think ive got an infection...

Hello , yesterday morn i noticed that when i tried to run help and support (winXP sp2) i got a message box saying that windows couldnt find helpctr.exe. I ran a search, and it was in ...pchealth\helpctr\binaries , where its supposed to be. After googling i found a page that said how to edit the registry so that windows could find it. This person said that msconfig was also 'missing' on his pc, so i checked mine - windows could'nt find it, but again, it was in the right place, but the reg file telling windows where to look had been deleted.
I ran a full scan on trend micro 06, which came up clear, ewido froze halfway thru, as did superanti-spyware.
I am CERTAIN that I did NOT delete those entries myself.
If anyone has had this same problem, or knows of what might cause it id be most grateful to hear. Could/ Should i try another Av scanner, if Y what can be used as an on demand scanner only (no real time)
(ive managed to repair the registry, but still worried about how this happened)
Thanx in advance, argus

 

This tool will give you back some function an infection might take away. Freeware.
http://www.excessive-software.eu.tt/
Infiltration Recovery Tool

Infiltration Recovery Tool gives you ability to recover some key system features when facing malware infiltration.
Many trojans, worms and backdoors disable Task Manager,Registry Editor and some even Explorer's Right-click context menu.
You can restore these features with Infiltration Recovery Tool in just few clicks.
Though there is no guarantee that it will work in all situations...

Infiltration Recovery Tool supports all Windows operating systems.

And heres a good guide.
http://forums.majorgeeks.com/showthread.php?t=35407

 

I would recommend you download and run the Dr.Web CureIt Utility.

 

or...

just put in your windows XP cd and repair your windows installation.

 

LOL alot good thats gonna do, the problem could very well come back ! Unless you start from scratch and reformat the drive and do a clean install.

If your Av scans not catching IT, could be something hidden beyond the scope of AV scanners suggest you run a few root kit scanners like the ones in my signature, they may reveal some stuff you didnt know you might have.....

 

hi all, and thanks.
i ran drweb cureit as per macromero's advice, and it found 9 instances of trojan.blank page.1500 (i think it was) which were all hidden in system restore bar one, which was in spybot backup! I also posted the report that spyware terminator produces at the ST forums (alternative to HJT they say), where they said to remove a file called unvise32.exe which was in the windows folder. Having done all this i think my pc is clean. A bit worried that trend micro let all this slip by though, til now i'd basically trusted it...
Re the rootkit revealing programs, i'm a bit of a novice at all this, so if some-one could suggest an 'easy' to use one i'd be really grateful. Thanks, argus

 

Hello again, i just ran rootkit revealer, the only thing that looks suspect is in system restore, its an .ini file, hidden from windows api. the timestamp was dated 31st october so i'm fairly sure thats my problem (or one of them). thing is, how do i tell what this is, as its in system restore and is called A0027086.ini Does knowing which system restore point its in help?

 

Good to hear Dr.Web CureIt Utility helped you out with your problem, I would also recommend you turn off system restore while scanning and cleaning infections.