SOme kinda virus

chetan331 · 23-08-2005, 08:13 PM

I use WinXP professional
Recently a file cald p2pnetwork.exe pops up during startup and tries to connect to the net.
Many system programs lik taskmon, regedit, etc v stopped workin
wen i type regedit in the run dialog, it gives a 16 bit msdos subsystem error.
n for task manager, it says dat it is being used by some other program
i tried using the process viewer with visual studio to kill the p2p process, but it says it cant open the processes
CTRL+ALT+DEL also doesnt work
i searched using norton and ad-aware, but no results
also i cant find the p2pnetwork.exe on my disk, though it returns every time i remove it frm the startup list using msconfig

WHat DO I DO???

shivaranjan.b · 23-08-2005, 08:20 PM

Yikes!! you got a Backdoor W32.Alcra.A update your virus definitions and adware definitions scan your pc.

See here for detailed information on removing this virus.

swatkat · 23-08-2005, 08:56 PM

Download HijackThis and unzip it to dedicated folder (like C:\HijackThisFolder\hijackthis.exe).
Then run it and click the button Do a System scan and save log file. HijackThis will perform a scan and saves the log file as hijackthis.log in the same folder where it is installed and it also opens the file automatically.
Copy the entire contents of the file and post it here.

anomit · 24-08-2005, 01:02 PM

Well swatkat, I am just joking. How many times have you posted the same lines ??!! 8)

Do you have these lines copied in a text file from where you copy and paste it here ??

Charley · 24-08-2005, 01:11 PM

[EDITED=ctrl_alt_del]No personal attacks.

Vishal Gupta · 24-08-2005, 01:17 PM

I think this thread was started for getting the solution to the problem, not for personal talk.

well chetan331,
Do what swatcat suggested...
and post the result.

chetan331 · 24-08-2005, 03:40 PM

yeah, it was the w32.alcra.a virus. but my liveupdate subscription has expired, and couldnt update my vir defn using the symantec site

What i did was open the registry in safe mode. searched and deleted all instances of "p2pnetwork.exe" and "msconfigs.exe" also deleted the temp files created by the virus in the system folder

this stopped the virus from starting itself automatically at startup. my task manger also started showing up, but the cmd console doesnt work still. i cant use sfc too... maybe i'll take the command.com, ping, tracert, and other affected files from a friend's machine.

THanks Shivranjan for the help

mediator · 24-08-2005, 03:45 PM

Hmm...
1. First of all there are lots of threads on 16bit subsytem search them to find ut soln.
2. Go Install some startup managing program like startup platinum and remove the p2pnetwork.exe!
Its neither a virus nor a trojan! But a program u recently installed like kazaa, shareaza,bareshare or limewire.
U can alternately configure the installed program not to connect at startup!
Or use spysweeper it monitors the unwanted startup progs like p2pnetwork.exe besides being an antispyware!

navjotjsingh · 24-08-2005, 04:39 PM

sfc might be disabled. Use Tweaker like X-Setup or Fresh UI to enable it again.

anandk · 24-08-2005, 05:49 PM

p2pnetwork.exe is added by the w32/rbot-acz worm. when started this infection will connect to a remote irc server where it will wait for commands.
http://www.bleepingcomputer.com/star....exe-9645.html

use pestpatrol or ewido security suite to remove it, if u dont want to do it manually. www.download.com

ya, u have some p2p program like kaazaa, warez, etc installed ? also if ur norton subscription has expired, dump it and go for avast or avg. having a non-updated anti-virus is like not having one at all !