Thread: TFTP
View Single Post
  #4  
Old 01-05-2006, 04:19 AM
David H. Lipman
 
Posts: n/a
Default Re: TFTP
From: "Teri" <Teri@discussions.microsoft.com>

| Hi David, thank you so much for the post. I found it to be very helpful. I
| took your advice and there were 4 more viruses. Before I started all of
| these scanners I disabled System Restore and my firewall. When I went to
| turn the firewall back on I got the message "Windows cannot display the
| properties of this connection. The Windows Management Instrumentation (WMI)
| information might be corrupt. To correct this, use System Restore to restore
| Windows to an earlier time." Only one problem with that, there are no
| earlier restore times.

< logs snipped >

| I only copied a few of these over but every file in the prefetch folder was
| listed same as these.

The error messages on the Prefetch Folder files is normal. They can be ignored.

However, you left out the most important part of the McAfee log, what was found to be
infected and what the infector was. For exmple...

C:\WINDOWS\Application Data\Share-to-Web Upload Folder\3D Studio Max 3dsmax.exe ... Found
the W32/Netsky.c@MM virus !!!
The file has been deleted.
C:\WINDOWS\Application Data\Share-to-Web Upload Folder\Keygen 4 all appz.exe ... Found the
W32/Netsky.c@MM virus !!!
The file has been deleted.

I don't know what was found wrong with WMI. you may try the following to see if it corrects
it...

Create a FIXWMI.CMD batch file from the below script and run it and see if this corrects
your problem.

FIXWMI.CMD
------------------------

@echo on
cd /d c:\temp
if not exist %windir%\system32\wbem goto TryInstall
cd /d %windir%\system32\wbem
net stop winmgmt
winmgmt /kill
if exist Rep_bak rd Rep_bak /s /q
rename Repository Rep_bak
for %%i in (*.dll) do RegSvr32 -s %%i
for %%i in (*.exe) do call :FixSrv %%i
for %%i in (*.mof,*.mfl) do Mofcomp %%i
net start winmgmt
goto End

:FixSrv
if /I (%1) == (wbemcntl.exe) goto SkipSrv
if /I (%1) == (wbemtest.exe) goto SkipSrv
if /I (%1) == (mofcomp.exe) goto SkipSrv
%1 /RegServer

:SkipSrv
goto End

:TryInstall
if not exist wmicore.exe goto End
wmicore /s
net start winmgmt
:End


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


Reply With Quote