AVG recently found a backdoor viruse, and removed 'beta.com'. Prior
to the removal, 'ctl alt del' was unavailable (window closed
immediately), and I was unable to run 'msconfig' or 'regit'.

Even after the removal, the system still looks for 'beta.com'. I put
a dummy file in its place, to speed bootup.

Today, I noticed that 'ctl alt del' is again unavailabe (the window
closes immediately), and am unable to run 'msconfig' or 'regedit' as
well.

AVG was run, but found no viruses.

Is there another way to determine if something is running that
shouldn't be, like a port scanner, or other program?

Thanks in advance!

Lee Bowman

Go to start>run type 'regedit' (without the quotes) then navigate to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run
this will show a list of programs that run at startup, and also the root
target files. Delete the file(s) and then the key(s) unaccounted for by
your system's configuration (easier said than done, depending how well you
know your system)
This may disable the infection temporarily, but you need to be more specific
about what AVG actually found and quarantined for expert helps in order to
completely clean the infection. With luck the virus/trojan should be
viewable by running AVG, click 'program' then 'Virus Vault'. You can take
this further with a proper ID. There will be files in c:\windows and
c:\windows\system and/or c:\windows\system32 folders that need to be dealt
with.
Hope this helps a little.

"Lee Bowman" > wrote in message
...
> AVG recently found a backdoor viruse, and removed 'beta.com'. Prior
> to the removal, 'ctl alt del' was unavailable (window closed
> immediately), and I was unable to run 'msconfig' or 'regit'.
>
> Even after the removal, the system still looks for 'beta.com'. I put
> a dummy file in its place, to speed bootup.
>
> Today, I noticed that 'ctl alt del' is again unavailabe (the window
> closes immediately), and am unable to run 'msconfig' or 'regedit' as
> well.
>
> AVG was run, but found no viruses.
>
> Is there another way to determine if something is running that
> shouldn't be, like a port scanner, or other program?
>
> Thanks in advance!
>
> Lee Bowman

Hi Lee,

Check your runkeys: Start/Run/Regedit

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\RunOnce

Do you have a removal process from AVG? If so, post it here. Also, if the
process was automated, System Restore has to be shutdown first.

--
All the Best,
Kelly

MS-MVP Win98/XP
[AE-Windows® XP]

Troubleshooting Windows XP
http://www.kellys-korner-xp.com
http://www.kellys-korner-xp.com/xp_abc.htm
http://www.kellys-korner-xp.com/xp_tweaks.htm

Top 10 Frequently Asked Questions and Answers
http://www.kellys-korner-xp.com/top10faqs.htm


"Lee Bowman" > wrote in message
...
> AVG recently found a backdoor viruse, and removed 'beta.com'. Prior
> to the removal, 'ctl alt del' was unavailable (window closed
> immediately), and I was unable to run 'msconfig' or 'regit'.
>
> Even after the removal, the system still looks for 'beta.com'. I put
> a dummy file in its place, to speed bootup.
>
> Today, I noticed that 'ctl alt del' is again unavailabe (the window
> closes immediately), and am unable to run 'msconfig' or 'regedit' as
> well.
>
> AVG was run, but found no viruses.
>
> Is there another way to determine if something is running that
> shouldn't be, like a port scanner, or other program?
>
> Thanks in advance!
>
> Lee Bowman