I noticed last Thursday that a couple of programs were acting strange. One, MS Sysinternals, Autoruns, would start then abruptly quit. A reinstall restarted the cycle. One attempted start then error messages about permissions and paths. HiJackThis did the same, but a reinstall seemed to cure it. Over the weekend, I noticed that AVG would pickup a threat named "1734474771:3959660184.EXE", would quarantine it then the System Tray icon for AVG would close. A few minutes later, I would get the Windows Security message in the System Tray warning that I had no Anti-Virus running. I ran every online scan I know of, all the malware scans etc. and a few items were picked up, but none of them removed the problem. It would reappear after a few reboots. Scans showed problems in the system restore files, and these files I removed. A file named "1734474771" would appear in the Windows directory.

Nothing, repeat nothing I run fixes the problem. It always seems to reinfect after a few reboots and in between no threats are found by the scans I run......

This morning, I was not able to connect to the internet at all, so went out and bought a couple of 32GB USB keys before doing a completely fresh Windows XP install and am doing a backup of my most important files as I type (FS2004 first :icon_lol:). On returning from the computer store, I connected on the first try....

If anyone has any insight on how to remove this, I'd really appreciate some leads as my system environment will not be easy to recreate. I have several programming environments set up, that have evolved over the years and advancing age (read my poor old brain) doesn't remember everything I did to get it to this point. If I could cure this, then I could take my time rebuilding the system....

Thanks!!!

I feel your pain. I gather you are not trying to get rid of this anymore as you are reinstalling XP which will obliterate anything. Add CCleaner and periodically scan the registry while saving a copy of it (it will prompt this). Create another administrator user account. I once had a baddie malware that attached itself to my user account. I noticed it didn't appear in my backup account so when I deleted the primary account the bug went with it. Run FSecure scan once in a while. It has dealt with a tenacious bug or two for me. If your system can do it, have two active antivirus programs going. I have MSE and AVG that seem to tolerate each other very well. Both have signaled a hit at different times. The fact is no one anything will stop everything so I use a combination and hope for the best.

nCleaner,Spybot and CrapCleaner. If those three can't find it or disable it ya might as well do a full HD format. And don't use Windows to format. It leaves way to much crap on the HD.No matter what you do it will alwys stay on your hard drive unless ya format it with a good Wipe disk program....good luck.

OK, for completeness these are what I run regularly. Spybot, CCleaner, MSE. AVG, AdAware, FSecure, and Malwarebytes. Plus I make my own restore points every so often. And thanks may be given to hackers and malcontents everywhere, a knuckle sandwich for each of them.

As far as I am concerned, no matter what ya have there is always a risk. The only way to make sure you will never get a virus is never go on line. In this day and time nothing is un-hackable. What the homeowner has for security is nothing compared to what the goverment and other high security companies have and they get busted all the time...lol...Mike

My sister picked up a virus on her computer last month. Called Vista Internet Security 2012. It popped up on the screen to download, she thought it was legit from her Trend Micro security, and installed it. Big mistake. Cost her almost 200 dollars to remove it.

I noticed last Thursday that a couple of programs were acting strange. One, MS Sysinternals, Autoruns, would start then abruptly quit. A reinstall restarted the cycle. One attempted start then error messages about permissions and paths. HiJackThis did the same, but a reinstall seemed to cure it. Over the weekend, I noticed that AVG would pickup a threat named "1734474771:3959660184.EXE", would quarantine it then the System Tray icon for AVG would close. A few minutes later, I would get the Windows Security message in the System Tray warning that I had no Anti-Virus running. I ran every online scan I know of, all the malware scans etc. and a few items were picked up, but none of them removed the problem. It would reappear after a few reboots. Scans showed problems in the system restore files, and these files I removed. A file named "1734474771" would appear in the Windows directory.

Nothing, repeat nothing I run fixes the problem. It always seems to reinfect after a few reboots and in between no threats are found by the scans I run......

This morning, I was not able to connect to the internet at all, so went out and bought a couple of 32GB USB keys before doing a completely fresh Windows XP install and am doing a backup of my most important files as I type (FS2004 first :icon_lol:). On returning from the computer store, I connected on the first try....

If anyone has any insight on how to remove this, I'd really appreciate some leads as my system environment will not be easy to recreate. I have several programming environments set up, that have evolved over the years and advancing age (read my poor old brain) doesn't remember everything I did to get it to this point. If I could cure this, then I could take my time rebuilding the system....

Thanks!!!

I don't know if it will help, aeronca1, but, doing a quick google search with "virus 1734474771", I got THIS (http://forum.sysinternals.com/autoruns-starts-then-dies_topic26792.html) link. Of course, if you are KC13, you already know that...sincerely, good luck!:173go1:

THANKS!!!! That looks exactly like what I have even down to the same file name reported. I'll go download those programs and give it a try. If I can save my environment, then :guinness::guinness::guinness::icon29::medals: to you!!!!

Got similar problem with virus 2 months ago, boy how i was happy to have old puppy linux live cd.

Well, it's a no go for me. What seems to be working for that guy totally bombs out for me. Nothing runs and now I'm getting CRC errors copying files. DANG, looks like a total loss at the moment.....

Got similar problem with virus 2 months ago, boy how i was happy to have old puppy linux live cd.

More details please! I'm about ready to toss this computer off a tall building.....

Well i don't know how to remove your virus, but with live cd you will be able to access your files on hd and connect to internet and search for solutions without any fear.

I trust you're booting into safe mode w/o internet first before running the av. Some other things to try:

Linux live cd with av program

Microsoft Stand Alone Sweeper- brand new (beta) available in 32/64 bit

Hiren's boot cd.

Since the scans are "showing clean" afterward, it looks to be a nasty root kit virus which is retripping various permissions tied directly to the boot sector. Depending on just how malicious it is, it might be able to "morph" or retrip when rebooting from safe mode. A live cd or Hiren's bypasses the boot sector and the av can then properly scan the complete hd, HOPEFULLY not causing the virus to retrip.

I don't know if ESET NOD32 still offers a trial install, but if any av can take it out, ESET can. IMHO, it's the best money can buy.

Good luck.

plug_nickel

My sister picked up a virus on her computer last month. Called Vista Internet Security 2012. It popped up on the screen to download, she thought it was legit from her Trend Micro security, and installed it. Big mistake. Cost her almost 200 dollars to remove it.

This one exists as a virus for most versions of Windows with a couple of clones masquerading as different programs. The only failsafe way I've found to get rid of it is to back up essential files and then format the hard disk. The best boot CD I've found for doing this sort of thing is UBCD4Win, Ultimate Boot CD 4 Windows, essentially you need a copy of a Windows XP disk (I'm not sure if later versions are implemented or if it works with later versions anyway) from which it copies files to create a freestanding version of Windows that runs from the CD Drive, even allows external hard drives etc. to be plugged in via USB.

I trust you're booting into safe mode w/o internet first before running the av.

Sure am.... This one is a work of beauty. Too bad the programmer chose to use his obvious skills doing this kind of crap. He should be developing something of value!


Linux live cd with av program

D'oh as Homer would say! Have a few of these hanging around somewhere....


Microsoft Stand Alone Sweeper- brand new (beta) available in 32/64 bit

Hiren's boot cd.

Will track these down, thanks!


Since the scans are "showing clean" afterward, it looks to be a nasty root kit virus which is retripping various permissions tied directly to the boot sector. Depending on just how malicious it is, it might be able to "morph" or retrip when rebooting from safe mode. A live cd or Hiren's bypasses the boot sector and the av can then properly scan the complete hd, HOPEFULLY not causing the virus to retrip.

I don't know if ESET NOD32 still offers a trial install, but if any av can take it out, ESET can. IMHO, it's the best money can buy.

It is certainly the worst virus I have ever run across. While everything appears to be the same as the guy mentioned in the link above, none of the solutions tried there work for me. It obviously morphs from computer to computer from the looks of it. If I don't make any headway by tomorrow, thena weekend format and fresh install of XP will be the way to go.

Thank to everyone for the suggestions!!!

Well, nothing worked, so I formatted the drive, installed XP fresh, updated, installed the anti-virus items above and now I have the nice system I used to have. Saved all of my files and will add them back in after checking them thoroughly with virus trackers!