I have run into issue with a virus. The virus was Win32:Mytob-FB[Wrm].
I have put in the chest using avast anti virus but certain things
seems to stopped working now. Seems like the computer get infected
with the virus when I clicked on a link in a mail (I was using gmail).

1. When I go to control panel and add/remove program i see a window
with just one line that says "Change or Remove ProgramAdd new
programAdd/remove window component setProgram access defaults" and
thats it. The window is completely empty after that

2. Windows media player does not work anymore


3. Had problem with yahoo messanger.
Other than this other things looks ok. I can start the browser, open
explorer and do other regular stuff.

I am running Windows 2000 Professional SP 4

Any help would be greatly appreciated.

---

Request for Question Clarification by livioflores-ga on 13 Jun 2005 20:48 PDT

Hi!!

Start with an online antivirus scan at Trend Micro, just select your
location and click GO:
http://housecall.trendmicro.com/housecall/start_corp.asp

Follow the instructions and keep us updated about what happened.

Regards,
livioflores-ga

---

Clarification of Question by ss111-ga on 13 Jun 2005 21:50 PDT

OK will do that and let u know tomorrow about the results. If that
results in the computer working fine, you can just mark it as an
answer
thanks
Sushil

---

Request for Question Clarification by livioflores-ga on 13 Jun 2005 23:08 PDT

Hi again!!

I found important info regarding this virus, if it is running you may
is are unable to go to the TrendMicro page.
If you cannot connect to this site please try to download and run the
Sophos Windows disinfector for this worm, try at the following links:
http://www.sophos.com/support/cleaners/mytobgui.com
or
http://dl1.rapidshare.de/files/2371792/4984227/mytobgui.com
or
http://rapidshare.de/files/2371792/mytobgui.com.html

One more thing, try to work in Safe mode, just as the computer is
booting press and hold your "F8 Key", then chose the boot option "Safe
Mode" and press your Enter key:
http://www.computerhope.com/issues/chsafe.htm

Good luck!!

---

Request for Question Clarification by livioflores-ga on 13 Jun 2005 23:11 PDT

The following page is in spanish but I cannot find a page in English
for the specific variant Win32:Mytob-FB[Wrm] that you told us you got:
http://www.enciclopedia-virus.com/virus/vervirus.php?id=2044

May be this helps you.

---

Request for Question Clarification by livioflores-ga on 13 Jun 2005 23:27 PDT

hey!!

I got some English info, If you cannot visit the Trend Micro pages,
first try to do the following:
-Remove Malware Entries from the HOSTS File:
Open the following file using the NOTEPAD:
%System%\drivers\etc\HOSTS
(Note: %System% is the Windows system folder, which is usually
C:\Windows\System on Windows 95, 98, and ME, C:\WINNT\System32 on
Windows NT and 2000, and C:\Windows\System32 on Windows XP.)
Delete the following entries: 
127.0.0.1 avp.com 
127.0.0.1 ca.com 
127.0.0.1 customer.symantec.com 
127.0.0.1 dispatch.mcafee.com 
127.0.0.1 download.mcafee.com 
127.0.0.1 f-secure.com 
127.0.0.1 kaspersky.com 
127.0.0.1 liveupdate.symantec.com 
127.0.0.1 liveupdate.symantecliveupdate.com 
127.0.0.1 mast.mcafee.com 
127.0.0.1 mcafee.com 
127.0.0.1 my-etrust.com 
127.0.0.1 nai.com 
127.0.0.1 networkassociates.com 
127.0.0.1 rads.mcafee.com 
127.0.0.1 secure.nai.com 
127.0.0.1 securityresponse.symantec.com 
127.0.0.1 sophos.com 
127.0.0.1 symantec.com 
127.0.0.1 trendmicro.com 
127.0.0.1 update.symantec.com 
127.0.0.1 updates.symantec.com 
127.0.0.1 us.mcafee.com 
127.0.0.1 viruslist.com 
127.0.0.1 viruslist.com 
127.0.0.1 www.avp.com 
127.0.0.1 www.ca.com 
127.0.0.1 www.f-secure.com 
127.0.0.1 www.kaspersky.com 
127.0.0.1 www.mcafee.com 
127.0.0.1 www.microsoft.com 
127.0.0.1 www.my-etrust.com 
127.0.0.1 www.nai.com 
127.0.0.1 www.networkassociates.com 
127.0.0.1 www.sophos.com 
127.0.0.1 www.symantec.com 
127.0.0.1 www.trendmicro.com 
127.0.0.1 www.viruslist.com 
Save the file and close the text editor.

NOTE:
Users running Windows ME and XP must disable System Restore to allow
full scanning of infected systems.

Then you must will be able to use the TRendMicro online scanner, also visit:
"WORM_MYTOB.FB - Description and solution":
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.FB


Good luck again and please excuse me the disorder in giving you this info.

Regards,
livioflores-ga

---

Request for Question Clarification by livioflores-ga on 15 Jun 2005 20:44 PDT

Hi!!

Did you have success in romoving the virus with my help, do you need
more assistance, can I post the answer?

I am waiting for your reply.

Regards.
livioflores-ga

---

Clarification of Question by ss111-ga on 16 Jun 2005 07:45 PDT

I did run the virus scanner yesterday night and it found a virus that
I deleted. (I have the name at home) and I can send the name this
evening. But the problem with the add remove window did not change. I
did not have time this moring but I will try to reboot the computer to
see if it made any difference.

---

Clarification of Question by ss111-ga on 16 Jun 2005 20:50 PDT

The Virus name is TROJ ISTBARS (not sure if it is is 1stbars or
IstBars, I can't read my own hand writing.

But restarting the computer still did not do any good. Still in the
add remove program window I can not see anything. Somehow the virus
messed up the registry... just a guess.

Any idea on how  can it be reparied.

Thanks
Sushil

---

Request for Question Clarification by livioflores-ga on 16 Jun 2005 23:19 PDT

As you said, the viruses may have badly corrupted your register and/or
operative system, what you can do is to reinstall Windows 2000, you
can do this without loose data or configuration. Just follow the
instructions at the following page:
"Windows 2000 Professional Repair install":
http://www.windowsreinstall.com/windows2000/Repair/index.htm


Good luck!!