In the past month, my Presario has come down with a virus that eats at the system’s RAM. Fortunately, I have two freeware RAM optimizers installed that have given me enough breathing room to begin to tweak it out of existance; but not completely. When I right-clicked on a particular folder and checked “properties,” the virus went into action creating 10 mb RAM files at an alarming rate that eventually locked up my system, but when I rebooted, all was “seeminly” back to normal for a while. I quickly learned not to irritate that folder. I have tried to use BCWipe, with only temporary results. I tried to rename then delete the folder (bad move) but quickly learned that this only replicated the problem, and now I have two folders that I cannot delete, and are just waiting to be irritated again. Neither will attempting to use a DOS shell work. The self expanding files are only numeric, like the number “1354780” sample in the next paragraph, with no extension. Nothing I have can catch it, not even Norton. It outruns any attempt to run it down.
Some example messages I have received at different times have been:
1)Within one of the folders is one of the culprit files: windows_schedLgU.txt. Anyone recognize it?
2) When I booted up another time, CHKDSK gave me a message: “1354780 INDEX $I30 FILE 311,” whatever that means.
3) Another message I wrote down is: \systemroot\system32\config\security, but when I looked in the registry for “systemroot” I couldn’t find it.
Since picking up this virus, my system takes about a minute to boot up, which I realize is not normal. Whatever it is, it appears to have corrupted and taken over the boot sector (Outer Limits).
Whether this next problem was the same virus or part of a “package deal,” a virus created two additional suspicious small partitions which I was able to delete using an older freeware version of JV16 Power Tools. I do not know what the purpose of these two partitions were, but it appears they are gone for good.
Although I have been a PC end user for over 20 years, I am slowly becoming a geek and have begun playing with the system registry. Unfortunately, I do not know enough about the registry to recgonize a good registry from a bad one. I have had to reload XP Home a couple of times, but as we know, other than formatting, only the system files are overwritten or updated, and the virus remains dormant, ready to be irritated. Furthermore, this virus has disabled my ability to use any recovery functions and use my recovery CDs I created when I first got the system. Talk about dirty pool!
Any help in identifying and getting rid of this pest would be helpful. Although I have already begun backing up files on disks(yes, minus the infected folders), my goal is to track down and eliminate the virus by not having to reformat the hard drive. Even a demo utility I can download that will get rid of it would be a breath of fresh air.
Thanks for any help.
Glen
