I have managed to completely screw up my computer. After I suspected
that my computer has got virus, I downloaded the McAfee virus program
and ran the virus sscan. It detected 2 viruses on my computer and
choose to delete them. But then whenever I try to start a command
window it fails saying that the cmd.exe or one of its component is not
found

After numerous retires I restarted my computer but of not much use. I
also found that number of other programs also stopped working

I reinstalled the windows 2000 (using the upgrade option) as I did not
want to loose the data, then it gave two errors that failed to
registers dll ( in the macafee directory) and then number of other
errors. (things like can not install macafee) and at the end it
complains that can not run rundll32.exe

Now I am not able to do anything except for internet browser and
couple more program. Whenever I tried to click on any program, it says
can not find the file (even though the .exe is there), make sure it is
there in the path.

I looked at the event log and it has entries like Detection of product
'{77E70C3C-DBB9-4C47-8663-1E1F81FEC623}', feature 'MainApp' failed
during request for component '{997FA962-E067-11D1-9396-00A0C90F27F9}' 
or
The AVSync Manager service failed to start due to the following error:
The system cannot find the path specified.  

Any help in this matter would be highly appreciated

---

Request for Question Clarification by pwizard-ga on 30 Oct 2002 20:02 PST

I can help you fix your problem as I have seen this exact thing
before. First, can you uninstall McAfee from your system? And second,
did you write down which viruses you had that were removed?

What has happened is that certain viruses modify the registry entry
used for starting programs so that the virus is run each time. If you
delete the virus file (using a virus scanner) but do not first clean
this registry entry, it results in what you are describing.

Please let me know the answers to the above question and I'll be happy
to assist you in this matter. Thanks!

-PWizard

---

Request for Question Clarification by mistajon-ga on 30 Oct 2002 22:55 PST

Hi sushil_sureka-ga,

In addition the symptons sound like you might of been infected with
the W32/SirCam@MM virus (or a similiar virus which creates the same
effect). It can change a registry key which runs the virus every time
you run a file (If the virus has been deleted you will get file cannot
be found errors). Once you fix the reg key you can run your programs
as per normal.

If you follow the instructions from the following website under "---
Registry Removal Instructions --- " it will tell you how to fix the
registry entry. Mainly this registry key

Point 3) Remove references to the virus from this registry key
HKEY_CLASSES_ROOT\exefile\shell\open\command\ 
It should contain only the value (not including brackets) : ["%1" %*]
)

Instructions can be found from this website:

http://vil.nai.com/vil/content/v_99141.htm

Also if you require uninstall instructions and/or virus removal
instructions for McAfee VirusScan an excellent site to visit is
http://www.mcafeehelp.com/

On this site you can find uninstall instructions for your version and
there is even a forum to post questions with other McAfee customers.

Please let us know how you went and if we can further assist with your
issue.

Thanks.

Best wishes,
mistajon-ga

---

Clarification of Question by sushil_sureka-ga on 31 Oct 2002 14:17 PST

I have uninstalled the macafee but I am not sure did it uninstall
correctly or not. I tried once and did not work and then I just went
ahead and removed the macafee directory under my program files
directory. And later when I upgraded my windows 2K (please read my
original email) and tried to remove it it said the program has been
removed (it does not show up any more on Add/Remove program window)

On the question of what virus, I am not sure. It was under temporary
internet file and just choose to delete it and the file name ended
with .com

But now I have run into the issue of not even able to start the
regedit. (it says can not find regedit or one of it's component). So I
am not able to look at the any registry setting. I am surprised though
that I am still been able to use internet explorer, ultraedit (does
not open from program menu but if I right click on the document and
choose ultraedit it opens), windows explorer (from windows short cut
key)  but most other programs fails to start.Interestingly when we try
to start yahoo, it fails but when we start it from ie(we have this
icon on ie that allows us to start yahoo or msn messanger from ie) it
works. Anything I tried to do under program menu it fails with the
same message. Any help will be greatly appreciated.

Sushil

I am going to go ahead and work with you on solving this problem as I
feel that we can come to a resolution. We may have to do a few
troubleshooting steps, so we'll use the "ask for clarification"
feature.

I figured that you would not be able to run REGEDIT as it is an
executable file and executable files are affected by the virus that
you were infected with. The first thing you need to do is to rename
your regedit.exe file to regedit.com. You can do this by using the
SEARCH feature from the Start Menu or you can go to a command prompt
and do the command :> ren regedit.exe regedit.com once you're in the
directory containing the file (usually C:\Windows, or C:\Winnt).

Now you can run regedit by typing REGEDIT.COM or just regedit in the
RUN box or from the command line. Once you are in the registry editor,
you need to browse to the following key:

HKEY_CLASSES_ROOT\exefile\shell\open\command

The Default data for this key should ONLY read: "%1" %*

If it reads ANYTHING else, change it to the above. After this change
is made, reboot the system and see if you can run applications at this
point.

Alternately, you can download the following file:
http://www.sarc.com/avcenter/FixSirc.com

...and run it on your system. It will also make the changes I
mentioned above. It's for removing remnants of the SirCam virus, which
I suspect you had. Between these two solutions, it should take care of
this portion of your problem. If it fixes the problem, be sure to
rename your regedit back to .exe.

Please try them and report back to me on the results. Thanks!

Sincerely,
PWizard

FYI - Here's the complete removal instructions for the SirCam worm:
http://www.sarc.com/avcenter/venc/data/w32.sircam.worm@mm.removal.tool.html

---

Request for Answer Clarification by sushil_sureka-ga on 31 Oct 2002 15:01 PST

Thanks a lot. It has almost worked execpt for one catch. I remember
that when I uninstalled the macafee, it did something to my window
installer (it said installing window installer and then asked me to
restart the computer) and then it installed the macafee.

Now when I was trying to uninstall the macafee, I by mistake clicked
on the logictec remove and then I cancelled out of it. But now
Whenever I tried to start the IE, it will ask me to insert the disc to
remove logitech web cam software. Do you know is it also something
virus screwed up thing or is it just this window installer problem

Thanks for your help Wizard... I am really really relived now .  I
almost spent more than 4- 6 hours to solve this problem

Sushil

---

Clarification of Answer by pwizard-ga on 31 Oct 2002 15:23 PST

I think this is a Windows installer problem. I would recommend trying
to fully uninstall the Logitech webcam software and then re-install.
The Windows installer is very fickle when it comes to things being
"partially" removed. Usually, uninstalling and reinstalling things a
few times will correct the issues with the installed itself. If it
doesn't, let me know and I can point you to a couple of registry
entries that will probably clear up the problem.

Of course, if you do it through the registry, your webcam software or
whatever the installer is yelling about may not work 100% until it is
installed again correctly.

I'm glad we were able to fix your primary problem. One important thing
to remember in the future regarding viruses is to always make a note
of what viruses you are cleaning, especially if you are deleting
files. Also, many of today's viruses affect the registry and have
protection against simply having the infected file deleted as was in
this case. Try to do a little investigation on the virus before you
delete the file if you can. I've seen other viruses that cause the PC
not boot up any more when the file is deleted before registry entries
are cleaned.

-PWizard

It exactly answered the problem I was having. If I would not have
gotten this answer I might have spent more than a day to rebuild my
computer
Thanks