Worm or conflict?

Hi. I hope one of you knowledgeable folks can give some good advice on this. I'm not absolutely positive of the sequence of events here so keep that in mind. About a week ago the latest version of Spy Sweeper gave me error messages indicating that all my real-time protection (shields) were all down. I could not resolve this problem and ran my Kaspersky AV. Kaspersky is good, not just at grabbing viruses, but also with worms and other malware. The scan indicated that a worm had been identified having appeared on my system the prior day and another instance was found in my system restore files the present day. I assume it is the same worm being backed up in restore. I should have written down the name but didn't as the message indicated the threat level was not extremely high. Subsequently I could not get Spy Sweeper back up and tried removing and re-installing with no success (Install damaged). I then began to come across all kinds of problems with my XP. My restore points were all gone, my Windows Management Instrumentation was damaged or gone and unrepairable, Windows downloads wouldn't work, and finding "My Computer" on XP took forever. I figured that either a) the worm had trashed my computer or b) there was a bad conflict between something in Spy Sweeper and Kaspersky. (I haven't seen this problem posted anywhere however).

Having gone through all of Microsofts proposed cures as well as anything I could find on the web, nothing worked to get things fixed. I have requests in with both Spy Sweeper and Kaspersky but suspect that without Instrumentation Management Spy Sweeper will have no idea of what to do to get the install fixed.

At any rate the last known solution from Microsoft and other gurus was to do a reinstall or overwrite repair of Windows XP. I dread this. I was getting ready to back everything up on Acronis before doing the install when it occurred to me that the worms may have been false positives. The worm infected files are backed up in Kaspersky. I am considering restoring the infected files but given the trashing my system has gone through, I'm a bit concerned that things could get worse.

Should I restore the infected files and see what happens or go ahead with a risky XP Repair?

 

Look in your IE history to on the infected see where you went on the MS web site and post a link to that site. We need something to go on. That might provide us the name of the worm. See if Sweeper or Kasperky logged the worm. Anything from your MS event log would help as well. Best of luck.

Dave

 

You should first make sure that your system is not infected with unknown virus that is disabling SpySweeper as soon as it load.

To do that post HijackThis log at http://www.malwareremoval.com/

 

I suggest to restore the backed up files in KAV and give the name of the infected object KAV catched.

 

Thanks for the replies so far. I can't check my IE history as I clean my history religiously and so I'm sure that the relevent info is long gone. I ran a hijackthis and didn't see anything, but there are a couple of files I'm not sure about and I suppose one is all it takes, so I will pass it along to someone who knows better for a look see. As far as restoring the backup copies of the infected files, I'm much inclined to do so, but first I'm going to segregate my important files with acronis and back them up as I will probably do with my entire XP list, trashed as it is with files showing up in a lot of wrong places. Meanwhile I hope Kaspersky gets back to me as I'm not expecting Spy Sweeper to be able to help as the relevent tools needed to diagnose the problem seem to be wrecked. As far as the comment about lingering malware killing Spy Sweeper, well, maybe, but since it won't reinstall as a working program, I'm keeping it off my system. I did find an associated dll (SSCtxMnu.dll) which refuses to be killed, even with Spy Sweepers removal tool. I told them about that one.

Anyway, thanks for your comments, and if anyone else has any additional input, I'll be checking back often to see.

 

Please go into backup (in Kaspersky) and see what files have been removed to backup and post them here. If you can make a screenshot of the info under object that would be great.