TaurArian [MS-MVP]

"Richard Henderson" <RichardHenderson@discussions.microsoft.com> wrote in message
news:23E8EE0D-6ACA-4D89-9598-6EFBD760C99D@microsoft.com...
| Apologies if this appears twice - had a crash just as I first posted re this!
| Running XP, have had a frustrating few weeks with repeated random crashes,
| BSOD etc. Twice I couldn't boot at all and repaired (not quite a reinstall)
| using the CD supplied. After some of the crashes got the error report from
| MS that I was infected with Win32/Rustock.gen!C, and directing me to an
| online scan that always crashed before completing, although several complete
| and up to date McAfee scans have found nothing.
| Possibly related to this I have had major problems with updates downloading
| but not installing. For a week or so I kept getting the message that Update
| installer 3.1 (I think ... from memory) could not be installed. I Googled re
| this and found a workaround via regedit and did install the update installer,
| after which a number of other updates could be installed, but now no longer.
| It keeps hanging when trying to install IE7 (I currently have IE6), and I
| need to ctrl/alt/delete out of it. Even when I try a custom install without
| IE7 it still doesn't complete installation, and is currently frozen - I am
| posting this on another computer provided by work.
| I am normally a patient man, but am sorely tempted to throw a brick at the
| computer. Some unkind colleagues have suggested I install Linux, but I feel
| I am only moderately computer literate and not really sufficient of a nerd to
| do this.
| Any relatively simple solutions? Or would the simplest and easiest solution
| be to reinstall Windows and start again? - I have backed up all essential
| files so this wouldn't be a total disaster.
| HELP!



What concerns me is "Win32/Rustock.gen!C"

xposted to security.virus for convenience.

Security - Viruses
OE client -
news://msnews.microsoft.com/microsof...security.virus
or

Web client -
http://www.microsoft.com/technet/com...security.virus


--
====================================
TaurArian [MS-MVP] 2005-2008 - Australia
====================================
How to make a good post: http://www.dts-l.org/goodpost.htm
Defending your machine: http://defendingyourmachine2.blogspot.com/
http://taurarian.mvps.org/index.htm

Emails will not be acknowledged - please post to the newsgroup so all may benefit.

Peter Foldes

Download - rustbfix.exe and save it to your desktop.

If a Rustock.b-infection is found, you will be asked to reboot the computer.

After when you reboot it will take some time for the Desktop to come up. You might need to reboot 2 times , depending.

When the desktop will come up you will have 1-2 logfiles that will show up for you. The infection should be gone. If not post those log files here.


--
Peter

Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.

"TaurArian [MS-MVP]" <taurarianREMOVECAPS@gmail.com> wrote in message news:eliUBM$3HHA.3400@TK2MSFTNGP03.phx.gbl...
>
>
> "Richard Henderson" <RichardHenderson@discussions.microsoft.com> wrote in message
> news:23E8EE0D-6ACA-4D89-9598-6EFBD760C99D@microsoft.com...
> | Apologies if this appears twice - had a crash just as I first posted re this!
> | Running XP, have had a frustrating few weeks with repeated random crashes,
> | BSOD etc. Twice I couldn't boot at all and repaired (not quite a reinstall)
> | using the CD supplied. After some of the crashes got the error report from
> | MS that I was infected with Win32/Rustock.gen!C, and directing me to an
> | online scan that always crashed before completing, although several complete
> | and up to date McAfee scans have found nothing.
> | Possibly related to this I have had major problems with updates downloading
> | but not installing. For a week or so I kept getting the message that Update
> | installer 3.1 (I think ... from memory) could not be installed. I Googled re
> | this and found a workaround via regedit and did install the update installer,
> | after which a number of other updates could be installed, but now no longer.
> | It keeps hanging when trying to install IE7 (I currently have IE6), and I
> | need to ctrl/alt/delete out of it. Even when I try a custom install without
> | IE7 it still doesn't complete installation, and is currently frozen - I am
> | posting this on another computer provided by work.
> | I am normally a patient man, but am sorely tempted to throw a brick at the
> | computer. Some unkind colleagues have suggested I install Linux, but I feel
> | I am only moderately computer literate and not really sufficient of a nerd to
> | do this.
> | Any relatively simple solutions? Or would the simplest and easiest solution
> | be to reinstall Windows and start again? - I have backed up all essential
> | files so this wouldn't be a total disaster.
> | HELP!
>
>
>
> What concerns me is "Win32/Rustock.gen!C"
>
> xposted to security.virus for convenience.
>
> Security - Viruses
> OE client -
> news://msnews.microsoft.com/microsof...security.virus
> or
>
> Web client -
> http://www.microsoft.com/technet/com...security.virus
>
>
> --
> ====================================
> TaurArian [MS-MVP] 2005-2008 - Australia
> ====================================
> How to make a good post: http://www.dts-l.org/goodpost.htm
> Defending your machine: http://defendingyourmachine2.blogspot.com/
> http://taurarian.mvps.org/index.htm
>
> Emails will not be acknowledged - please post to the newsgroup so all may benefit.
>
>

Peter Foldes

Sorry I forgot the link for the rustbfix.exe

http://www.uploads.ejvindh.net/rustbfix.exe

--
Peter

Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.

"Peter Foldes" <okf22@hotmail.com> wrote in message news:%23ER9WaA4HHA.5740@TK2MSFTNGP03.phx.gbl...
Download - rustbfix.exe and save it to your desktop.

If a Rustock.b-infection is found, you will be asked to reboot the computer.

After when you reboot it will take some time for the Desktop to come up. You might need to reboot 2 times , depending.

When the desktop will come up you will have 1-2 logfiles that will show up for you. The infection should be gone. If not post those log files here.


--
Peter

Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.

"TaurArian [MS-MVP]" <taurarianREMOVECAPS@gmail.com> wrote in message news:eliUBM$3HHA.3400@TK2MSFTNGP03.phx.gbl...
>
>
> "Richard Henderson" <RichardHenderson@discussions.microsoft.com> wrote in message
> news:23E8EE0D-6ACA-4D89-9598-6EFBD760C99D@microsoft.com...
> | Apologies if this appears twice - had a crash just as I first posted re this!
> | Running XP, have had a frustrating few weeks with repeated random crashes,
> | BSOD etc. Twice I couldn't boot at all and repaired (not quite a reinstall)
> | using the CD supplied. After some of the crashes got the error report from
> | MS that I was infected with Win32/Rustock.gen!C, and directing me to an
> | online scan that always crashed before completing, although several complete
> | and up to date McAfee scans have found nothing.
> | Possibly related to this I have had major problems with updates downloading
> | but not installing. For a week or so I kept getting the message that Update
> | installer 3.1 (I think ... from memory) could not be installed. I Googled re
> | this and found a workaround via regedit and did install the update installer,
> | after which a number of other updates could be installed, but now no longer.
> | It keeps hanging when trying to install IE7 (I currently have IE6), and I
> | need to ctrl/alt/delete out of it. Even when I try a custom install without
> | IE7 it still doesn't complete installation, and is currently frozen - I am
> | posting this on another computer provided by work.
> | I am normally a patient man, but am sorely tempted to throw a brick at the
> | computer. Some unkind colleagues have suggested I install Linux, but I feel
> | I am only moderately computer literate and not really sufficient of a nerd to
> | do this.
> | Any relatively simple solutions? Or would the simplest and easiest solution
> | be to reinstall Windows and start again? - I have backed up all essential
> | files so this wouldn't be a total disaster.
> | HELP!
>
>
>
> What concerns me is "Win32/Rustock.gen!C"
>
> xposted to security.virus for convenience.
>
> Security - Viruses
> OE client -
> news://msnews.microsoft.com/microsof...security.virus
> or
>
> Web client -
> http://www.microsoft.com/technet/com...security.virus
>
>
> --
> ====================================
> TaurArian [MS-MVP] 2005-2008 - Australia
> ====================================
> How to make a good post: http://www.dts-l.org/goodpost.htm
> Defending your machine: http://defendingyourmachine2.blogspot.com/
> http://taurarian.mvps.org/index.htm
>
> Emails will not be acknowledged - please post to the newsgroup so all may benefit.
>
>

Richard Henderson

Latest update:
Have run rustbfix (see logs in posting above) but still can't update. Hangs
while trying to install IE7 and generates Drwatson postmortem debugger error
notice as before. What's up? Is this something other than the virus?

"Richard Henderson" wrote:

> Peter
> Thanks. Will try when I get home ... but does what I describe sound like a
> Win32/Rustock.gen!C infection, and does McAfee not pick this up?
>
> "Peter Foldes" wrote:
>
> > Download - rustbfix.exe and save it to your desktop.
> >
> > If a Rustock.b-infection is found, you will be asked to reboot the computer.
> >
> > After when you reboot it will take some time for the Desktop to come up. You might need to reboot 2 times , depending.
> >
> > When the desktop will come up you will have 1-2 logfiles that will show up for you. The infection should be gone. If not post those log files here.
> >
> >
> > --
> > Peter
> >
> > Please Reply to Newsgroup for the benefit of others
> > Requests for assistance by email can not and will not be acknowledged.
> >
> > "TaurArian [MS-MVP]" <taurarianREMOVECAPS@gmail.com> wrote in message news:eliUBM$3HHA.3400@TK2MSFTNGP03.phx.gbl...
> > >
> > >
> > > "Richard Henderson" <RichardHenderson@discussions.microsoft.com> wrote in message
> > > news:23E8EE0D-6ACA-4D89-9598-6EFBD760C99D@microsoft.com...
> > > | Apologies if this appears twice - had a crash just as I first posted re this!
> > > | Running XP, have had a frustrating few weeks with repeated random crashes,
> > > | BSOD etc. Twice I couldn't boot at all and repaired (not quite a reinstall)
> > > | using the CD supplied. After some of the crashes got the error report from
> > > | MS that I was infected with Win32/Rustock.gen!C, and directing me to an
> > > | online scan that always crashed before completing, although several complete
> > > | and up to date McAfee scans have found nothing.
> > > | Possibly related to this I have had major problems with updates downloading
> > > | but not installing. For a week or so I kept getting the message that Update
> > > | installer 3.1 (I think ... from memory) could not be installed. I Googled re
> > > | this and found a workaround via regedit and did install the update installer,
> > > | after which a number of other updates could be installed, but now no longer.
> > > | It keeps hanging when trying to install IE7 (I currently have IE6), and I
> > > | need to ctrl/alt/delete out of it. Even when I try a custom install without
> > > | IE7 it still doesn't complete installation, and is currently frozen - I am
> > > | posting this on another computer provided by work.
> > > | I am normally a patient man, but am sorely tempted to throw a brick at the
> > > | computer. Some unkind colleagues have suggested I install Linux, but I feel
> > > | I am only moderately computer literate and not really sufficient of a nerd to
> > > | do this.
> > > | Any relatively simple solutions? Or would the simplest and easiest solution
> > > | be to reinstall Windows and start again? - I have backed up all essential
> > > | files so this wouldn't be a total disaster.
> > > | HELP!
> > >
> > >
> > >
> > > What concerns me is "Win32/Rustock.gen!C"
> > >
> > > xposted to security.virus for convenience.
> > >
> > > Security - Viruses
> > > OE client -
> > > news://msnews.microsoft.com/microsof...security.virus
> > > or
> > >
> > > Web client -
> > > http://www.microsoft.com/technet/com...security.virus
> > >
> > >
> > > --
> > > ====================================
> > > TaurArian [MS-MVP] 2005-2008 - Australia
> > > ====================================
> > > How to make a good post: http://www.dts-l.org/goodpost.htm
> > > Defending your machine: http://defendingyourmachine2.blogspot.com/
> > > http://taurarian.mvps.org/index.htm
> > >
> > > Emails will not be acknowledged - please post to the newsgroup so all may benefit.
> > >
> > >
> >

Richard Henderson

Peter
Thanks. Will try when I get home ... but does what I describe sound like a
Win32/Rustock.gen!C infection, and does McAfee not pick this up?

"Peter Foldes" wrote:

> Download - rustbfix.exe and save it to your desktop.
>
> If a Rustock.b-infection is found, you will be asked to reboot the computer.
>
> After when you reboot it will take some time for the Desktop to come up. You might need to reboot 2 times , depending.
>
> When the desktop will come up you will have 1-2 logfiles that will show up for you. The infection should be gone. If not post those log files here.
>
>
> --
> Peter
>
> Please Reply to Newsgroup for the benefit of others
> Requests for assistance by email can not and will not be acknowledged.
>
> "TaurArian [MS-MVP]" <taurarianREMOVECAPS@gmail.com> wrote in message news:eliUBM$3HHA.3400@TK2MSFTNGP03.phx.gbl...
> >
> >
> > "Richard Henderson" <RichardHenderson@discussions.microsoft.com> wrote in message
> > news:23E8EE0D-6ACA-4D89-9598-6EFBD760C99D@microsoft.com...
> > | Apologies if this appears twice - had a crash just as I first posted re this!
> > | Running XP, have had a frustrating few weeks with repeated random crashes,
> > | BSOD etc. Twice I couldn't boot at all and repaired (not quite a reinstall)
> > | using the CD supplied. After some of the crashes got the error report from
> > | MS that I was infected with Win32/Rustock.gen!C, and directing me to an
> > | online scan that always crashed before completing, although several complete
> > | and up to date McAfee scans have found nothing.
> > | Possibly related to this I have had major problems with updates downloading
> > | but not installing. For a week or so I kept getting the message that Update
> > | installer 3.1 (I think ... from memory) could not be installed. I Googled re
> > | this and found a workaround via regedit and did install the update installer,
> > | after which a number of other updates could be installed, but now no longer.
> > | It keeps hanging when trying to install IE7 (I currently have IE6), and I
> > | need to ctrl/alt/delete out of it. Even when I try a custom install without
> > | IE7 it still doesn't complete installation, and is currently frozen - I am
> > | posting this on another computer provided by work.
> > | I am normally a patient man, but am sorely tempted to throw a brick at the
> > | computer. Some unkind colleagues have suggested I install Linux, but I feel
> > | I am only moderately computer literate and not really sufficient of a nerd to
> > | do this.
> > | Any relatively simple solutions? Or would the simplest and easiest solution
> > | be to reinstall Windows and start again? - I have backed up all essential
> > | files so this wouldn't be a total disaster.
> > | HELP!
> >
> >
> >
> > What concerns me is "Win32/Rustock.gen!C"
> >
> > xposted to security.virus for convenience.
> >
> > Security - Viruses
> > OE client -
> > news://msnews.microsoft.com/microsof...security.virus
> > or
> >
> > Web client -
> > http://www.microsoft.com/technet/com...security.virus
> >
> >
> > --
> > ====================================
> > TaurArian [MS-MVP] 2005-2008 - Australia
> > ====================================
> > How to make a good post: http://www.dts-l.org/goodpost.htm
> > Defending your machine: http://defendingyourmachine2.blogspot.com/
> > http://taurarian.mvps.org/index.htm
> >
> > Emails will not be acknowledged - please post to the newsgroup so all may benefit.
> >
> >
>

Richard Henderson

Peter
Thanks have now downloaded and run rustbfix.exe. It did indeed reboot twice
and generated two logs pasted below. Perhaps you can decipher for me? I'm
not sure if it indicates there was an infection or not.
Richard

*********************** Rustock.b-fix v. 1.01 -- By ejvindh
*************************
16/08/2007 21:57:55.34

******************* Pre-run Status of system *******************

Rootkit driver PE386 is found. Starting the unload-procedure....

Rustock.b-ADS attached to the System32-folder:
:lzx32.sys 53934
Total size: 53934 bytes.
Attempting to remove ADS...
system32: deleted 53934 bytes in 1 streams.

Looking for Rustock.b-files in the System32-folder:
No Rustock.b-files found in system32


******************* Post-run Status of system *******************

Rustock.b-driver on the system: NONE!

Rustock.b-ADS attached to the System32-folder:
No System32-ADS found.

Looking for Rustock.b-files in the System32-folder:
No Rustock.b-files found in system32


******************************* End of Logfile


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Service s\ycywykmr

*******************

Script file located at: \??\C:\WINDOWS\system32\oqtpyoft.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Driver PE386 unloaded successfully.
Program C:\Rustbfix\2run.bat successfully set up to run once on reboot.

Completed script processing.

*******************

Finished! Terminate.

"Peter Foldes" wrote:

>
> Sorry I forgot the link for the rustbfix.exe
>
> http://www.uploads.ejvindh.net/rustbfix.exe
>
> --
> Peter
>
> Please Reply to Newsgroup for the benefit of others
> Requests for assistance by email can not and will not be acknowledged.
>
> "Peter Foldes" <okf22@hotmail.com> wrote in message news:%23ER9WaA4HHA.5740@TK2MSFTNGP03.phx.gbl...
> Download - rustbfix.exe and save it to your desktop.
>
> If a Rustock.b-infection is found, you will be asked to reboot the computer.
>
> After when you reboot it will take some time for the Desktop to come up. You might need to reboot 2 times , depending.
>
> When the desktop will come up you will have 1-2 logfiles that will show up for you. The infection should be gone. If not post those log files here.
>
>
> --
> Peter
>
> Please Reply to Newsgroup for the benefit of others
> Requests for assistance by email can not and will not be acknowledged.
>
> "TaurArian [MS-MVP]" <taurarianREMOVECAPS@gmail.com> wrote in message news:eliUBM$3HHA.3400@TK2MSFTNGP03.phx.gbl...
> >
> >
> > "Richard Henderson" <RichardHenderson@discussions.microsoft.com> wrote in message
> > news:23E8EE0D-6ACA-4D89-9598-6EFBD760C99D@microsoft.com...
> > | Apologies if this appears twice - had a crash just as I first posted re this!
> > | Running XP, have had a frustrating few weeks with repeated random crashes,
> > | BSOD etc. Twice I couldn't boot at all and repaired (not quite a reinstall)
> > | using the CD supplied. After some of the crashes got the error report from
> > | MS that I was infected with Win32/Rustock.gen!C, and directing me to an
> > | online scan that always crashed before completing, although several complete
> > | and up to date McAfee scans have found nothing.
> > | Possibly related to this I have had major problems with updates downloading
> > | but not installing. For a week or so I kept getting the message that Update
> > | installer 3.1 (I think ... from memory) could not be installed. I Googled re
> > | this and found a workaround via regedit and did install the update installer,
> > | after which a number of other updates could be installed, but now no longer.
> > | It keeps hanging when trying to install IE7 (I currently have IE6), and I
> > | need to ctrl/alt/delete out of it. Even when I try a custom install without
> > | IE7 it still doesn't complete installation, and is currently frozen - I am
> > | posting this on another computer provided by work.
> > | I am normally a patient man, but am sorely tempted to throw a brick at the
> > | computer. Some unkind colleagues have suggested I install Linux, but I feel
> > | I am only moderately computer literate and not really sufficient of a nerd to
> > | do this.
> > | Any relatively simple solutions? Or would the simplest and easiest solution
> > | be to reinstall Windows and start again? - I have backed up all essential
> > | files so this wouldn't be a total disaster.
> > | HELP!
> >
> >
> >
> > What concerns me is "Win32/Rustock.gen!C"
> >
> > xposted to security.virus for convenience.
> >
> > Security - Viruses
> > OE client -
> > news://msnews.microsoft.com/microsof...security.virus
> > or
> >
> > Web client -
> > http://www.microsoft.com/technet/com...security.virus
> >
> >
> > --
> > ====================================
> > TaurArian [MS-MVP] 2005-2008 - Australia
> > ====================================
> > How to make a good post: http://www.dts-l.org/goodpost.htm
> > Defending your machine: http://defendingyourmachine2.blogspot.com/
> > http://taurarian.mvps.org/index.htm
> >
> > Emails will not be acknowledged - please post to the newsgroup so all may benefit.
> >
> >
>

Richard Henderson

Many thanks. Will see if that generates any response.

"TaurArian [MS-MVP]" wrote:

>
>
> "Richard Henderson" <RichardHenderson@discussions.microsoft.com> wrote in message
> news:23E8EE0D-6ACA-4D89-9598-6EFBD760C99D@microsoft.com...
> | Apologies if this appears twice - had a crash just as I first posted re this!
> | Running XP, have had a frustrating few weeks with repeated random crashes,
> | BSOD etc. Twice I couldn't boot at all and repaired (not quite a reinstall)
> | using the CD supplied. After some of the crashes got the error report from
> | MS that I was infected with Win32/Rustock.gen!C, and directing me to an
> | online scan that always crashed before completing, although several complete
> | and up to date McAfee scans have found nothing.
> | Possibly related to this I have had major problems with updates downloading
> | but not installing. For a week or so I kept getting the message that Update
> | installer 3.1 (I think ... from memory) could not be installed. I Googled re
> | this and found a workaround via regedit and did install the update installer,
> | after which a number of other updates could be installed, but now no longer.
> | It keeps hanging when trying to install IE7 (I currently have IE6), and I
> | need to ctrl/alt/delete out of it. Even when I try a custom install without
> | IE7 it still doesn't complete installation, and is currently frozen - I am
> | posting this on another computer provided by work.
> | I am normally a patient man, but am sorely tempted to throw a brick at the
> | computer. Some unkind colleagues have suggested I install Linux, but I feel
> | I am only moderately computer literate and not really sufficient of a nerd to
> | do this.
> | Any relatively simple solutions? Or would the simplest and easiest solution
> | be to reinstall Windows and start again? - I have backed up all essential
> | files so this wouldn't be a total disaster.
> | HELP!
>
>
>
> What concerns me is "Win32/Rustock.gen!C"
>
> xposted to security.virus for convenience.
>
> Security - Viruses
> OE client -
> news://msnews.microsoft.com/microsof...security.virus
> or
>
> Web client -
> http://www.microsoft.com/technet/com...security.virus
>
>
> --
> ====================================
> TaurArian [MS-MVP] 2005-2008 - Australia
> ====================================
> How to make a good post: http://www.dts-l.org/goodpost.htm
> Defending your machine: http://defendingyourmachine2.blogspot.com/
> http://taurarian.mvps.org/index.htm
>
> Emails will not be acknowledged - please post to the newsgroup so all may benefit.
>
>
>

Peter Foldes

Richard

Win32/Rustock is now not on your system according to the log files the fix generated. Now as far as the Windows Updates go I cannot help you there. Possibly someone else will come in here and give you some advice on that.

Good Luck Richard
--
Peter

Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.

"Richard Henderson" <RichardHenderson@discussions.microsoft.com> wrote in message news5AF9FC2-B4F4-4CA1-AAC7-682C1B074A09@microsoft.com...
> Peter
> Thanks have now downloaded and run rustbfix.exe. It did indeed reboot twice
> and generated two logs pasted below. Perhaps you can decipher for me? I'm
> not sure if it indicates there was an infection or not.
> Richard
>
> *********************** Rustock.b-fix v. 1.01 -- By ejvindh
> *************************
> 16/08/2007 21:57:55.34
>
> ******************* Pre-run Status of system *******************
>
> Rootkit driver PE386 is found. Starting the unload-procedure....
>
> Rustock.b-ADS attached to the System32-folder:
> :lzx32.sys 53934
> Total size: 53934 bytes.
> Attempting to remove ADS...
> system32: deleted 53934 bytes in 1 streams.
>
> Looking for Rustock.b-files in the System32-folder:
> No Rustock.b-files found in system32
>
>
> ******************* Post-run Status of system *******************
>
> Rustock.b-driver on the system: NONE!
>
> Rustock.b-ADS attached to the System32-folder:
> No System32-ADS found.
>
> Looking for Rustock.b-files in the System32-folder:
> No Rustock.b-files found in system32
>
>
> ******************************* End of Logfile
>
>
> Logfile of The Avenger version 1, by Swandog46
> Running from registry key:
> \Registry\Machine\System\CurrentControlSet\Service s\ycywykmr
>
> *******************
>
> Script file located at: \??\C:\WINDOWS\system32\oqtpyoft.txt
> Script file opened successfully.
>
> Script file read successfully
>
> Backups directory opened successfully at C:\Avenger
>
> *******************
>
> Beginning to process script file:
>
> Driver PE386 unloaded successfully.
> Program C:\Rustbfix\2run.bat successfully set up to run once on reboot.
>
> Completed script processing.
>
> *******************
>
> Finished! Terminate.
>
> "Peter Foldes" wrote:
>
>>
>> Sorry I forgot the link for the rustbfix.exe
>>
>> http://www.uploads.ejvindh.net/rustbfix.exe
>>
>> --
>> Peter
>>
>> Please Reply to Newsgroup for the benefit of others
>> Requests for assistance by email can not and will not be acknowledged.
>>
>> "Peter Foldes" <okf22@hotmail.com> wrote in message news:%23ER9WaA4HHA.5740@TK2MSFTNGP03.phx.gbl...
>> Download - rustbfix.exe and save it to your desktop.
>>
>> If a Rustock.b-infection is found, you will be asked to reboot the computer.
>>
>> After when you reboot it will take some time for the Desktop to come up. You might need to reboot 2 times , depending.
>>
>> When the desktop will come up you will have 1-2 logfiles that will show up for you. The infection should be gone. If not post those log files here.
>>
>>
>> --
>> Peter
>>
>> Please Reply to Newsgroup for the benefit of others
>> Requests for assistance by email can not and will not be acknowledged.
>>
>> "TaurArian [MS-MVP]" <taurarianREMOVECAPS@gmail.com> wrote in message news:eliUBM$3HHA.3400@TK2MSFTNGP03.phx.gbl...
>> >
>> >
>> > "Richard Henderson" <RichardHenderson@discussions.microsoft.com> wrote in message
>> > news:23E8EE0D-6ACA-4D89-9598-6EFBD760C99D@microsoft.com...
>> > | Apologies if this appears twice - had a crash just as I first posted re this!
>> > | Running XP, have had a frustrating few weeks with repeated random crashes,
>> > | BSOD etc. Twice I couldn't boot at all and repaired (not quite a reinstall)
>> > | using the CD supplied. After some of the crashes got the error report from
>> > | MS that I was infected with Win32/Rustock.gen!C, and directing me to an
>> > | online scan that always crashed before completing, although several complete
>> > | and up to date McAfee scans have found nothing.
>> > | Possibly related to this I have had major problems with updates downloading
>> > | but not installing. For a week or so I kept getting the message that Update
>> > | installer 3.1 (I think ... from memory) could not be installed. I Googled re
>> > | this and found a workaround via regedit and did install the update installer,
>> > | after which a number of other updates could be installed, but now no longer.
>> > | It keeps hanging when trying to install IE7 (I currently have IE6), and I
>> > | need to ctrl/alt/delete out of it. Even when I try a custom install without
>> > | IE7 it still doesn't complete installation, and is currently frozen - I am
>> > | posting this on another computer provided by work.
>> > | I am normally a patient man, but am sorely tempted to throw a brick at the
>> > | computer. Some unkind colleagues have suggested I install Linux, but I feel
>> > | I am only moderately computer literate and not really sufficient of a nerd to
>> > | do this.
>> > | Any relatively simple solutions? Or would the simplest and easiest solution
>> > | be to reinstall Windows and start again? - I have backed up all essential
>> > | files so this wouldn't be a total disaster.
>> > | HELP!
>> >
>> >
>> >
>> > What concerns me is "Win32/Rustock.gen!C"
>> >
>> > xposted to security.virus for convenience.
>> >
>> > Security - Viruses
>> > OE client -
>> > news://msnews.microsoft.com/microsof...security.virus
>> > or
>> >
>> > Web client -
>> > http://www.microsoft.com/technet/com...security.virus
>> >
>> >
>> > --
>> > ====================================
>> > TaurArian [MS-MVP] 2005-2008 - Australia
>> > ====================================
>> > How to make a good post: http://www.dts-l.org/goodpost.htm
>> > Defending your machine: http://defendingyourmachine2.blogspot.com/
>> > http://taurarian.mvps.org/index.htm
>> >
>> > Emails will not be acknowledged - please post to the newsgroup so all may benefit.
>> >
>> >
>>

Peter Foldes

I just came across this for the Windows Update issue. Give it a read

http://groups.google.fr/group/micros...393c5468ccf766

--
Peter

Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.

"Richard Henderson" <RichardHenderson@discussions.microsoft.com> wrote in message news:912AB017-3E92-4F65-8BEF-2EA0DFF41D19@microsoft.com...
> Latest update:
> Have run rustbfix (see logs in posting above) but still can't update. Hangs
> while trying to install IE7 and generates Drwatson postmortem debugger error
> notice as before. What's up? Is this something other than the virus?
>
> "Richard Henderson" wrote:
>
>> Peter
>> Thanks. Will try when I get home ... but does what I describe sound like a
>> Win32/Rustock.gen!C infection, and does McAfee not pick this up?
>>
>> "Peter Foldes" wrote:
>>
>> > Download - rustbfix.exe and save it to your desktop.
>> >
>> > If a Rustock.b-infection is found, you will be asked to reboot the computer.
>> >
>> > After when you reboot it will take some time for the Desktop to come up. You might need to reboot 2 times , depending.
>> >
>> > When the desktop will come up you will have 1-2 logfiles that will show up for you. The infection should be gone. If not post those log files here.
>> >
>> >
>> > --
>> > Peter
>> >
>> > Please Reply to Newsgroup for the benefit of others
>> > Requests for assistance by email can not and will not be acknowledged.
>> >
>> > "TaurArian [MS-MVP]" <taurarianREMOVECAPS@gmail.com> wrote in message news:eliUBM$3HHA.3400@TK2MSFTNGP03.phx.gbl...
>> > >
>> > >
>> > > "Richard Henderson" <RichardHenderson@discussions.microsoft.com> wrote in message
>> > > news:23E8EE0D-6ACA-4D89-9598-6EFBD760C99D@microsoft.com...
>> > > | Apologies if this appears twice - had a crash just as I first posted re this!
>> > > | Running XP, have had a frustrating few weeks with repeated random crashes,
>> > > | BSOD etc. Twice I couldn't boot at all and repaired (not quite a reinstall)
>> > > | using the CD supplied. After some of the crashes got the error report from
>> > > | MS that I was infected with Win32/Rustock.gen!C, and directing me to an
>> > > | online scan that always crashed before completing, although several complete
>> > > | and up to date McAfee scans have found nothing.
>> > > | Possibly related to this I have had major problems with updates downloading
>> > > | but not installing. For a week or so I kept getting the message that Update
>> > > | installer 3.1 (I think ... from memory) could not be installed. I Googled re
>> > > | this and found a workaround via regedit and did install the update installer,
>> > > | after which a number of other updates could be installed, but now no longer.
>> > > | It keeps hanging when trying to install IE7 (I currently have IE6), and I
>> > > | need to ctrl/alt/delete out of it. Even when I try a custom install without
>> > > | IE7 it still doesn't complete installation, and is currently frozen - I am
>> > > | posting this on another computer provided by work.
>> > > | I am normally a patient man, but am sorely tempted to throw a brick at the
>> > > | computer. Some unkind colleagues have suggested I install Linux, but I feel
>> > > | I am only moderately computer literate and not really sufficient of a nerd to
>> > > | do this.
>> > > | Any relatively simple solutions? Or would the simplest and easiest solution
>> > > | be to reinstall Windows and start again? - I have backed up all essential
>> > > | files so this wouldn't be a total disaster.
>> > > | HELP!
>> > >
>> > >
>> > >
>> > > What concerns me is "Win32/Rustock.gen!C"
>> > >
>> > > xposted to security.virus for convenience.
>> > >
>> > > Security - Viruses
>> > > OE client -
>> > > news://msnews.microsoft.com/microsof...security.virus
>> > > or
>> > >
>> > > Web client -
>> > > http://www.microsoft.com/technet/com...security.virus
>> > >
>> > >
>> > > --
>> > > ====================================
>> > > TaurArian [MS-MVP] 2005-2008 - Australia
>> > > ====================================
>> > > How to make a good post: http://www.dts-l.org/goodpost.htm
>> > > Defending your machine: http://defendingyourmachine2.blogspot.com/
>> > > http://taurarian.mvps.org/index.htm
>> > >
>> > > Emails will not be acknowledged - please post to the newsgroup so all may benefit.
>> > >
>> > >
>> >

Richard Henderson

Peter
Thanks a lot. I will try this link and see if it solves the problem (maybe
when I get back from holiday!).

"Peter Foldes" wrote:

> I just came across this for the Windows Update issue. Give it a read
>
> http://groups.google.fr/group/micros...393c5468ccf766
>
> --
> Peter
>
> Please Reply to Newsgroup for the benefit of others
> Requests for assistance by email can not and will not be acknowledged.
>
> "Richard Henderson" <RichardHenderson@discussions.microsoft.com> wrote in message news:912AB017-3E92-4F65-8BEF-2EA0DFF41D19@microsoft.com...
> > Latest update:
> > Have run rustbfix (see logs in posting above) but still can't update. Hangs
> > while trying to install IE7 and generates Drwatson postmortem debugger error
> > notice as before. What's up? Is this something other than the virus?
> >
> > "Richard Henderson" wrote:
> >
> >> Peter
> >> Thanks. Will try when I get home ... but does what I describe sound like a
> >> Win32/Rustock.gen!C infection, and does McAfee not pick this up?
> >>
> >> "Peter Foldes" wrote:
> >>
> >> > Download - rustbfix.exe and save it to your desktop.
> >> >
> >> > If a Rustock.b-infection is found, you will be asked to reboot the computer.
> >> >
> >> > After when you reboot it will take some time for the Desktop to come up. You might need to reboot 2 times , depending.
> >> >
> >> > When the desktop will come up you will have 1-2 logfiles that will show up for you. The infection should be gone. If not post those log files here.
> >> >
> >> >
> >> > --
> >> > Peter
> >> >
> >> > Please Reply to Newsgroup for the benefit of others
> >> > Requests for assistance by email can not and will not be acknowledged.
> >> >
> >> > "TaurArian [MS-MVP]" <taurarianREMOVECAPS@gmail.com> wrote in message news:eliUBM$3HHA.3400@TK2MSFTNGP03.phx.gbl...
> >> > >
> >> > >
> >> > > "Richard Henderson" <RichardHenderson@discussions.microsoft.com> wrote in message
> >> > > news:23E8EE0D-6ACA-4D89-9598-6EFBD760C99D@microsoft.com...
> >> > > | Apologies if this appears twice - had a crash just as I first posted re this!
> >> > > | Running XP, have had a frustrating few weeks with repeated random crashes,
> >> > > | BSOD etc. Twice I couldn't boot at all and repaired (not quite a reinstall)
> >> > > | using the CD supplied. After some of the crashes got the error report from
> >> > > | MS that I was infected with Win32/Rustock.gen!C, and directing me to an
> >> > > | online scan that always crashed before completing, although several complete
> >> > > | and up to date McAfee scans have found nothing.
> >> > > | Possibly related to this I have had major problems with updates downloading
> >> > > | but not installing. For a week or so I kept getting the message that Update
> >> > > | installer 3.1 (I think ... from memory) could not be installed. I Googled re
> >> > > | this and found a workaround via regedit and did install the update installer,
> >> > > | after which a number of other updates could be installed, but now no longer.
> >> > > | It keeps hanging when trying to install IE7 (I currently have IE6), and I
> >> > > | need to ctrl/alt/delete out of it. Even when I try a custom install without
> >> > > | IE7 it still doesn't complete installation, and is currently frozen - I am
> >> > > | posting this on another computer provided by work.
> >> > > | I am normally a patient man, but am sorely tempted to throw a brick at the
> >> > > | computer. Some unkind colleagues have suggested I install Linux, but I feel
> >> > > | I am only moderately computer literate and not really sufficient of a nerd to
> >> > > | do this.
> >> > > | Any relatively simple solutions? Or would the simplest and easiest solution
> >> > > | be to reinstall Windows and start again? - I have backed up all essential
> >> > > | files so this wouldn't be a total disaster.
> >> > > | HELP!
> >> > >
> >> > >
> >> > >
> >> > > What concerns me is "Win32/Rustock.gen!C"
> >> > >
> >> > > xposted to security.virus for convenience.
> >> > >
> >> > > Security - Viruses
> >> > > OE client -
> >> > > news://msnews.microsoft.com/microsof...security.virus
> >> > > or
> >> > >
> >> > > Web client -
> >> > > http://www.microsoft.com/technet/com...security.virus
> >> > >
> >> > >
> >> > > --
> >> > > ====================================
> >> > > TaurArian [MS-MVP] 2005-2008 - Australia
> >> > > ====================================
> >> > > How to make a good post: http://www.dts-l.org/goodpost.htm
> >> > > Defending your machine: http://defendingyourmachine2.blogspot.com/
> >> > > http://taurarian.mvps.org/index.htm
> >> > >
> >> > > Emails will not be acknowledged - please post to the newsgroup so all may benefit.
> >> > >
> >> > >
> >> >
>