hello all. Just recently i encountereda problem where my keyboard locked up (thus preventing logging into win2k). i initially thought it to be a hardware prob, so i tried diff keyboards and some other things like repair windows install. i finally managed to login, but the windows OS was severely damaged beyond use: missing /nonworking progs nonworking Norton AV couldnt' connect to internet every so often an install window would pop open asking for a missing file (even though i was just trying to open "My Computer") couldn't copy/paste...etc. worst still, the keyboard only worked after loging into windows (i.e. i couldnt start safe mode because the f8 key didn't work) Finally i gave up and installed another copy of win 2k to my 2nd harddrive, leaving the first HD and copy of win 2k alone for now. this new copy of win2k works better, but the keyboard sitll has problems during startup (i still can't enter safe mode becuase the keyboard only works after windows finishes booting up) In addition my new installed copy of Norton Antivirus keeps popping up a window saying a possible infection in the following files: W32.Blaster.Worm (TFTP1260) W32.HLLW.GAobot.gen (winhlpp32.exe) W32.Welchia.Worm (TFTP400) W32.Blaster.Worm (TFTP192) W32.HLLW.Gaobot.gen (Winhllp32.exe) Ive tried to keep deleting these files, but they pop up every so often. in addition, everytime i open Norton AV, an install window opens trying to install something I've run Ad-Aware and SPybot, and cleaned up everything that has shown up. I've run FixBlast.exe and FixWelch.exe, but these come up empty, showing no infection. I've tried to run norton scans (with updated virus definitions) but i'm not sure i can trust Norton too much because it may be partially coruppted. in any case, the scans show nothing as well (in either Hard drive) Any help would be greatly apprectiaed...im not sure what else to do other than wiping the hard drives clean (but that's quite painful) and i have a suspiciion that that wont do the trick entirely either. is it possible the bios on the motherbaord got corrupted as well? i've run HIjackThis as well, but right now the copy/paste feature has started to fail. heres a little bit of the log file that i can type in right now: 1/11/2004 Win 2000 (winNT 5.00.2195) MSIE: IE v5.00 (5.00.2990.0000) running processes: d:\winnt\system32\smss.exe \winlogon.exe \services.exe \lsass.exe \spoolsv.exe \svchost.exe \nvsvc32.exe \regsvc.exe \MSTask.exe \MsgSys.exe \WBEM\WinMgmt.exe D:\program files\navNT\vptray.exe \rtvscan.exe \defwatch.exe

if you can get into msconfig check your startup on the old system. if you check those specific viruses Nortons should have removal tools for each that you run in DOS. msconfig will give you the option to boot to safe or DOS mode simply select and reboot, there is no F8 involved.

try these online scans free trojin scan http://www.trojanscan.com/trojanscan panda scan http://www.pandasoftware.es/activescan/ housecall http://housecall.trendmicro.com/housecall/start_corp.asp nrav av http://www.ravantivirus.com/scan/ virus scan http://www.bitdefender.com/scan/licence.php

If you can get enough internet time: stinger to rid Blaster/Nachi/Welchia Then try to get as much of that hijack log posted as you can get down and we'll work through it. Good luck, hope to hear from you.

Thanks for the info so far... I actually managed to get up online, and ran: nrav av http://www.ravantivirus.com/scan/ as one of the first sites wawadave suggested and caught some trojan downloader/installer in a filed called ie_plugin.exe hidden in a folder called /documents&settings/localsettings/temp/icd1.tmp this file i promptly and happily deleted. still having trouble booting up in safe mode (i still can't, even after trying msconfig), but one thing at a time i suppose. i'm gonnna go through some of those other sites right now and see what i can see. luckily i can now cut&paste, so here's the rest of the hijackthis log...hopefully it's clean. Logfile of HijackThis v1.97.7 Scan saved at 8:09:41 AM, on 1/11/2004 Platform: Windows 2000 (WinNT 5.00.2195) MSIE: Internet Explorer v5.00 (5.00.2920.0000) Running processes: D:\WINNT\System32\smss.exe D:\WINNT\system32\winlogon.exe D:\WINNT\system32\services.exe D:\WINNT\system32\lsass.exe D:\WINNT\system32\spoolsv.exe D:\Program Files\NavNT\defwatch.exe D:\WINNT\System32\svchost.exe D:\Program Files\NavNT\rtvscan.exe D:\WINNT\System32\nvsvc32.exe D:\WINNT\system32\regsvc.exe D:\WINNT\system32\MSTask.exe D:\WINNT\System32\WBEM\WinMgmt.exe D:\WINNT\Explorer.exe D:\WINNT\System32\MsgSys.exe D:\Program Files\NavNT\vptray.exe D:\WINNT\anvshell.exe D:\Program Files\Internet Explorer\IEXPLORE.exe C:\Downloads\HijackThis.exe O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [vptray] D:\Program Files\NavNT\vptray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe D:\WINNT\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [anvshell] anvshell.exe O4 - HKLM\..\Run: [LiveNote] livenote.exe O8 - Extra context menu item: Download with GetRight - C:\Program Files\Util\GetRight\GRdownload.htm O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\Util\GetRight\GRbrowse.htm O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37996.3095717593 O17 - HKLM\System\CCS\Services\Tcpip\..\{10A03FBB-C2DC-4D68-8936-2689E68D7917}: NameServer = 164.67.128.1 164.67.128.2 O17 - HKLM\System\CS1\Services\Tcpip\..\{10A03FBB-C2DC-4D68-8936-2689E68D7917}: NameServer = 164.67.128.1 164.67.128.2

Looks remarkably clean; I presume that's a normal startup in msconfig. Did see that windowsupdates need a go through for all the security related stuff. How's your other hard drive? Generally run these as a multilayered protection system: Spybot AdAware Spywareblaster SpywareGuard If Nortons was that compromised it ay need a complete re-install, or choose another AV. iceblue