the first place. obviously, without this knowledge, you could easily become reinfected.

Did you try Trend Micro's "housecall" service for a second opinion... ?
http://www.trendmicro.com/hc_intro/default.asp