Hi, I have Spybot and it comes up empty. Dave02, I appreciate the feedback but, I'm not having the "about blank" problem. Thanks Thanks, Jim

0

Hey Tufenuf!!, GREAT NEWS!!! It's gone! I went to the site you told me and I took a bit of information and I tried it. IT WORKED!!!!! After I deleted the file, McAfee came up again with the "Urbin Virus" but this time instead of being in the "Windows/System32" directory, it was in A couple of my "System Volume Information" dir. It picked up not only the DLL file but the EXE as well. Once again, Thank you so much for the info and take care. Ps. If anyone wants to know how to get rid of it, let me know and I would be glad to give a hand of how I did it! Thanks, Jim

0

Jim, Glad that the info at the link helped. If your McAfee picked up those virus files in your System Volume Information directory you should turn off System Restore then restart your computer then run another virus scan which should come up clean. Turning off System Restore then restarting your computer removes all of the files in System Restore including virus/virus infected files. If after doing the above it comes up clean turn on System Restore again. How to turn off or turn on the Windows XP System Restore feature Tufenuf

0

I have the same virus you had on your computer on mine.I done everything i can think of to get rid of it.I went to the link Tufenuf said and couldn't find a thing.Please help. gamefreak

0

Hi Gamefreak, I would be glad to help if I can. This information is what I got from another site and I used a bit of it to get the job done. It states at the beginning to create a restore point. I didn't and after manually deleting the "Msvsres.dll" file that McAfee found but couldn't delete, McAfee found more dll's and an exe in my "System Volume Information" directory (the restore directories). Since then I have turned off the option of having a restore point. I back all my stuff up and put it on another drive, something I had to learn the hard way. So, let's get started: 1. Create a restore point (if you choose to, I didn't) 2. Go to Start and select run and type in Regedit 3. Make your way through the hot keys to: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows 4. Right click on Windows in the left pane and choose "Rename". Rename the key as "NotWindows". 5. Look in the right pane for "Applnit_Dlls". When you find it, right click and choose delete. 6. This step is very important! Go back to the left pane and rename the "NotWindows" key back to "Windows". 7. Next is to reset the permissions on this key. Right click on the Windows key in the left pane. Click "Pernissions" from the menu. When you do, it will bring up another page. Click on "Advanced Button" you will then, be taken to another page. Look near the bottom of the page for a box labeled: "Inherit from parent the permission entires that apply to child objects. Include these entries explicitly defined here. Once you find it click on the box to place a check in it. (Now here is one step that was different for me. The box was already checked and I just unchecked it and in fact it's still unchecked as I didn't go back and re-check it.) 8. When you click on the box to put a check in it, a new message will pop up with several choices. Click COPY button and APPLY and then OK. 9. You will be brought back to the page titled "Permissions for Windows." Check to see if on the list of Users there is a group named "Everyone", if there is highlight it and click remove and then ok. (I didn't have "Everyone" in my Users group.) 10. Close out of all windows programs including regedit. Now, here's where I went off the beaten path. Because they were using "Highjackthis" and "Ad-Aware" they did it a little differently. I don't have those programs, I have others. So I decided to try it another way. 11. I restarted my computer in the "safe mode." Go to Start, Programs, and then Accessories. Choose Command Prompt. 12. You should see a Dos window with something like C:\Documents and Settings\Owner> You need to change the directory and to do this, you smiply type in "cd.." NOTE: it has to have two periods after the "cd" You will then see that you are no longer in the Owner directory. You need to type in again "cd.." 13. Now, you should be at the "C:\" prompt ONLY. Type in "cd Windows". (There IS a space between "cd" and "Windows") You should now have something like this "C:\Windows>. " 14. Next type in "cd System32" as above there is a space between "cd" and "System32". 15. Now, you should have this C:\Windows\System32> Here type "dir\w\p and hit enter. Now you can scroll down by hitting the space bar repeatedly to look for the file "MSVSRES.dll" to make sure it's there. 16.If you see it, then keep scrolling until you return to the C:\Windows\System32> prompt. Here, type in "del msvsres.dll" NOTE: that there is a space between "del" and "msvsres.dll". You then should return to C:\Windows\System32> prompt. You can do a search again if you like but I just typed exit and ran the virus program again. Upon doing so, this time instead of getting the virus alert in the "Windows\System32" directory, I got it in the "System Volume Infromation" directory. This is the "Restore" directories. McAfee caught another DLL and an EXE in two different restore points. I deleted them. And now am clean until another day! It was suggested that I turn off my restore points which I did. If you need help with that let me know and I'll help you. I hope this helps you out, Take care and good luck, Thanks, Jim

0

I got all the way to 14 but there it said:The system cannot find the path specified.is there any other way? gamefreak

0

I GOT IT!I messed up on step 12.My aunt would like to know if you know how to get rid of Trojan Agent L. gamefreak

0

i almost forgot to say:THANK YOU SO MUCH FOR YOU HELP!!!!!gamefreak

0

I'm glad I could help Gamefreak. As for your Aunt's virus, goto this link I have for you here. Sorry I didn't offer a one click and you're there. You'll have to type it in. Hope this helps! http://www.sophos.com/virusinfo/analyses/trojagentl.html Thanks, Jim

0

I got the virus off my aunt's computer. She wanted me to tell you thank you so much for your help.I think you should open a anti- virus shop! gamefreak

0

Hi Gamefreak, I appreciate the compliment but, I'm not as good as it might sound. I have taken bits of others info and it appears that I have gotten lucky. I'm glad I was able to help you and your aunt. Take care, Thanks, Jim

0